Marcia Mangold
5.0
(3)
Info Security Pro | Craft Your Masters App or IS career advancement
Studied at Walsh College
Works at Experian
Not currently taking new clients
Marcia’s Master’s Programs Qualifications
10+ people coached for Master’s Programs
Welcome to my profile! With over two decades of experience in information security and assurance, I bring a wealth of knowledge to my coaching practice. I hold a Master's degree in Information Assurance from Walsh College and have held leadership roles at top companies like Experian and IBM, where I developed and implemented strategic security programs. As an adjunct instructor at Henry Ford College, I have honed my ability to communicate complex technical concepts to diverse audiences, a skill I leverage to guide my clients through the intricacies of master's program applications. Having successfully coached 18 individuals, I am passionate about helping you craft a standout application that highlights your unique strengths. Let's work together to achieve your academic and career goals!
Marcia can help with:
Application Strategy
Editing
Essays
Financial Aid & Scholarships
General Exploration
Interviews
Letters of Recommendation
Resume
School Selection
Secondary Review
Waitlist Strategy
About Marcia
Marcia Mangold is an accomplished Enterprise Information Security Governance professional with over 20 years of experience enabling businesses through Information Technology and Security. Throughout her career, Marcia has worked with leading multinational organizations, including Experian, Blue Cross Blue Shield of Michigan, IBM, and GE, specializing in awareness training, risk management, and policy lifecycle management. Marcia’s expertise has earned her recognition, including nominations for the Information Security Executive (ISE) Awards for her work on the Insider Threat (B-Secure) and InfoSec Training and Awareness programs at BCBSM and speaking at Secureworld, local security organizations, schools and conferences. Her dedication to fostering strong security practices and building cohesive teams has been integral to her success. Marcia holds a Bachelor of Science in Software Production and Management from The University of Detroit and a Master of Science in Business Information Technology (MSBIT) from Walsh College of Business. She is a Certified Information Systems Security Professional (CISSP) and a founding board member of the local ISC2 chapter. Additionally, Marcia is an active member of the Michigan Infragard chapter, a collaboration between the FBI’s Cybersecurity Division and private industries, as well as the Information Systems Security Association (ISSA). Her thought leadership extends to contributions as a member of the NIST Big Data Public Working Group, specifically for NIST SP 1500-4, where she provided insights on Security and Privacy in the Big Data Interoperability Framework. In addition to her professional achievements, Marcia is passionate about educating and mentoring the next generation of information security professionals. She is an adjunct instructor at Henry Ford College and has mentored individuals entering the field of cybersecurity. Furthermore, Marcia served as the Director of CERT for a local religious organization, where she demonstrated her commitment to community service and cybersecurity awareness. Marcia’s leadership, experience, and dedication to security governance make her a respected figure in the cybersecurity industry and an excellent coach for aspiring professionals.
Why do I coach?
I coach because I know how difficult it is to navigate the information security profession, especially for individuals who are new or transitioning into information security. Most people only know 3 or 4 information security jobs. I help them to explore unknown positions and determine what skills that are transferable and what direction will get them closer to their goal. I enjoy giving back and sharing my experiences.
