Profiles search
Andrea Anderson, PMP, CISA, CISM, CRISC
Cybersecurity Project Management, Risk, Compliance and IT Audit
Austin, TX, United States
Details
Experience:
Responsible for managing the successful delivery of cybersecurity projects for the Global Cyber and Information Security Team.
2022 : Present
Gallagher
Sr. Cybersecurity Project Manager
As Advisory Services Team Member, provides consulting services to companies and government operations in cybersecurity compliance, IT Audit and project management. Client engagements include NIST 800-171, ISO 27001 gap analysis, SOC2 Type1 and Type2 readiness assessments, third party security assessments, data privacy reviews, GDPR, PCI/DSS and HIPAA compliance, cybersecurity policy development based on NIST 800-53, and NIST CSF.
2020 :
The HT Group
Executive Advisor - Senior Cybersecurity Compliance/ IT Audit Consultant
A full-time contract position within SolarWinds’ Information Security Division leading the information security efforts to support global regulatory requirements. Responsibilities included :
• SOC2 Type2 readiness assessments and product audits coordinating with global cross functional teams to align controls, identify risks, and help them understand audit results and remediation options.
• GRC annual IT Audit plan development including Quarterly Risk Review presentation with key performance indicators.
• IT Security policy governance program and policy development aligned with various compliance frameworks, NIST 800-53, NIST 800-171, NIST CSF, and ISO27001. PCI/DSS gap assessment to ensure regulatory compliance.
• IT controls reviews related to new software product development, including mapping to FedRAMP to assess level of compliance and vendor risk security risk assessments.
• Data privacy program management, including OneTrust implementation for processing Data Subject Right (DSR) requests per GDPR and CCPA regulatory requirements.
2020 : 2022
SolarWinds
Security and Compliance Program Manager
• Independent Verification & Validation Project Manager for a State Government agency providing independent assessment of the agency’s digital transformation program, involving large-scale business and technology systems implementation initiatives.
• Independent Verification and Validation Project Manager for an SAP ERP Implementation project, including evaluation of SDLC phases, such as project organization, requirements definition, system design, development, functional and user acceptance testing, data conversion, system stress testing, security testing, interfaces development, data conversion, IT readiness, user training and documentation for a large electric cooperative.
For several additional clients, performed :
• Controls design and security reviews
• IT organizational benchmark assessment using CMMI
• Cybersecurity review and risk assessment
• Sarbanes-Oxley and internal IT audit
• SOC2 Type1 and Type2 gap assessments
• NIST 800-53 compliance
• PCI/DSS compliance
2010 : 2020
Bridgepoint Consulting, LLC
Senior Consultant
• Evaluated IT General Controls and provided documentation of key application access controls for an Austin-based software startup.
• As a sub-contractor : worked with several clients to evaluate IT control frameworks, risk management and IT governance processes. Projects included IT General Controls testing and reviews of audit findings to ensure that remediation plans are incorporated into the organization’s compliance maturity roadmap.
2007 : 2010
Independent Consultant
IT Consultant
2022 : Present
Gallagher
Sr. Cybersecurity Project Manager
As Advisory Services Team Member, provides consulting services to companies and government operations in cybersecurity compliance, IT Audit and project management. Client engagements include NIST 800-171, ISO 27001 gap analysis, SOC2 Type1 and Type2 readiness assessments, third party security assessments, data privacy reviews, GDPR, PCI/DSS and HIPAA compliance, cybersecurity policy development based on NIST 800-53, and NIST CSF.
2020 :
The HT Group
Executive Advisor - Senior Cybersecurity Compliance/ IT Audit Consultant
A full-time contract position within SolarWinds’ Information Security Division leading the information security efforts to support global regulatory requirements. Responsibilities included :
• SOC2 Type2 readiness assessments and product audits coordinating with global cross functional teams to align controls, identify risks, and help them understand audit results and remediation options.
• GRC annual IT Audit plan development including Quarterly Risk Review presentation with key performance indicators.
• IT Security policy governance program and policy development aligned with various compliance frameworks, NIST 800-53, NIST 800-171, NIST CSF, and ISO27001. PCI/DSS gap assessment to ensure regulatory compliance.
• IT controls reviews related to new software product development, including mapping to FedRAMP to assess level of compliance and vendor risk security risk assessments.
• Data privacy program management, including OneTrust implementation for processing Data Subject Right (DSR) requests per GDPR and CCPA regulatory requirements.
2020 : 2022
SolarWinds
Security and Compliance Program Manager
• Independent Verification & Validation Project Manager for a State Government agency providing independent assessment of the agency’s digital transformation program, involving large-scale business and technology systems implementation initiatives.
• Independent Verification and Validation Project Manager for an SAP ERP Implementation project, including evaluation of SDLC phases, such as project organization, requirements definition, system design, development, functional and user acceptance testing, data conversion, system stress testing, security testing, interfaces development, data conversion, IT readiness, user training and documentation for a large electric cooperative.
For several additional clients, performed :
• Controls design and security reviews
• IT organizational benchmark assessment using CMMI
• Cybersecurity review and risk assessment
• Sarbanes-Oxley and internal IT audit
• SOC2 Type1 and Type2 gap assessments
• NIST 800-53 compliance
• PCI/DSS compliance
2010 : 2020
Bridgepoint Consulting, LLC
Senior Consultant
• Evaluated IT General Controls and provided documentation of key application access controls for an Austin-based software startup.
• As a sub-contractor : worked with several clients to evaluate IT control frameworks, risk management and IT governance processes. Projects included IT General Controls testing and reviews of audit findings to ensure that remediation plans are incorporated into the organization’s compliance maturity roadmap.
2007 : 2010
Independent Consultant
IT Consultant
Company:
Gallagher
About
I'm a Senior Cybersecurity Project Manager, with 25+ years of corporate and consulting experience, including Big 4, in IT Project Management, IT audit, regulatory compliance, application systems implementation and business process re-engineering. Strong experience with large-scale digital transformation project management, IV&V and IT general and application controls, business process reviews, risk and security controls assessment.
Profile Photo
