Kevin De Piazza
Frisco,TX
Summary
As a seasoned senior cybersecurity expert with extensive experience in Governance, Risk and Compliance. I have a track record of developing and executing global security risk management strategies and delivering high-impact security solutions. I am a transformational leader in cybersecurity, adept at providing strategic guidance to support business objectives. My expertise in governance, risk, and compliance has been instrumental in achieving organizational goals, and I am passionate about empowering team members to align with our mission, vision, and values.
Overview
13
13
years of professional experience
Work History
VP - IT Governance, Risk, Compliance, IT OPS – Security, Global Help Desk and Access management
Legends Hospitality, LLC
01.2024 - Current
- Implement and maintain an IT compliance issue management tracking and resolution process that will address known issues, according to severity and potential impact to the organization
- Provide technological advice and insight on compliance requirements to non-IT leaders such as the general counsel, chief compliance officer (CCO), chief risk officer (CRO), etc
- Determine and maintain an inventory of all regulatory, and organizational technology compliance requirements
- Create an IT compliance risk assessment framework and periodically assess the regulatory, and organizational, inherent, and residual IT risks
- Identify the associated IT compliance control gaps, and oversee the documentation, implementation and testing of the entire IT compliance control portfolio
- Support the development of an information security vision and strategy that is aligned to organizational priorities
- Identify, evaluate, and report on legal and regulatory, IT, and cybersecurity risk to information assets
- Lead and facilitate an information security governance committee and formulate an information security program
- Ensure the consistent application of policies and standards across all technology projects, systems, services, and contracts
- Manage the budget and reconciliation process for information security
- Work effectively with internal business units to facilitate information security risk assessment and risk management processes
- Develop and manage a targeted information security awareness training program for all employees, contractors, and approved system users
- Develop and enhance the company's information security management framework based on the National Institute of Standards and Technology (NIST) Cybersecurity framework or other frameworks as identified
- Create and manage a framework to integrate and normalize the wide variety and ever-changing requirements resulting from global laws, standards, and regulations
- Facilitate a metrics and reporting framework to measure the efficiency and effectiveness of the program
- Create internal and external networks to ensure alignment across programs and to maintain current knowledge regarding cybersecurity risks
- Create a risk-based process for the assessment and mitigation of any information security risks and incidents
- Ensure that data privacy requirements are included in processes, develop, and oversee effective disaster recovery policies and standards, and facilitate and support the development of asset inventories.
DIRECTOR IT Governance, Risk, Compliance, IT OPS – Security, Global Help Desk and Access management
Legends Hospitality, LLC
02.2022 - 12.2023
- Establish vision/strategy, and tactical initiatives to ensure organizations overall Information technology Team
- Work with leadership to create and implement strategies for governance and compliance related to corporate-wide security
- Implement and maintain an information security risk management process that provides visibility and accountability on the part of the business for managing risk
- Provides oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls
- Manage IT ops team creating security escalation SLA to reduce downtime
- Determining business requirements for IT systems Identifying and eliminating security vulnerabilities with strategic solutions that increase data security
- Directing and supporting the implementation of new software and hardware Identifying and recommending innovative technology solutions Managing the organization's help desk (internal, external, or both) Coordinating IT activities to ensure data availability and network services with as little downtime as necessary
- Overseeing departmental finances, including budgeting and forecasting Developing, implementing, and evaluating IT projects in line with organizational objectives
- Consulting with other departments to determine and address their IT needs and requirements
- Building and maintaining relationships with external advisors and vendors
- Ensuring reported issues are resolved in a timely manner
- Promote corporate Identity and Access Management (IAM) standards to stakeholders and customers within the organization, while seeking opportunities for efficiency, automation, and overall improvements
- Utilize effective people leadership and influencing skills to successfully conduct IAM and the overall Cybersecurity mission.
Director of IT Governance, RISK, COMPLIANCE
Legends Hospitality, LLC
11.2021 - 02.2022
- Establish vision/strategy, and tactical initiatives to ensure organizations overall governance, enterprise risk management and compliance with regulations
- Work with leadership to create and implement strategies for governance and compliance related to corporate-wide security
- Manages company compliance with industry standards like PCI, ISO, SOX and expand their coverage to additional functions
- Supports internal and external audit process for relevant compliance concerns ITGC SOX, ISO and PCI
- Implement and maintain an information security risk management process that provides visibility and accountability on the part of the business for managing risk
- Provides oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls
- Achieve PCI compliance for 170 number of locations
- Work with thirty number of vendors to validate P2PE for device, ensuring PCI compliance standards were met when P2PE was not achieved
- Develops a compliance aware culture collaborating with auditors to maintain company and regulatory compliance
- Increase security awareness by implementing phishing campaign & PCI security training requirements
- Evaluate current security measure created new SLA's and documentation where required
- Managed risk registry working to reduce risk in environment by 20%
- Present to C-Suites and the board about security measures/governance issues giving recommendations where needed.
