Tammie Cox
Details
Pepperdine University, The George L. Graziadio School of Business and Management
Bachelors of Science (BS)
Management Information Systems
California State University-Long Beach
✓ Facilitated a global cyber program assessment for a client after the organization experienced a major information security breach. Applied the NIST CSF industry standard and assessed the client’s maturity on the CMMI scale.
✓ Gained an in-depth understanding of deficient controls, processes, and procedures in the client’s technology environment. Deployed automated reporting within six months that identified gaps, forwarded information to required stakeholders, and aided in developing remediation plans.
✓ Established a data testing program that proactively identified critical data sets, tested for restoration/resiliency capabilities, and developed new policies/procedures that assisted in governing data sets in the future.
✓ Ensured all regulatory requirements were met by the MRA within the deadline established by the regulators. Installed a new robust testing program that enabled the organization to manage data corruption scenarios.
✓ Installed and managed a privacy office program that addressed California Consumer Privacy Act (CCPA) requirements. Launched processes and tools related to program governance, data discovery, workflow management, policies/procedures, and organizational change management.
✓ Deployed a cyber security roadmap that improved the overall risk posture and maturity of the cyber risk program. Identified and prioritized areas for improvement that allowed the client to further refine the existing controls.
✓ Initiated an enterprise wide IoT program that was comprised of talent management, sales, marketing, and vendor management teams. Incorporated service offerings that included ICS, connected vehicles, medical devices, and smart cities.
2018 : Present
EY
Director - Cybersecurity and Information Security
✓ Collaboratively led a team of 15 members that established a new cyber resilience offering. Developed and published sales materials, targeted client lists, cheat sheets, and trained a pool of resources to support launch.
✓ Successfully launched the new cyber resilience offering in the targeted client environments. Grew the revenue from $0 to $20M annually.
✓ Engaged a global team of 30 members that assisted in the development of standards and policies on how to handle sensitive data for the new Rams facility in Los Angeles as one of the firm’s first Internet of Things (IoT) projects.
✓ Seamlessly executed and integrated security governance for the new facility. Generated $18M in revenue and leveraged lessons learned to apply best practices to another IoT engagement.
✓ Successfully managed the delivery of DFARS (Defense Federal Acquisition Regulation Supplement) Risk Frameworks by overseeing the deployment of threat assessments, risk analysis, and the creation of comprehensive policies/plans.
✓ Conducted thorough assessments of organizations' cybersecurity maturity and core capabilities, aligned with DFARS 252.2014-7012 mandated security controls.
✓ Leveraged NIST SP 800-171 and NIST SP 800-53 frameworks, determined program maturity level, and identified growth areas, strengths, and opportunities.
✓ Collaborated with key business and IT stakeholders to develop comprehensive risk management strategies that integrated risk management into operational, regulatory/statutory, financial, technical, and security processes.
✓ Led the development of high-impact programs for business continuity, disaster recovery, and information security for technology-driven organizations. Ensured financial estimates were met, validated adequacy of end-state production recovery environments, and successfully delivered on strategic planning goals.
2015 : 2018
Deloitte
Senior Manager - Cybersecurity
✓ Effectively managed information security programs for high-tech organizations. Achieved financial goals, ensured robust production recovery environments, met strategic planning milestones, and coordinated technology resources with business units and development teams.
✓ Spearheaded the development of comprehensive disaster recovery and business continuity programs by creating essential documentation that included charters, policies, Standard Operating Procedures (SOPs), roadmaps, designs, and models.
✓ Formulated a comprehensive risk management strategy in collaboration with key business and IT stakeholders by integrating risk management into operational, regulatory, financial, technical, and security processes across the enterprise.
✓ Oversaw security aspects of both business and IT initiatives that involved architecture, design, implementation, and deployment of secure technology solutions.
2006 : 2015
Sungard Availability Services
Manager – Information Security, Disaster Recovery, & Business Continuity
Skills
Business Continuity, Business Continuity Planning, Business Process, CBCP, CISSP, Cloud Computing, COBIT, Cross-functional Team Leadership, Cybersecurity, Data Center, Disaster Recovery, Enterprise Architecture, Enterprise Software, Governance, Incident Management, Information Security, Information Security Management, Information Technology, Infrastructure, Integration, ISO 27001, IT Audit, ITIL, IT Management, IT Operations, IT Service Management, IT Strategy, Leadership, Managed Services, Management, Management Consulting, PCI DSS, Penetration Testing, PMO, PMP, Professional Services, Program Management, Project Management, Project Portfolio Management, Risk Management, SaaS, SDLC, Security, Software Development, Solution Architecture, Solution Design, Strategy, Vendor Management, Virtualization, Vulnerability Assessment
About
Hello, my name is Tammie and I’m a dynamic, highly technical, hands-on Cyber and Information Security Executive with a proven track record in data governance, risk, and compliance across complex technology environments. I’m skilled in developing comprehensive enterprise-level cybersecurity initiatives that begin with assessing clients' current cyber posture using recognized frameworks (NIST, ISO, FFIEC, SOX) and subsequently implementing strategic controls to address vulnerabilities (e.g., Identity Access Management, Configuration Management, Policy Governance). I’m adept at leading cross-functional teams, managing engagement lifecycles, and ensuring timely, high-quality project deliverables. I motivate teams and develop talent that contributes to recruitment and retention efforts. I’m recognized for effectively briefing executive leadership at Fortune 500 companies on cybersecurity status. I’m also renowned for industry contributions, including innovative service offerings in IT strategy, program management, cybersecurity, and various operational disciplines.
Some of my other core competencies include:
►Regulatory Compliance
►Cyber Strategy and Implementation
►Resiliency after a Cyber Incident
Profile Photo
