================================================================================
SAVANNA MYER  |  Head of Security & Compliance
================================================================================
Email:    savanna.myer@gmail.com
LinkedIn: linkedin.com/in/savannamyer
Site:     savanna.myersmiles.com
Location: New England, USA — remote-first, travel when it matters
Target:   Head of Security & Compliance | GRC Director | CISO

================================================================================
PROFESSIONAL SUMMARY
================================================================================
Head of Security and Compliance with 13 years designing and scaling compliance
programs for growth-stage technology companies. Originator of Coordinated
Compliance methodology — synchronizes multiple certification audit cycles to
reduce timelines 75% and engineering burden 95%.

Active standards: SOC 2, ISO 27001/17/18/701/42001, FedRAMP, HIPAA, HITRUST,
FINRA SEC 17a-4, BSI C5, IRAP, TISAX, CSA STAR, EO 14028, NIST CSF, OSFI
B-13, DPDP, ISMS-P, DORA, DESC — 22 active standards across 8+ markets.

KEY ACHIEVEMENTS:
- Grew certification portfolio 3 to 13 globally recognized standards at
  Rubrik in 3 years; $1B+ in regulated market access unlocked
- Supported NYSE IPO (RBRK, April 2024) with zero compliance gaps
- Built compliance programs from zero at People.ai and Elastic
- Integrated 3 M&A acquisitions with zero certification lapses
- Highest student attendance rate nationwide as IT department chair
- Active BCDR programs under crisis conditions (Ukraine, MENA)

================================================================================
CORE COMPETENCIES
================================================================================
GRC: Security compliance design, zero-to-one implementation, multi-framework
management, risk assessment, policy development (50+ authored), vendor risk,
evidence automation, continuous monitoring, control mapping: NIST/ISO/SOC/CIS
Tools: Drata, Vanta, Tugboat Logic, ServiceNow GRC, OneTrust, Hyperproof

FRAMEWORKS: SOC 2 T2, SOC 1 T2, ISO 27001/17/18/701/42001, CSA STAR,
FedRAMP Moderate, HIPAA, HITRUST CSF, FINRA 17a-4, EO 14028/SSDF, NIST CSF
2.0, NIST 800-53, BSI C5, IRAP, TISAX, DORA, OSFI B-13, DPDP, ISMS-P, DESC

TECHNICAL: AWS, Azure, GCP, Okta, CrowdStrike, SentinelOne, Qualys, Wiz,
Jira (advanced), Confluence, Slack API, GitHub, CyberArk, SailPoint

================================================================================
PROFESSIONAL EXPERIENCE
================================================================================
RUBRIK, INC. | NYSE: RBRK | Head of Security and Compliance
January 2023 – April 2026 | Remote | Revenue: $600M→$1.2B | Team: 1→5 FTE

- Coordinated Audit Program: 1,000+ requests → under 400 per cycle (-60%)
- Portfolio 3→13 globally recognized standards in 36 months ($1B+ market access)
- Four FINRA SEC 17a-4 evaluations enabling broker-dealer market
- ISO 42001 AI governance first-mover before any customer demand
- 3 M&A integrations with zero certification gaps
- FedRAMP Moderate Impact authorization (FY2025)

PEOPLE.AI | $1.1B Unicorn | Sr. Manager, Governance and Compliance
August 2021 – January 2023 | Remote | Revenue: $38M→$56M | Zero-to-one

- Compliance program from zero to SOC 2 + ISO 27001 in one build cycle
- Enterprise sales pipeline unblocked within 60 days of certification
- 6 certifications from zero; audit cycle 90d → 30d

ELASTIC | NYSE: ESTC | Principal Security Risk & Compliance Analyst
October 2018 – August 2021 | Remote | Revenue: $160M→$609M | 70% peak YoY

- First ISO 27001/17/18 certifications; cited in FY2019 Annual Report ($271.7M)
- FedRAMP program assist; opened US federal market for first time
- Engineering burden -80%; questionnaire TAT 10d→2.5d

AETNA / CVS HEALTH | Architect Advisor | 2017–2018 | Fortune 5 / Healthcare
EVARIANT | Director, Compliance & InfoSec | 2015–2017 | 50+ hospital networks
SAINT MARY'S / TRINITY HEALTH | InfoSec Officer | 2014–2015 | First CISO role
OHIO STATE / HUNTINGTON BANK | IT Security Analyst | 2011–2014 | $3M DLP

================================================================================
EDUCATION
================================================================================
M.S. Information Systems      Strayer University    2010–2011
M.S. Forensic Psychology      Tiffin University     2005–2006
M.S. Crime Analysis & Justice  Tiffin University    2004–2005
B.A. Psychology               Ohio University       2001–2004

IT Department Chair. Highest student attendance rate nationwide.

================================================================================
CERTIFICATIONS — 22 ACTIVE STANDARDS
================================================================================
SOC 2 T2, SOC 1 T2, ISO 27001, ISO 27017, ISO 27018, ISO 27701, ISO 42001,
CSA STAR, FedRAMP Moderate, NIST CSF 2.0, EO 14028/SSDF, HIPAA, HITRUST CSF,
FINRA 17a-4 (x4), BSI C5, IRAP, TISAX, DORA, OSFI B-13, DPDP, ISMS-P, DESC

MEMBERSHIPS: ISACA, ISC2, Cloud Security Alliance, HITRUST Community, ENX

================================================================================
REFERENCES: Available on request | linkedin.com/in/savannamyer
================================================================================