Profiles search
Douglas Yale
Bringing the Future Forward
United States
Details
Education:
Doctor of Science
Cybersecurity
Marymount University
2022 : 2024
Master of Legal Studies
Cybersecurity, IP, Regulatory Compliance
Sandra Day O’Connor College of Law at Arizona State University
BSBA
Finance
East Carolina University
Cybersecurity
Marymount University
2022 : 2024
Master of Legal Studies
Cybersecurity, IP, Regulatory Compliance
Sandra Day O’Connor College of Law at Arizona State University
BSBA
Finance
East Carolina University
Experience:
Powering and Protecting Information.
2022 : Present
OpenText
Global Information Security Principal
Collaboration with the Cyberteach Institute @ Marymount University
- Examining thinking in CyberSecurity
- Developing Instructional Outcomes
- The Cycle of Instruction
- Planning Instruction
- Delivering Instruction
- Elements of Good Teaching
2022 : 2022
Yale & Company
Cyber Teaching Fellow
Primary role is that of an IT Risk Assurance Advisor to Senior and Executive Leadership. Responsible for developing the overall Cyber Security Risk Management Methodology designed around leading Risk Management, Security and Controls frameworks including NIST CSF v1.0, NIST 800-37 and CIS CSC. Deliverables include : Cyber Security Risk Management Roadmap maturing manual processes into highly automated methods designed around an integrated platform where empirical data collection enables decision analytics to inform strategy, architecture, product and service onboarding, as well as, evaluating new solutions to improve maturity.
Security Program oversight responsibilities include monitoring progress of roadmap, aligning priorities, to achieve Cybersecurity Capability Maturing Modeling (C2M2) of Shared Services, M&A, Data Analytics Platforms and Third-party solution adoption spanning both hosted Private and Public Cloud operating environments. Assist in the prioritization of identified risks by providing a structured approach to documenting risk the ServiceNow GRC Risk Register. Prepare Plan of Action & Milestones to address specific steps and ownership associated with remediation activities. Evaluate Data Protection platforms such as OneTrust for Data Mapping.
Co-chair of the Risk Evaluation Committee dispositioning Security policy exception requests and advising on risk mitigation approaches and where appropriate, facilitating the risk acceptance process.
2018 : 2020
FICO®
Sr Manager, Cyber Security
As founding member of the Security Assurance function reporting directly to the CISO, establish several new services including : Security Risk Management based on the FAIR methodology and NIST CSF 1.0 Threat Modeling with CMM benchmarking, Vendor Assessments from CyberGRX, and Compliance Program Management (e.g., SOC2 & HIPAA). As part of delivering the first SOC2, lead Security and Operations Engineering teams in documenting the architecture, access management, tech stack, client onboarding procedures, identify population sources, qualify evidence collection, in addition to, preparing auditees for their career first audit experience. Handle all administration activities including drafting the language contained within the SOC2 report such as descriptions and control language, Management Representation Letter reviews (including General Counsel’s Office) and signature.
Liaison with Counsel to provide Security Exhibit redlines arising from leaders in major industries including : Auto, Telecom, Airlines, Universities, Healthcare Providers and Financial Services Partnerships.
Provide responses to Third-party Risk Assessment questionnaires inbound from Partners. Run demos and POCs for GRC tooling (e.g., ZenGRC & CyberOne Security). Support recruiting efforts in the way of referrals, phone screens, and onsite interviews.
2018 : 2018
Lyft
Security Assurance Analyst
Define PCI requirements for Event Alerting & Monitoring which was used as the launching pad for Splunk’s inaugural in-house Security Operations Center. Lead the PCI DSS 3.2, SOC2 Type II and HIPAA AWS Cloud Compliance Programs covering Splunk Enterprise including : planning, resourcing, execution, stakeholder management and formal reporting. Provide support for the ISO27001 and FedRAMP Programs.
