Blake Z.
Details
Accounting, Management Information Systems
University of Arizona
2007 : 2011
• Security compliance program strategies for supporting expansion into new markets.
• Global ISO/IEC 27001 & 27018 certifications over Apple Services
• Security Compliance programs supporting Education & Enterprise
• Building and maintaining GRC program supporting security compliance programs
• APAC Cloud Security Compliance Programs
Notable efforts :
• Championed, obtained executive sponsorship and led the development and execution of Apple's first Security Certifications & Compliance Center
• Lead implementation and execution of Apple's first ISO/IEC 27018 certification
2017 : Present
Apple
Senior Manager Information Security
• Lead oversight and strategy of the Information Security Management System of a rapidly growing company in the Financial Services industry.
• Managed and developed a team of 70 employees and consultants across security, compliance, and facilities in North and Central America.
• Oversaw a budget of $13 million supporting global information security and facilities operations.
• Fielded over 60 information security audits during tenure of the largest financial institutions in the world achieving satisfactory results.
• Managed PCI DSS compliance efforts and executed on opportunities for improvement.
• Lead day to day security operations including incident response, network security, vulnerability management, risk management, data loss prevention, physical and environment security, and compliance efforts (i.e. ISO 27001, SOX, PCI DSS, GLBA).
2017 : 2017
Encore Capital Group
Information Security Manager
• Lead Global ISO 27001 Information Security Management System (ISMS) implementation across North America and Asia.
• Achieved external third party certification of the ISMS implementation efforts.
• Performed Information Security due diligence efforts for Mergers and Acquisitions.
2016 : 2017
Encore Capital Group
Sr. Information Security Officer
Information Security & Compliance
• Lead oversight and strategy of global IT Vendor Management program.
• Perform Information Security due diligence efforts for Mergers and Acquisitions.
• Manage PCI DSS compliance and identify opportunities for improvement.
• Global implementation of ISO 27001 Information Security Management System standard.
• Manage global security operations
2014 : 2016
Encore Capital Group
Information Security & Compliance Officer
Information Technology & Process Assurance
• Performed ISO 27001 gap assessments leveraging Carnegie Melon's Capability Maturity Model.
• Evaluated the design and operational effectiveness of Information Security architecture.
• Performed risk assessments against the FFIEC IT Handbooks.
• Developed remediation strategies to reduce risks identified to an acceptable threshold.
• Mentored and developed new IT Risk & Security Associates in career development and Information Security best practices.
2013 : 2014
PwC
IT Risk & Security Experienced Associate
Skills
assurance, Auditing, Budgets, cisa, Endpoint Security, Financial Accounting, Financial Analysis, Financial Statements, GAAP, Information Security, Internal Audit, Internal Controls, ISO 27001, Management, Microsoft Excel, Microsoft Office, PCI DSS, Risk Assessment, Risk Management, Sarbanes-Oxley Act, SEC Filings, Strategy, US GAAP, CPA
About
Currently focused on strategic security initiatives cutting across all Apple Inc. business lines. I specialize in bringing together a diverse set of teams with different perspectives towards a unified goal and vision. An idea is only as good as its manifestation in reality. My passion is talking with and learning from the smartest people in the room so that I can formulate a tactical plan of execution. By bringing my refinement to the best ideas I can ensure they can be implemented and shared with the world. I’m motivated by challenging problems where solutions are elusive.
Until 2022, my role at Apple encompassed the development, operation, and support of our Information Security Management System, certifying Apple Services under ISO 27001 & 27018. Before Apple, I dedicated my career to consulting and Financial Services. My responsibilities included developing and certifying Information Security Management Systems (ISMS), managing M&A security diligence, establishing vendor management programs, overseeing security operations, and fielding audits from the largest Financial Services institutions in the world.
My breadth of experience includes projects on: PCI DSS compliance, security maturity assessments, SOX 404 IT Audits, SOC 2 Type II, China Cybersecurity Law, Cross Border Data Transfers, MLPS 2.0, HIPAA, FDA 21 CFR Part 11, ISO 27001/27018 assessments, macOS endpoint security, and various security and risk management assessments.
Programs built:
• Apple's ISO 27001 & 27018 programs
• Encore's 27001 program
• Apple’s GRC program supporting Apple security compliance programs
• Encore Capital’s Vendor Management Program
• Common control framework for security measurement & optimization
Credentials:
• CISSP, CISM, CISA, ISO 27001 Lead Implementer
Profile Photo
