Ryan Marshall

This role was for Cardworks Inc. and all its subsidiaries which include Merrick Bank, Cardworks Servicing, Carson Smithfield and Dataline Systems.

• Led the development and implementation of a comprehensive IT Risk Management program.
• Conducted regular risk assessments, identifying and analyzing potential threats and vulnerabilities.
• Conduct thorough risk assessments of potential third-party vendors before engagement.
• Perform due diligence to evaluate the security posture, financial stability, and regulatory compliance of vendors.
• Assess the potential impact of third-party relationships on the organization's information security.
• Review vendor contracts to identify and address potential security and compliance risks.
• Collaborate with legal and procurement teams to negotiate contractual terms related to security, confidentiality, and data protection.
• Ensure that contracts align with the organization's risk tolerance and compliance requirements.
• Collaborated with cross-functional teams to assess the impact of risks on business operations.
• Developed and implemented risk mitigation strategies, ensuring the integration of security controls into systems and processes.
• Established and enforced IT risk management policies and procedures, keeping them aligned with industry best practices and regulatory requirements.
• Prepared and presented regular reports to executive management, highlighting the status of IT risks and the effectiveness of risk mitigation efforts.
• Oversaw the Security Awareness and Training Program

Program Lead over Security Risk Management, Security Awareness and Training, and PCI Compliance Program.

• Led the development and implementation of a comprehensive IT Risk Management program.
• Conducted regular risk assessments, identifying and analyzing potential threats and vulnerabilities.
• Collaborated with cross-functional teams to assess the impact of risks on business operations.
• Developed and implemented risk mitigation strategies, ensuring the integration of security controls into systems and processes.
• Established and enforced IT risk management policies and procedures, keeping them aligned with industry best practices and regulatory requirements.
• Responsible for overseeing and managing the Payment Card Industry Data Security Standard (PCI DSS) compliance efforts within the organization. This role requires a deep understanding of payment card data security, risk management, and the ability to ensure that the organization's processes and systems meet PCI DSS requirements.
• Prepared and presented regular reports to executive management, highlighting the status of IT risks and the effectiveness of risk mitigation efforts.

• Conducted organizational information risk assessments
• Initiated risk assessments as the initial phase of computer system validation processes
• Developed organization-wide risk management policies
• Managed ongoing internal phishing campaigns to bolster security awareness
• Created and delivered presentations and training programs to promote cybersecurity awareness.

• Managed a team of 6-10 HIPAA advisors, overseeing account management and fulfillment
• Served as the organizational HIPAA subject matter expert
• Designed training programs for HIPAA advisors
• Played a pivotal role in developing new HIPAA-related product offerings
• Collaborated with product management to determine the direction of the HIPAA program
• Generated comprehensive risk analysis reports for customers
• Provided customized consultation for large organizations
• Presented at industry conferences and conducted educational webinars
• Contributed content for white papers and program guides.

• Collaborated with large HIPAA Covered Entities to assess and improve their Business Associates' compliance with HIPAA regulations
• Oversaw account management and fulfillment
• Managed a team of 6-10 HIPAA consultants and scan technicians
• Held responsibility for all project data and reporting.

• Managed a team of 6-10 support representatives and scan technicians
• Coordinated with merchant bank account managers to develop projects aimed at increasing merchant compliance with PCI-DSS requirements
• Assumed responsibility for all project data and reporting.

• Assisted merchants in understanding and resolving failing vulnerability scan results
• Tested and verified disputed vulnerabilities
• Tested and verified false positives, removing associated failing results from test reports.

• Performed comprehensive organizational information risk assessments
• Conducted risk assessments as the initial phase of computer system validation processes
• Oversaw the vulnerability management program, ensuring timely mitigation of security vulnerabilities
• Developed and implemented organizational risk management policies to strengthen security practices
• Monitored security tools and platforms for security events, promptly responding to threats
• Created and managed ongoing internal phishing campaigns to enhance security awareness
• Designed presentations and training programs to promote cybersecurity awareness within the organization
• Pioneered a risk-based approach for transitioning from computer system validation to computer system assurance
• Integrated a risk-based approach into product management, aligning with organizational and business unit risk tolerances.