Profiles search

Jennifer Mak

Senior Manager, Cybersecurity Strategy, Risk, Compliance & Resilience at EY
Seattle, WA, United States

Details

Education: BS in Commerce

Information Technology & Finance

University of Virginia

2007 : 2011
Experience: 2019 : Present

EY

Senior Manager, Cybersecurity Program Transformation

• Assessed maturity of clients’ information security programs and corresponding ability to protect against, detect, and respond to threats. Developed a roadmap of prioritized quick-win, tactical and strategic improvement initiatives to improve overall security posture.

• Installed and configured Symantec data loss prevention (DLP) solutions in client data centers to identify sensitive data-at-rest on client networks and data-in-motion transmitted externally to determine effectiveness of data protection and handling practices.

• Assisted Fortune 50 and Fortune 500 global companies with developing PCI scoping strategies and compliant technology transformation options.

• Provided PCI DSS consulting services for 59 global lines of business in 24 countries for a Fortune 500 company, including :

- Updated control standards to align with PCI requirements, or wrote new documentation where no existing standards existed.

- Identified gaps in business processes and controls, assessed remediation, and tracked to closure within Archer GRC.

- Helped develop go-forward PCI governance strategy and process for onboarding and maintaining PCI compliance status of each line of business.

- Held workshops for remediation planning, scoping, design and solution development.

• Identify gaps and process improvements for client information security management systems against ISO/IEC 27001/27002 security, ISO/IEC 27018 cloud privacy, and ISO/IEC 20000-1 IT service management controls.

• Assisted in design of client's governance program to protect national critical infrastructure, hosted threat landscape workshops, assessed threats, as well as rolled out processes for ongoing threat modelling and risk assessment.

2015 : 2019

EY

Cybersecurity Strategy, Risk, Compliance & Resilience

• Executed various cybersecurity program maturity assessments : evaluating client information security environments against authoritative cybersecurity standards such as NIST 800-53, NIST cybersecurity framework (NIST CSF), ISO 27001/27002.

• Leveraged various IT Security tools (e.g., Tenable, Tripwire, BladeLogic, SolarWinds) to analyze client network architecture design, secure configurations (for servers, firewalls, routers, switches, mobile devices, and applications), vulnerability management, incident detection and response, etc.

• Assessed design and effectiveness of mobile device management (MDM) solutions across multiple entities to manage and secure personally-owned and company-owned smartphones and tablets including reviewing central configuration policies.

• Assess maturity and recommend improvement opportunities for client data protection practices to secure confidential, sensitive, personal, or medical information.

• Configured/tuned data loss prevention solutions (McAfee, Fidelis) and performed analysis to identify data-at-rest on client networks and data-in-motion communicated externally to assess effectiveness of data protection and handling practices.

• Developed EY’s Global IT Internal Audit Methodology for Co-Sourced/Outsourced projects, specifically Cyber Security and Pre-/Post- Implementations.

2011 : 2015

EY

IT Advisory Services

2010 : 2010

EY

IT Risk & Assurance
Company: EY
Years of Experience: 13
Spoken Language: Cantonese, English

Skills

Accounting, Assurance, Business Continuity, Corporate Finance, Data Analysis, Disaster Recovery, Due Diligence, Finance, Financial Accounting, Financial Analysis, Financial Modeling, Financial Reporting, GAAP, Information Technology, Internal Controls, IT Audit, Microsoft Excel, Microsoft Office, US GAAP, Valuation

About

For over a decade, Jennifer has been helping clients tackle security and privacy challenges ranging from cybersecurity compliance to large-scale program design, implementation, and transformation. By driving integration across cross-functional stakeholders in supply chain, security, privacy legal, sustainability, and technology to achieve actionable outcomes, Jennifer helps clients achieve their business objectives in a secure manner.



In addition to being a leader for EY's US West third party security services, her experience includes cybersecurity assessments of people, process and technology capabilities around: supply chain security, cloud security, data privacy, and business continuity/disaster recovery. This includes has extensive hand-on work with PCI DSS, NIST 800-53, NIST Cybersecurity Framework, ISO 27001/27002/27701/27017/27018/20000-1, and SOX-404 in various industries (Aerospace & Defense, Emerging Technology, Telecom, and Financial Products).



She is a Certified Information Systems Security Professional (CISSP), Certified Information Privacy Technologist (CIPT), and Certified Information Systems Auditor (CISA). And previously a Payment Card Industry Qualified Security Assessor (PCI QSA), ISO 27001 Lead Auditor & Lead Implementer, ISO 27017 Lead Auditor, and ISO 27018 Lead Auditor.