Open to opportunities

Ryan Gelshenen

@ryangelshenen

Message

Cybersecurity and GRC leader with over 10 years of experience.

United States

Message

What I'm looking for

I am looking for a role that allows me to lead security initiatives, foster a culture of compliance, and drive organizational risk management strategies.

I am a seasoned Cybersecurity and GRC leader with over 10 years of experience in driving enterprise-level security programs and managing risk assessments. My career has been dedicated to aligning security strategies with business goals, ensuring regulatory compliance, and reducing organizational risk across global environments. I have a proven track record of building and maturing information security programs, particularly at Penguin Random House, where I developed a global information security program aligned with ISO 27001 standards.

Throughout my career, I have successfully led third-party risk management efforts, conducted comprehensive cybersecurity risk assessments, and managed incident response programs. My ability to translate complex security risks into actionable business strategies has allowed me to present effectively to business leaders and ensure clear communication across all business units. I am passionate about fostering a culture of security awareness and have built user security awareness programs that engage employees across multiple countries.

With certifications such as CISSP and CRISC, I am well-versed in regulatory frameworks including NIST, GDPR, and NYDFS. I am committed to continuous improvement and operational excellence, having developed and managed data privacy programs and cyber crisis protocols in previous roles. My goal is to leverage my expertise to enhance organizational security posture and drive impactful security initiatives.

Experience

Work history, roles, and key accomplishments

Current

Manager – Corporate Information Security

Current

Penguin Random House

Jul 2019 - Present (5 years 11 months)

Led the development of a global information security program aligned with ISO 27001 standards. Managed third-party risk assessments, incident response, and user security awareness initiatives across multiple countries. Presented security strategies to business leaders and oversaw policy creation and IT audits.

ISO 27001 Risk Management Incident Response Cybersecurity Third Party Risk Management Security Awareness Policy Development IT Audit Threat Intelligence Regulatory Compliance

Current

Manager – Corporate Information Security

Current

Penguin Random House

Jul 2019 - Present (5 years 11 months)

Led the development and execution of a global information security program aligned with ISO 27001 standards. Managed third-party risk assessments, incident response, and user security awareness initiatives across multiple countries. Regularly interfaced with legal and IT teams to implement security processes and tools, translating complex security risks into actionable business strategies.

ISO 27001 Risk Management Incident Response Third Party Risk Management Security Awareness Regulatory Compliance Threat Intelligence

Senior Consultant – Data Privacy, Cybersecurity Risk

Capco

Jan 2019 - May 2019 (4 months)

Provided strategic advisory services on risk, cybersecurity, and privacy initiatives. Conducted risk assessments and control evaluations, delivering actionable recommendations and executive-level reporting. Led client workshops and prepared high-quality presentations to align project goals.

Risk Assessment Cybersecurity Data Privacy Strategic Advisory Gap Analysis Presentation Skills Project Management

IT and Op Risk – Data Privacy and Protection

AXA Equitable

Jul 2015 - Jun 2018 (2 years 11 months)

Led the creation and implementation of the company's first Data Privacy and Prevention program. Developed guidelines based on NIST, GDPR, and NYDFS standards, and managed operational aspects of the program. Conducted training and developed key risk indicators to enhance data privacy practices.

Data Privacy GDPR NIST Risk Management Policy Development Training Compliance

Senior Consultant – Data Privacy, Cybersecurity Risk

Capco

Jan 2019 - May 2019 (4 months)

Provided strategic advisory on cybersecurity and privacy initiatives, conducting risk assessments and delivering executive-level reporting. Led client workshops and developed high-quality presentations to align project goals.

Risk Assessment Cybersecurity Presentation Skills Gap Analysis Strategic Advisory

IT and Op Risk – Data Privacy and Protection

AXA Equitable

Jul 2015 - Jul 2018 (3 years)

Led the implementation of AXA's first Data Privacy and Prevention program, developing guidelines based on NIST, GDPR, and NYDFS. Managed operational aspects and created the Cyber Crisis program, conducting tabletop exercises for crisis preparedness.

Data Privacy GDPR NIST Risk Management Policy Development Training

Regulatory Reform Consultant

Goldman Sachs

Aug 2014 - Jun 2015 (10 months)

Partnered with institutional clients to ensure compliance with CFTC and SEC regulations. Conducted KYC checks and collaborated with software development teams to automate regulatory processes. Monitored client trades for compliance with financial reform requirements.

Regulatory Compliance KYC Due Diligence Financial Products Teamwork

Regulatory Reform Consultant

Goldman Sachs

Aug 2014 - Jun 2015 (10 months)

Partnered with clients to ensure compliance with Dodd Frank and other regulations. Conducted KYC checks and collaborated with software development to automate regulatory processes, ensuring adherence to financial reform requirements.

Regulatory Compliance KYC Dodd Frank Risk Assessment Financial Products Communication Skills

Education

Degrees, certifications, and relevant coursework

University of Mary Washington

Bachelor of Science, Economics

2006 - 2010

Completed a Bachelor of Science degree with a major in Economics, focusing on economic theory, analysis, and practical applications in various sectors.