Global Risk Management & Compliance Program
Executive Sponsor: Matthew Archibald, Managing Director Information Security & Risk Management
Project Team: Robin Carriere, Kannan Perumal, Kerry Bryan, Mark Valade, Luciana Rubinsky, Robert Ackerbom, Tom Austin, Bill Roman, Karen Murphy, Andrew Monk, Tom Scocca, Jack Gross, Andy Wall, Ben Hipp, Sujoy Sur
Introduced the Program Risk Management methodology developed by the Information Security & Risk Management group to our Corporate Business "Risk Vertical Partners" as well as Business Project Managers in conjunction with a major companywide transformation program. The tools, process and methodology were used simultaneously by 12 business & IT projecct managers on 12 major global programs, consisting of 95 projects and 240 initiatives managers globally. A permanent Centralized Program Risk Office as well as a Global Risk Management & Compliance Committee was established to manage, track and mitigate risk across projects and programs.
Automated Identity Governance
Executive Sponsor: Bill Bonney, Senior Manager of Access Management
Project Team: Brian Nath, Karen Cangialosi, Leon Grigsby, Ivan Pysarevskyy, Jim Duke, Chris Ellis, Duane Green
Intuit is subject to a multitude of regulatory and security requirements relating to the privacy and security of the sensitive financial data it processes, and as a public company, Intuit must also demonstrate compliance with Sarbanes-Oxley. Addressing those compliance and security requirements is exponentially complicated each year when Intuit’s employee ranks grow by almost 50 percent during tax season as it increases call center and other seasonal support staffing. To meet those challenges, Intuit implemented an identity governance program to proactively manage risks associated with user access controls while automating the process of supporting and managing the influx of access changes during the seasonal spike in employees.
Global Data Leakage Prevention
Executive Sponsor: Eddie Borrero, CISO (Director of Information Security)
Project Team: Andre Lewis, KC Huang, Gerald Magtibay, Charles Young, John Krebs
The objective of this project was to implement a solution and process that would prevent the loss of proprietary information such as candidate and client data, through the systematic monitoring and control of data traffic patterns. At the same time we wanted to change our culture by educating them on our Acceptable Use Policies when it came to our IP. Monitoring was achieved through the implementation of Symantec’s Data Loss Prevention application. This project encompassed the licensing of certain monitoring and control modules, the purchase and installation of related servers and other hardware, and the development of internal security policies to respond to alerts triggered by abnormal traffic patterns involving sensitive data across the globe.
VCR (Virtual Clean Room) San Diego
Executive Sponsor: Joshua Davis, Director, Information Security and Risk Management
Project Team: Bruce Rosendahl, Kevin Larson, Kevin Dalfonzo, Zhen Chen, William Wu, Keith Ritlop, Matt Swanson, Matt Martin, Shahid Shafi, Prabakar Thiyagarajah, Anabel Avelino, Sean Callahan, Zeeshan Sabir, John Goebel, Jeff Overbey
The Virtual Clean Room is a network enclave designed to protect a high performance build environment while meeting stakeholder requirements of minimal build ecosystem system performance impact or business process change. The project team’s solution achieved a balance between operations and security needs by working with stake holders to obtain a clear understanding of the environment, then engineering a solution using principles of "Defense in Depth". The Virtual Clean Room increases security by creating a secure network perimeter, implementing standards and improving monitoring without impacting the build environment systems or its users.