Zlatko Unger, Developer in El Granada, CA, United States
Zlatko is available for hire
Hire Zlatko

Zlatko Unger

Verified Expert  in Engineering

vCISO and Security Program Developer

Location
El Granada, CA, United States
Toptal Member Since
March 1, 2023

Zlatko is an experienced leader in information technology, security, risk, privacy, and compliance leader with fifteen years of experience. He is skilled in developing policies, procedures, and standards within highly regulated industries. Zlatko is adept at delivering comprehensive business solutions for increased productivity, cross-functional collaborations, and budget predictability to meet business needs and maintain organizational security.

SecurityInformation SecurityAndroidCybersecuritySlackGoogleAWS IoTZoomMacOSPHPWeb SecurityGDPRExcel 2013Penetration TestingISO 27001

Portfolio

Alation
Security, Privacy, IT, Risk, Compliance, Program Management, Budgeting...
Castlight Health
Web Security, Compliance, GDPR, HIPAA Compliance, HITRUST Certification...
Jiff
Compliance, HIPAA Compliance, Security, HITRUST Certification, Cybersecurity...

Experience

Security - 15 yearsCompliance - 15 yearsRisk - 15 yearsInformation Security - 15 yearsProgram Management - 13 yearsCISO - 7 yearsPrivacy - 6 yearsIT - 5 years

Availability

Part-time

Preferred Environment

Google, Slack, Zoom, MacOS, Android, Google Workspace

The most amazing...

...things I've implemented are compliance programs like SOC 2, ISO 27001, and HITRUST in a company with little to no budget and no additional resources.

Work Experience

Head of Security and Privacy | Chief Information Security Officer (CISO)

2019 - 2023
Alation
  • Managed three global teams covering security operations, global compliance, and privacy as the most senior security officer.
  • Started as the first security hire, overtook the IT team, and grew the organization to four managers with their staff.
  • Operated with an around $5 million combined budget while road mapping projects and initiatives.
  • Led the team to ensure continuous compliance with multiple international standards, such as ISO 27001, ISO 27701, and SOC 2 Type II frameworks, upheld HIPAA, HITECH, CCPA, and GDPR compliance, and assisted with FedRAMP implementation.
  • Engaged with all business units to expand the scope of the security and privacy programs.
  • Set the company-wide strategy information security objectives while reducing third-party tool spending by 15%.
  • Met and worked directly with 30% more customers YoY to ensure their security needs were met.
  • Integrated technologies from two acquisitions into the IT and security programs.
  • Engaged with all business units to expand the scope of the security and privacy programs.
  • Assisted in moving customers from Alation's on-premise offering to the cloud solution.
Technologies: Security, Privacy, IT, Risk, Compliance, Program Management, Budgeting, Governance, Cybersecurity, CISO, AWS IoT, Penetration Testing, GDPR, Web Security, Vendor Management, FedRAMP, SOC 2, Information Systems, Google Workspace, Information Security Management Systems (ISMS), Information Security, Risk Assessment

Director of Security and Compliance

2017 - 2019
Castlight Health
  • Managed all aspects of enterprise security operations, risk management, and compliance while overseeing nine individuals across three teams on two continents. Reported to the CISO.
  • Oversaw the team's budgeting, road mapping, planning, and training worth around $2 million.
  • Directed the creation and operation of the security operations center.
  • Coordinated multiple third-party penetration tests and static code analysis.
  • Managed compliance audits that led to a successful SOC 2 Type II report covering two products and HITRUST verified assessment covering over 500 requirements.
  • Assisted with the SOX audit leveraging the existing control framework.
  • Led the General Data Protection Regulation (GDPR) implementation program.
  • Engaged with vendors, partners, and customers to satisfy risk, privacy, security, and compliance requirements.
  • Administrated and helped create procedures surrounding security and compliance tooling covering antivirus, data loss prevention, WAF, file integrity monitoring, SIEM, database activity monitoring, MDM, ISMS, Office 365, G Suite, and GRC.
Technologies: Web Security, Compliance, GDPR, HIPAA Compliance, HITRUST Certification, Cybersecurity, Information Security, AWS IoT, Penetration Testing, Vendor Management, SOC 2, Information Systems, Governance, Information Security Management Systems (ISMS), Risk Assessment

