Profiles search
Lulu Wang, CIPT (she/her)
Information Security Governance Manager
Waltham, MA, United States
Details
Experience:
Saks Cloud Services (SCS) is an operating company within Saks, the premier digital platform for luxury fashion. SCS provides IT infrastructure services, technology consulting and systems integration services, while also serving as a software reseller and service provider.
• Assess risk management tools, techniques, and procedures to enhance risk management capabilities throughout the enterprise.
• Lead the Third-Party Risk Assessment activities of prospective and existing vendors.
• Provide input and direction into the development and maintenance of the Disaster Recovery and Business Continuity Plans.
• Lead the IT SOX, ISO 27001, and PCI compliance programs, including technical controls implementation, gap identification, and liaising with External and Internal Audit.
• Develop information governance guidance and policies to ensure technical assurance.
• Provide awareness training for employees to comply with policies.
• Monitor and govern data-related controls including data access, data security measures, and data retention to ensure the restricted and confidential data is adequately protected.
• Perform IT risk management and IT audit (risk and control) analysis including risk register, risk analysis, and risk remediation, information security risk assessments, and data protection impact assessments.
2022 : Present
Saks
Information Security Governance Manager
• Collected and compiled an enterprise data inventory and assessed the risks of company-regulated information assets to ensure risks are appropriately identified, recorded, and treated.
• Audited regulated information assets through the data lifecycle to ensure data protection controls are designed and implemented by the functional departments and are compliant with Information Governance Standards.
• Coordinated with privacy counsels to respond to data security incidents and enhance the company's data security incident response plan.
• Produced and delivered training programs to functional leaders on complying with privacy and data protection laws and regulations.
• Performed ITGC Internal design walkthrough and testing and provided recommendations to business SMEs to prepare for the external audit.
• Applied knowledge in various Information Security Governance Risk and Compliance frameworks, including data privacy and protection experience (GDPR, CCPA/CPRA), IT Sarbanes-Oxley (SOX), ISO27001, and NIST 800-53.
• Performed IT risk management and IT audit (risk and control) analysis including risk register, risk analysis, and risk remediation, information security risk assessments, and data protection impact assessments.
• Assessed security risks in different technologies including cloud Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
• Evaluated and validated controls around the full technology stack from the application, operating system, database, and networking layers.
2021 : 2022
Mimecast
Information Governance Manager
2020 : 2021
Mimecast
Information Governance Team Lead
2018 : 2020
Mimecast
Operational Risk Analyst
• Assisted the testers to gather evidence, test controls, and upload the test papers into RSA Archer.
• Contributed to writing controls and develop Microsoft Access database that comprises IT risks, control activities, and regulatory standards.
• Analyzed the requirements for IT FLoD program (First Line of Defense) metrics dashboards and supported with UI development.
• Prepared evidence for CAT (Consolidated Audit Trail) by performing gap analysis among shared applications to compile a list of Corporate applications that SSGA employees have access.
• Assisted IT application manager to certificate critical Living Will applications and informed the Business and Application owners about certifiable results.
• Inquired, analyzed, and compiled the evidence of IT critical resources to the virtual data repository.
2017 : 2018
State Street Global Advisors
IT Risk and Compliance Analyst
• Assess risk management tools, techniques, and procedures to enhance risk management capabilities throughout the enterprise.
• Lead the Third-Party Risk Assessment activities of prospective and existing vendors.
• Provide input and direction into the development and maintenance of the Disaster Recovery and Business Continuity Plans.
• Lead the IT SOX, ISO 27001, and PCI compliance programs, including technical controls implementation, gap identification, and liaising with External and Internal Audit.
• Develop information governance guidance and policies to ensure technical assurance.
• Provide awareness training for employees to comply with policies.
• Monitor and govern data-related controls including data access, data security measures, and data retention to ensure the restricted and confidential data is adequately protected.
• Perform IT risk management and IT audit (risk and control) analysis including risk register, risk analysis, and risk remediation, information security risk assessments, and data protection impact assessments.
2022 : Present
Saks
Information Security Governance Manager
• Collected and compiled an enterprise data inventory and assessed the risks of company-regulated information assets to ensure risks are appropriately identified, recorded, and treated.
• Audited regulated information assets through the data lifecycle to ensure data protection controls are designed and implemented by the functional departments and are compliant with Information Governance Standards.
• Coordinated with privacy counsels to respond to data security incidents and enhance the company's data security incident response plan.
• Produced and delivered training programs to functional leaders on complying with privacy and data protection laws and regulations.
• Performed ITGC Internal design walkthrough and testing and provided recommendations to business SMEs to prepare for the external audit.
• Applied knowledge in various Information Security Governance Risk and Compliance frameworks, including data privacy and protection experience (GDPR, CCPA/CPRA), IT Sarbanes-Oxley (SOX), ISO27001, and NIST 800-53.
• Performed IT risk management and IT audit (risk and control) analysis including risk register, risk analysis, and risk remediation, information security risk assessments, and data protection impact assessments.
• Assessed security risks in different technologies including cloud Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS).
• Evaluated and validated controls around the full technology stack from the application, operating system, database, and networking layers.
2021 : 2022
Mimecast
Information Governance Manager
2020 : 2021
Mimecast
Information Governance Team Lead
2018 : 2020
Mimecast
Operational Risk Analyst
• Assisted the testers to gather evidence, test controls, and upload the test papers into RSA Archer.
• Contributed to writing controls and develop Microsoft Access database that comprises IT risks, control activities, and regulatory standards.
• Analyzed the requirements for IT FLoD program (First Line of Defense) metrics dashboards and supported with UI development.
• Prepared evidence for CAT (Consolidated Audit Trail) by performing gap analysis among shared applications to compile a list of Corporate applications that SSGA employees have access.
• Assisted IT application manager to certificate critical Living Will applications and informed the Business and Application owners about certifiable results.
• Inquired, analyzed, and compiled the evidence of IT critical resources to the virtual data repository.
2017 : 2018
State Street Global Advisors
IT Risk and Compliance Analyst
Company:
Saks
Spoken Language:
Chinese, English
About
Experienced information governance professional with a demonstrated history of working in the information technology and services industry. Skilled in Cyber-security, Privacy, Business Intelligence, and Data Science. Strong finance professional with a Master's degree focused in Information Technology from Bentley College - Elkin B. McCallum Graduate School of Business.
Profile Photo
