Mariela Cordero, CISSP
Principal Information Security Analyst at PROVIDENCE ST. JOSEPH HEALTH FOUNDATION- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
English -
-
Spanish -
Topline Score
Bio
Credentials
-
Certified Information Systems Security Professional (CISSP)
(ISC)²Dec, 2022- Sep, 2024
Experience
-
PROVIDENCE ST. JOSEPH HEALTH FOUNDATION
-
United States
-
Civic and Social Organizations
-
1 - 100 Employee
-
Principal Information Security Analyst
-
Jun 2019 - Present
Primary task among others is to perform vendor security assessment to identify high-risk vendors and to help the organization understand the risk associated with using third or fourth-party vendor’s products or services. This is accomplished by performing due diligence which consist of reviewing existing and new vendors, assigning each vendor with a security rating, responding to security risks by addressing threats effectively and in real-time, defining vendor’s performance metrics and continuously monitoring vendor’s cybersecurity consistency. Show less
-
-
-
Ingram Micro
-
IT Services and IT Consulting
-
1 - 100 Employee
-
Senior Information Security Specialist
-
2017 - Present
Support IT compliance deliverables for global IS in support of SOX, PCI-DSS, ISO, and SOC frameworks, execute operational activities to support audit and compliance requirements including technical validation processes, manage quarterly self-assessment, execute collection of evidence to support compliance status, provide escalation and enforcement for unresolved noncompliance issues, responsible to producing concise and accurate reporting. Support IT compliance deliverables for global IS in support of SOX, PCI-DSS, ISO, and SOC frameworks, execute operational activities to support audit and compliance requirements including technical validation processes, manage quarterly self-assessment, execute collection of evidence to support compliance status, provide escalation and enforcement for unresolved noncompliance issues, responsible to producing concise and accurate reporting.
-
-
-
Guthy|Renker
-
United States
-
Advertising Services
-
200 - 300 Employee
-
Information Security & Compliance Analyst
-
May 2014 - Jan 2016
Active part of the planning, implementation and the maintaining of the Information Security & Compliance Program, collaborated with risk assessments and evaluation of security controls, developed, monitoring of policies and standards. Also, assisted with the roll out of the 2015 Security Awareness Training Program across the Enterprise, implemented the FDA 21CFR 11 Framework including the assessment of HR systems data security process. Managed the vendor engagement process, managed the Incident Management reports, provided ongoing guidance and solutions to maintain security compliance. Show less
-
-
-
OceanX, LLC
-
United States
-
Software Development
-
100 - 200 Employee
-
Information Security and Compliance Analyst
-
Jan 2014 - 2016
Facilitated with the implementation of security methodologies, this included creating/modifying enterprise processes and procedures that enabled the organization to address and show adherence to regulatory requirements. Contributed with the performance of risk analysis to help identify and mitigate security gaps. Lead the company's yearly security awareness training using SANS as the training tool. Successfully helped run the company's PCI DSS assessments. Facilitated with the implementation of security methodologies, this included creating/modifying enterprise processes and procedures that enabled the organization to address and show adherence to regulatory requirements. Contributed with the performance of risk analysis to help identify and mitigate security gaps. Lead the company's yearly security awareness training using SANS as the training tool. Successfully helped run the company's PCI DSS assessments.
-
-
-
Kaiser Permanente
-
United States
-
Hospitals and Health Care
-
700 & Above Employee
-
Information Security Analyst
-
Feb 1999 - 2014
IAM_Security & Compliance Analyst - Performed quarterly access reviews for all the in-scope systems and applications, part of my objectives and deliverables were to assist with risk analysis, identified control deficiencies, recommend actions to mitigate risk and implement corrective action plans. I actively participated and often asked to assist in ways to improve data access protection and to maintain compliance with governmental, departmental regulations and controls. Successfully accomplished to maintain a high degree of focus on customer service and maintained a serious commitment to accuracy and quality. Strong Identity & Access Management skill set, worked well with IT internal groups, external departments, outside vendors and consultants. Show less
-
-
Helpdesk Analyst
-
Feb 1999 - Feb 2006
Helpdesk Analyst-Kaiser Permanente-Corona, CaliforniaPerformed support for all of KP applications and different systems, as a call center tech I was tasked with the identification of hardware and software failures and to provide the best solution possible for every event this to include escalation process. In addition, responsible for overseeing and making sure that high-quality standards of equipment output and performance were provided at all times including the out best customer support. Show less
-
-
Education
-
2007 - 2007
Villanova University
PMP, Project Management -
1997 - 1999
CLC
Computer Operator, Computer Science
Community
