Vanessa Fernandez is a Manager within EisnerAmper Digital with over five years of experience in IT technologies, software development and cybersecurity services. She oversees the development as well as maturity of written IT policies and operating procedures for clients across several domains which include WISP (written information security policy) programs, integrated risk management, business continuity planning, disaster recovery, incident response, change management, and other agreed-upon or job industry specific procedures.
Vanessa is responsible for the structure and excellence over enterprise governance and cybersecurity risk assessments, data privacy, internal audit, and Internal controls for SOC 2 programs, and strategic client projects. Additionally, she develops policies for systems processing/containing Controlled unclassified information (CUI) in accordance with Cybersecurity Maturity Model Certification (CMMC) and National Institute of Standards and Technology (NIST) 800-171.
Prior to joining the firm, Vanessa was a Governance Compliance Manager at a healthcare insurance company where she designed, directed, and implemented corporate strategy for all governance, risk, compliance (GRC) efforts across the enterprise into two GRC systems. She analyzed requirements and developed roadmap for implementation across enterprise.
Vanessa led cross functional teams and established organization wide GRC governance structure, taxonomy, and executive steering committee, designed, directed, and managed concept-to-execution strategies for GRC related efforts, developed inventory of mapped controls using unified control framework (UCF) to reinforce GRC compliance framework and in turn, ensured regulatory adherence to PCI DSS, ISO, HIPAA, NIST SP-800-53, and CIS Top 20 and implemented data management strategy to for accuracy of data across cybersecurity, enterprise risk, compliance, and privacy teams