Amy Bogac is the chief information security officer with Baker Tilly. She is a security and technology executive with extensive experience in leading teams and building global IT security programs. Proven ability to engage, motivate and mentor professionals, successfully developing multiple direct reports into security leaders. Demonstrates strong business and technology acumen, leading programs and projects that address enterprise risk and cybersecurity threats. Expertise in incident response and recovery, particularly in ransomware attacks. Active mentor with Women in Cybersecurity (WiCyS), dedicated to developing the next generation of IT and cybersecurity leaders.
- Building full scale National Institute of Standards and Technology (NIST) based security programs for global public companies with complex regulatory environments, including Sarbanes–Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), Health Information Technology for Economic and Clinical Health Act (HITECH)/protected healthcare information (PHI), Payment Card Industry Data Security Standard (PCI DSS) and HITRUST
- Implemented incident response process, including strategic partnerships for forensic investigations
- Ensured clean SOX and governance, risk management, and compliance (GRC) audits, examinations, and penetration tests using the NIST framework and Control Objectives for Information and Related Technology (COBIT)/Committee of Sponsoring Organizations of the Treadway Commission (COSO)
- Consistently developing and mentoring talent throughout the security community and achieving strong employee engagement as measured through human resources (HR) engagement survey results
- Assess and prioritize high value, low cost security enhancements for global services leveraging strong network and partnerships
- Strong alignment with manufacturing business and deep understanding of industrial controls systems security and aligning on risk tolerance/mitigation plans
- Execution of key technologies for strategies such as data loss/leakage prevention, identity platform, security information and event management (SIEM), global email gateway security, GRC and full network modernization
- Certified Information Systems Security Professional (CISSP) 403939- ISC2