Resume »

Download Zlatko Unger's Resume

Zlatko Unger, MBA

[ z[at] // @ZlatkoUnger // In/ZlatkoUnger ]


The University of Georgia — Atlanta, GA — 2011 – 2013
Masters of Business Administration
The University of Georgia — Athens, GA — 2003 – 2007
Bachelor of Business Administration, Management Information Systems

Professional Experience

Jiff, Inc.– Mountain View, CA
Director of Security and Compliance – 2015 – Present

Engine Yard Inc.– San Francisco, CA
Security Program Manager, Security & Compliance – 2015 – 2015

  • Led all security, risk, and compliance functions for the entire company
  • Managed two direct reports and the entire security team budget
  • Initiated and led the SOC 2 Type I project with a timely delivery of the finalized report for 2015
  • Worked on security projects including implementation of a single sign on, network and application scanner, fraud engine improvements, and SOC 2 Type II audit
  • Provided reports and presentations to the CEO and CFO
  • Worked directly with potential and existing customers to help them understand the company’s security controls, and items needed to achieve various compliances, such as PCI DSS or HIPAA
  • Responded to Net Promoter Score feedback from existing customers

Senior GRC Analyst, Security & Compliance – 2014 – 2015

  • Assisted in the development of the compliance functions for the company
  • Worked with various teams to harden their controls and prepare for PCI DSS Level 1 attestation
  • Expanded efforts to better document various business functionsDelivered presentations to the entire company, as well as the executive management

First Data Corporation — Atlanta, GA
Security Program Manager, Enterprise Security Risk & Compliance – 2012 – 2014

  • Facilitated the creation, development and implementation of an enterprise risk management practice
  • Provided reports and presentations to the executive committee and senior management
  • As a team lead, delegated duties to the local and international risk analysts
  • Worked under senior leadership to manage, conduct and coordinate strategic risk assessments, certified self-assessments and global scenario analyses
  • Developed and maintained of over 100 key risk indicators across different local and international business areas covering Latin America, Europe, and Asia-Pacific
  • Relied heavily on information technology expertise in order to understand the risks of new technology, as well as new business ventures and partnerships
  • Created and maintained standards, policies and procedures regarding enterprise risk management, risk appetite, risk assessments and risk ranking
  • Identified sources of revenue through uncollected fees exceeding $1 million

Risk Compliance Coordinator, Enterprise Security Risk & Compliance – 2010 – 2012

  • Assisted in the development of the Enterprise Risk Management program
  • Created and maintained standards, policies and procedures surrounding risk management
  • Initiated work streams on capturing information security risks for a quarterly report
  • Worked with senior management on IT risk and IT security assessments
  • Facilitated cross company training and guides to increase group proficiency in information security, risk management, and risk mitigation

KPMG LLP — Atlanta, GA
Associate, Information Protection and Business Resiliency Services – 2007 – 2009

  • Led parts of different engagements that covered penetration testing and network security projects, security policy review projects, and identity and access management projects
  • Managed process documentation during the length of engagements
  • Efficiently communicated highly technical information and technology issues to the client management
  • Provided services to clients in telecommunication, distribution, insurance and manufacturing industries
  • Clients included AT&T Wireless, Cisco Systems, Windstream Corporation, Aflac and EquiFax
  • Assisted clients in preparing documentation and testing for Sarbanes-Oxley 404 compliance
  • Designed and executed test plans for management’s assertions over access, program development, change management, and end-user computing controls for SAS70 Type II attestations
  • Clients included Central Parking, General Electric, Nutrasweet, Pinnacle Airways and City of Atlanta

Associate Intern, Information Risk Management – Summer 2006

  • Participated in a corporate-wide preparation of Sarbanes-Oxley 404 IT audit for Cingular Wireless|
  • Reviewed, tested and validated controls to identify potential risks


  • Compliance
    • Implemented SOC 2 Type I and Type II, HIPAA, PCI DSS, ISO 27001, ISO 31000, and COSO frameworks, familiar with Sarbanes-Oxley 404
  • Operating Systems
    • Proficient with Windows XP, 7, 8, OS X, and Linux (Kali and Ubuntu), Android, and iOS
  • Networking Tools
    • Able to proficiently utilize Kali security suite, metasploit, Nessus, nmap, and Wireshark
  • Tool Suites
    • Skillful with MS Office 2010 Suites, SharePoint, and eGRC Archer
  • Applications
    • Expert with Google for Work and Microsoft: Word, Excel, PowerPoint, Access and Visio; adept with Adobe: Photoshop and VMware
  • Foreign Languages
    • Fluent in English, Croatian, and Bosnian, familiar with German

Community Service and Involvement

  • Habitat for Humanity Volunteer
  • National Multiple Sclerosis Society’s Bike MS Participant
  • American Diabetes Association’s Cure de Tour Participant
Download Zlatko Unger's Resume [OLD]