Marc Menninger

Security leader with 20+ years of practical enterprise security experience including strategy, policies, governance, technology, risk management, and team development. I have a proven track record of success in strengthening the security posture of the organizations that I serve. KEY ACCOMPLISHMENTS • Planned, developed, and implemented company-wide information security program from scratch based on ISO 27001 security framework • Led successful completion of multiple third-party penetration tests and ISO 27001, HIPAA, and SOC 2 Type 2 audits • Wrote and implemented new information security policies, procedures, and standards in alignment with ISO 27001 • Instituted and chaired the Information Security Steering Committees (ISSC) consisting of company executives and directors • Directed the implementation of the company's first Security Information and Event Management (SIEM) system CERTIFICATIONS & ASSOCIATIONS • Certified Information Systems Security Professional (CISSP) since 2000 • Certified in Risk and Information System Controls (CRISC) • ISACA Board Member • Seattle SecureWorld Expo Advisory Council • Rotary International member since 2008 INDUSTRY EXPERIENCE • Federal, financial, and technology background • ISO 27001-aligned information security program development and management • Security project management • Governance, Risk and Compliance (GRC) • ISO 27001, PCI DSS, SOC 2, HIPAA, FedRAMP, and GLBA compliance gap analysis • Security policy and standards development • Vulnerability management • Network security audit and assessment • Security training and awareness