Summary
Work History
Education
Skills
Certification
Timeline
Generic

Gina Sepulveda

Summary

Nine years of focused experience in IT audit and information security risk assessments for enterprise PCI and SOC2 compliance, with working knowledge of NIST 800-53 and ISO 27001 frameworks, and knowledge of SOX and HIPAA compliance requirements. Applied use of Service Now GRC, Archer, Zen GRC, and NContracts. Applied use of Tenable Security Center and Qualys tools for internal and external server vulnerability scanning, vulnerability identification, and remediation. Experienced with risk analysis, information security policies, processes, requirements, and project implementations budgeted from $1 million dollars.

Work History

Information Security Specialist

Global Payments, Inc
09.2022 - Current
  • Conducts risk assessments of high and medium-risk level third-party vendors, as well as software vendors, to identify security risks
  • Performs analysis of security risks, by interpreting data and other evidence in support of compensating controls or remediation to close such risks
  • Supports vendor engagement legal contract reviews, ensuring appropriate infosec clauses are in place and participates in associated quarterly business reviews of vendors as needed
  • Researches and recommends improvements to existing processes (i.e., vendor assessments, information security assessments, or other information security programs, etc.).

Security Engineer II

Deltek, Inc
10.2020 - 09.2022
  • Successful process re-engineering, management, and metrics reporting of external requests for security control information
  • Establishment of cross-functional workflow between various remote teams to facilitate accurate completion of ~100 requests from prospective and existing clients and IT auditors for security controls information
  • Participation in PCI compliance re-structure initiative and annual attestation filing
  • Participation in information security policies review and gap assessment against UCF authoritative sources.

Security Risk and Compliance Analyst II

SWBC
09.2018 - 10.2020
  • Multiple SOC1, SOC2, and PCI audit preparation for various services; review of control evidence requests and control information with control owners
  • Collection, management, tracking and reporting of evidence for external audit evaluation
  • Coordination of and participation in meetings with internal and external auditors and control owners throughout audit processes
  • Composition of audit meeting outcomes, required action items, and tracking through completion
  • Audit records information management in accordance with information security and compliance documentation requirements using SharePoint, designated shared network drives and external audit web-portals
  • Responsible for assessing critical third-party IT vendors as required for PCI and SOC audit compliance
  • Evaluation of vendor-supplied AICPA reports, PCI DSS Attestations of Compliance reports, and ISO 27001 certifications
  • Vendor documentation management, request tracking and risk assessment against compliance requirements, policies and standards
  • Assessment of vendor compliance status against information security policies and standards for exceptions
  • Composition of assessment outcomes and recommendations to stakeholders as applicable
  • Assistance with annual information security policy and standards review process and dissemination to all applicable IT personnel for annual acknowledgement
  • Completion and management of company IT due diligence responses and documentation for 100+ clients as applicable to the services in scope and supporting systems provided by specified compliance deadlines
  • Management of client IT compliance response documentation, client due diligence request tracking, status reporting, and participation in onsite audit meetings with various clients as needed
  • Management, tracking, and reporting of IT vendor requests for new vendor services, renewals, and information security risk assessments ranging from SaaS providers to critical infrastructure maintenance and new IT implementations.

Information Security Analyst

Kohls Department Stores
08.2015 - 09.2018
  • IT Auditing, Governance, and Compliance, Completion of third-party vendor reviews of technology service providers per FFIEC requirements for a credit card issuing retail corporation
  • Successfully performed information security assessments against Kohl's vendor security exhibit requirements for 200+ credit, IT, and human resources vendors with an emphasis on PCI and HIPAA compliance by designated due dates on an annual basis
  • Records information management in accordance with information security and compliance documentation requirements for tracking audits, remediation requirements, and historical reference using Service Now and designated shared network drives
  • Analysis of current vendor security compliance status, risk analysis and composition of remediation requirements when necessary
  • Facilitation of stakeholder meetings during vendor assessments and remediation processes as applicable
  • Monitoring and communication of documented compliance issues and follow-up through completion of remediation with vendors and stakeholders
  • Team collaboration and participation with annual information security policy and standards reviews
  • Application of Tenable Security Center tool for internal server vulnerability scanning, reporting, and remediation
  • Application of Qualys tool for external web-server vulnerability scanning, reporting, and remediation
  • Monitoring and analysis of vendor management requests regarding information security scenarios and comparison to information security standards relevant to Kohl's using Service Now
  • Collection and management of vendor files and documentation for third party PCI compliance reports, ISO 27001 certifications, AICPA reports regarding service organization controls, information security audit questionnaires, and supporting remediation documentation for 200+ vendors using designated shared network drives and Service Now
  • Continuous improvement of third-party vendor assessment process for information security on a recurring basis.

IT Infrastructure Analyst

Security Service Credit Union
03.2013 - 08.2015
  • IT audit preparation for critical IT infrastructure systems
  • Analysis and design of IT processes and workflow diagrams
  • Composition of IT project definition documents
  • Composition of IT business, functional, and system requirements
  • Analysis and evaluation of IT vendor solutions
  • Coordination of IT implementation processes for enterprise-level servers, systems platforms, applications, application upgrades, and archival storage
  • Composition of test plans and coordination of user-acceptance testing
  • Composition of training documentation and facilitation of end-user training
  • SharePoint v.2010, v.2013 site collection administrator and site management.

Education

Bachelor of Science - Information Systems and Cybersecurity

Columbia Southern University
Orange Beach, AL
2023

Certificate, Audio Transcription -

Everett Community College
Everett, WA
2008

Skills

  • IT Risk Assessment
  • E3 Digital Forensic Software
  • Kali Linux
  • Tenable Nessus
  • IT Audit
  • Vulnerability Scanning
  • Information Security Policy
  • NIST 800-53
  • ISO Standards

Certification

  • CISA - Certified Information Systems Auditor
  • CDPSE - Certified Data Privacy Engineer
  • Ethical Hacking
  • ITIL

Timeline

Information Security Specialist

Global Payments, Inc
09.2022 - Current

Security Engineer II

Deltek, Inc
10.2020 - 09.2022

Security Risk and Compliance Analyst II

SWBC
09.2018 - 10.2020

Information Security Analyst

Kohls Department Stores
08.2015 - 09.2018

IT Infrastructure Analyst

Security Service Credit Union
03.2013 - 08.2015

Bachelor of Science - Information Systems and Cybersecurity

Columbia Southern University

Certificate, Audio Transcription -

Everett Community College

Similar Profiles

CREATE PROFILE
Gina Sepulveda