Laury Garrett

Professional Experience

Accomplished information security executive with success in the development of information security organizations from oversight and governance to defining and staffing an organization structure to support critical security functions. Experienced in the complexities of large multi-billion dollar domestic and international organizations across many industries including transportation, healthcare, and banking/finance. Demonstrated success in delivering complex solutions on time and within budget through the development of solid business cases and organizing the appropriate resources in alignment with best practices. Professional experience instilled an understanding of the risks associated with speed to market, security, and return on investment, and the business necessity for balance between them.

Principal Areas of Practice:

  • Information Security
  • Organizational development
  • Governance, Risk, Compliance (G-R-C) Tool design/implementation
  • Compliance program development
  • Change management/Separation of duties
  • Risk assessments/Risk Management
  • Business continuity and Crisis Management
  • Incident response and breach simulations/drills
  • Software Development Life Cycle
  • Program Management Office (PMO)
  • Project management

Industry and Regulatory Compliance 

  • Sarbanes-Oxley (SOX) remediation projects and program management
  • Health Insurance Portability and Accountability Act (HIPAA) remediation projects and program management
  • Payment Card Industry Data Security Standard (PCI-DSS) remediation projects and program management GLBA
  • International Organization for Standardization (ISO) security maturity/risk assessments and recommendations
  • National Institute of Standards and Technology (NIST) risk assessments and roadmap/recommendations


  • Developed Information Security Policies/Standards framework for an enterprise with 290,000 employees
  • Successfully achieved enterprise wide Payment Card Industry compliance for a Fortune 100 international corporation
  • Developed a consolidated control framework and managed ongoing compliance with SOX, HIPAA, PCI, and Privacy law as well as initiated efforts with Legal for international privacy law in a large international corporate environment
  • Established a new information security program in a company with 30,000 employees
  • Developed training and awareness programs in support of information security and compliance efforts in multiple large companies.
  • Established standards for common business continuity and disaster recovery plans in an enterprise environment
  • Established governance, oversight, and strategic partnerships with key stakeholders including Legal, Internal Audit and external auditing groups, Finance, IT, etc. to ensure adoption and support of strategic security and compliance efforts
  • Helped guide a large health care provider with more than 1000 locations through planning and deployment of an approved P2PE solution for payment card processing that reduced their compliance requirements by 91% as well as the risks associated with payment card processing.

    Immersion Security

    Providers of vCISO (Virtual Chief Information Security Officer), Secure MSP (Managed Service Provider), Compliance and Consulting.

    Immersion Security is a team of dedicated cyber security experts and researchers who are dedicated to bringing the best and most up-to-date information, technology, and practices to your business.


    37 N. Orange Ave.
    Orlando, FL 32801