Profiles search
Maria Spano
Passionate Results-Oriented Cyber Security Professional experienced in Project Management | Risk Transformation | Enterprise and Cybersecurity Strategy
New York, NY, United States
Details
Experience:
2022 : Present
EY
Senior Cybersecurity Consultant
Responsibilities :
• Develops and maintains relationships with both internal and external stakeholders to build long term partnerships between controller teams, HR personnel, IT compliance, and cybersecurity teams
• Promotes end-to-end coordination of projects including providing stakeholders with detailed resource requirements, risk mitigation plans, and delivering project key performance indicators
•Championed cross-functionality across geographies by managing offshore and onshore teams at all levels to support large-scale programs and initiatives such as a high-quality internal business process audit and implementation of a cybersecurity risk management program
• Analyzes cybersecurity and operational risks to identify improvement areas for security teams to address cyber threats and develop strong cybersecurity risk management programs
• Implemented data visualization tools for clients to track time-sensitive projects and presented critical data points to internal and external stakeholders on a weekly basis
• Facilitates the transformation of cybersecurity data into consolidated enterprise tools to match the needs of security teams while implementing new security risk management programs
• Leverages key cybersecurity frameworks such as NIST CSF and NIST 800-53b to streamline and identify critical assets to reduce cybersecurity risks
• Calculates project margins and presented metrics to senior management weekly to ensure engagements stayed within predetermined budgets
• Presented at a C-Suite Roundtable alongside senior management and the Information Security Director of a Fortune 500 client to discuss third party risk management, cybersecurity, and incident response plans
• Collaborated with clients to promote diversity, equity, and inclusion initiatives and translate them into industry best practices
• Coordinates daily team stand ups to discuss the progress of the project through completion and address any challenges faced to manage expectations
2020 : 2022
Ernst & Young
Cyber Security Consultant
• Participated on a client engagement in the Financial Audit Information Technology sector of the Risk Advisory practice
• Assisted the Information Technology and the Business Process team with testing, remediation, and documentation of over thirty Information Technology General Controls (ITGCs) and Key Business Process Controls (KBPCs)
• Documented walkthrough and testing procedures of key controls for the client and aided in the remediation of control deficiencies for quarter two
2019 : 2019
EY
Risk Advisory Intern
Information technology intern within the Corporate and Shared Services department at Travelers.
Responsibilities :
• Initiated a file server share reconciliation project where ninety file shares were migrated from six File Servers to Network-Attached Storage (NAS) shares to reduce costs for the Corporate and Shared Services (CSS) department
• Assisted with AD Group and Share cleanup effort by communicating with business owners to update information by using Lotus Notes and Remedy requests to meet user specifications
• Centralized CSS third-party inventory data into a single location on a SharePoint site in order to effectively review and update the data that is sent to and from Travelers to be in compliance with Information Security and Audit
• Redesigned CSS third-party data enterprise tool to translate 736 inventory items from an Excel spreadsheet to a SQL database tool to comply with Audit and enterprise tooling requirements
• Presented the status of third-party vendor assessments and remediation in person to the CSS Chief Information Officer
2018 : 2018
Travelers
Information Technology Intern
I worked at Marshalls, part of the TJX Companies, Inc. for two years. At Marshalls, I developed positive working relationships with management and customers. I was able to create a positive customer service experience for shoppers and contribute to increased customer loyalty. I also maintained organization of fitting room during peak hours to prevent theft, clean rooms, and prepare for new shoppers. I organized inventory from the stock room and placed it on features to prepare and make merchandise presentable. Lastly, I oversaw cash and credit transactions as main cashier to minimize wait times for shoppers and maximize positive customer experiences by completing transactions quickly and efficiently.
2014 : 2016
The TJX Companies, Inc.
