Cynthia Swanson Suarez
Details
Mathematics
Grove City College
First Financial Bank Texas
Executive Vice President
2017 :
First Financial Bank Texas
EVP Chief Information Security Officer
Developed and implemented policies, standards, exception process and tracking for reporting utilizing Archer eGRC.
Led the Incident Response CERT team, tracking incidents, breaches, and creating client communications.
Management of policy compliance during 18 month data center migration to external vendor.
Accountable for review of information security and business continuity provisions in all client contracts (Master Service Agreements, Statements of Work and RFP).
Aided in implementation of ServiceNow GRC as enterprise Risk Management platform.
Consulted with Vendor Management organization for due diligence audits for new outsourced vendors (domestic and international).
Mentored and managed six Information Security Managers, representing all business segments including new acquisitions.
Created and presented quarterly C-level Corporate Information Security updates to request support and/or funding of initiatives.
Developed and deployed information security integration plans for new acquisitions.
Administered projects with Compliance team to evaluate controls for corporate policies.
Authorization of offshore ITO and BPO information security exceptions.
Chairperson of Enterprise Risk Panels and Compliance and Information Security Steering Committee.
2008 : 2017
CoreLogic
VP, Corporate Information Security
Member of the three person team that initially developed the CISO office for First American MISG, creating the governance, policies, standards, and training.
Completed policy reviews and revisions during spin-off from First American to CoreLogic
Managed two Business Resiliency Managers who represent the Corporate Business Continuity program.
Hosted on-site Client audits (approximately 60 annually).
Developed ongoing Information Security awareness campaigns including annual training, poster campaigns, and ethical spear phishing activities.
Completed projects to assess the information security risk of business units across enterprise and report findings to business leadership.
Managed team of Information Security Managers.
Established corporate and business segment information security governance.
Chairperson of monthly Information Security Council meeting representing IT, IT Compliance, Information Security, Business Continuity and Internal Audit.
2006 : 2008
First American Financial Corporation
VP, Information Security Officer
Provided technical and sales support for new program
Created training program and conducted on-site training for client
Managed staff of 15+ including Project Managers, Call Center and Account Managers.
2005 : 2006
First American
VP, Operations, Centralized Services
Skills
Business Continuity, CISM, Client Interfacing, CRM, Cross-functional Team Leadership, customer relationship management (crm), Disaster Recovery, Due Diligence, Governance, Information Security, Information Security Management, Information Security Policy, Integration, ISO 27001, IT Management, IT Strategy, M&A due diligence, Management, Program Management, Project Coordination, Project Management, Risk Analysis, Risk Assesment, Risk Assessment, Risk Management, SDLC, Security, Team Leadership, Vendor Management, Cross-functional Team
About
Over 25 years in the financial services industry in a variety of roles, programming, project management, operations and information security. During the last twelve years in information security, led the development of an enterprise information security program during the formation of a new company, outsourcing of data centers, ITO and BPO work streams along with acquisitions of numerous new business units. Excellent management and soft-skills to implement information security as a business enabler. Adaptable to the varying needs of the business while promoting a positive team atmosphere during change.
Summary of Qualifications
- Twelve years’ experience developing an enterprise security governance model, in conjunction with company's business leaders, to include information security policies, standards, and controls in compliance with applicable global security and privacy regulations within the financial industry.
- Governance spans 30+ diverse business units that require external auditing for SSAE16 SOC 1, SOX and EI3PA, PCI, and financial regulatory reporting.
- Mobilized business units to identify their threats to the integrity, availability, and confidentiality of their information assets by completing risk assessments.
- Worked in partnership with IT leadership in defining information security controls including operations and application security.
- Collaboration with Compliance team to identify regulatory controls for GLBA, FFIEC and Privacy.
- Matrixed working relationships with Enterprise Risk Management, Compliance, Legal, and Internal and External Audit teams.
- Worked in partnership with IT on enterprise Vulnerability Management program (application and infrastructure) to reduce overall risk to the organization.
- Quarterly executive reporting to C-level executives and presentation materials for Board Reporting.
- Proactive in building and strengthening relationships with peers, team and clients.