Information Security Manager - GRC
At Home
07.2021 - 10.2021
- Implement industry best practice processes for teams and technologies across the organization
- Manage efforts in the areas of information security policy, technology risk management, data protection, software security, and compliance with standards, frameworks, and regulations such as ISO, NIST, CCPA, SOX, and PCI
- Develop, maintain, and enforce Information Security policies, procedures, and standards
- Responsible for implementing and maintaining procedures and controls to assure compliance with applicable regulatory, contractual, and legal requirements as well as good business practices
- Operationalize various Information Security governance functions, such as enterprise security risk management, compliance management, policy management, third party risk management, software security, and metrics and reporting
- Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments and other requests from the business
- Training & awareness, manage and grow the annual training/awareness program
- Work closely with business, technology, and compliance counterparts to understand business objectives, initiatives, and ensure alignment with Information Security policies and best practices
- Operationalization of a metrics and reporting function to continually report on meaningful Information Security risk and compliance metrics for operational and executive management
- Responsible for understanding PCI data security compliance with the Payment Card Industry Data Security Standard, asses existing controls to determine level of compliance to inclusive of their maturity, state of compliance.
IT Compliance/Audit Manager
Club Corp
06.2019 - 07.2021
- Plan, implement, and generate report IT security and governance reviews and IT general and application control audits
- Assess existence, efficiency, and effectiveness of the IT control environment by directing control/process optimization
- Inspect company's IT policies and procedures; perform evaluation of control design; to help ensure company's IT compliance programs remain compliant to all regulatory (PCI, SOX, GDPR, CCPA)
- Utilized tools to become SME on PCI data security compliance with the Payment Card Industry Data Security Standard
- Implement enterprise policies/procedures and supporting security standards to ensure compliance with corporate policies, and relevant legislative and regulatory requirements
- Prepare reports for Senior Management (Leadership) and external regulatory bodies as appropriate, monthly-Quarterly
- Implement and maintain a Security Continuous Monitoring Program in support of PCI DSS compliance
- Vendor Management - Knowledge of vendor/supplier contracts reviews, Security Governance, Risk Management and Compliance initiatives
- IT SOX testing, including risk assessments, in-scope systems analysis, and coordination of the testing approach (Includes walkthroughs), analyzing operating effectiveness
- Provide input to periodic progress reporting including status of overall testing progress, open control deficiencies, and assist with escalation when deficiencies are not re-mediated timely
- Identify risk and control gaps and partner with the IT department to ensure internal control guidelines exist in ClubCorp systems and applications
- Manage detailed risk assessments by analyzing processes, existing controls, reports, and data exchange, evaluating, and monitoring the company's risk
- Manage Vulnerability assessments (Internal, ASV external) to identify, analyze, and report vulnerabilities and findings from internal/external scans (Alert Logic).
IT Compliance/Audit Manager
Priority Fulfillment Service (PFS)
06.2016 - 05.2019
- Serve as a Primary IT Compliance Manager with external audit Team to deliver timely responses and data collection requests for vulnerability/risk assessments (Sarbanes Oxley, PCI, SSAE 16, FedRAMP, US MINT)
- Manage Business Continuity/ Incident Response Management- Report, document incidents
- Manage user access reviews of production access, security, operations as required SOX/PCI 3.2.1 standard and other regulatory/industry requirements
- Develop and oversee control systems to prevent or deal with violations of legal guidelines and internal policies
- Collaborate with corporate counsels and HR departments to monitor enforcement of standards and regulations
- Assess the business's future ventures to identify compliance risks
- Manage data initiatives (GDPR, PII and EU Privacy Shield)
- Prepare reports for senior management and external regulatory bodies as appropriate, monthly-Quarterly
- Lead/Manage detailed risk assessments by analyzing processes, existing controls, reports, and data exchange, class, evaluating, and monitoring the company's risk
- Manage and performs security vulnerability assessments to identify, analyze, and report vulnerabilities and findings from scans and tests (Qualys, NESSUS, and BURP Suite).