Director of Security and Compliance

2015 - 2017
Jiff
  • Led all security, risk, and compliance programs across the company's product and engineering organization.
  • Headed the validated HITRUST assessment and SOC 2 Type I project.
  • Worked on security projects, including the implementation of third-party security reviews, second-factor authentication across the company, and device management deployment across smartphones.
  • Implemented new and improved policies and standards across the company to satisfy customers' needs and ensure compliance.
  • Reviewed contracts for acceptable security postures as part of any new business deals.
  • Presented to the executive team on topics of incident management, business continuity, and risks within the company.
Technologies: Compliance, HIPAA Compliance, Security, HITRUST Certification, Cybersecurity, Information Security, AWS IoT, Penetration Testing, GDPR, Vendor Management, SOC 2, Information Systems, Governance, Google Workspace, Risk Assessment

Manager of Security

2014 - 2015
Engine Yard
  • Led all security, risk, and compliance functions for the entire company while managing two direct reports.
  • Implemented the controls necessary to attain a favorable SOC 2 Type II report.
  • Worked on security projects, including the implementation of a single sign-on network and application scanner, fraud engine improvements, and hardening of all security controls.
  • Provided vulnerability management updates, risk analysis, and betterment of procedural documentation.
  • Provided reports and presentations to the CEO and CFO.
  • Collaborated directly with potential and existing customers to help them understand the company's security controls and items needed to achieve various compliance frameworks, such as PCI DSS or HIPAA.
Technologies: Compliance, HIPAA Compliance, Cybersecurity, Information Security, AWS IoT, Penetration Testing, Vendor Management, SOC 2, Information Systems, Governance, Google Workspace, Risk Assessment

Security and Compliance Manager

2010 - 2014
First Data
  • Facilitated the creation, development, and implementation of an enterprise risk management practice.
  • Provided reports and presentations to the executive committee and senior management.
  • Delegated duties to the local and international risk analysts as a team lead.
  • Worked under senior leadership to manage, conduct, and coordinate strategic risk assessments, certified self-assessments, and global scenario analyses.
  • Developed and maintained over 100 key risk indicators across different local and international business areas covering Latin America, Europe, and Asia-Pacific.
  • Relied heavily on information technology expertise to understand the risks of new technology, as well as new business ventures and partnerships.
  • Created and maintained standards, policies, and procedures regarding enterprise risk management, risk appetite, risk assessments, and risk ranking.
  • Identified sources of revenue through uncollected fees exceeding $1 million.
Technologies: Excel 2013, Cybersecurity, Information Security, Information Systems, Risk Assessment

Advisory Associate

2007 - 2009
KPMG
  • Led parts of different engagements that covered penetration testing and network security projects, security policy review projects, and identity and access management projects.
  • Managed process documentation during the length of engagements.
  • Communicated highly technical information and technology issues to client management.
  • Worked with various clients, including AT&T, Cisco, Windstream, Aflac, and Equifax.
  • Designed and executed test plans for management's assertions over access, program development, change management, and end-user computing controls for Sarbanes-Oxley 404 compliance.
  • Collaborated with clients such as Central Parking, General Electric, NutraSweet, Pinnacle Airlines, and the City of Atlanta.
Technologies: Cybersecurity, Penetration Testing, SOC 2, Information Systems, Information Security, Risk Assessment

Security Program

Implemented a security program in Alation which didn't have a previous program. I achieved ISO 27001 in less than a year. Also, I grew the team from one person to nearly 20 and budget from around $50 thousand to around $5 million over three years.

HITRUST Implementation

I have implemented HITRUST and SOC 2 frameworks for a small healthcare startup. After our acquisition by a public company, I brought HITRUST to the acquiring company and ran two HITRUST and SOC 2 reports. A year later, the two technologies were integrated, and I combined the documentation, expertise, and processes to pass the combined audit.

ISO 27001 Implementation

https://www.alation.com/security/
Implemented ISO 27001 in a 200-employee startup from scratch within four months. Maintained the ISMS program and successfully achieved four years of compliance since 2019. Transitioned the program from on-prem software to one capturing the SaaS offering.

Tools

Slack, Zoom, Excel 2013

Platforms

Android, MacOS, AWS IoT

Industry Expertise

Cybersecurity

Other

Security, Risk, Compliance, SOC 2, Program Management, Governance, CISO, Information Security, Information Security Management Systems (ISMS), Risk Assessment, Privacy, IT, ISO 27001, ISO 27701, Information Systems, FedRAMP, Budgeting, Vendor Management, Google Workspace, Business, Google, Web Security, GDPR, HITRUST Certification

Languages

HTML, PHP

Paradigms

HIPAA Compliance, Penetration Testing

2011 - 2013

Master's Degree in Business Administration (MBA)

University of Georgia - Atlanta, GA, United States

2003 - 2007

Bachelor's Degree in Business Administration

University of Georgia - Athens, GA, United States

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring