Promote this Nomination

Additional Info

Job title of nominated professional (or team name)VP of Global Security
Company (where nominated professional or team is working)ActiveCampaign
Websitehttps://www.activecampaign.com/
Company size (employees)1,000 to 4,999
Headquarters RegionNorth America

In 3 bullets, summarize why this professional or team deserves recognition:

-- Doesn’t settle for meeting compliance standards, pushes her team to offer the very best in modern security.

-- Sue built leading industry risk-compliance initiatives in ISO 27001, GDPR, CCPA, PCI-DSS and SOC2, while in the midst of integrating four companies and acquiring two new companies.

-- Sue built an InfoSec program from the ground floor, based on the ISO 27001 standard, including security architecture, compliance and global security operations and she led a company to SOC2 Type 1 certification within six months.

Brief Overview

Sue Bergamo has dedicated more than 20 years to helping technology companies grow by promoting innovation and productivity enhancements across the entire IT organization by reducing technology risks. She held leadership positions at CVS, Microsoft, Episerver, Precisely, and now, is the VP of global security at ActiveCampaign.

At Episerver, Sue built leading industry risk-compliance initiatives in ISO 27001, GDPR, CCPA, PCI-DSS and SOC2, while in the midst of integrating four companies and acquiring two new companies. Sue built an industry standard security program on a worldwide basis focused on risk management and compliance for both internal facing needs and product security, including audits. She also led the worldwide ISO 27001 program and security controls within engineering, HR, customer success and IT for Episerver.

At Precisely, Sue built an InfoSec program from the ground floor, based on the ISO 27001 standard, including security architecture, compliance and global security operations and she led the company to SOC2 Type 1 certification within six months. Sue brought in a GRC tool for customer security assessments, product, and IT pentesting and external audits and led the security due diligence for the Infogix acquisition and the sale of the company to ClearLake and TA private equity firms.

Now, at ActiveCampaign, Sue establishes appropriate standards and controls while leveraging best-of-breed IT security frameworks. Although the platform is not a security product, Sue doesn’t settle for simply meeting compliance. Her goal is to make the product as secure as possible, and go above and beyond what is expected of modern security. Sue and her team vet and re-vet the platform’s security, and allocate resources based on the findings, which gives ActiveCampaign customers assurance that their data and their customers’ data is completely secure.