Profiles search
Jason Korth, CISSP, CISA, CIA, PCI ISA
Sr. Information Security Risk & Compliance Consultant at U.S. Bank
Cottage Grove, MN, United States
Details
Experience:
• Certified PCI Internal Security Assessor (ISA)
• PCI subject matter expert supporting three key business lines
• Consult with business line development teams to identify PCI-compliant solutions
• Coach business lines in preparation for PCI Qualfied Security Assessor (QSA) assessments
• Conduct PCI gap assessments and develop remediation strategies
• Lead governance and process improvement initiatives to further the PCI program in alignment to other Information Security GRC programs
2016 : Present
U.S. Bank
Sr. Information Security Risk & Compliance Consultant - PCI
• Provided consulting to clients ranging from global insurance and manufacturing organizations to regional transportation, manufacturing, and health insurance firms
• Performed Information Security program maturity assessments based on ISO 27002
• Performed Vulnerability Management Program maturity assessments based on NIST 800-40, 800-53, PCI DSS 3.1, ISO 27001, and ISA-99
• Developed comprehensive technology-focused and user-focused security policies, standards, and roadmaps consistent with ISO 27002, SANS Top 20, and PCI DSS
• Produced Security Awareness Training for end-user audiences based on established and emerging threat vectors
• Consulted with clients on the impact of policy and standard changes and developed communications to gain acceptance
• Helped drive the growth of new business by developing marketing literature and driving strategy sessions with current and prospective clients
2014 : 2016
Blue Bay Technologies
Principal Security Consultant
• Operational & project manager for identity & access management (IAM) compliance toolset
• Lead team responsible for monitoring application security access controls compliance to corporate policies, standards and regulations
• SOX 404 program manager for entire technology organization; develop and continuously improve SOX testing strategies and processes to meet stakeholder (audit) needs
• Regularly partner with Internal/external audit on scope/schedule of technical audits, quarterly SOX testing, and continuous evaluation activities
• Lead the coordination and response for regulatory agency exams related to technology controls
• Provided consultation between technology leaders and auditors on appropriate action plans; tracked and reported monthly remediation progress to technology executives; maintained 100% on-time closure
• Developed baseline risk assessment for the information security program leveraging COBIT, NIST 800-53, ISO 27001, PCI, FFIEC and other industry guidance
2012 : 2014
Ameriprise Financial Services, Inc.
Sr. Information Security Analyst - Regulatory & Compliance
• Provided day to day management and thought leadership to the Disaster Recovery Governance team responsible for monitoring DR solutions and coordinating exercises aligned with business criticality.
• Drove the enhancement of DR plans and exercise standards, processes and procedures resulting in improved results and greater accountability on the part of application and vendor teams.
• Leveraged control expertise to identify, track and communicate DR-related risks in technology environment; partnered with Internal Audit and Operational Risk organizations, completing risk profiles and management self-assessments and drove follow-through to remediation.
• Implemented improved metrics reporting to accurately capture DR risk posture and compliance status to application stakeholders.
• Coordinated Business Impact Analysis (BIA) for technology infrastructure organizations.
2011 : 2012
Ameriprise Financial Services, Inc.
Technology Team Leader - Disaster Recovery
• Specialized in providing IT expertise to business/compliance auditors in support of integrated audits across a broad spectrum of the business including advisor channels, asset management/investments, life insurance, property & casualty, banking, finance, and vendor management.
• Provided timely technology control consulting advice to project leadership teams in support of complex IT implementation projects with budgets up to $15M and merger and acquisition teams with budgets exceeding $40M. Projects included PeopleSoft Financials, Sabrix Sales & Use Tax, and integration efforts with Seligman Funds, H&R Block Financial Advisors, and Columbia Asset Management.
• Led IT General Controls audits of subsidiary technology operations and coordinated SOX control scoping and testing efforts.
• Led and/or contributed to assurance and consulting projects for IT Architecture Strategy, Windows Active Directory, User Access Administration, Citrix Metaframe, Incident & Problem Management, and System Balancing Controls using the COBIT framework.
• Created framework and methodology for Data Analysis initiatives within R&CS and developed hardware acquisition plan.
• Participated in efforts to develop a Continuous Auditing framework for monitoring organizational risk under changing priorities in a complex structure functioning in a highly-regulated industry.
2007 : 2010
Ameriprise Financial Services, Inc.
