• background image
  • Work With Me

    Work + Love = Play.

    I welcome the opportunity to work with great people doing inspiring things.

  • BIO

    I have 7 years plus experience in Information Security where I creatively defend and help brands grow. I am a CISSP, CISM, CRISC, CDSPE and CCSP certificate holder among other certifications like ITIL, AWS, and Azure. In addition to certifications, I have an MBA in MIS, FIN, MGT. I am an energetic, thorough, passionate seasoned leader with solid board experience and excellent communication skills. I am also an amateur chef, gardener, dancer, team sports enthusiast and occasional struggling musician not including my rocking air guitar.

    My Relevant Strengths include: Board leadership & Collaboration • Risk Management • Change Management • Project Management • Corporate Governance • Strategic Planning • Process Improvement • Cyber Security • Application Security • Data Protection & Privacy • Digital Marketing & PR • Financial Research Analysis

     

  • Download Resume

  • View Portfolio

    Gabriella Nelms Portfolio of Work

    I’ve learned that people will forget what you said, people will forget what you did,

    but people will never forget how you made them feel.

    - Maya Angelou

  • broken image

    I have worked with Gabby for almost a year now and she is an amazing individual who has taken on new responsibilities and role as an Information Security Officer. She is always eager to learn and had picked up complex processes and techniques faster than anyone in recent memory.
    With her help and support we have managed to take action and resolve many past due Information Security (IS) initiatives and metric items, allowing us to trend green on senior management reports. Gabby is an asset to our team and the overall IS program.

    - Daniel Reyes, BISO

    One of the most talented individuals I have ever worked with. Her passion and dedication to her work has made her one the best. She was a key factor in implementing huge project's like Okta and Microsoft 365. Her project management skills are second to none.

    - Chris Pearson, Head of Information & Data Security

  • Experience

    Truist

    Vice President - Cloud Security Advisory Manager - Enterprise Cloud Security Technology, Governance & Product Management

    November 2020 - Now

    Focused leader and business enabler as a Cloud Security Advisory Manager of the Enterprise Cloud Security Technology, Governance & Product Management team, where I applied information security, risk management, and project management skills to advance and digitally transform Truist for its clients in the Southeast, generating $10.4 billion in revenue. Championed and managed several cloud-enabled technologies providing Cloud Security Advisory Services team with cloud controls & IAM compliance and automation tooling. Responsible for advancing and developing Cloud Security standards and policies as an integral part of the enterprise’s governance & risk management strategy including RCSAs. Built a tactical cloud governance strategy to accurately assess risk and the effectiveness of security controls for large-scale Cloud-related vendor solutions and SaaS APIs. Delivered expert-level guidance and education related to cloud security practices and standards, developing a security integration strategy for cloud vendors and products through assessment, procurement, and implementation lifecycles, while maintaining high-level of visibility and partnership with D-CISOs, LOBs, Cloud Architecture, Operations, Engineering, etc.

    Truist

    Vice President - Cloud Security Advisory Vendor & Product Manager

    December 2019 - November 2020

    Focused business enabler as a Cloud Security Advisory Vendor & Product Manager, applying information security, risk management, and project management skills to advance and digitally transform Truist for its clients in the Southeast, generating $10.4 billion in revenue. Responsible for advancing and building a tactical cloud governance strategy for cultivating a data-centric approach to accurately assess risk and the effectiveness of security controls for large-scale Cloud-related vendor solutions, enterprise CASB (Cloud Access Security Broker) and APIs in partnership with API team. Key enablement provider for delivering expert-level guidance and education related to cloud security practices and standards, developing a security integration strategy for cloud vendors and products through assessment, procurement, and implementation lifecycles, embracing security tooling and automation in tandem with the growth of cloud-enabled technologies, and maintaining high-level of visibility and partnership with D-CISOs, Cloud Architecture, other Cloud Security teams, etc.

    broken image

    Vice President - Cloud Security Advisor 

    March 2019 - December 2019

    Key influencer as a Cloud Security Advisor at SunTrust, globally applying deep information security and risk management skills to design, build and protect enterprise systems, applications, data, assets and people for SunTrust and its clients in the Southeast generating $10.4 billion in revenue. Responsible for cloud security strategy, architecture, implementation and operations, by delivering solutions that protect enterprise systems, applications and data, by establishing policies, procedures, practices and tools that prevent unauthorized access, use, disclosure, modification or disruption. Conducted complex network penetration tests, security product integration, information security overviews, and other projects. Lead the selection, implementation, and maintenance of firewalls, application of security patches, and updates and modifications to security design. Researched, tracked and assessed evolving threats and new technologies, solutions, and services.

    GRN of Success Gabriella Nelms

    Social GRN (Grin*) Strategist 

    January 2012 - Present

    Provided strategic digital marketing consulting in SEO, social media, and branding & marketing strategy to create interactive digital content for brands, personalities, companies, products and ideals.

    Citibank

    Assistant Vice President - Business Information Security Officer

    January 2017 - November 2018

    Played a key role as Business Information Security Officer at Citi, while globally promoting Risk Management to grow Cyber Security Awareness, value and credibility with a range of stakeholders, including employees, Center GISOs, Senior Business Leaders, and applicable stakeholders in 19 countries generating $17.3 billion in revenue. Investigated incidents and infrastructure units by identifying IS risks and the appropriate controls for development, day-to-day operation, and remediation of non-compliance. Communicated Security Events like Security Breaches and Security Policies by initiating and coordinating emergency actions to protect the business unit from an imminent loss of information, brand reputation, and customer trust. Partnered and assisted in the development of strategies and plans for improving both Security Architecture and Application Security.​

    broken image

    Information Security Communications & Financial Strategist

    September 2015 - September 2016

    Information Security Communications Strategist

    June 2014 - September 2015

    Passionate as Information Security Communications & Financial Strategist at Jabil, while developing and implementing a Digital Marketing brand and framework seen in its Global CyberSecurity Information Assurance (GCIA) team’s logo, social media, website, applications, and global projects like the Employee Access EcoSystem, increasing the adoption of Security as a Service for its customers, vendors, partners, and its 90 facilities generating $18.3 billion in revenue. Lead global projects in Compliance, Audit, Licensing, Identity Access Management, Mobile Device Management, Application Security, Web Security and proprietary tools. Managed GCIA’s $10+ million annual budget by keeping alignment with GCIA roadmap, which involved evaluating cost centers and performing detailed financial analysis. Drafted and maintained policies and procedures, communication plans, reports, technical and user training documentation. Delivered technical support.​

    Arthur Rutenberg Homes

    Sales and Marketing Support Coordinator 

    April 2012 - February 2014

    Forward thinking as Sales & Marketing Coordinator at Arthur Rutenberg Homes, while developing and managing a Digital Marketing brand and strategy seen in its mobile app, social media, and website, revitalizing a 60-year-old brand with 32 franchises generating $82 million in revenue. Lead in-person and virtual training boot camps, remote desktop sessions, and webinars. Crafted and managed a customer’s experience. Drafted and maintained policies and procedures for sales, marketing, Sharepoint, and proprietary database tools. Delivered technical support for proprietary database tools and customer support.​

    Telovations

    Special Projects Manager 

    December 2010 - December 2011

     

    Instrumental as Special Projects Manager at Telovations, while coordinating & supporting projects in accounting, operations, and sales & marketing for a dynamic telecommunications startup with $5 million in revenue. Assembled quotations, RFP proposals, slideshows, product capability booklets and managed customer accounts in Salesforce.com. Researched SEO and customer trending. Created blog & newsletter content and organized social & charitable activities. Drafted and maintained sales and data specifications. Delivered provisioning technical support.​

    Lovett Miller

    Research Manager 

    August 2007 - December 2010

    Played a key role as Research Manager at Lovett Miller, while serving as a liaison managing relationships with partners, brokers, investors and clients of $175 million venture capital fund. Ensured accuracy of data surrounding account reconciliations, AR/AP transactions, and expense management through maintenance of several bank, investment, security ledgers, and internal audits. Performed assessments of client business models, capital structures, and financial statements. Coordinated and published IT and financial specifications to document data requirements. Drafted and maintained policies and procedures for office management and technical support. Delivered desktop and server technical support.​

    Lovett Miller

    Executive Assistant to Managing Director 

    June 2000 - August 2007

    Dedicated as Executive Assistant at Lovett Miller, while engaged in staff recruitment and training to support a growing $175 million venture capital fund. Ensured monies owed were both paid and received by analyzing AR/AP for several entities, performed account reconciliations, and managed financial ledgers. Lead website and public relations efforts. Wrote & edited policies and procedures for office management and technical support. Provided desktop and server technical support.

  • Technical Skills

    Social Media

    Web Design & Management

    CRM & Databases

    Adobe Photoshop, InDesign & FrameWork

    MS Office Professional and Office 365

    Google Office & Sites

    AWS & Azure

    HTML & CSS

    WordPress & Joomla

    MS Visio and Access

    Google Analytics

    Salesforce

  • Education & Development

    Microsoft Security Compliance

    February 2023

    Earners of the Security, Compliance, and Identity Fundamentals demonstrate a functional understanding of security, compliance, and identity (SCI) across cloud-based and related Microsoft services.

    CCSP

    September 2021

    The Certified Cloud Security Professional (CCSP) is a global credential that represents the highest standard for cloud security expertise. It was co-created by (ISC)² and Cloud Security Alliance (CSA), leading stewards for information security and cloud computing security. The CCSP shows you have the advanced technical skills and knowledge to design, manage and secure data, applications and infrastructure in the cloud using best practices, policies and procedures

    CDSPE

    July 2021

    Certified Data Security Privacy Engineer (CDSPE) is a certification offered by ISACA, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance. Modern privacy laws and regulations require organizations to implement privacy by design and by default into IT systems, networks, and applications. To do so, privacy professionals must partner with software developers, system and network engineers, application and database administrators, and project managers to build data privacy and protection measures into new and existing technology environments.

    UCLA Women in Governance

    November 2020

    UCLA 's intensive, experiential program delivers a highly applicable toolkit of leadership skills, governance acumen and networking savvy that will prepare senior women executives, professionals and entrepreneurs to overcome the obstacles and seize the opportunities that they face in seeking corporate board service.

    Azure Fundamentals

    March 2020

    Earners of the Azure Fundamentals certification have demonstrated foundational level knowledge of cloud services and how those services are provided with Microsoft Azure.

    CRISC

    December 2019

    Certified In Risk and Information Systems Control (CRISC) is a certification offered by ISACA, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance. ISACA’s Certified in Risk and Information Systems Control certification indicates expertise in identifying and managing enterprise IT risk and implementing and maintaining information systems controls.

    CISM

    March 2018

    Certified Information Security Manager (CISM) is a certification offered by ISACA, a nonprofit, independent association that advocates for professionals involved in information security, assurance, risk management and governance. ISACA’s Certified Information Security Manager certification indicates expertise in information security governance, program development and management, incident management and risk management.

    CISSP

    September 2017

    The Certified Information Systems Security Professional (CISSP) is an objective measure of excellence. It’s the most globally recognized standard of achievement in the industry. And, this cybersecurity certification was the first information security credential to meet the strict conditions of ISO/IEC Standard 17024. The CISSP designation is a globally recognized, vendor-neutral standard at testing to an IT security professional's technical skills and hands-on experience implementing and managing a security program.

    Content Marketing

    December 2016

    Content Marketing Institute is the leading global content marketing education and training organization, teaching enterprise brands how to attract and retain customers through compelling, multi-channel storytelling.

    Marketing Profs

    December 2016

    MarketingProfs is the one source that individual marketers, marketing teams, and some of the world's largest organizations turn to for modern marketing tools, training, strategies, articles, online seminars, discussion forums, and much more.

    University of Maryland

    March 2016

    May 2016

    The University of Maryland is the state's flagship university and one of the nation's preeminent public research universities. A global leader in research, entrepreneurship and innovation, the university is home to more than 37,000 students, 9,000 faculty and staff, and 250 academic programs. Its faculty includes three Nobel laureates, three Pulitzer Prize winners, 47 members of the national academies and scores of Fulbright scholars. The institution has a $1.8 billion operating budget, secures $500 million annually in external research funding and recently completed a $1 billion fundraising campaign.

    ITIL

    December 2015

    ITIL® is the only consistent and comprehensive documentation of best practice for IT Service Management. Used by many hundreds of organizations around the world, a whole ITIL philosophy has grown up around the guidance contained within the ITIL books and the supporting professional qualification scheme.

     

    ITIL consists of a series of books giving guidance on the provision of quality IT services, and on the accommodation and environmental facilities needed to support IT. ITIL has been developed in recognition of organizations' growing dependency on IT and embodies best practices for IT Service Management.

    Tampa SEO

    February 2012

    The Tampa SEO Training Academy is a Licensed Training Associate of the Search Engine Academy and offers participants in Florida access to the premier SEO Training Certification Courses in the industry. Now available are a 2-Day SEO Basics, 3-Day SEO Advanced and a combined 5-Day SEO Mastery Workshop.

