Profiles search
Danielle Goulet, CISM
Vice President, Chief Information Security Officer at The Hanover Insurance Group
Williamson, NY, United States
Details
Experience:
2019 : Present
The Hanover Insurance Group
Chief Information Security Officer
Lead The Hartford’s Business Security Services organization, reporting to the CISO, which provides value add security consulting to Business and IT partners. Implemented, lead and continue to mature the Third Party Security Assessment, oversight and continuous monitoring program. Accountable for Cloud Security Strategy and internal security controls. In 2018 led the revamp of the security program to align all security controls to the NIST CSF, established a full inventory of controls utilizing the Service Now GRC platform, which answers the business and IT question of “what do I need to do to satisfy policy and standard?” in an automated way. I balance the importance of security with business value, need for speed, and the consumers interests in ease of doing business. Establish and maintain strong partnerships with stakeholders including but not limited to Compliance, Privacy, Legal, and IT; providing guidance to drive a security risk aware culture. Deep knowledge of Third Party Security Assessments- Archer GRC Application, Shared Assessments, CSA STAR; Identity and Access Management; Application Security; PCI; Risk & Compliance.
2014 : 2019
The Hartford
Director Information Security
• Drive the overall compliance agenda for a technology organization; personally accountable for assessing risks, prioritizing actions, aligning resources, and remediating exposures.
• Lead a team of IT professionals responsible for driving consistent and efficient approaches to ensure technology areas are in compliance with federal and state laws, and security policies. Partner with key stakeholders – Compliance Privacy, Internal Audit, Legal, Information Protection to define requirements and implement solutions
• Provide leadership to IT Risk programs such as SOx; led direct project that remediated Logical Access Risks across the SOx application portfolio
2013 : 2014
The Hartford
Director IT Security & Compliance
• Drive the overall compliance agenda for a technology organization; personally accountable for assessing risks, prioritizing actions, aligning resources, and remediating exposures.
• Lead multiple large projects, including an enterprise effort to protect personally identifiable information in ~200 environments; managed the efforts of cross-functional project teams that involved 20 resources.
• Serve as part of our organization’s management team, providing thought leadership on program strategy, direction and deliverables for scope that includes compliance with Internal Audits, Sarbanes-Oxley, Payment Card Industry, information security policies, and regulatory matters
• Drive compliance related activities for technology leaders; track and respond to State and Internal Audits, led remediation efforts, monitor ongoing Payment Card Information (PCI) compliance and collaborate with Sox auditors to drive remediation of Open Control issues.
2010 : 2013
The Hartford
Sr Analyst IT Security & Compliance
• Developed and implemented a Demand Management process for Maintenance/Enhancement work within the GBD portfolio; this process enhanced organization’s ability to manage work requests efficiently, to collaboratively prioritize work and identify/address upstream and downstream effects of work requests, to allow greater visibility into true costs of requested work and to improve the ability to estimate work.
• Implemented cross-functional review of resource availability between Maintenance/Enhancement work and Strategic projects via utilization of key existing forums.
• Provided vendor management, SLA management, key metrics collection and trending analysis; accountable for $20+M, multiyear fixed bid Managed Production Services contract.
2008 : 2010
The Hartford
IT Operations Manager
The Hanover Insurance Group
Chief Information Security Officer
Lead The Hartford’s Business Security Services organization, reporting to the CISO, which provides value add security consulting to Business and IT partners. Implemented, lead and continue to mature the Third Party Security Assessment, oversight and continuous monitoring program. Accountable for Cloud Security Strategy and internal security controls. In 2018 led the revamp of the security program to align all security controls to the NIST CSF, established a full inventory of controls utilizing the Service Now GRC platform, which answers the business and IT question of “what do I need to do to satisfy policy and standard?” in an automated way. I balance the importance of security with business value, need for speed, and the consumers interests in ease of doing business. Establish and maintain strong partnerships with stakeholders including but not limited to Compliance, Privacy, Legal, and IT; providing guidance to drive a security risk aware culture. Deep knowledge of Third Party Security Assessments- Archer GRC Application, Shared Assessments, CSA STAR; Identity and Access Management; Application Security; PCI; Risk & Compliance.
2014 : 2019
The Hartford
Director Information Security
• Drive the overall compliance agenda for a technology organization; personally accountable for assessing risks, prioritizing actions, aligning resources, and remediating exposures.
• Lead a team of IT professionals responsible for driving consistent and efficient approaches to ensure technology areas are in compliance with federal and state laws, and security policies. Partner with key stakeholders – Compliance Privacy, Internal Audit, Legal, Information Protection to define requirements and implement solutions
• Provide leadership to IT Risk programs such as SOx; led direct project that remediated Logical Access Risks across the SOx application portfolio
2013 : 2014
The Hartford
Director IT Security & Compliance
• Drive the overall compliance agenda for a technology organization; personally accountable for assessing risks, prioritizing actions, aligning resources, and remediating exposures.
• Lead multiple large projects, including an enterprise effort to protect personally identifiable information in ~200 environments; managed the efforts of cross-functional project teams that involved 20 resources.
• Serve as part of our organization’s management team, providing thought leadership on program strategy, direction and deliverables for scope that includes compliance with Internal Audits, Sarbanes-Oxley, Payment Card Industry, information security policies, and regulatory matters
• Drive compliance related activities for technology leaders; track and respond to State and Internal Audits, led remediation efforts, monitor ongoing Payment Card Information (PCI) compliance and collaborate with Sox auditors to drive remediation of Open Control issues.
2010 : 2013
The Hartford
Sr Analyst IT Security & Compliance
• Developed and implemented a Demand Management process for Maintenance/Enhancement work within the GBD portfolio; this process enhanced organization’s ability to manage work requests efficiently, to collaboratively prioritize work and identify/address upstream and downstream effects of work requests, to allow greater visibility into true costs of requested work and to improve the ability to estimate work.
• Implemented cross-functional review of resource availability between Maintenance/Enhancement work and Strategic projects via utilization of key existing forums.
• Provided vendor management, SLA management, key metrics collection and trending analysis; accountable for $20+M, multiyear fixed bid Managed Production Services contract.
2008 : 2010
The Hartford
IT Operations Manager
Company:
The Hanover Insurance Group
About
Passionate, data driven, results oriented security professional and CISO. Superior ability to synthesize executive level and board communications. Focused on building security programs which balance security with business agility. Passionately provide leadership in the areas of Security Operations, Threat Hunting, Engineering, Architecture, Advisory Services, Business Continuity, Application Security, Risk Management, Third Party Security Assessments, Training, Awareness. A critical thinker with the ability to develop and implement new programs, roadmaps, and process improvements across a broad range of topics including but not limited to NIST CSF, NIST 800-53, NYDFS (23 NYCRR 500), Shared Assessments, Cyber Risk Assessment and Cyber Hygiene.
Profile Photo