Senior IT Auditor
• PCI subject matter expert supporting three key business lines
• Consult with business line development teams to identify PCI-compliant solutions
• Coach business lines in preparation for PCI Qualfied Security Assessor (QSA) assessments
• Conduct PCI gap assessments and develop remediation strategies
• Lead governance and process improvement initiatives to further the PCI program in alignment to other Information Security GRC programs
2016 : Present
U.S. Bank
Sr. Information Security Risk & Compliance Consultant - PCI
• Provided consulting to clients ranging from global insurance and manufacturing organizations to regional transportation, manufacturing, and health insurance firms
• Performed Information Security program maturity assessments based on ISO 27002
• Performed Vulnerability Management Program maturity assessments based on NIST 800-40, 800-53, PCI DSS 3.1, ISO 27001, and ISA-99
• Developed comprehensive technology-focused and user-focused security policies, standards, and roadmaps consistent with ISO 27002, SANS Top 20, and PCI DSS
• Produced Security Awareness Training for end-user audiences based on established and emerging threat vectors
• Consulted with clients on the impact of policy and standard changes and developed communications to gain acceptance
• Helped drive the growth of new business by developing marketing literature and driving strategy sessions with current and prospective clients
2014 : 2016
Blue Bay Technologies
Principal Security Consultant
• Operational & project manager for identity & access management (IAM) compliance toolset
• Lead team responsible for monitoring application security access controls compliance to corporate policies, standards and regulations
• SOX 404 program manager for entire technology organization; develop and continuously improve SOX testing strategies and processes to meet stakeholder (audit) needs
• Regularly partner with Internal/external audit on scope/schedule of technical audits, quarterly SOX testing, and continuous evaluation activities
• Lead the coordination and response for regulatory agency exams related to technology controls
• Provided consultation between technology leaders and auditors on appropriate action plans; tracked and reported monthly remediation progress to technology executives; maintained 100% on-time closure
• Developed baseline risk assessment for the information security program leveraging COBIT, NIST 800-53, ISO 27001, PCI, FFIEC and other industry guidance
2012 : 2014
Ameriprise Financial Services, Inc.
Sr. Information Security Analyst - Regulatory & Compliance
• Provided day to day management and thought leadership to the Disaster Recovery Governance team responsible for monitoring DR solutions and coordinating exercises aligned with business criticality.
• Drove the enhancement of DR plans and exercise standards, processes and procedures resulting in improved results and greater accountability on the part of application and vendor teams.
• Leveraged control expertise to identify, track and communicate DR-related risks in technology environment; partnered with Internal Audit and Operational Risk organizations, completing risk profiles and management self-assessments and drove follow-through to remediation.
• Implemented improved metrics reporting to accurately capture DR risk posture and compliance status to application stakeholders.
• Coordinated Business Impact Analysis (BIA) for technology infrastructure organizations.
2011 : 2012
Ameriprise Financial Services, Inc.
Technology Team Leader - Disaster Recovery
• Specialized in providing IT expertise to business/compliance auditors in support of integrated audits across a broad spectrum of the business including advisor channels, asset management/investments, life insurance, property & casualty, banking, finance, and vendor management.
• Provided timely technology control consulting advice to project leadership teams in support of complex IT implementation projects with budgets up to $15M and merger and acquisition teams with budgets exceeding $40M. Projects included PeopleSoft Financials, Sabrix Sales & Use Tax, and integration efforts with Seligman Funds, H&R Block Financial Advisors, and Columbia Asset Management.
• Led IT General Controls audits of subsidiary technology operations and coordinated SOX control scoping and testing efforts.
• Led and/or contributed to assurance and consulting projects for IT Architecture Strategy, Windows Active Directory, User Access Administration, Citrix Metaframe, Incident & Problem Management, and System Balancing Controls using the COBIT framework.
• Created framework and methodology for Data Analysis initiatives within R&CS and developed hardware acquisition plan.
• Participated in efforts to develop a Continuous Auditing framework for monitoring organizational risk under changing priorities in a complex structure functioning in a highly-regulated industry.
2007 : 2010
Ameriprise Financial Services, Inc.
Senior IT Auditor
Company:
U.S. Bank
About
• Technology controls expert with a proven track record of improving processes and driving out risk
• Analytical thinker with solid interpersonal skills and big picture solutions
Specialties: PCI Data Security Standard (PCI DSS), Information Security Governance, Risk & Compliance, Identity & Access Management Governance, Vulnerability Management Program Maturity Reviews, Integrated Audits, Regulatory Exam and Testing Program Management, Business Continuity & Disaster Recovery Program Management, Technology Vendor Management, Computer-Assisted Audit Techniques (CAAT), IT General Controls
Tools: RSA Aveksa, CyberArk, Archer GRC, ServiceNow, IDEA, ACL, Adobe Creative Cloud
Profile Photo