    USF

    Master Business Administration ( Finance, MIS, Management)

    August 2003 - December 2007

    USF ranks 50th in the nation for federal expenditures in research and total expenditures in research among all U.S. universities, public or private, according to the National Science Foundation. Serving more than 47,000 students, the USF System has an annual budget of $1.5 billion and an annual economic impact of $3.7 billion. USF is a member of the American Athletic Conference.

     

    Activities: · Graduate Business Association · Kosove Society · National Conference of Community and Justice · Phi Kappa Phi · Beta Gamma Sigma · Hui Na Aikanes o Hawaii · Ka Pa Hula o Kahekili

    USF

    Bachelor of Science (Biology)

    August 1996 - August 2000

    USF ranks 50th in the nation for federal expenditures in research and total expenditures in research among all U.S. universities, public or private, according to the National Science Foundation. Serving more than 47,000 students, the USF System has an annual budget of $1.5 billion and an annual economic impact of $3.7 billion. USF is a member of the American Athletic Conference.

     

    Activities: · Kosove Society · ASIA · Physics Club · Honors Program · Biology Honors Program · Hui Na Aikanes o Hawaii · Ku'u Home o Polynesia · HOSA

  • Awards

    Finalist ­ Oktane Lightning Award (August 2016)

    The Oktane Awards celebrate the organizations and individuals who are taking big steps that enable their teams to worry less about technology, and focus more on innovative ways to drive value for the business. The Oktane Awards recognize inspiring and forward-thinking customers that are achieving ground-breaking results with Okta. The award nomination is a recognition of Walther Ardon and the entire Okta project team for their long hours, days and weekends committed to ensuring the Okta project’s success. The Okta project team members include Walther Ardon, Greg Fisher, Heantee Foo, Michael Theriault, Bryan Bowie, Chris Pearson & Gabriella Nelms.

    Awards Winner and Nominee – T.E.N. ISE Southeast Executive of the Year (March 2016)

    John Graham and the GCIA team won this award in recognition of the outstanding leadership and performance in risk management, data asset protection, regulatory compliance, privacy, and network security.Tech Exec Networks enables relationships and opens channels of communication between technology and security executives to interact with peers, industry visionaries and solutions providers. The company’s offerings include some of the country’s most well-acclaimed executive programs including virtual and traditional executive roundtables, road shows, private executive engagements and leadership recognition programs.

    Finalist and Nominee ­ T.E.N. ISE North America Leadership Summit (November 2015)

    This award recognizes information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security. Tech Exec Networks enables relationships and opens channels of communication between technology and security executives to interact with peers, industry visionaries and solutions providers. The company’s offerings include some of the country’s most well-acclaimed executive programs including virtual and traditional executive roundtables, road shows, private executive engagements and leadership recognition programs.

    Winner and Nominee ­ T.E.N. ISE Southeast Project of the Year (March 2015)

    This award recognized GCIA’s Employee Access Ecosystem team (John Graham, Walther Ardon, Greg Fisher, Michael Theriault, Troy Riley, Erik Collasius, and Gabriella Nelms) for their outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security. Jabil’s global customer base is highly competitive regarding intellectual property, cutting edge innovation, and the secrecy surrounding new product launches. Losing this data would result in millions of dollars in contract fines, as well as, major loss of existing and future business. To minimize customer and Jabil risk, Jabil created and adopted a portfolio of security-as-a-service solutions in order to better protect and secure the company’s critical information. The security-as-a-service initiative spanned three areas: application access, data loss prevention and external threats. This project enables Jabil to close security gaps, have an accelerated rapid time to value, leverage its security technology and practices as a market differentiator and create a competitive business advantage in the marketplace.

    Nominee ­ T.E.N. ISE North America Leadership Summit and Awards (November 2014)

    This award recognizes information security executives and their teams who demonstrate outstanding leadership in risk management, data asset protection, regulatory compliance, privacy, and network security. Tech Exec Networks enables relationships and opens channels of communication between technology and security executives to interact with peers, industry visionaries and solutions providers. The company’s offerings include some of the country’s most well-acclaimed executive programs including virtual and traditional executive roundtables, road shows, private executive engagements and leadership recognition programs.

    Nominee – CIO’s Digital Edge 25 Awards (November 2014)

    The Digital Edge 25 Awards honor enterprises that have leveraged the digital technologies of social, mobile, analytics or cloud to transform or innovate in their business by:
    -Focusing on the cross-functional business leadership that drives success.
    -Attesting to the power of digital leadership.
    -Recognizing a select group of digital achievers who have made great strides towards being a digital-centric business.

  • Follow Me

  • Graphic Design & Digital Marketing Consulting Services

    My Creative Outlet