Sales Associate
EY
Senior Cybersecurity Consultant
Responsibilities :
• Develops and maintains relationships with both internal and external stakeholders to build long term partnerships between controller teams, HR personnel, IT compliance, and cybersecurity teams
• Promotes end-to-end coordination of projects including providing stakeholders with detailed resource requirements, risk mitigation plans, and delivering project key performance indicators
•Championed cross-functionality across geographies by managing offshore and onshore teams at all levels to support large-scale programs and initiatives such as a high-quality internal business process audit and implementation of a cybersecurity risk management program
• Analyzes cybersecurity and operational risks to identify improvement areas for security teams to address cyber threats and develop strong cybersecurity risk management programs
• Implemented data visualization tools for clients to track time-sensitive projects and presented critical data points to internal and external stakeholders on a weekly basis
• Facilitates the transformation of cybersecurity data into consolidated enterprise tools to match the needs of security teams while implementing new security risk management programs
• Leverages key cybersecurity frameworks such as NIST CSF and NIST 800-53b to streamline and identify critical assets to reduce cybersecurity risks
• Calculates project margins and presented metrics to senior management weekly to ensure engagements stayed within predetermined budgets
• Presented at a C-Suite Roundtable alongside senior management and the Information Security Director of a Fortune 500 client to discuss third party risk management, cybersecurity, and incident response plans
• Collaborated with clients to promote diversity, equity, and inclusion initiatives and translate them into industry best practices
• Coordinates daily team stand ups to discuss the progress of the project through completion and address any challenges faced to manage expectations
2020 : 2022
Ernst & Young
Cyber Security Consultant
• Participated on a client engagement in the Financial Audit Information Technology sector of the Risk Advisory practice
• Assisted the Information Technology and the Business Process team with testing, remediation, and documentation of over thirty Information Technology General Controls (ITGCs) and Key Business Process Controls (KBPCs)
• Documented walkthrough and testing procedures of key controls for the client and aided in the remediation of control deficiencies for quarter two
2019 : 2019
EY
Risk Advisory Intern
Information technology intern within the Corporate and Shared Services department at Travelers.
Responsibilities :
• Initiated a file server share reconciliation project where ninety file shares were migrated from six File Servers to Network-Attached Storage (NAS) shares to reduce costs for the Corporate and Shared Services (CSS) department
• Assisted with AD Group and Share cleanup effort by communicating with business owners to update information by using Lotus Notes and Remedy requests to meet user specifications
• Centralized CSS third-party inventory data into a single location on a SharePoint site in order to effectively review and update the data that is sent to and from Travelers to be in compliance with Information Security and Audit
• Redesigned CSS third-party data enterprise tool to translate 736 inventory items from an Excel spreadsheet to a SQL database tool to comply with Audit and enterprise tooling requirements
• Presented the status of third-party vendor assessments and remediation in person to the CSS Chief Information Officer
2018 : 2018
Travelers
Information Technology Intern
I worked at Marshalls, part of the TJX Companies, Inc. for two years. At Marshalls, I developed positive working relationships with management and customers. I was able to create a positive customer service experience for shoppers and contribute to increased customer loyalty. I also maintained organization of fitting room during peak hours to prevent theft, clean rooms, and prepare for new shoppers. I organized inventory from the stock room and placed it on features to prepare and make merchandise presentable. Lastly, I oversaw cash and credit transactions as main cashier to minimize wait times for shoppers and maximize positive customer experiences by completing transactions quickly and efficiently.
2014 : 2016
The TJX Companies, Inc.
Sales Associate
Company:
EY
About
I am a results-oriented individual who uses my skills in information technology, cybersecurity, project management, and oral and written communication to deliver quality work as a client-serving professional. I develop and maintain relationships with both internal and external stakeholders to build long term partnerships between controller teams, HR personnel, IT compliance, and cybersecurity teams. I promote end-to-end coordination of projects including providing stakeholders with detailed resource requirements, risk mitigation plans, and delivering project key performance indicators. I also champion cross-functionality across geographies by managing offshore and onshore teams at all levels to support large-scale programs and initiatives such as high-quality internal business process audits and implementation of cybersecurity risk management programs.
Professional and personal interests include:
- Information Technology / Cybersecurity
- Project Management
- Web development
- Developing relationships
- Creative writing
- NFL football
- Basketball (both playing and watching)
Profile Photo
