Versions Compared

Version Old Version 2 New Version Current
Changes made by

Steven Piliero

Steven Piliero

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Name:

...

Benjamin "Ben" Nguyen

Age: 34 48

Education: Master's in Information Systems Management from Carnegie Mellon University, B.Tech in Computer Science from Indian Institute of Technology (IIT) Bombay J.D. from Stanford Law School, B.A. in Political Science from Yale University

Professional Background:

  • 820+ years of experience in IT compliance and risk management rolescorporate law experience, focusing on IT governance, contract law, commercial transactions, and regulatory compliance, and cybersecurity.

  • Focus areas: IT audits, control framework implementation (e.g., COBIT, NIST), risk assessments, policy development, and compliance reportingDrafting and negotiating complex contracts, advising on legal and regulatory risks associated with third-party relationships, and providing legal support for procurement and vendor management activities.

  • Previous roles: IT Compliance Analyst Senior Counsel at a financial services firm, IT Risk Consultant multinational technology company, Partner at a technology consulting firm, IT Auditor at a Big Four accounting firmlaw firm specializing in commercial transactions, Legal Counsel at a government agency.

  • Special certifications or skills: Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISMMember of the state bar association, Certified Commercial Contracts Manager (CCCM)

Industry: Depending Varies depending on the organization's focus (financial services, healthcare, technology, etc.)

Responsibilities:

  • Ensure the organization's IT systems and processes comply with relevant regulations, industry standards, and internal policies.

  • Develop and maintain IT policies, procedures, and controls to mitigate risks and ensure compliance.

  • Conduct IT audits and risk assessments to identify and address potential vulnerabilities.

  • Implement and monitor IT governance frameworks (e.g., COBIT, NIST).

  • Prepare and submit IT compliance reports to management and regulatory bodies.

  • Collaborate with IT and business stakeholders to ensure alignment on compliance requirements.

Goals:

  • Maintain a strong IT compliance program that protects the organization from legal, financial, and reputational risks.

  • Identify and remediate IT compliance gaps and vulnerabilities proactively.

  • Promote a culture of compliance awareness and responsibility within the IT organization.

  • Stay up-to-date with the latest IT compliance regulations and best practices.

Challenges:

  • Keeping pace with the constantly evolving regulatory landscape and technology trends.

  • Translating complex IT compliance requirements into practical actions and controls.

  • Balancing the need for security and compliance with business agility and innovation.

  • Gaining buy-in and support for IT compliance initiatives from other departments and stakeholders.

Motivations:

  • Protecting the organization from cyber threats and data breaches.

  • Ensuring the integrity and reliability of IT systems and data.

  • Promoting a culture of security and compliance within the IT organization.

  • Building a successful career in IT compliance and Provide legal counsel and guidance on all aspects of third-party and supply-chain risk management.

  • Draft, review, and negotiate contracts with vendors and suppliers, ensuring they include appropriate risk mitigation clauses and protections.

  • Advise on legal and regulatory requirements related to vendor selection, onboarding, and ongoing management.

  • Support the organization's due diligence process by reviewing vendor contracts, policies, and procedures.

  • Represent the organization in legal disputes or negotiations with vendors and suppliers.

Goals:

  • Ensure that the organization's contracts with third parties are legally sound and protect the organization's interests.

  • Mitigate legal and regulatory risks associated with third-party relationships.

  • Provide timely and accurate legal advice to support the organization's procurement and vendor management activities.

  • Build a strong reputation as a trusted legal advisor within the organization.

Challenges:

  • Keeping up with the ever-changing regulatory landscape and ensuring compliance with relevant laws and regulations.

  • Balancing the need for legal protections with the need for business flexibility and efficiency.

  • Negotiating complex contracts with sophisticated vendors and suppliers.

  • Manage legal disputes and resolve conflicts in a timely and cost-effective manner.

Motivations:

  • Using legal expertise to protect the organization's interests and mitigate risks.

  • Contributing to the organization's success by ensuring sound legal and contractual frameworks for third-party relationships.

  • Develop a fulfilling career in corporate law and become a recognized expert in third-party risk management.

Tech-Savviness:

  • Highly tech-savvy with deep IT systems, infrastructure, and security expertise.

  • Proficient in using various IT compliance and risk management tools, such as GRC platforms, vulnerability scanners, and SIEM systems.

  • Able to understand and interpret technical security and compliance documentationComfortable using legal research databases, contract management software, and collaboration tools.

  • Increasingly aware of the importance of technology in legal practice, such as e-discovery and legal analytics.

  • Open to exploring new technologies that streamline legal processes and improve efficiency.

Behavioral Traits:

  • Detail-oriented and methodical, with a strong focus on accuracy and thoroughnessanalytical and critical thinking skills.

  • Analytical and problem-solving mindsetExcellent communicator and negotiator, able to effectively identify and address IT compliance issues.

  • Excellent written and verbal communication skills for explaining technical compliance requirements to non-technical stakeholders.

  • Collaborative and team-oriented, willing to work with others to achieve compliance goalsbuild rapport and trust with internal and external stakeholders.

  • Risk-averse and proactive in identifying and addressing potential legal issues.

  • Ethical and principled, with a solid commitment to integrity and doing the right thingstrongly committed to upholding the law and professional standards.

Sources of Information:

  • Regulatory agency websites and publications Legal databases (e.g., NIST, HIPAA, PCI DSS).LexisNexis, Westlaw)

  • Industry-specific IT compliance resources legal publications and newsletters.IT compliance and risk management conferences and workshops

  • Regulatory updates and guidance from relevant agencies.

  • Networking with other IT compliance professionalslegal professionals and attending industry events.

Quote:

"IT compliance is not just about following rules; it's about protecting the organization's assets and reputation by ensuring that our technology systems and processes are secure, reliable, and compliant with relevant regulations and standardsMy role is to ensure that our organization's third-party relationships are built on a solid legal foundation that protects our interests, mitigates risks, and enables us to achieve our business objectives."