Act as the nucleus to move the Vulnerability Management and Continuous Monitoring program forward. Perform Vendor Assessments and support Customer requests. Develop content and present Compliance topics to internal stakeholders as part of an annual Controls Workshop.
2016 : 2017
Splunk
Security Operations, Sr Compliance Analyst
2022 : Present
OpenText
Global Information Security Principal
Collaboration with the Cyberteach Institute @ Marymount University
- Examining thinking in CyberSecurity
- Developing Instructional Outcomes
- The Cycle of Instruction
- Planning Instruction
- Delivering Instruction
- Elements of Good Teaching
2022 : 2022
Yale & Company
Cyber Teaching Fellow
Primary role is that of an IT Risk Assurance Advisor to Senior and Executive Leadership. Responsible for developing the overall Cyber Security Risk Management Methodology designed around leading Risk Management, Security and Controls frameworks including NIST CSF v1.0, NIST 800-37 and CIS CSC. Deliverables include : Cyber Security Risk Management Roadmap maturing manual processes into highly automated methods designed around an integrated platform where empirical data collection enables decision analytics to inform strategy, architecture, product and service onboarding, as well as, evaluating new solutions to improve maturity.
Security Program oversight responsibilities include monitoring progress of roadmap, aligning priorities, to achieve Cybersecurity Capability Maturing Modeling (C2M2) of Shared Services, M&A, Data Analytics Platforms and Third-party solution adoption spanning both hosted Private and Public Cloud operating environments. Assist in the prioritization of identified risks by providing a structured approach to documenting risk the ServiceNow GRC Risk Register. Prepare Plan of Action & Milestones to address specific steps and ownership associated with remediation activities. Evaluate Data Protection platforms such as OneTrust for Data Mapping.
Co-chair of the Risk Evaluation Committee dispositioning Security policy exception requests and advising on risk mitigation approaches and where appropriate, facilitating the risk acceptance process.
2018 : 2020
FICO®
Sr Manager, Cyber Security
As founding member of the Security Assurance function reporting directly to the CISO, establish several new services including : Security Risk Management based on the FAIR methodology and NIST CSF 1.0 Threat Modeling with CMM benchmarking, Vendor Assessments from CyberGRX, and Compliance Program Management (e.g., SOC2 & HIPAA). As part of delivering the first SOC2, lead Security and Operations Engineering teams in documenting the architecture, access management, tech stack, client onboarding procedures, identify population sources, qualify evidence collection, in addition to, preparing auditees for their career first audit experience. Handle all administration activities including drafting the language contained within the SOC2 report such as descriptions and control language, Management Representation Letter reviews (including General Counsel’s Office) and signature.
Liaison with Counsel to provide Security Exhibit redlines arising from leaders in major industries including : Auto, Telecom, Airlines, Universities, Healthcare Providers and Financial Services Partnerships.
Provide responses to Third-party Risk Assessment questionnaires inbound from Partners. Run demos and POCs for GRC tooling (e.g., ZenGRC & CyberOne Security). Support recruiting efforts in the way of referrals, phone screens, and onsite interviews.
2018 : 2018
Lyft
Security Assurance Analyst
Define PCI requirements for Event Alerting & Monitoring which was used as the launching pad for Splunk’s inaugural in-house Security Operations Center. Lead the PCI DSS 3.2, SOC2 Type II and HIPAA AWS Cloud Compliance Programs covering Splunk Enterprise including : planning, resourcing, execution, stakeholder management and formal reporting. Provide support for the ISO27001 and FedRAMP Programs.
Act as the nucleus to move the Vulnerability Management and Continuous Monitoring program forward. Perform Vendor Assessments and support Customer requests. Develop content and present Compliance topics to internal stakeholders as part of an annual Controls Workshop.
2016 : 2017
Splunk
Security Operations, Sr Compliance Analyst
Company:
OpenText
Years of Experience:
5
Skills
Information Security, PCI DSS, Risk Assessment
Profile Photo