Work Experience
Information Security Manager
Experian
October 2022 - Present
helped me get this job Experian is the world’s leading global information services company, unlocking the power of data to create more opportunities for consumers, businesses and society. The Information Security Control Assurance Manager • Leads a team that is responsible for the central information security control assurance program. This will include executing control assurance testing and continuous control monitoring procedures in accordance with industry best practice frameworks. • Lead central information security control testing program in accordance with Experian’s risk management framework. • Oversees a team of security control testers responsible for assessing information systems, platforms, and operating procedures in accordance with established corporate standards for security. • Creates and oversee the implementation of the strategic and tactical plans for the central information security control assurance program, that includes process improvements and introduction of automation. • Works with Experian’s information security teams to assess, enhance, and expand the continuous control monitoring program. • Contributes to maintenance and update of information security control standards and procedures library based on Information Security policies and procedures and industry best practices. • Identifies, documents, and reports control deficiencies and recommendations for improvement. • Works with other Control functions (Legal, Compliance, etc.) to coordinate control requirements and control reporting into a consolidated GRC tool. • Compiles management reports, summary analysis, and detailed presentations to describe risk, controls, and control deficiencies to various stakeholders. Team Leadership, Strategic Planning and +7 skills
Associate Manager
Align Technology
December 2021 - October 2022
Hiring Manager
Leads, plans, and executes HITRUST Readiness, Interim, and Validated assessments to ensure organizational compliance with the HITRUST Common Security Framework. Provides standard project planning, oversite and execution, budgeting, staffing, and client service activities to ensure revenue recognition, by communicating effectively with clients and internal team, removing obstacles, and providing timely and relevant feedback to the internal team and clients on status of projects. Reviews deliverables created by Staff Consultants and proactively provides feedback to grow staff consultants’ experience and skills. Perform management duties for direct reports that include hiring, training, coaching, annual reviews, etc. Works with senior level security officials to implement requirements to ensure that the breadth of coverage required by HITRUST is in place and operating effectively for policies, procedures, and control level implementation creating an information security program via A-LIGN's HITRUST Advisory services. Security Assurance
Cyber Risk Manager
Emerging Holdings
April 2019 - December 2021
Hiring Manager
Coordinated all activities of personnel engaged and responsible for the creation, implementation and execution of strategies and programs designed to reduce and mitigate information security risk across the enterprise. This role supported the enterprise-wide information and assurance function, ensuring the confidentiality, integrity and availability of information systems. Led information security training, education and awareness initiatives for Emergent Holdings, Inc. Collaborated and assisted with implementation of HITRUST within the Emergent Holdings business. Maintained and coordinated ongoing updates to the program and related information security policies, standards and guidelines. Coordinated all activities of personnel engaged and responsible for the creation, implementation and execution of strategies and programs designed to reduce and mitigate information security risk across the enterprise. This role supports the enterprise-wide information and assurance function, ensuring the confidentiality, integrity and availability of information systems. Leads information security training, education and awareness initiatives for Emergent Holdings, Inc. Collaborated and assisted with implementation of HITRUST within the Emergent Holdings business. Maintained and coordinated ongoing updates to the program and related information security policies, standards and guidelines. Skills: Presentations · Security Management · Security Assurance
Adjunct Instructor
Henry Ford College
September 2017 - Present
As a Computer Information Systems (CIS) - Information Assurance Adjunct Instructor, effectively communicate technical information to technical and non-technical audiences and improvise materials and style to meet diverse audience needs. Instruct college students on sections of Information Assurance courses in the Computer Information Systems (CIS) program, by introducing real life case studies and using an interactive format to promote dialog • Introduction to Information Technology • Introduction to Forensics • Information Assurance and Security & Methodology • Introduction to Risk Management Adult Education, Presentations and +1 skill
GRC Manager
Blue Cross Blue Shield Michigan
December 2014 - April 2019
Hiring Manager
