Practice Director, AT&T Security Consulting Services
As Practice Director for Governance, Risk, and Compliance (GRC) within AT&T’s Security Consulting Services, Carisa provides the vision and strategic direction that helps businesses plan and implement programs to manage security, risk, and regulatory compliance.
Carisa led the GRC Practice in becoming HITRUST Certified Common Security Framework (CSF) Assessors. The HITRUST CSF is a certifiable framework used by health care clients to securely manage and exchange personal health and financial information. She has developed methodologies for assessing enterprise information security programs based on industry standards of good practice and applicable national and international privacy legislation, including ISO, NIST, GPLA, HITECH, HIPAA, and others. If there is a security, compliance, or privacy standard or best practice out there, Carisa knows its inner workings and helps clients understand and implement solutions accordingly.
Starting her career as an IT jack-of-all-trades may not be what Carisa had planned, but that’s where her interests took her. Carisa had planned to become a teacher after college and even worked as a substitute teacher for a time. However, she decided to move from guiding children carefully along their paths to steering businesses down the road of security and compliance. She accepted a position as an IT specialist for the Minnesota Department of Human Services. There, she gained a particular interest in security and privacy compliance as well as risk management, and began implementing programs to improve security and manage information risk. She later joined VeriSign, where she spent 10 years in various positions related to risk and compliance.
The ability to see emerging trends and help clients prepare from a risk and regulatory perspective is one of Carisa’s greatest strengths. She applies her practical experience in security to new technologies and other business enablers to develop appropriate security solutions.
Carisa applies her professional risk management skills out of the office as well. She recently began scuba diving, a pastime she defines as a “managed risk” sport. She also enjoys traveling, reading, and spending time with her family in Madison, Wisconsin.
Carisa earned her B.A. from the University of Minnesota, Twin Cities. She has a variety of certifications and distinctions, including Certified Information Systems Security Professional (CISSP), ISACA Certified Information Systems Auditor (CISA), and HITRUST Certified Common Security Framework (CSF) Practitioner.
She is a member of the International Information Systems Security Certification Consortium, Inc. (ISC2), The Information Systems Audit and Control Association and Foundation (ISACA), International Association of Privacy Professionals (IAPP).