Versions Compared

Version Old Version 2 New Version Current
Changes made by

Steven Piliero

Steven Piliero

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Name:

...

Jason "Jay" Kim

Age: 34 36

Education: Master's in Information Systems Management from Carnegie Mellon University, B.Tech in Computer Science from Indian Institute of Technology (IIT) BombayEducation with a focus on Instructional Design from University of Southern California, B.A. in Communications from UCLA

Professional Background:

  • 8+ years of experience in IT compliance and risk management rolescorporate training and development, focusing on IT governance, regulatory compliance, and cybersecuritycybersecurity awareness and education.

  • Focus areas: IT audits, control framework implementation (e.g., COBIT, NIST), risk assessments, policy development, and compliance reportingCurriculum development, instructional design, training delivery, gamification, and behavior change.

  • Previous roles: IT Compliance Analyst Security Awareness Trainer at a financial services firm, IT Risk Consultant at a technology global technology company, Learning and Development Specialist at a cybersecurity consulting firm, IT Auditor Corporate Trainer at a Big Four accounting firmfinancial institution.

  • Special certifications or skills: Certified Information Systems Auditor (CISASecurity Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISCCybersecurity (CC), Certified Information Security Manager (CISMProfessional in Learning and Performance (CPLP)

Industry: Depending Varies depending on the organization's focus (financial services, healthcare, technology, etc.)

Responsibilities:

  • Ensure the organization's IT systems and processes comply with relevant regulations, industry standards, and internal policies.

  • Develop and maintain IT policies, procedures, and controls to mitigate risks and ensure compliance.

  • Conduct IT audits and risk assessments to identify and address potential vulnerabilities.

  • Implement and monitor IT governance frameworks (e.g., COBIT, NIST).

  • Prepare and submit IT compliance reports to management and regulatory bodies.

  • Collaborate with IT and business stakeholders to ensure alignment on compliance requirements.

Goals:

  • Maintain a strong IT compliance program that protects the organization from legal, financial, and reputational risks.

  • Identify and remediate IT compliance gaps and vulnerabilities proactively.

  • Promote a culture of compliance awareness and responsibility within the IT organizationDevelop and deliver engaging and effective security awareness training programs for employees at all levels of the organization.

  • Design and implement phishing simulations and other security awareness exercises.

  • Create and maintain security awareness materials, such as newsletters, posters, and videos.

  • Measure the effectiveness of security awareness programs and track employee progress.

  • Collaborate with other security teams to identify training needs and develop targeted programs.

Goals:

  • Create a culture of security awareness and vigilance throughout the organization.

  • Empower employees to recognize and report security threats.

  • Reduce the risk of successful cyberattacks due to human error or negligence.

  • Stay up-to-date with the latest IT compliance regulations security awareness trends and best practices.

Challenges:

  • Keeping pace with the constantly evolving regulatory landscape and technology trends.

  • Translating complex IT compliance requirements into practical actions and controls.

  • Balancing the need for security and compliance with business agility and innovation.

  • Gaining buy-in and support for IT compliance initiatives from other departments and stakeholders.

Motivations:

  • Protecting the organization from cyber threats and data breaches.

  • Ensuring the integrity and reliability of IT systems and data.

  • Promoting a culture of security and compliance within the IT organization.

  • Building a successful career in IT compliance and risk management.

Tech-Savviness:

  • Highly tech-savvy with deep IT systems, infrastructure, and security expertise.

  • Proficient in using various IT compliance and risk management tools, such as GRC platforms, vulnerability scanners, and SIEM systems.

  • Able to understand and interpret technical security and compliance documentation.

Behavioral Traits:

  • Detail-oriented and methodical, with a strong focus on accuracy and thoroughness.

  • Analytical and problem-solving mindset, able to effectively identify and address IT compliance issues.

  • Excellent written and verbal communication skills for explaining technical compliance requirements to non-technical stakeholders.

  • Collaborative and team-oriented, willing to work with others to achieve compliance goals.

  • Ethical and principled, with a solid commitment to integrity and doing the right thing.

Sources of Information:

  • Regulatory agency websites and publications (e.g., NIST, HIPAA, PCI DSS).

  • Industry-specific IT compliance resources and newsletters.

  • IT compliance and risk management Engaging employees in security awareness training and overcoming apathy or resistance.

  • Developing training programs that are relevant and effective for diverse audiences.

  • Measuring the impact of security awareness training and demonstrating its value to the organization.

  • Keeping up with the evolving threat landscape and adapting training programs accordingly.

Motivations:

  • Making a real difference in protecting people and organizations from cyber threats.

  • Using creative and engaging methods to educate and motivate employees.

  • Building a positive security culture where everyone feels responsible for security.

  • Contributing to the overall success of the organization by reducing security risks.

Tech-Savviness:

  • Comfortable using various learning management systems (LMS) and e-learning platforms.

  • Familiar with security awareness tools and technologies (e.g., phishing simulation platforms, gamification platforms).

  • Able to use multimedia tools and software to create engaging training materials.

Behavioral Traits:

  • Passionate about education and empowering others.

  • Creative and innovative in developing engaging training content.

  • Excellent communicator and presenter, able to connect with diverse audiences.

  • Results-oriented and focused on achieving measurable outcomes.

Sources of Information:

  • Security awareness blogs, forums, and online communities.

  • Industry publications and research on security awareness and training.

  • Training conferences and workshops.

  • Networking with other IT compliance security awareness professionals.

Quote:

"IT compliance Security awareness is not just about following rulescompliance; it's about protecting the organization's assets and reputation by ensuring that our technology systems and processes are secure, reliable, and compliant with relevant regulations and standardsempowering employees to become the first line of defense against cyber threats. By creating a culture of security awareness, we can build a more resilient and secure organization."