Led 2 teams that provides IS policy development & assessments, communications (including IS related SharePoint sites), & information security awareness & training for both BCBSM & BCN. Interfaces with other internal & external work groups & organizations. Oversees internal IS assessment process. Leads cyber related tabletops exercises. Developed & hosts innovative company-wide Social Engineering awareness events, which was attended by 1700+ employees & volunteers at multiple locations & online. The events presented information security awareness training in an entertaining way (food, giveaways, & games) that fosters an emotional investment in employees. Metrics were developed from questionnaires, & surveys, which will be used to determine future training needs. In addition, participants learned new tools to aid in reducing & preventing information security incidents. Led the B-Secure program, which works with Business Management (Directors & above) & partnered with Enterprise Security to assess areas to determine if they are in compliance with the physical mandates of the InfoSec policies. Management is given the results of the onsite assessment, along with recommendations for improvement & how they rate in relations to other areas. Hosted the fall company-wide Privacy & Security week event, which is a partnership with the business & Information Security. The week focuses on information privacy & security, promoting the safeguards that exist to protect member’s health information & other assets. Developed & presents Information Security related presentation at the bi-weekly New Employee Orientation, which offers new employees an overview of Information Security & how they can immediately do their part to keep our company safe & secure. Owner of the Secure Coding training for all developers. Worked with procurement to select a new tool to educate our developers on secure coding practice & how to use the tools to test the code before implementation. Leads 2 teams that provides IS policy development & assessments, communications (including IS related SharePoint sites), & information security awareness & training for both BCBSM & BCN. Interfaces with other internal & external work groups & organizations. Oversees internal IS assessment process. Leads cyber related tabletops exercises. Developed & hosts innovative company-wide Social Engineering awareness events, which was attended by 1700+ employees & volunteers at multiple locations & online. The events presented information security awareness training in an entertaining way (food, giveaways, & games) that fosters an emotional investment in employees. Metrics were developed from questionnaires, & surveys, which will be used to determine future training needs. In addition, participants learned new tools to aid in reducing & preventing information security incidents. Leads the B-Secure program, which works with Business Management (Directors & above) & partnered with Enterprise Security to assess areas to determine if they are in compliance with the physical mandates of the InfoSec policies. Management is given the results of the onsite assessment, along with recommendations for improvement & how they rate in relations to other areas. Hosts the fall company-wide Privacy & Security week event, which is a partnership with the business & Information Security. The week focuses on information privacy & security, promoting the safeguards that exist to protect member’s health information & other assets. Developed & presents Information Security related presentation at the bi-weekly New Employee Orientation, which offers new employees an overview of Information Security & how they can immediately do their part to keep our company safe & secure. Owner of the Secure Coding training for all developers. Worked with procurement to select a new tool to educate our developers on secure coding practice & how to use the tools to test the code before implementation. Skills: Presentations · Security Operations · Security Management · Negotiation · Security Assurance · U.S. Health Insurance Portability and Accountability Act (HIPAA)
Advisory Council Member
Secure world
October 2014 - Present
Member of Advisory Council that helps set the direction for the Detroit Conference Security Assurance for secureworld.io
Contributor
The Big Data Department
2013 - Present
Collaborated in discussions and clarification surrounding best practice concepts in order to produce a working draft for Big Data Secure and Privacy Requirements. Contributed to section in the NIST Special Publication 1500-4: NIST Big Data Interoperability Framework: Volume 4, Security and Privacy , which contains an exploration of security and privacy topics with respect to Big Data, in order to support secure and effective adoption of Big Data. Security Assurance
Compliance Lead
General Electric
May 2010 - April 2014
Developed plan and process to insure compliance with PCI-DSS. Lead team to scope out and perform the audit activity, followed by reporting and monitoring the remediation of findings. Created a benchmark to gauge future audits. Developed on-line and hardcopy training materials. Increase security posture, by reducing the number of audit systems by 27%. Developed and lead teams to drive security awareness and compliance. Ascended quickly through the ranks of this organization and took the initiative to develop the IT Risk Management Strategic plans, IT policy and focus areas, including communications and projects. Recognized as one of the IT Security Leaders at the GE AMSTC (Advanced Manufacturing and Software Technology Center) in Michigan, which allows access to the GE leadership-training program. Collaborate with GE and Metro Detroit area businesses information security professionals to improve Information Security processes. Managed, coached and evaluated several of GE’s future leaders during their rotations. Participate in the interviewing and selection of new IT Security Professionals. Work with GE audit controllers and GE businesses to assess and certify SOX, PCI and other compliance initiatives. Collaborate with other GE businesses information security professionals to improve Information Security processes. In addition, create, review and update IS policies and awareness training materials. Developed an audit process that simplified the audit process and reporting process. In addition, the new process uncovered previously overlooked issues and aided in the reduction of threats that may result in audit deficiencies and exceptions.
Information security and privacy consultant
IBM
June 2001 - May 2010
Began career as an IT Specialist (Software Engineer/ Consultant) who translated business requirements to system changes. I enhanced my skills & began specializing in migrating Legacy systems to newer environments. After obtaining my Masters Degree in BIT, (specialization in Information Assurance), I transitioned to working with client teams to develop an overall understanding (awareness) of Info Security & Privacy, Info Security governance & managed security services, including governance, strategic planning, disaster recovery & business continuity. Researched / updated / created governance documents, strategies, policies, standards, processes, & procedures, using security frameworks, best practices, & local & government standards (SOX 404, PCI, HIPAA, ISO, COBIT, NIST & ITIL V2). Consolidated ISS & IBM’s Global Security portfolio & created the strategic pricing model. Developed sales, practitioner training & job descriptions, statements of work, work products & examples of deliverables for major information security organizations. Conducted third party reviews, served as team lead & managed security projects. Performed physical security & security assessments (pre/post – audit) & gap analyses against ISO, COBIT, ITIL version 2, & other compliance and/or privacy initiatives. Lead Security Control portal as the Info Security Operations Coordinator, which general duties included: attending data security related meetings, reviewing & analyzing security event log management & vulnerability management data, reviewing the security event log management system (SELM) & security vulnerability management system (VMS) & evaluate against the client’s policy, liaison between the client & its outsourced suppliers, monitored progress of any required remediation efforts, provided oversight using project management tools (metrics, process, technology) to facilitate the execution of the services, performed as access administrator for devices & users. Began career as an IT Specialist (Software Engineer/ Consultant) who translated business requirements to system changes. I enhanced my skills & began specializing in migrating Legacy systems to newer environments. After obtaining my Masters Degree in BIT, (specialization in Information Assurance), I transitioned to working with client teams to develop an overall understanding (awareness) of Info Security & Privacy, Info Security governance & managed security services, including governance, strategic planning, disaster recovery & business continuity. Researched / updated / created governance documents, strategies, policies, standards, processes, & procedures, using security frameworks, best practices, & local & government standards (SOX 404, PCI, HIPAA, ISO, COBIT, NIST & ITIL V2). Consolidated ISS & IBM’s Global Security portfolio & created the strategic pricing model. Developed sales, practitioner training & job descriptions, statements of work, work products & examples of deliverables for major information security organizations. Conducted third party reviews, served as team lead & managed security projects. Performed physical security & security assessments (pre/post – audit) & gap analyses against ISO, COBIT, ITIL version 2, & other compliance and/or privacy initiatives. Lead Security Control portal as the Info Security Operations Coordinator, which general duties included: attending data security related meetings, reviewing & analyzing security event log management & vulnerability management data, reviewing the security event log management system (SELM) & security vulnerability management system (VMS) & evaluate against the client’s policy, liaison between the client & its outsourced suppliers, monitored progress of any required remediation efforts, provided oversight using project management tools (metrics, process, technology) to facilitate the execution of the services, performed as access administrator for devices & users. Skills: Data Privacy · Presentations · Security Operations · Security Assurance · U.S. Health Insurance Portability and Accountability Act (HIPAA)
Education
Walsh College
MSBIT, Information Assurance
2004 - 2005
Activities and societies: Walsh MBA Member * Concentration: Information Assurance (Information Security) * Business management and CISSP certification training * Walsh College Information Assurance Certification (Met the CNSS National Training Standards for Information Systems Security Professionals: CNSS National Standard 4011) Security Management and Security Assurance
University of Detroit Mercy
BSCIS, Software Production and Management
1995 - 2002
Activities and societies: * Member of Alpha Sigma Nu Honors Society * Alpha Iota Delta Honors Society (Computer Information systems) * Kappa Gamma PI Honors Society * Computer and Information Systems Certificate * Dean's List and certificates of Merit
3 Reviews
Overall Rating
5.0
Marcia has helped clients get into these companies: