Ralph Villanueva is an experienced IT Compliance professional with over 10 years of experience in Information Technology – Governance, Risk and Compliance (IT GRC) work using PCI-DSS, ISO 27001, ISO 27002, ISO 27005, IS0 27701, NIST 800-53, COBIT, SOX IT General Controls (ITGC), Nevada Gaming Control Board Minimum Internal Controls (NGCB MICS) COSO and GDPR frameworks. In addition, he is knowledgeable with related IT GRC and data privacy applications such as One Trust, KnowBe4, Proof Point, Stealth Bits, Tenable, Crowd Strike Falcon, Security Scorecard, Selectica and Microsoft 365 IT Security and Compliance. Ralph knows how to optimize the IT security and compliance function of an organization, by leveraging the above-mentioned frameworks and applications, formulating and implementing appropriate policies and procedures to enhance compliance, mitigate threats and protect the organization from financial, regulatory and reputational damage, and collaborate with various business and process owners across the organization. He also knows how to conduct compliance reviews of various aspects of IT operations to determine compliance with relevant IT security and data privacy criteria. He has worked with external auditors and consultants of firms such as Optiv, Crowd Strike, BDO, Protiviti and RSM in conducting SOC1, SOX ITGC, PCI and cybersecurity audits, incident response tabletop exercises and data privacy compliance. Ralph speaks regularly in PCI-SSC, ISACA, IIA, ACFE and other conferences every year since 2010. He writes professional articles for the IIA, SCCE, LinkedIn and other publications, and edits articles for ISACA. He spoke for IIA Canada in 2021 and 2020.