Call Us at

by anas

What is the key to a successful GRC
platform implementation?

Tackle the simplest used cases and show quick wins. We can help with your journey.

Learn more or Contact Us to get started.

Appointing a CISO Is A Decision
That Cannot Be Rushed …

While you search, consider an interim CISO to maintain an acceptable security posture.

Learn more

, or

contact us

to schedule a free consultation

Need PCI segmentation testing
locally or in the cloud?

We have the skills and experience to get it done for you…

Learn more or contact us to schedule a free consultation

Penetration Test and/or a
Red/Purple Team Exercise?

Our team of practitioners can help with building our your use cases, and carry out the tests for you

Learn more

, or

contact us

to schedule a free consultation

Are you challenged with closing
the gap on pentest findings?

Our team of architects, implementers, and assessors can assist with mitigating vulnerabilities
so you can focus on your core job.

Learn more

, or

contact us

to schedule a free consultation

Looking for a path from RSA Archer
to ServiceNow GRC?

Leverage our success stories to accelerate your GRC adoption.

Click here to learn more about our capabilities.

About Trustmarq

Trustmarq offers consulting and advisory services to clients across a wide industry spectrum. We are regarded as thought leaders by our clients in the domains of Privacy, Enterprise Risk, Cyber Security, and Regulatory Compliance.

With offices in Atlanta, New York, Washington DC, Dallas, and Chicago, we have the capability to deliver engagements globally.

Flagship Services

“Manage Organizational Risk by Transforming raw data into Valued and Actionable Intelligence”

 

Value-centric GRC platform implementation is performed with close alignment to business objectives. It is integrated within the enterprise technology platform and has realistic expectations of yield. . . . .

Learn more, or Click here to schedule a consultation

“Third Party Providers shouldn’t be the weak link in your Supply Chain”

 

A truly holistic TPRM goes beyond the reactive response that is typically limited to third party contract reviews, and takes a proactive approach to ensuring risk is adequately understood, communicated, and managed within acceptable thresholds.

 

As business increase their dependence on third parties, and customers increasingly are concerned about their provider’s risk posture. . .

Learn more, or Click here to schedule a consultation

Key To Maximizing Your Cybersecurity Investments? Align with People and Culture First, And Don’t Always Start With Technology!

 

Our Cybersecurity services take on a business-aligned and risk-driven approach to deliver maximum value for our clients’ investments. Not only do we perform the traditional benchmarking and assessment services, we apply our business knowledge and industry expertise to ensure that results delivered are relevant, actionable, and actually verified.

Learn more, or Click here to schedule a consultation

Embracing Best Practices can transform ‘red tape’ into a ribbon cutting ceremony

 

Trustmarq offers a full lifecycle of advisory and consulting services to address GDPR-driven business challenges. Regardless of which stage you’re in with your compliance initiatives, our team of seasoned privacy, risk and security practitioners can help at every step of the lifecycle

Learn more, or Click here to schedule a consultation

To view all services, click here.

Subscribe to Trustmarq Newsletter
  • Email Address:

Trusted Insights

  • PAM Azure

    PAM Azure

    Our team recently presented an IAM-centric use case to a global audience of IAM practitioners. This …
  • PAM Primer

    PAM Primer

    PAM Credential Management is another term for Privileged Access Management. It’s all about managing privileged system …
  • 2020 Cybersecurity and Privacy Predictions 

    2020 Cybersecurity and Privacy Predictions 

    After countless discussions with our clients, colleagues, industry thought leaders, and most importantly, taking into account …

Business Scenario Focus

Our teams specialize in the following business scenarios:

Rapid Growth

Organizations facing significant growth and requiring rapid transformation to deal with new business challenges, while maintaining the growth factor.

a
Pre-IPO Alignment

We are Organizations looking to prepare for their initial public offering (IPO); aligning IT with business to maximize investment value.

a
Mergers & Acquisitions

Organizations that have recently gone through, or are preparing for M&A activity, requiring pre-merger due diligence, and post merger platform integration and service transformation.

Industries Served

Our team have cross-industry experience to help our clients build their business practices and processes around their specific business needs, not just industry requirements and mandates, thus attaining a thought leadership role in how business can be conducted effectively, while adhering to mandates, to maximize return on investment.

T-Mobile

CenturyLink

Cox Communications

AT&T

University of Pennsylvania Health System

Lifespan

Harvard Pilgrim Healthcare

Children’s Healthcare of Atlanta

Aetna Insurance

Travelport

Delta Airlines

Suntrust Bank

JP Morgan Chase

Experian

BNY Melon

Lockheed Martin

Southern Company

Kansas City Southern Railroad

Kansas City Power & Light

Department of Homeland Security

Success Stories

We differentiate ourselves with our vast business acumen, and deep industry knowledge. Our understanding of our clients’ business model reflects in our repeated client success stories. Scroll down to view industry-specific successes.

User Identity and Access Consolidation

Documented all enterprise-level user credential stores, validating user accounts based on HR profiles. Created a cross-store consolidation roadmap which enabled ongoing synchronization once aligned.

a

Read More

Vulnerability & Patch Management

Conducted information, architecture, & technology risk assessments, including internal and external vulnerability assessments, network and application penetration tests, and social engineering attempts to gain unauthorized access to privileged Client resources.

