Scott S
Monroe,OH
Summary
GRC professional with proven ability to navigate complex regulatory landscapes and support organizational integrity. Known for fostering collaborative team environments and consistently achieving compliance goals. Highly adaptable and reliable, with strong focus on attention to detail and analytical thinking.
Overview
36
36
years of professional experience
1
1
Certification
Work History
Senior IT Compliance Specialist
Blackhawk Network
10.2023 - Current
- Managed and completed Service Provider and Merchant level 1 ROC with 27 platforms prior to due date.
- Managed and completed 15 SAQ A and 1 SAQ D assessments ahead of due dates.
- Lead operational and engineering groups to address vulnerabilities identified in monthly scans to ensure remediation is completed ahead of corporate and external obligation due dates.
- Provide architectural guidance for new applications/platforms prior to ensure compliance with corporate policies and PCI compliance.
- Member of Change Management Board, identifying significant change requirements are met with 100% completeness and accuracy resulting in identifying 75 significant changes that were flagged as ordinary changes.
- Collaborated with cross-functional teams to identify and mitigate compliance risks.
- Conducted thorough risk assessments to identify potential areas of non-compliance and recommended corrective actions.
Senior Information Security Risk Analyst
Mariner Finance
06.2022 - 10.2023
- Performed vulnerability tracking and remediation completion within company guidelines.
- Successful implementation of GRC tool to automate GRC work and improve efficiency.
- Ran Security Awareness Know Be4 Phishing campaigns and training to 100% of company.
- Run PCI and ISO 27000 assessments.
- Maintains and updates risk register.
- Policy lifecycle management, ensure all policies are reviewed and updated prior to due dates.
- Documented 23 security incidents and provided training where needed.
- Made quarterly presentations to Senior management on the state of Info Security program provide stats of vulnerabilities, remediation, security events, and compliance status.
- Performs Third-Party vendor assessments and tracking.
Sr. Cybersecurity Engineer
Qurate/QVC HSN Cornerstone Brands
West Chester
01.2020 - 06.2022
- For the Cincinnati location, was the on-site corporate information security representative and advisor.
- Provided site information security consultation on projects to ensure that compliance and general security standards were met.
- Performed PCI assessments across four national and three international brands with complete and accurate reports prior to due dates.
- Worked with IT and Asset management team members to improve CMDB, resulting in 75% increase in accuracy of the CMDB.
- Evaluated and selected GRC tools to improve GRC effectiveness and efficiency.
Cybersecurity Policy and Controls Advisor
GE Aviation
Cincinnati
09.2019 - 01.2020
- Established 13 new security policies, standards, and controls for the aerospace division.
- Performed gap assessments against external obligations and existing policies and standards.
- Mapped internal controls to external obligations in preparation for CMMC assessment.
Sr. Security Analyst
WorldPay
Cincinnati
04.2017 - 09.2019
- GRC tool implementation testing lead.
- Built out workflows for Policy Management, Compliance Management, Assurance Management within C1Risk GRC tool.
- Mapped policies and internal controls to PCI DSS, NIST, and ISO 27001.
- Implemented, configured, and trained team members in the use of GRC tool and PCI assessments.
- Ran PCI assessments for multiple Reports on Compliance (ROCs) across the enterprise with successful completions prior to due dates.
- Performed risk assessments for policy exceptions and projects.
- Maintained Security Policy Management life cycle ensuring all policies were 100% in compliance.
Sr. Security Analyst
CBTS
Cincinnati
10.2015 - 03.2017
- Assisted in establishing a policy life cycle security program for a medical device manufacturer customer.
- Audited Security controls and function of controls.
- Reviewed and remediation of reported findings.
- Reviewed IAM privilege access on a quarterly basis.
- Reviewed the results of internal and external network vulnerability scans.
- Conducted Firewall reviews.
- Organized corporate Security Awareness and HIPAA training.
- Risk assessments on new products.
- Contribute to corporate Security Risk Register to find weaknesses needing mitigations.
- PCI assessments.
- NIST 800-53 mapping for new applications and platforms.
Citrix Engineer
Reid Elsevier/Lexis Nexis
04.2013 - 12.2013
- Migrated/Upgraded Citrix to version 6 and Xendesktop.
- Performed Day-to-day support of older Citrix versions.
- Built and configured Windows servers.
- Designed and implemented Citrix infrastructure solutions to enhance operational efficiency across departments.
- Optimized performance of Citrix applications through proactive monitoring and troubleshooting techniques.
IT Security Auditor
Chesapeake Energy
Oklahoma City
10.2012 - 03.2013
- Reviewed reports of IAM, Firewall Reviews, internal pen testing results.
