Renée Cohen
Details
Vocal Performance
Truman State University
2003 : 2005
N/A
Music Performance, General
University of California, Santa Cruz
2000 : 2002
Calix
Senior Manager Information Security
- Ran Avanade's GRC Compliance program with an emphasis in the areas of data privacy protection.
- Managed a team of 5 to implement and maintain Avanade's regulatory and ISO compliance framework.
- Conducted annual exercises to maintain the regulated inventory of data processing. During this process, notified, trained, and provided guidance for over 400 end users to complete 1300+ assessments over the course of six weeks.
- Developed communications and training strategies to engage end users in compliance activities.
- Incorporated regulatory changes from GDPR (including Schrems II controls), CPPA/CPRA, LGPD, and APPI into compliance processes to ensure Avanade's proactive compliance with the law.
- Analyzed new regulations against current compliance practices to identify new areas of action.
- Ran Avanade's client records management program, where I engaged leadership, third party support, and end users on client projects to develop and implement system improvements for greater efficiency and usability. Increased compliance rate from 58% to 88% over the course of four years, with over 100% growth in the number of contracts.
- Supported IT audits by gathering evidence and meeting with auditors to review controls.
- Owned Avanade's security policies. Developed a comprehensive process to elicit input from diverse stakeholders, which ensured regulatory and framework compliance controls in were implemented in our security policies.
- Regularly collaborated with teams in locations outside the US, which required clear communication; the development of accurate procedures; cultural sensitivity; and an ability to accommodate disruptions due to natural disasters, COVID-19, and political unrest.
- Assisted crisis response team at beginning of the COVID-19 emergency by developing leadership communications to staff; tracking changes in government restrictions in real time; and managing the crisis response team's overlapping tasks to ensure completion.
2018 : 2023
Avanade
GRC Manager
Acted as project manager for new information security initiatives :
- Migration of IDPS solution to Splunk, which was accomplished on an accelerated timeline over the course of four months.
- Creation of individual rights request (IRR) process to achieve a major milestone in GDPR compliance.
- Rolling out encryption strategy for removable media to remediate security vulnerabilities.
- Implementation of first IDPS solution for Avanade (Cisco SecureWorks).
Supported IT department in preparing for and tracking actions items from IT audits, both internal and external.
Managed the IT disaster recovery program, with a focus on moving from on-premises exercises to cloud-ready strategy.
- Ran two annual disaster recovery exercises, which resulted in 90%+ pass for critical infrastructure.
- Worked with leadership and collaborators across the enterprise to discover essential infrastructure to include in disaster recovery planning.
- Created new communication strategies for disaster recovery and business continuity to disseminate requirements and training to push DR compliance and readiness forward.
2015 : 2018
Avanade
Sr. Consultant, Information Security
2014 : 2015
Avanade
Information Security Consultant
- Helped implement and eventually oversaw the Identity Management system of role-based access control.
- Educated colleagues around the business in access control and other security best practices.
- Collaborated on and helped lead security projects and development efforts related to identity and access management.
- Provided insight and consultation for the integration of new products and processes into the enterprise.
- Developed and maintained security policies related to access management and the platforms most used by MasterCard (Oracle and SQL DBs, Unix servers, Active Directory, and mainframe computing).
2006 : 2014
MasterCard
Sr. Security Analyst
Skills
Agile Project Management, Business Continuity, Business Process, Change Management, CRM, Cross-team Collaboration, Cultural Diversity, Cybersecurity, Data Privacy, Disaster Recovery, Diversity & Inclusion, DLP, GLBA, Governance, GRC, Identity Management, Information Security, Information Security Management, ISO 27001, IT Audit, Management, Mentoring, Microsoft Azure, Microsoft Products, Office 365, OneTrust, Organizational Communication, Payment Card Industry Data Security Standard (PCI DSS), Process Improvement, Program Management, Project Management, Risk Management, RSA Archer, Security, Security Audits, Security Information and Event Management (SIEM), Security Policy, Security Policy Development, ServiceNow, SharePoint, Software Project Management, SOX 404, Team Management, User-centered Design, Vendor Management
About
Experienced GRC and information security professional with over 15 years of industry experience. I've helped implement programs for compliance with GDPR, PCI-DSS, SOX, and ISO 27001. For the past five years, I've focused on making sense of the GDPR and its impacts across the privacy regulation landscape.
I specialize in turning chaotic processes into orderly ones and changing disgruntled stakeholders into allies. When things are stuck, I'm the one to call to get things moving again. I believe in a collaborative and user-forward approach to security and GRC, finding ways to engage users where they are, instead of only imposing directives from above. I thrive on learning new things and overcoming new challenges.
My passion for privacy comes from the value that I believe every person has, including their identities, perspectives, and experiences. This informs my work in compliance, and it also drives me to cultivate the value in the people around me. I believe very strongly that focusing on diversity and truly valuing the unique lived experiences of every individual leads to stronger teams, stronger security, and a stronger company.