Read More

Cloud Services Automation

A technology services and support platform blueprint was created based on business requirements for community outreach and development, fundraising, youth empowerment, inter-faith outreach, religious programs, and social support services.

Read More

 

Integrated Supply Chain Risk Management

Transformed the supply chain risk management program to align with industry good practices. Improved business processes automated vendor risk assessments using the Archer GRC

Read More

Security Architecture Transformation

Created a blueprint for desired future state architecture that woud serve as the Cyber Security echo-system, protecting critical infrastructure services.

Read More

Secure SDLC Program Deployment

Facilitated integration of security good practices with the client’s software development processes. Starting with establishing business context for SSDLC program,

Read More

 

GRC Platform Automation

Business processes were improvised prior to automation. A unified Archer GRC platform was deployed and configured with several out-of-the-box solutions (Enterprise, Risk, Audit v5).

 

Read More

Risk Management Program Transformation

Established a formal risk management program based on NIST SP 800-30 and HIPAA, HITECH and Meaningful Use requirements. Creating a repeatable process for assessing and managing risks.

a

  Read More

Cyber Security Program Establishment

Established an-enterprise-wide and business-aligned cyber security program based on NIST Cyber Security Framework, ISO 27001, SANS Critical Security Controls, Industry Security Specifications, and vendor specific platform protection standards.

Read More

Top

User Identity and Access Consolidation

Documented all enterprise-level user credential stores, validating user accounts based on HR profiles. Created a cross-store consolidation roadmap which enabled ongoing synchronization once aligned. Established framework to audit user access levels across various high-risk enterprise systems and provided a plan to inherit access levels based on Active Directory permissions rather than local permissions.A transformation plan was created to gradually migrate user access permissions in batches, starting with cleanup of administrative and privileged access controls across mission critical systems.

To Learn More, Schedule a Consultation

Vulnerability & Patch Management

Conducted information, architecture, & technology risk assessments, including internal and external vulnerability assessments, network and application penetration tests, and social engineering attempts to gain unauthorized access to privileged Client resources. Presented findings and recommendations wrapped in business context, and provided Client with a prioritized, risk-based, and actionable roadmap to socialize architectural updates, patch vulnerabilities, improve processes, and prioritize funding of initiatives. Resulting project artifacts were immediately transformed into remediation project plans, and executed to completion with our team's coaching and assistance.

To Learn More, Schedule a Consultation

Cloud Services Automation

A technology services and support platform blueprint was created based on business requirements for community outreach and development, fundraising, youth empowerment, inter-faith outreach, religious programs, and social support services. Resulting infrastructure was mostly comprised of subscription-based cloud services with minimal on-premise equipment to minimize ongoig maintenance needs, while ensuring protection of sensitive information.

To Learn More, Schedule a Consultation

Integrated Supply Chain Risk Management

Transformed the supply chain risk management program to align with industry good practices. Improved business processes and automated vendor risk assessments using the Archer GRC platform. Delivered Archer out of the box modules with minimal customizations as well as on-demand applications.

To Learn More, Schedule a Consultation

Security Architecture Transformation

Created a blueprint for desired future state architecture that would serve as the Cyber Security echo-system, protecting critical infrastructure services. Planned for and executed a phased transformation of enterprise information security architecture, products and services.

To Learn More, Schedule a Consultation

Secure SDLC Program Deployment

Facilitated integration of security good practices with the client's software development processes. Starting with establishing business context for SSDLC program, benchmarked development practices, delivered developer training for increased awareness and stewrdship amongst development teams. Implemented static, dynamic and other testing methods to review application code at various stages of the development lifecycle. Introduced cost savings of over $1.8M in the first year alone with tighter integration between information security and development teams. Established success metrics for management reporting and continual improvement.

To Learn More, Schedule a Consultation

GRC Platform Automation

Business processes were improvised prior to automation. A unified Archer GRC platform was deployed and configured with several out-of-the-box solutions (Enterprise, Risk, Audit v5). Numerous data feeds were also installed, mapped and activated. Operational support and end user training was provided to ensure timely and adequate business acceptance.

To Learn More, Schedule a Consultation

Risk Management Program Transformation

Established a formal risk management program based on NIST SP 800-30 and HIPAA, HITECH and Meaningful Use requirements. Creating a repeatable process for assessing and managing risks. Implemented data governance controls to ensure protection of ePHI data. Incorporated exception management process to manage exceptions until addressed. Transformed enterprise architecture initiatives to take a risk-based approach in making architectural decisions.

To Learn More, Schedule a Consultation

Cyber Security Program Establishment

Established an-enterprise-wide and business-aligned cyber security program based on NIST Cyber Security Framework, ISO 27001, SANS Critical Security Controls, Industry Security Specifications, and vendor specific platform protection standards. Cyber Security architecture framework was created, with security capabilities and services identified to provide coverage for the subscriber environment. A phased deployment approach was adopted for measured business acceptance, and managed execution as planned.

To Learn More, Schedule a Consultation