Western Governors University

Northcentral Technical College

University of Wisconsin-Stevens Point

University of Wisconsin Colleges

Senior Manager at Mailgun Technologies, Inc

Wausau-Stevens Point Area

Senior Manager over the GRC function at Mailgun. Responsible for building and leading a GRC team that conducts/scores/ranks/mitigates risk through various types of assessments, manages the third-party risk program, builds and monitors metrics for the information security team (governance), combining compliance programs amongst newly acquired companies, and facilitating ISO 27001 and SOC 2 audits. Applies oversight into the Incident Management program through RCAs and currently acts as an audit function.

Other projects will likely be added to the plate as we work together to solve hurdles as they come toward us.

Mailgun Technologies, Inc

Senior Manager

Responsible for leading an information security risk team that conducts/scores/ranks/mitigates risk through various types of assessments, manages the third-party risk program, builds and monitors metrics for the information security team (governance), facilitating PCI-DSS, and is currently implementing ISO 27001 at Sentry. 

Other projects include implementing an Enterprise Risk Management program and creating CISO dashboards for near real-time decision making.

Sentry

Information Security Risk Manager - GRC

Shopify

Processing Integrity

Manages teams who are responsible for Governance, Risk, & Compliance (GRC) functions at Rackspace. GRC is the foundation hub for information security, and the team works hand in hand with numerous departments on a daily basis - Security, IT, Internal Audit, HR, Legal, and Vulnerability Management to name a few. 

It's been a hugely rewarding experience to see employees learn and grow, and to build a program to something that Rackspace and customers are proud of. We as security professionals need to learn to never settle on what we know or do because complacency can lead to falling behind in the industry, or worse, to bad actors. We strive to improve day in and day out, and encourage success as a team - win or lose.

Teams are responsible for global operations in:

- Creating information security policies and standards
- Developing and presenting a security training and awareness program
- Presenting metrics to senior leadership
- Creating a repeatable audit process for compliance programs
- Testing controls related to ISO27001, PCI DSS 3.1, and SOC 1,2,3
- Facilitating audits with external auditors for ISO27001, PCI DSS 3.1, and SOC 1,2,3
- Scores IT assets at the company according to risk values
- Conducts information security risk assessments for high value assets at the company
- Assesses all new and current vendors on information security according to the ISO27005 framework
- Assists customers and prospects with security questions 24/7 with Fanatical Support

Rackspace, the #1 managed cloud company

Manager, Governance, Risk, & Compliance

Leads a team who is responsible for global risk at Rackspace. The team's prime focus is conducting risk assessments on assets, tools, and systems internal to the company. These risk assessments are given to owners, and risk is treated through mitigation, retention, modification, or sharing in-line with the ISO27001 and ISO27005 standards. The team works with the Vulnerability Management team to assist with technical aspects of assessments, and results are followed up to ensure the issues are resolved.

In addition, the team assesses all vendors coming into the company and classifies each according to the security risk to the company. The team works with other business units to streamline the vendor process to ensure fast turnaround times, which are demanding at times.

Information Security Risk Management - Manager

Responsible for creating the successful ISO27001 program for Rackspace, and currently facilitates the program through surveillance audits and re-certification cycles. Also has a ISO27005 background in information security risk during the implementation of the ISO27001 program.

Facilitated numerous SSAE16 SOC1, SOC2, and SOC3 audits and has a history of creating controls matrices, working with control owners, and mitigating issues at a departmental level. Has also integrated cloud security controls into current audit programs.

Instructs weekly security classes to new employees and contractors.

Dan Ross