Profiles search
Stephanie Cabrales
Sr. Information Security Risk & Compliance Analyst at Neiman Marcus Group
Chicago, IL, United States
Details
Education:
MS in Cybersecurity
Concentrating in Networking Infrastructure, Governance, Risk Management and Compliance
DePaul University College of Computing and Digital Media
2018 : 2021
Bachelor's degree
Criminology, Law & Justice
University of Illinois at Chicago
2013 : 2017
High School Diploma
Lincoln Park High School
2009 : 2013
Concentrating in Networking Infrastructure, Governance, Risk Management and Compliance
DePaul University College of Computing and Digital Media
2018 : 2021
Bachelor's degree
Criminology, Law & Justice
University of Illinois at Chicago
2013 : 2017
High School Diploma
Lincoln Park High School
2009 : 2013
Experience:
2022 : Present
Neiman Marcus Group
Sr. Information Security, Risk & Compliance Analyst
• Integrating OneTrust tool to improve and automate our Vendor Risk Management Program and Vendor Cybersecurity Program.
• Continuously develop Vendor Risk Management Program by updating processes based on frameworks, standards, laws, and regulations.
• Manage on-boarding of third parties by performing security and risk assessment along with continuous reviews.
• Collaborate with Compliance and Legal to apply regulations and laws for vendor off-boarding.
• Manage and advance Vendor Cybersecurity program components : security monitoring, incident response, vulnerability remediation, and program process implementation.
• Develop dashboards and metrics to present to senior leadership for program improvement recommendations.
• Review security scans and audit reports as part of vendor risk management.
• Asses the effectiveness of security controls across vendor enterprise, including compliance to policy, applicable regulations, and contractual obligations.
• Regularly review and update plans and policies to be in line with regulatory and control requirements.
• Coordinate with Legal and Compliance functions to ensure proper implementation of data privacy legislation and disclosures to contracts.
• Leverage security monitoring tools for vendor vulnerability and security threat remediation (Security Scorecard and BitSight).
2020 : 2022
StoneX Group Inc.
Senior Information Technology Analyst - Governance, Risk Management, and Complaince
• Provide security guidance and requirements for IT project initiatives (200+ projects).
• Review project technologies with Project Managers to ensure security is implemented correctly by providing applicable security controls. Security controls include but are not limited to the following areas : security architecture, cloud security, access management, encryption, application security.
• Review and apply standards, regulations and frameworks related to GDPR, HIPAA, PCI, SOX, OWASP, COBIT, and NIST.
• Coordinate and facilitate Security Design Review Meetings to review logical architectures and design diagrams with Project Teams and Security Subject Matter Experts.
• Aggregated enterprise security standards, policies, and supplemental documentation to improve security review processes to adapt to covid-19 climate.
• Develop dashboards utilized by senior leadership to make decisions and assess existing initiatives.
• Collaborate with Security Partners to evolve security implementations for IT efforts.
• Well-versed in Project Management Life Cycle (PMLC) and have assisted security implementation within the PMLC review process.
• Effectively offered guidance and answered inquiries on security technical subject matters to technical and non-technical customers.
2019 : 2020
United Airlines
Cyber Security Advisory Analyst
• Conducted third-party vendor audits to analyze risks and operational compliance.
• Actively audited application transactions for system access security.
• Led weekly incident meetings to inform Management of updates regarding recent organization incidents (IT, Operational, etc.).
• Investigated and performed root cause analysis on IT related incidents.
• Certified user access to multiple application environments for business security (IAM).
• Proactively monitored risk exposures in conformity with the risk principles, profile, appetite and limits approved by the Board of Combined Insurance while aggregating and reporting material risks.
• Partnered closely with internal business leaders to ensure that operational controls met Management's need for risk oversight.
• Collaborated with Risk Management Director to plan workplace recovery strategies.
• Compiled and analyzed 80+ Business Impact Analyses results to identify staff accountability, critical procedures, process transfer, remote access, inventory, dependent third-party vendors (list is not exhaustive).
2018 : 2019
Combined Insurance
Risk Analyst of Global Risk Management
• Applied fundamental understanding of relevant laws to file pleadings for attorneys
• Reviewed case law for varying matters that were relevant to unique filing circumstances
• Drafted and proofread contracts, petitions, affidavits, subpoenas, motions and correspondence
• Managed incoming calls and emails with clients, opposing counsel, court personnel and state agencies
• Assisted attorneys in providing clients their court documents
• Entrusted with confidential client information
2017 : 2018
Golan Christie Taglia LLP
Litigation Legal Assistant
Neiman Marcus Group
Sr. Information Security, Risk & Compliance Analyst
• Integrating OneTrust tool to improve and automate our Vendor Risk Management Program and Vendor Cybersecurity Program.
• Continuously develop Vendor Risk Management Program by updating processes based on frameworks, standards, laws, and regulations.
• Manage on-boarding of third parties by performing security and risk assessment along with continuous reviews.
• Collaborate with Compliance and Legal to apply regulations and laws for vendor off-boarding.
• Manage and advance Vendor Cybersecurity program components : security monitoring, incident response, vulnerability remediation, and program process implementation.
• Develop dashboards and metrics to present to senior leadership for program improvement recommendations.
• Review security scans and audit reports as part of vendor risk management.
• Asses the effectiveness of security controls across vendor enterprise, including compliance to policy, applicable regulations, and contractual obligations.
• Regularly review and update plans and policies to be in line with regulatory and control requirements.
• Coordinate with Legal and Compliance functions to ensure proper implementation of data privacy legislation and disclosures to contracts.
• Leverage security monitoring tools for vendor vulnerability and security threat remediation (Security Scorecard and BitSight).
2020 : 2022
StoneX Group Inc.
Senior Information Technology Analyst - Governance, Risk Management, and Complaince
• Provide security guidance and requirements for IT project initiatives (200+ projects).
• Review project technologies with Project Managers to ensure security is implemented correctly by providing applicable security controls. Security controls include but are not limited to the following areas : security architecture, cloud security, access management, encryption, application security.
• Review and apply standards, regulations and frameworks related to GDPR, HIPAA, PCI, SOX, OWASP, COBIT, and NIST.
• Coordinate and facilitate Security Design Review Meetings to review logical architectures and design diagrams with Project Teams and Security Subject Matter Experts.
• Aggregated enterprise security standards, policies, and supplemental documentation to improve security review processes to adapt to covid-19 climate.
• Develop dashboards utilized by senior leadership to make decisions and assess existing initiatives.
• Collaborate with Security Partners to evolve security implementations for IT efforts.
• Well-versed in Project Management Life Cycle (PMLC) and have assisted security implementation within the PMLC review process.
• Effectively offered guidance and answered inquiries on security technical subject matters to technical and non-technical customers.
2019 : 2020
United Airlines
Cyber Security Advisory Analyst
• Conducted third-party vendor audits to analyze risks and operational compliance.
• Actively audited application transactions for system access security.
• Led weekly incident meetings to inform Management of updates regarding recent organization incidents (IT, Operational, etc.).
• Investigated and performed root cause analysis on IT related incidents.
• Certified user access to multiple application environments for business security (IAM).
• Proactively monitored risk exposures in conformity with the risk principles, profile, appetite and limits approved by the Board of Combined Insurance while aggregating and reporting material risks.
• Partnered closely with internal business leaders to ensure that operational controls met Management's need for risk oversight.
• Collaborated with Risk Management Director to plan workplace recovery strategies.
• Compiled and analyzed 80+ Business Impact Analyses results to identify staff accountability, critical procedures, process transfer, remote access, inventory, dependent third-party vendors (list is not exhaustive).
2018 : 2019
Combined Insurance
Risk Analyst of Global Risk Management
• Applied fundamental understanding of relevant laws to file pleadings for attorneys
• Reviewed case law for varying matters that were relevant to unique filing circumstances
• Drafted and proofread contracts, petitions, affidavits, subpoenas, motions and correspondence
• Managed incoming calls and emails with clients, opposing counsel, court personnel and state agencies
• Assisted attorneys in providing clients their court documents
• Entrusted with confidential client information
2017 : 2018
Golan Christie Taglia LLP
Litigation Legal Assistant
Company:
Neiman Marcus Group
Years of Experience:
7
Spoken Language:
English, Spanish
Skills
Auditing, Bilingual Communications, Conflict Resolution, control monitoring, Criminal Investigations, Criminal Law, Critical Incident Debriefing, Cyber Defense, Cybersecurity, Data Analysis, Data Classification, General Data Protection Regulation (GDPR), Identity & Access Management (IAM), Incident Handling, Incident Investigation, Incident Management, Incident Response, Information Security, Information Security Management, Interpersonal Communication, ISO 27001, ISO Standards, IT Compliance, IT Controls, IT GRC, Jira, Leadership, Microsoft Excel, Microsoft Power BI, Microsoft PowerPoint, NIST, OneTrust, Public Speaking, Research, Risk Analytics, Risk Assessment, Risk Management, Risk Reduction, Security, Security Incident Response, Spanish, Team Leadership, Third-Party Vendor Management, third-party vendor risk management, third party vendor auditing , Vulnerability Management
About
Experienced Information Security Analyst. Skilled in Governance, Risk Management and Compliance.
2021 Graduate - Master of Science degree in Cybersecurity, concentrating in Networking Infrastructure, Governance, Risk Management and Compliance from DePaul University.
Profile Photo
