Marissa Palmer
Head of Security & Compliance at TrueCar
Information Technology and Services
Education: University of Texas at Austin - Georgia State University, IAE Sorbonne (Paris, France), COPPEAD (Rio de Janeiro, Brazil)
Spring, TX, USA
Biography
Marissa Gomez-Palmer and is an Entrepreneur, Writer, Artist, and Cybersecurity and Governance, Risk and Compliance professional with 12+ years of experience. She's worked in the Technology, Finance, & Publishing industries.
Passion
I'm passionate about travel, writing, cooking, volunteering, art, and risk. I'm also a sci-fi, comic book and action movie fan.
Best Story
After college I was sort of lost. On my way home from work it came to me, I’d go for my dream and move to NYC. No amount of planning could have prepared me for what the city had in store for me.For 3-4 weeks NYC used me as a punching bag.
In order of occurrence; my new apartment was still under construction with no bathroom, my jeep broke down and left me stranded in the heat wave. I was sleeping on a mattress on the floor with no a/c. Got upgraded to a scary hotel near LaGuardia Airport by my work. And then my Jeep broke down in the middle of the night on the BQE (Brooklyn-Queens Expressway). Thankfully, a limo driver stopped and called me a tow truck. The NYPD pushed my car off the highway to a gas station. When I got back to my apartment I called home because I needed to hear a friendly voice. The moment I heard the voice I totally broke down. I was utterly defeated. I sublet my apartment, went back to Texas, got a temp job and just tried to figure out how to get back to NYC.
All my family and friends asked why are you going back and I just kept saying “I have to go back, it’s always been my dream to live there, plus I can’t let the city kick this Texas girl's ass that fast”. I’m not sure if it was the dream of living in NYC, the inability to admit defeat or just stubbornness but I did go back, about 1 month later. The city had sucker punched me and I went down but I got back up before being counted out. The me that went back was different; much humbled, a little hardened but more determined than ever to realize my dream and make it a reality.
Origin Story
My Information Security, GRC Professional journey was a non-traditional one. It started while I was still with JPMorgan Chase but really accelerated in June 2017 when I was the Director of SOX and Compliance for a small public tech in Austin,TX. A year and half after I started the company had SOX, SOC1 & SOC2 programs with several other processes built out. I knew I’d built and implemented great programs but still felt like an outsider there.
When I got back from a 2 week vacation I found my promotion had been given to someone else who didn’t understand the frameworks. The next day I give my notice and start looking for a new place to work. Interviews started to roll in and two companies stood out, HomeAway and Charles Schwab. Both made offers and though Schwab had made a higher paying offer with a comparable title I decided to go with HomeAway because they felt different. It was a side step title wise but it was a Security role with a Technology company that was going to give me the opportunity to go deep tech skills and provide more opportunity for future advancement. I know I made the right decision and have not ever regretted that career pivot.
Example talks
Story of Self-Advocacy
Podcast conversation about what it takes to shift from overworked and doubting oneself to stepping fully into your leadership. I share how I let go of people-pleasing, set boundaries, and finally started leading on my own terms.
Unlocking Team Excellence: Navigating the Intersection of DEIB, Emotional Intelligence, and Leadership for Peak Performance
This engaging presentation explores the powerful synergy that emerges when Diversity, Equity, Inclusion, Belonging (DEIB), Emotional Intelligence (EI), and Leadership intersect and align to develop dynamic and productive high-functioning team environments.
Convergence: The Evolution and Integration of GRC with Data Protection
Whether you are a GRC professional, data protection analyst, Privacy professional or a business leader looking to leverage this powerful synergy, this presentation will provide a roadmap to the evolving terrain of regulatory compliance, risk management, and data protection. Join us as we illuminate a path navigating and harmonizing required “convergence” to secure our digital futures.
The Growing Risk of Homogeneous Cyber Security Teams
A detailed risk focused breakdown of the growing unmitigated exposure homogeneous Security teams pose for the companies they work for and the consumer data they are responsible for protecting. The session will detail how unfettered industry bias and outdated misconceptions about “who should be in Security” continue to widen the exposure gap not just for companies but also for the consumer whose data company security teams are responsible for safeguarding. In this session she will also speak to how the lack of diversity on Security teams reduces the teams effectiveness, creativity and flexibility, specifically in the face of an ever-changing and expanding attack surface. Her risk assessment of the issue will compare threat actor demographics against U.S. Security team demographic to not only illustrate the variety of differences but to demonstrate how minimizing those differences through team diversification can lead to more strategically successful security teams.