- Collaborated with IT to remediate findings and anomalies in reports.
- Performed Quarterly Security Compliance Audits.
Governance Risk and Compliance Auditor
Cincinnati Financial
10.2009 - 09.2012
- Partnered with Cyber Security, HR, and IT management to create policies to enforce adherence to internal Security and IT policies.
- Tested and reviewed software release control.
- Performed weekly Change Management audits.
- As part of corporate risk management, evaluated and selected a risk management framework for the organization.
- Functioned as point of contact for I.T. records retention.
Citrix Engineer
JP Morgan Chase
07.2009 - 09.2009
- Reverse engineered in-house developed banking applications.
- Built and deployed Microsoft servers, both virtual and physical.
- Deployed production Citrix XenApp farm for retail line of business and published applications.
- Resolved software compatibility issues.
Citrix Engineer
IBM
12.2008 - 06.2009
- Built and deployed 20 application packages.
- Built and deployed 100 Microsoft servers, virtual and physical.
- Designed and implemented Citrix infrastructure solutions to enhance operational efficiency across departments.
- Optimized performance of Citrix applications through proactive monitoring and troubleshooting techniques.
Citrix Engineer
JP Morgan Chase
Columbus
12.2007 - 12.2008
- Reverse engineered applications.
- Built and deployed Microsoft servers, virtual and physical.
- Deployed test Citrix XenApp farm for retail line of business and published applications.
IT Internal Auditor
Great American Insurance
02.2006 - 11.2007
- Documented findings and created reports of the audit results.
- Planned and conducted I.T. audits.
- Performed SOX and internal audits of IT systems
Citrix Administrator
Great American Insurance
01.2000 - 02.2006
- Published applications in Citrix.
- Built and deployed CITRIX versions 3, 4, and 4.5.
- Issued and tracked RSA tokens.
39B – Automatic Test Equipment Operator/Maintainer, 12B – Combat Engineer
US Army
01.1990 - 01.1996
Education
Bachelor of Arts - Management
Thomas More University
Cincinnati, OHSkills
- PCI
- SOX
- NIST CSF
- 800-53
- ISO 27001
- ITIL
- COBIT
- NYDFS
- Policy management
- Security awareness
- Phishing campaigns
- Third party security questionnaires
- Compliance monitoring
- Internal Audit
Certification
- Certified Information Security Manager (CISM), 1738113
- PCI ISA, 806-464, tied to employment w/Qurate
Websites
LinkedIn, http://www.linkedin.com/in/scott-schlicker-6197791
Timeline
Senior IT Compliance Specialist
Blackhawk Network
10.2023 - Current
Senior Information Security Risk Analyst
Mariner Finance
06.2022 - 10.2023
Sr. Cybersecurity Engineer
Qurate/QVC HSN Cornerstone Brands
01.2020 - 06.2022
Cybersecurity Policy and Controls Advisor
GE Aviation
09.2019 - 01.2020
Sr. Security Analyst
WorldPay
04.2017 - 09.2019
Sr. Security Analyst
CBTS
10.2015 - 03.2017
Citrix Engineer
Reid Elsevier/Lexis Nexis
04.2013 - 12.2013
IT Security Auditor
Chesapeake Energy
10.2012 - 03.2013
Governance Risk and Compliance Auditor
Cincinnati Financial
10.2009 - 09.2012
Citrix Engineer
JP Morgan Chase
07.2009 - 09.2009
Citrix Engineer
IBM
12.2008 - 06.2009
Citrix Engineer
JP Morgan Chase
12.2007 - 12.2008
IT Internal Auditor
Great American Insurance
02.2006 - 11.2007
Citrix Administrator
Great American Insurance
01.2000 - 02.2006
39B – Automatic Test Equipment Operator/Maintainer, 12B – Combat Engineer
US Army
01.1990 - 01.1996
Bachelor of Arts - Management
Thomas More University
Similar Profiles
Sherna ShereefSherna Shereef
Software Engineer at Blackhawk NetworkSoftware Engineer at Blackhawk Network
Bryant LoucelBryant Loucel
Customer Service Representative Team Lead at Blackhawk NetworkCustomer Service Representative Team Lead at Blackhawk Network
Jessica StephensJessica Stephens
Director, Strategic Revenue Analytics at Blackhawk NetworkDirector, Strategic Revenue Analytics at Blackhawk Network
Jessica JohnsonJessica Johnson
Benefits Specialist at Macy's Inc.Benefits Specialist at Macy's Inc.
Landon DumfordLandon Dumford
Loader Operator at SRM ConcreteLoader Operator at SRM Concrete