Senior IT Analyst - Internal Auditor
PFSWEB (Now Priority Fulfillment Service)
09.2015 - 05.2016
- Responsible for monitoring with defined internal control policies and procedures in relations to Sarbanes Oxley, PCI, SSAE 16, and other regulatory and industry requirements to which the business must conform
- Responsible for client audits, reviews, and assessments and for retaining all documentation around policies, procedures, audits, and assessments
- Work with external audit Team to deliver timely responses and data collection requests for vulnerability or risk assessments and testing
- Monitor daily, weekly, and monthly audit requirements to ensure effectiveness of controls
- Maintain central repository of documentation and evidence of process outputs related to IT policies and procedures
- Facilitate reviews of production access, security, operations as required PCI standard and other regulatory/industry requirements
- Partner with IT operation users to compiles audit requests, including requests regarding windows security, network security and topology and all other logical security for separation of duties and other required controls
- Respond to all internal events in a timely manner and take the necessary actions to maintain compliance with Sarbanes Oxley, PCI, SSAE16, Client requirements and other regulatory requirements
- Proactively conduct research on new laws, regulations, and compliance best practices/standards to provide guidance to management and staff on regulatory requirements, audit concerns and process improvements
- Exploit vulnerabilities and identify specific, meaningful risks to clients based on industry and business focus
- Assist with planning, scoping, and documenting of Government compliances and potentially operational audits/requirements
- Assist with security assessments/questionnaires, planning, scoping, and providing evidence to fulfill requirements
- Design and populate policy libraries with regulatory authority from diverse industry oversight groups such as PCI Data Security Standards, ISO 27001 and 27002, HIPAA, GLBA, NIST 800-53, Cloud Security Alliance, FISMA, PIPEDA, EU Data Privacy, and state data breach laws.
Education
Associate of Arts -
Elgin Community College
Elgin, IL05.1998
Skills
- IT Governance
- Risk Management
- Compliance
- Security
- Help Desk Management
- Access Management
- IT Operations
- Information Security
- Regulatory Compliance
- Policy Management
- Risk Assessment
- Information Security Governance
- Disaster Recovery
- Asset Inventory Management
- Information Security Awareness Training
- Information Security Management Framework
- Cybersecurity
- Metrics and Reporting
- Information Security Risk Assessment
- Data Privacy
- Vendor Management
- Identity and Access Management (IAM)
- People Leadership
- Incident Response Management
- Business Continuity
- Security Continuous Monitoring
- Vulnerability Assessments
- Internal and External Audit
- Data Protection
- Software Security
- ISO Standards
- NIST Framework
- CCPA Compliance
- SOX Compliance
- PCI Compliance
- GDPR Compliance
- IT General Controls (ITGC)
- SSAE 16 Compliance
- FedRAMP Compliance
- Control Optimization
- IT Policies and Procedures
- IT Compliance Programs
- Security Standards
- Control Design
- Organizational Development
- Operations Management
- Corporate Communications
- Digital Transformation
- Strategic Planning
- Operational leadership
- Project Management
- Performance Improvement
- Program Management
Timeline
VP - IT Governance, Risk, Compliance, IT OPS – Security, Global Help Desk and Access management
Legends Hospitality, LLC
01.2024 - Current
DIRECTOR IT Governance, Risk, Compliance, IT OPS – Security, Global Help Desk and Access management
Legends Hospitality, LLC
02.2022 - 12.2023
Director of IT Governance, RISK, COMPLIANCE
Legends Hospitality, LLC
11.2021 - 02.2022
Information Security Manager - GRC
At Home
07.2021 - 10.2021
IT Compliance/Audit Manager
Club Corp
06.2019 - 07.2021
IT Compliance/Audit Manager
Priority Fulfillment Service (PFS)
06.2016 - 05.2019
Senior IT Analyst - Internal Auditor
PFSWEB (Now Priority Fulfillment Service)
09.2015 - 05.2016
Associate of Arts -
Elgin Community College
Similar Profiles
Jessica LopezJessica Lopez
Lead Sales Associate (American Airlines Center) at Legends Hospitality, LLCLead Sales Associate (American Airlines Center) at Legends Hospitality, LLC
Krystene CarleKrystene Carle
Bartender at Legends Hospitality LLCBartender at Legends Hospitality LLC
Cassandra MoriceCassandra Morice
In-Seat Runner at Legends Hospitality LLCIn-Seat Runner at Legends Hospitality LLC
Victor MedinaVictor Medina
Sales Associate at TECOVASSales Associate at TECOVAS
Bapunaidu JajimoggalaBapunaidu Jajimoggala
EDI Analyst/IBM B2B Sterling Integrator Consultant at Nesh Technologies LLCEDI Analyst/IBM B2B Sterling Integrator Consultant at Nesh Technologies LLC