Susanna Gottel

Security Program Ownership Governance, Risk & Compliance Leadership Application Security & Vulnerability Management Cross‑Functional Influence & Communication

• Lead Minnesota Department of Transportation's Operational Technology (OT) Security Program, identifying risks, weaknesses, and vulnerabilities across critical infrastructure systems.
• Drive secure architecture reviews, vendor evaluations, and control implementation to reduce risk and improve compliance maturity.
• Partner with engineering, OT, infrastructure, and leadership to translate technical vulnerabilities into business risk and guide remediation strategies.
• Own the full lifecycle of System Security Plans (SSPs) for high‑impact applications, ensuring alignment with NIST 800‑53, ISO 27001, IRS 1075, HIPAA, and PCI DSS.
• Develop and maintain enterprise security policies, standards, and technical guidelines to strengthen governance and clarify control ownership.
• Manage security findings and risk workflows in RSA Archer, ensuring accurate risk data, continuity of compliance, and timely remediation.
• Deliver executive‑level reporting and metrics that highlight risk trends, compliance gaps, and program maturity.
• Lead application security testing using Veracode, Burp Suite, and Acunetix 360; validate findings and coordinate remediation with engineering teams.
• Collaborate with Threat & Vulnerability Management to enhance scanning processes and reduce recurring risk themes.
• Support secure development practices by advising teams on remediation strategies and control implementation.
• Present security findings, risk posture updates, and program recommendations to technical teams, leadership, and executives.
• Serve as a trusted advisor to engineering, OT, and business stakeholders, ensuring alignment between security requirements and operational needs.
• Recognized for leadership, communication, and program ownership through promotion to Information Security Engineer.

• Directed daily operations for a multi-disciplinary maintenance team, ensuring safety, efficiency, and high-quality service delivery.
• Managed inventory, procurement, and operational records; resolved issues using Archibus ticketing system.
• Trained and mentored team members, fostering a collaborative and inclusive work environment.
• Communicated technical information clearly across diverse audiences.
• Managed efficient teams of up to 20 employees.
• Coordinated maintenance schedules to ensure optimal facility operations and resident safety.
• Oversaw team workflow, mentoring staff to enhance technical skills and efficiency.
• Implemented preventive maintenance protocols, reducing equipment downtime significantly.
• Developed training programs for new staff on maintenance procedures and safety standards.
• Streamlined reporting processes to facilitate communication between departments regarding repairs and maintenance needs.
• Enhanced compliance with state regulations through thorough documentation and audits of maintenance activities.
• Improved overall facility safety with regular inspections and hazard identification initiatives.

• Managed daily operations, financial reconciliation, payroll, inventory, and performance reporting.
• Supervised and trained employees, ensuring consistent service quality and operational excellence.
• Maintained accurate financial and operational records while safeguarding sensitive information.
• Resolved operational challenges in a fast-paced environment.