Mark Gibaldi is a Partner in Fortium Partners’ Southeast region, where he serves financial institutions, insurance providers, technology start-ups, and medical services companies. He has a distinct profile and perspective with solid credentials as both a Chief Information Security Officer and Chief Information Officer. His experience includes leading risk management, introducing identity management, weaving DevSecOps into the system development life cycle, and building a cyber security and risk function from scratch. He has worked to ensure information security during mergers, acquisitions, and spin-offs. Mark is well-known as an effective communicator who develops highly-skilled security teams.
As a CISO, Mark has excelled at creating and implementing an information security program based upon ISO-2700 standards. He had introduced a risk management approach to address and anticipate the need for new or enhanced security controls, policies, and procedures. His commitment to organizational collaboration yields strong relationships with executive peers, vendors, staff, and leaders in the field. He is recognized for establishing a close relationship with audit, legal, human resources, and enterprise architecture teams as he guides a company to fortify its security defenses. For example, he launched a worldwide information security awareness program to vest responsibility across the enterprise. Mark also promotes working with federal law enforcement and industry bodies when developing security strategy and reviewing emerging technologies.
His responsibilities have included DevSecOps, threat management and incident response, cloud security, and machine learning security controls. Mark has a solid understanding of General Data Protection Regulation (GDPR), Payment Card Industry Data Standards (PCI), Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX) and many other regulations and authorities that impact information security. He has established a computer security incident response team (CSIRT) to expose and avert cyber-attacks targeting the organization.
Mark graduated with a Bachelor of Arts in Criminology and Computer Science from The Ohio State University. He is credentialed as a Certified Information Systems Security Professional (CISSP).