Travel
Destiny Mae Carreon
Information Security Risk Consultant
CEBU CITY,CEBU
Summary
A well-rounded and highly dedicated Information Security Professional with a demonstrated history of working in the healthcare and research industry for 5 years as information security risk consultant. Skilled in information security audit, compliance and risk management.
Overview
9
9
years of professional experience
8
8
years of post-secondary education
1
1
Certificate
Work History
Information Security Risk Consultant
Optum Labs, Inc.
Cebu City, Cebu
12.2019 - Current
- Developed, updated, and maintained company-wide process documentation and compliance with industry standards such as HITRUST and UnitedHealth Group’s organizational standards, policies, and procedures.
- Conducted security audits to identify vulnerabilities of cloud platforms (Azure, GCP and AWS) and on-prem systems.
- Recommend improvements in security systems and procedures.
- Performed risk analyses to identify appropriate security countermeasures.
- Led and coordinated with external assessors for audit efforts of cloud platform to be subjected for HITRUST certification. Google Cloud Platform was the first environment we have successfully secured its HITRUST certification last February of this year.
- Daily monitoring and analysis of security rules, alerts and notifications generated from Azure Security Center, Google Security Command Center, M365 Data Loss Prevention, Microsoft O365 Defender Advance Threat Protection, Rapid7 Scans and WhiteHat Scans as well as security communications from Enterprise Information Security group of UHG to address timely the threats and vulnerabilities and detect indicators of compromise present in the organization’s resources.
- Worked cross-functionally and coordinates investigation and remediation efforts with Security, IT Operations, CloudOps, Database Administration and Software Development group to address indicators of security compromises, threats and vulnerabilities detected in their respective environments.
- Monitored and tracked remediation efforts and creates comprehensive report out of it for communication to management and Enterprise Information Security of UHG.
- Coordinated the investigation, evidence gathering and provided inputs from security standpoint for the resolution of incidents reported and compiles information into single report to be communicated to management and UHG corporate teams (e.g. Global Privacy Team, Security Incident Response Team etc.)
- Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
- Analyzed the nature of policy exception request and performed risk assessment to determine whether to recommend approval or denial of the exception request.
- Monitored, and reviewed approved internal policy exceptions to determine which of it is already expired and submits a summary report to the management monthly.
- Performed entitlement review and tracked software license deployment to determine if it is still needed, if not then license revocation is initiated to cut down licensing cost and minimize risk exposure.
- Facilitated the review and updating of the list of blacklisted software in the organization as a result from automated scanning tools and industry trends. Monitored non-compliance and its remediation to minimize exposure to exploits and Cyberattacks.
- Worked with Data Privacy Officer in handling issues that concerns security and data privacy as well as reporting of security incidents that may constitute reportable incident to National Privacy Commission for PH office of OptumLabs.
- Monitored, and reviewed asset inventory to ensure that assets are accounted for, deployed, maintained, upgraded, and disposed of when its reaches its useful life.
- Created cybersecurity best practice communications to educate employees against known threats and potential vectors of attack.
- Monitored use of data files and regulated access to protect secure information.
Information Security Compliance Officer
Savvysherpa Asia, Inc.
Cebu City, Cebu
01.2017 - 12.2019
- Worked cross-functionally with IT Operations Manager in creating and updating information security policies, processes, and procedures in accordance with the requirements of SOC 2 and HITRUST framework for Savvysherpa Cebu office.
- Collaborated with Information Security Officer of Savvysherpa Minnesota to update the information security policies, procedures, and process documentations of Savvysherpa’ s head office in Minnesota.
- Worked with Data Privacy Officer in drafting data protection policies and making sure the organization is compliant to Data Privacy Act of 2012 by reviewing internal processes and systems used by individual to determine areas where data flows and where there is a need for privacy notice, statements, and consent.
- Assisted the Data Privacy Officer in conducting privacy impact assessment as well as creating tabletop exercise for Savvysherpa Cebu office data breach team.
- Conducted security audits to identify vulnerabilities and recommended improvements in security systems and procedures to bring the risk to an acceptable level.
- Reviewed violations of computer security procedures and developed mitigation plans.
- Worked with external auditors to provide understanding of areas being audited and led the Savvysherpa team during the entire audit engagement preparation from policies and process documentations, evidence gathering, walkthroughs, audit testing and implementation of corrective action plan for the SOC 2 Type 1 and Type 2 certification of Savvysherpa Cebu Office last March 2018 and February 2019 respectively as well as the SOC 2 Type 2 certification of Savvysherpa Minnesota office last November 2017
- Led in securing the first ever HITRUST certification of Savvysherpa Minnesota office last May 2018 for all its on-prem systems and a portion of an internally developed application hosted in AWS cloud
- Reviewed and evaluated the output of the audit project contributors to ensure that documentations provided are accurate and satisfy the control requirement for HITRUST and SOC 2.
- Led the collaborative effort with the IT Operations team for the threat and vulnerability management of the endpoints as well as the remediation efforts for the Network Integration of Savvysherpa Cebu to Optum’s regional network hub last September 2019
- Created a PowerShell script to automate the report generation to be used in the review and monitoring of the asset inventory to ensure that assets are accounted for, deployed, maintained, upgraded, and disposed of when its useful life ends.
- Monitored and maintained company’s information security compliance with SOC 2, HIPAA, and HITRUST Framework as well as to the organizational standards, policies, and procedures of UnitedHealth Group.
- Monitored use of data files and regulated access to protect secure information.
- Assisted the finance team in the ensuring the payroll automation works as expected.
Accountant
Savvysherpa Asia, Inc.
Cebu City, Cebu
02.2013 - 12.2016
- Handled audit of expenses, manual payroll accounting, accounts payable processing both Cebu and Minnesota office using QuickBooks, bank reconciliation, fixed asset monitoring and preparation of lapsing schedule, reconciliation of balance sheet accounts, preparation of financial statements for year-end audit, tax compliance, processing of government remittances.
- Maintained up-to-date knowledge on permits, certificates and documents mandatory for government offices.
- Supported monthly reporting analysis to achieve validation of internal reports and to reconcile accounts and general ledger.
- Reconciled accounts and reviewed expense data, assets and equity.
- Set up and improved accounting systems and processes to meet business needs and maximize operational success.
- Prepared and filed corporate and individual tax forms.
- Evaluated and improved accuracy and completeness of financial records.
Education
Master of Science - Information Technology
University of San Carlos - Talamban Campus
Talamban Cebu City, Philippines 08.2018 - Current
Bachelor of Science - Accountancy
University of Cebu-Banilad
Banilad, Cebu City, Philippines 06.2011 - 09.2012
Bachelor of Science - Management Accounting
University of San Carlos
Cebu, Philippines 06.2007 - 03.2011
Skills
Incident Response Management
Security Audit and Compliance
Risk Assessment and Management
Threat and Vulnerability Management
IT Asset Management
IT Security Governance
Cloud Security
Project Management
Process Improvement
Remediating Security Issues
Data Privacy
Analytical Ability
Attention to Detail
Team Coordination
Communication
Accomplishments
- Successfully secured the company’s first ever:
- Cloud platform HITRUST certification for Optum Labs, LLC. last February 2021
- SOC 2 Type 2 Certification for Savvysherpa Asia Inc. (Cebu Office) last February 2019
- HITRUST certification of the on-prem systems and office of Savvysherpa, LLC (Minnesota) last May 2018
- SOC 2 Type 1 Certification for Savvysherpa Asia Inc. (Cebu office) last March 2018
- SOC 2 Type 2 Certification for Savvysherpa, LLC (Minnesota Office) last November 2017
- Successful network integration last September 2019.
- Payroll accounting automation last September – December 2018.
Certification
CISA - Certified Information Systems Auditor
Interests
Sky Diving
Volleyball
Machine Learning
Space Exploration
Artificial Intelligence
Information Security
Programming
Blockchain
Software
JIRA
QuickBooks
Kanban
Azure Security Center
Google Cloud Security Command Center
Timeline
Information Security Risk Consultant
Optum Labs, Inc.
12.2019 - Current
CISA - Certified Information Systems Auditor
04-2019
Master of Science - Information Technology
University of San Carlos - Talamban Campus
08.2018 - Current
Information Security Compliance Officer
Savvysherpa Asia, Inc.
01.2017 - 12.2019
Accountant
Savvysherpa Asia, Inc.
02.2013 - 12.2016
Bachelor of Science - Accountancy
University of Cebu-Banilad
06.2011 - 09.2012
Bachelor of Science - Management Accounting
University of San Carlos
06.2007 - 03.2011