Generational Burnout for Latines
This is a talk that focuses on Intergenerational trauma (sometimes referred to as trans- or multigenerational trauma) which is defined as trauma that gets passed down from those who directly experience an incident to subsequent generations. We will discuss and explore multigenerational trauma, transgenerational trauma, and historical trauma.
Risk Management Systems A Dynamic Holistic Approach to Risk
The goal of this presentation is to show organizations how a dynamic and holistic approach to risk management helps build agility in how to respond to risk while also gaining a clearer, more accurate understanding of their risk exposure. By using this approach decision makers are able to make risk-based decisions, reach optimal outcomes that are consistent and align with the organization's strategy while remaining within their established risk thresholds.
Learning Objective #1: Learn what a dynamic holistic risk approach is and how to apply and adapt it to their organizations.
Learning Objective #2: Understand how to create, define and determine a risk profile unique to their organization
Learning Objective #3: Learn to create a common language around risk to align various types of risk to define a risk criteria that will be used for measuring risk exposure.
Learning Objective #4: Understand how a risked-based decision model can be utilized on the foundation of this approach to help leadership formulate more organic holistic solutions.
Let Me Finish! - Shattering Women of Color Stereotypes
This is a open discussion about the various negative stereotypes that exist around women of color, their behaviors and the way in which individuals react to them an their stereotypes. Collected first person experiences are peppered throughout the discussion that centers around how these stereotypes come into existence. How they vary from culture to culture. This will explore the harmful effects of women of color stereotypes on women of color, women in general, men and society.
Creating and Maintaining Boundaries at Work
An approximately 1 hour interactive discussion on what boundaries are, why they are important, how to identify them and how to create them. There are opportunities for discussion, interactions, and exercises to help in boundary awareness.
Latinas/os - Owning Your Identity & Shaping Your Narrative,
A discussion about owning your cultural identity and shaping your narrative. Marissa will share her experience on branding herself in the corporate world, while staying true to ones roots. She will also demonstrate how to develop shape your unique cultural narrative in this age of story by communicating and weaving storytelling elements into your career identity.
I am willing to travel
More than 100 miles
When it comes to payments
Everything is negotiable
Topics
Best Story
After college I was sort of lost. On my way home from work it came to me, I’d go for my dream and move to NYC. No amount of planning could have prepared me for what the city had in store for me.For 3-4 weeks NYC used me as a punching bag.
In order of occurrence; my new apartment was still under construction with no bathroom, my jeep broke down and left me stranded in the heat wave. I was sleeping on a mattress on the floor with no a/c. Got upgraded to a scary hotel near LaGuardia Airport by my work. And then my Jeep broke down in the middle of the night on the BQE (Brooklyn-Queens Expressway). Thankfully, a limo driver stopped and called me a tow truck. The NYPD pushed my car off the highway to a gas station. When I got back to my apartment I called home because I needed to hear a friendly voice. The moment I heard the voice I totally broke down. I was utterly defeated. I sublet my apartment, went back to Texas, got a temp job and just tried to figure out how to get back to NYC.
All my family and friends asked why are you going back and I just kept saying “I have to go back, it’s always been my dream to live there, plus I can’t let the city kick this Texas girl's ass that fast”. I’m not sure if it was the dream of living in NYC, the inability to admit defeat or just stubbornness but I did go back, about 1 month later. The city had sucker punched me and I went down but I got back up before being counted out. The me that went back was different; much humbled, a little hardened but more determined than ever to realize my dream and make it a reality.
Origin Story
My Information Security, GRC Professional journey was a non-traditional one. It started while I was still with JPMorgan Chase but really accelerated in June 2017 when I was the Director of SOX and Compliance for a small public tech in Austin,TX. A year and half after I started the company had SOX, SOC1 & SOC2 programs with several other processes built out. I knew I’d built and implemented great programs but still felt like an outsider there.
When I got back from a 2 week vacation I found my promotion had been given to someone else who didn’t understand the frameworks. The next day I give my notice and start looking for a new place to work. Interviews started to roll in and two companies stood out, HomeAway and Charles Schwab. Both made offers and though Schwab had made a higher paying offer with a comparable title I decided to go with HomeAway because they felt different. It was a side step title wise but it was a Security role with a Technology company that was going to give me the opportunity to go deep tech skills and provide more opportunity for future advancement. I know I made the right decision and have not ever regretted that career pivot.
Example talks
Story of Self-Advocacy
Podcast conversation about what it takes to shift from overworked and doubting oneself to stepping fully into your leadership. I share how I let go of people-pleasing, set boundaries, and finally started leading on my own terms.
Unlocking Team Excellence: Navigating the Intersection of DEIB, Emotional Intelligence, and Leadership for Peak Performance
This engaging presentation explores the powerful synergy that emerges when Diversity, Equity, Inclusion, Belonging (DEIB), Emotional Intelligence (EI), and Leadership intersect and align to develop dynamic and productive high-functioning team environments.
Convergence: The Evolution and Integration of GRC with Data Protection
Whether you are a GRC professional, data protection analyst, Privacy professional or a business leader looking to leverage this powerful synergy, this presentation will provide a roadmap to the evolving terrain of regulatory compliance, risk management, and data protection. Join us as we illuminate a path navigating and harmonizing required “convergence” to secure our digital futures.
The Growing Risk of Homogeneous Cyber Security Teams
A detailed risk focused breakdown of the growing unmitigated exposure homogeneous Security teams pose for the companies they work for and the consumer data they are responsible for protecting. The session will detail how unfettered industry bias and outdated misconceptions about “who should be in Security” continue to widen the exposure gap not just for companies but also for the consumer whose data company security teams are responsible for safeguarding. In this session she will also speak to how the lack of diversity on Security teams reduces the teams effectiveness, creativity and flexibility, specifically in the face of an ever-changing and expanding attack surface. Her risk assessment of the issue will compare threat actor demographics against U.S. Security team demographic to not only illustrate the variety of differences but to demonstrate how minimizing those differences through team diversification can lead to more strategically successful security teams.
Generational Burnout for Latines
This is a talk that focuses on Intergenerational trauma (sometimes referred to as trans- or multigenerational trauma) which is defined as trauma that gets passed down from those who directly experience an incident to subsequent generations. We will discuss and explore multigenerational trauma, transgenerational trauma, and historical trauma.
Risk Management Systems A Dynamic Holistic Approach to Risk
The goal of this presentation is to show organizations how a dynamic and holistic approach to risk management helps build agility in how to respond to risk while also gaining a clearer, more accurate understanding of their risk exposure. By using this approach decision makers are able to make risk-based decisions, reach optimal outcomes that are consistent and align with the organization's strategy while remaining within their established risk thresholds.
Learning Objective #1: Learn what a dynamic holistic risk approach is and how to apply and adapt it to their organizations.
Learning Objective #2: Understand how to create, define and determine a risk profile unique to their organization
Learning Objective #3: Learn to create a common language around risk to align various types of risk to define a risk criteria that will be used for measuring risk exposure.
Learning Objective #4: Understand how a risked-based decision model can be utilized on the foundation of this approach to help leadership formulate more organic holistic solutions.
Let Me Finish! - Shattering Women of Color Stereotypes
This is a open discussion about the various negative stereotypes that exist around women of color, their behaviors and the way in which individuals react to them an their stereotypes. Collected first person experiences are peppered throughout the discussion that centers around how these stereotypes come into existence. How they vary from culture to culture. This will explore the harmful effects of women of color stereotypes on women of color, women in general, men and society.
Creating and Maintaining Boundaries at Work
An approximately 1 hour interactive discussion on what boundaries are, why they are important, how to identify them and how to create them. There are opportunities for discussion, interactions, and exercises to help in boundary awareness.
Latinas/os - Owning Your Identity & Shaping Your Narrative,
A discussion about owning your cultural identity and shaping your narrative. Marissa will share her experience on branding herself in the corporate world, while staying true to ones roots. She will also demonstrate how to develop shape your unique cultural narrative in this age of story by communicating and weaving storytelling elements into your career identity.