Marcia Main

Information Security Executive. Non-Profit Board Member. Diversity-in-Tech Evangelist

Ft. Washington, MD, United States

Details

Education: Bachelor’s Degree

Management Information Systems, General

University of Maryland - Robert H. Smith School of Business

2008 : 2010

Management Information Systems

University of Maryland

Experience: Upside is a digital marketplace that connects millions of consumers with brick and mortar retailers nationwide. Since 2016, Upside's personalized offers have empowered individuals to gain greater purchasing power for their essential needs and helped businesses achieve measurable profits. Billions of dollars in commerce run through the Upside platform every year, and that value goes directly back to our retailers, the consumers they serve, and towards important sustainability initiatives.

At Upside, I am responsible for leading the Information Office, comprised of IT and Information Security.

2022 : Present

Upside

Chief Information Security Officer (CISO)

Equip women in need in our community on their path to financial independence by providing them with professional attire, coaching, and skills training

2022 :

Suited For Change

Board Member

Led our team of talented Security Engineers and Analysts, providing vital security functions such as Application Security/ DevSecOps, Consumer Security and Fraud Prevention, Security Architecture, Security Operations/SOC & Incident Response, Sales Support, and Governance, Risk and Compliance (GRC).

2020 : 2021

Rally Health

Head Of Information Security

Our team grew and increased scope in 2020! I have the privilege of leading an incredibly talented team of Strategy Analysts and Security Engineers. Together, our mission is to foster a balanced & proactive approach to security; assisting the CISO in curating a program for Rally that is focused on risk reduction while supporting our business. Our main responsibilities are :

Processes/Programs we own and execute :

1. Vulnerability Management - from scanning/identification to remediation tracking. Our approach is to fully engage with system owners and help with prioritization (not just to throw a vulnerability scan over the fence!) so that we can, together, optimize resource utilization v.s. risk reduction

2. Cloud Security for our AWS environments - setting standards/requirements & partnering with system owners to incorporate security in infrastructure management/deployment (for both traditional and container/DevOps-based environments);

3. Risk Management - yearly assessment to ensure we mitigated critical risks; tracking of treatment plans; training and engaging leaders to foster awareness and identification/treatment of risks;

4. Vendor Risk Management - assessment and tracking of the security posture of vendors/potential vendors;

Overall Security Governance :

1. Security Policy Ownership & Management

2. Control Library Management - collaborating across Rally to design/update necessary security processes. Including yearly alignment with Risk Management Program to ensure existing controls cover critical risks

3. Internal Assessments - testing the effectiveness of our key security processes

4. External Audit Support - SOC 2 Type 2 & HITRUST

5. Security Awareness & Engagement - security awareness training, phishing-resistance training campaigns AND our new program to engage all Rallyers in the Security Program so expectations are clear throughout the organization

2020 : 2020

Rally Health

Security Strategy Director

2018 : 2020

Rally Health

Security and Compliance Sr. Manager

Company: Upside

Years of Experience: 18

Spoken Language: English, Portuguese

Skills

Business Analysis, Consulting, HIPAA, Information Security Management, Information Technology, ISO 27001, IS Risk Assessment, IT Audit, IT SOX, Leadership, Management, Program Development, Program Management, Project Management, Risk Management, Sarbanes-Oxley Act, Strategy, Vendor Management

About

My passion is to help organizations achieve their ideal balance between risk mitigation and business objectives. In a successful business, risks to the data we have to protect (from our valued customers, our employees, our intellectual property) cannot be reduced to zero... then you throw in regulatory requirements in the mix and the balancing act is incredibly complex! This is what keeps me engaged and excited to be part of this field :)

My collaborative approach to solving this challenge is what differentiates me as a leader in Security. Putting it simply, this means that I continuously work with leaders/teams across the organization to help them build security into their processes so that, together, we raise the maturity and efficacy of our Data Protection efforts.

I am also very proud of being an effective people leader. My teams deliver results and are known for excellence. But getting the job done is only part of the picture; my favorite part is going beyond that and making an impact on someone's career and growth! I work closely with everyone on my team to help them excel in their current role, find their passion, and/or prepare for their next step.

☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲☲

Specialties: People Management, Vulnerability Management, Data Privacy, Security Risk Management, Security Audit Management, Security Governance