Zlatko Unger
Verified Expert in Engineering
vCISO and Security Program Developer
El Granada, CA, United States
Toptal member since March 1, 2023
Zlatko is an experienced leader in information technology, security, risk, privacy, and compliance leader with fifteen years of experience. He is skilled in developing policies, procedures, and standards within highly regulated industries. Zlatko is adept at delivering comprehensive business solutions for increased productivity, cross-functional collaborations, and budget predictability to meet business needs and maintain organizational security.
Portfolio
Experience
Availability
Preferred Environment
Google, Slack, Zoom, MacOS, Android, Google Workspace
The most amazing...
...things I've implemented are compliance programs like SOC 2, ISO 27001, and HITRUST in a company with little to no budget and no additional resources.
Work Experience
Head of Security and Privacy | Chief Information Security Officer (CISO)
Alation
- Managed three global teams covering security operations, global compliance, and privacy as the most senior security officer.
- Started as the first security hire, overtook the IT team, and grew the organization to four managers with their staff.
- Operated with an around $5 million combined budget while road mapping projects and initiatives.
- Led the team to ensure continuous compliance with multiple international standards, such as ISO 27001, ISO 27701, and SOC 2 Type II frameworks, upheld HIPAA, HITECH, CCPA, and GDPR compliance, and assisted with FedRAMP implementation.
- Engaged with all business units to expand the scope of the security and privacy programs.
- Set the company-wide strategy information security objectives while reducing third-party tool spending by 15%.
- Met and worked directly with 30% more customers YoY to ensure their security needs were met.
- Integrated technologies from two acquisitions into the IT and security programs.
- Engaged with all business units to expand the scope of the security and privacy programs.
- Assisted in moving customers from Alation's on-premise offering to the cloud solution.
Director of Security and Compliance
Castlight Health
- Managed all aspects of enterprise security operations, risk management, and compliance while overseeing nine individuals across three teams on two continents. Reported to the CISO.
- Oversaw the team's budgeting, road mapping, planning, and training worth around $2 million.
- Directed the creation and operation of the security operations center.
- Coordinated multiple third-party penetration tests and static code analysis.
- Managed compliance audits that led to a successful SOC 2 Type II report covering two products and HITRUST verified assessment covering over 500 requirements.
- Assisted with the SOX audit leveraging the existing control framework.
- Led the General Data Protection Regulation (GDPR) implementation program.
- Engaged with vendors, partners, and customers to satisfy risk, privacy, security, and compliance requirements.
- Administrated and helped create procedures surrounding security and compliance tooling covering antivirus, data loss prevention, WAF, file integrity monitoring, SIEM, database activity monitoring, MDM, ISMS, Office 365, G Suite, and GRC.
Director of Security and Compliance
Jiff
- Led all security, risk, and compliance programs across the company's product and engineering organization.
- Headed the validated HITRUST assessment and SOC 2 Type I project.
- Worked on security projects, including the implementation of third-party security reviews, second-factor authentication across the company, and device management deployment across smartphones.
- Implemented new and improved policies and standards across the company to satisfy customers' needs and ensure compliance.
- Reviewed contracts for acceptable security postures as part of any new business deals.
- Presented to the executive team on topics of incident management, business continuity, and risks within the company.
Manager of Security
Engine Yard
- Led all security, risk, and compliance functions for the entire company while managing two direct reports.
- Implemented the controls necessary to attain a favorable SOC 2 Type II report.
- Worked on security projects, including the implementation of a single sign-on network and application scanner, fraud engine improvements, and hardening of all security controls.
- Provided vulnerability management updates, risk analysis, and betterment of procedural documentation.
- Provided reports and presentations to the CEO and CFO.
- Collaborated directly with potential and existing customers to help them understand the company's security controls and items needed to achieve various compliance frameworks, such as PCI DSS or HIPAA.
Security and Compliance Manager
First Data
- Facilitated the creation, development, and implementation of an enterprise risk management practice.
- Provided reports and presentations to the executive committee and senior management.
- Delegated duties to the local and international risk analysts as a team lead.
- Worked under senior leadership to manage, conduct, and coordinate strategic risk assessments, certified self-assessments, and global scenario analyses.
- Developed and maintained over 100 key risk indicators across different local and international business areas covering Latin America, Europe, and Asia-Pacific.
- Relied heavily on information technology expertise to understand the risks of new technology, as well as new business ventures and partnerships.
- Created and maintained standards, policies, and procedures regarding enterprise risk management, risk appetite, risk assessments, and risk ranking.
- Identified sources of revenue through uncollected fees exceeding $1 million.
Advisory Associate
KPMG
- Led parts of different engagements that covered penetration testing and network security projects, security policy review projects, and identity and access management projects.
- Managed process documentation during the length of engagements.
- Communicated highly technical information and technology issues to client management.
- Worked with various clients, including AT&T, Cisco, Windstream, Aflac, and Equifax.
- Designed and executed test plans for management's assertions over access, program development, change management, and end-user computing controls for Sarbanes-Oxley 404 compliance.
- Collaborated with clients such as Central Parking, General Electric, NutraSweet, Pinnacle Airlines, and the City of Atlanta.
Experience
Security Program
HITRUST Implementation
ISO 27001 Implementation
https://www.alation.com/security/Education
Master's Degree in Business Administration (MBA)
University of Georgia - Atlanta, GA, United States
Bachelor's Degree in Business Administration
University of Georgia - Athens, GA, United States
Skills
Tools
Slack, Google Workspace, Zoom, Excel 2013
Platforms
Android, MacOS, AWS IoT
Industry Expertise
Cybersecurity
Languages
HTML, PHP
Paradigms
HIPAA Compliance, Penetration Testing
Other
Security, Risk, Compliance, SOC 2, Program Management, Governance, CISO, Information Security, Information Security Management Systems (ISMS), Risk Assessment, Privacy, IT, ISO 27001, ISO 27701, Information Systems, FedRAMP, Budgeting, Vendor Management, Business, Google, Web Security, GDPR, HITRUST Certification
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring