Profiles search

David Clift

VP Information Security Risk Officer
South Jordan, UT, United States

Details

Experience: 2022 : Present

Mountain America Credit Union

VP Information Security Risk Officer

2021 : 2022

Mountain America Credit Union

IT Risk Management Program Manager

2019 : 2021

Zions Bancorporation

Technology Governance Relationship Manager

Obtained ISO 27001, ISO 27017, and ISO 27018 certification. Building Risk and Compliance program, including governance, monitoring, reporting, risk management, and related activities.

2018 : 2019

Workfront

Risk and Compliance Program Manager

Lead cross-functional IT and business teams in building FedRAMP program, timelines, and reporting, including educating senior leadership and team members on control and documentation requirements, and guiding them through the implementation and development process.

• Developed data schema and strategy to build FedRAMP implementation workflow and tracking system using Workfront tool, to automate program rollout and minimize manual efforts required to oversee control implementation and status reporting.

• Educated team members in IT, Finance, and HR organizations on their responsibilities as FedRAMP control owners and obtained timelines for issue remediation and control implementation. Created roadmap for FedRAMP compliance, allowing for go-to-market strategy for Federal agencies.

2017 : 2018

Workfront

FedRAMP Program Manager
Company: Mountain America Credit Union
Spoken Language: English, Spanish

About

Proven IT risk / security, regulatory compliance, and audit leader with broad experience implementing security programs, establishing regulatory compliance, and building audit and control practices to protect organizations and ensure security in the health care, retail, technology, and financial services industries. Individually contribute and lead teams in implementing IT risk / security and compliance solutions and frameworks; auditing to identify control weaknesses; and reporting program results to key stakeholders (e.g. regulators, business functional groups, IT, audit, Board of Directors, and executive leadership). Also experienced and familiar with FFIEC Guidelines, NIST SP 800-53, ISO 27000-series standards (e.g. IS 27001 / 27002), AICPA Trust Principals (SSAE16 / SOC 1, SOC 2, and SOC 3), FedRAMP, COBIT, COSO, HIPAA, PCI DSS, Gramm-Leach-Bliley Act (GLBA) privacy and security rules, and Sarbanes-Oxley (SOX).