Summary
Overview
Work History
Education
Certification
Timeline
Generic

Marina A. Kapustin CISSP CISA

Boca Raton,FL

Summary

Over 17 years of cybersecurity GRC experience within Fortune 500 organizations, including a decade in leadership roles across various industries. Demonstrated success in establishing and managing risk-driven compliance programs with measurable outcomes. Expertise in leading and collaborating within cross-functional internal and external teams, including IT, legal, privacy and executive leadership. Skilled in conducting IT risk assessments and implementing security policies and procedures. In-depth knowledge of industry regulations and standards, including NIST, HIPAA, GDPR, and PCI. Exceptional communication skills, adept at translating technical concepts into business terms.

Overview

17
17
years of professional experience
2
2
Certification

Work History

Manager, Global IT Risk and Compliance

Crawford and Company
02.2022 - Current
  • Built and led a robust IT Risk Management program for the organization, incorporating recognized leading frameworks, including NIST, COBIT, and ISO27001, to ensure the security and compliance of all IT systems and processes
  • Developed, managed, and executed a comprehensive Cybersecurity Awareness program, including phishing simulations, reaching employees globally and enhancing the organization's security posture and reducing cybersecurity risks
  • Effectively managed and coached a diverse, globally distributed, multi-cultural team, fostering a collaborative and high-performing work environment, under enormous pressure
  • Took a leadership role in executing IT operational, governance, and compliance audit management activities, with a particular focus on SOX and SOC2 compliance, ensuring that the organization met regulatory and contractual requirements
  • Coordinated management responses to audit findings, led mitigation activities, and oversaw the gathering of audit evidence for both external and internal audits, facilitating compliance and audit success
  • Coached and guided team members on tools and processes, fostering professional growth and team cohesion.

IS&T Risk and Compliance Program Lead / Manager

HealthPartners
11.2013 - 02.2022
  • Established and managed the IT Third Party Risk Management (TPRM) program, managing close to 500 vendor relationships, collaborating with internal clients and third parties on mitigation activities to improve vendor compliance and mutual security posture
  • Spearheaded the creation and expansion of a robust PCI Compliance program for all clinics, hospitals, and pharmacies, oversaw the program development and implementation to ensure strict adherence to PCI standards and regulations within the organization
  • Managed and matured a comprehensive IT Risk Management and Compliance program across all business areas; developed, communicated, and trained on methodology, policies, and processes
  • Had a key role in the selection and the implementation of a new Governance, Risk, and Compliance (GRC) tool to enhance efficiency and process maturity for HIPAA, HITRUST, CMS, and SOX compliance while reducing cyber, legal, and financial risks
  • Regularly conducted annual and ad-hoc IT risk assessments, identified vulnerabilities, and tracked risk mitigations; consulted SMEs and senior leadership on remediation activities and monitored progress

Senior Consultant AERS

Deloitte LLP
11.2011 - 10.2013
  • Led ERS audit teams in the daily execution of audit engagement activities, ensuring adherence to scope, budget, and timelines
  • Served as the first line of contact for all client needs and concerns; managed client relationships to foster trust and confidence
  • Demonstrated advanced understanding of business processes, internal control risk management, IT controls, and related standards
  • Engaged management to make decisions when business and technology risks or opportunities for improvement were identified.

Technology Assurance Specialist

Target Corporation
09.2008 - 10.2011
  • Executed IT operational, governance, and compliance audits focusing on HIPAA, GLBA, and PCI
  • Enabled successful creation and development of an offshore team to take over SOX ITGC audit program execution
  • Co-piloted the design of process documentation for the offshore team orientation and training using Six Sigma techniques
  • Developed audit programs, performed audit procedures, documented work papers, and presented results to stakeholders
  • Participated in consultations for new systems development to ensure that proper controls are included in system designs.

IT Advisory Services Associate

KPMG LLP
10.2006 - 02.2008
  • Performed IT assurance and attestation as part of SOX engagements for Fortune 500 clients
  • Responsible for testing ITGC controls, execution, and writing of control documentation; investigated potentially fraudulent activities
  • Assisted in writing several engagement proposals resulting in new business
  • Provided recommendations for use of new firm-supported technology to improve audit efficiency.

Education

Bachelor of Science - Accounting, Finance, and Management Information Systems

U of MN - Curtis L. Carlson School of Management
Minneapolis, MN
2006

Some College (No Degree) -

Vienna University of Economics And Business
Vienna, Austria

Certification

  • CISA - Certified Information Systems Auditor
  • CISSP - Certified Information Systems Security Professional
  • FAIR - Factor Analysis of Information Risk
  • CSM - Certified Scrum Master

Timeline

Manager, Global IT Risk and Compliance

Crawford and Company
02.2022 - Current

IS&T Risk and Compliance Program Lead / Manager

HealthPartners
11.2013 - 02.2022

Senior Consultant AERS

Deloitte LLP
11.2011 - 10.2013

Technology Assurance Specialist

Target Corporation
09.2008 - 10.2011

IT Advisory Services Associate

KPMG LLP
10.2006 - 02.2008

Bachelor of Science - Accounting, Finance, and Management Information Systems

U of MN - Curtis L. Carlson School of Management

Some College (No Degree) -

Vienna University of Economics And Business

Similar Profiles

CREATE PROFILE
Marina A. Kapustin CISSP CISA