Protiviti Contact

Protiviti Contact

Diana Candela

Associate Director

Professional Experience

Diana is an Associate Director at the Atlanta, GA Protiviti office. Diana joined Protiviti in April 2018 and will assist with several projects focusing on Regulatory Compliance, General Data Protection Regulation (GDPR), Information Security, and Privacy for numerous clients. Diana has extensive experience in Cyber Law and US/EU Data Privacy laws.

Major Projects

  • Assisted multiple organizations with the implementation and certification of Information Security, Quality and Risk Management programs.
  • Established General Data Protection Regulation (GDPR) compliance programs across global organizations that included Third-Party testing of Security Controls to assure the secure processing and Privacy of sensitive information.
  • Established programs to ensure the protection of millions of records of personal data while complying with the applicable legal framework on data protection.
  • Managed multiple data-driven GRC Operational Excellence strategies to improve, optimize and simplify Information Security and Privacy business processes and designs.
  • Established the GRC/eGRC vision for various organizations, eliminated bottlenecks, leveraged improvement opportunities and streamlined overly complex risk assessment processes.
  • Streamlined day to day operations of Cybersecurity and Information Security in the areas of Privacy, Risk and Vulnerability Management, Information Access Management, Audit and Compliance and Information Security Awareness & Training.
  • Led the development of reasonably appropriate Information Security, IT and Privacy policies and procedures for global companies.
  • Assisted various organizations in multiple industries adopt IT Governance, Quality, Cyber Security and Privacy Frameworks from COBIT to NIST to ISO.
  • Established anti-phishing/anti-ransomware programs reducing the number of occurrences from dozens per month to single digits.
  • Directed feasibility studies with full Secure Systems Development Lifecycle (SSDLC) initiatives including data privacy, system security, threat analysis, and systems architecture.

Areas of Expertise

  • IT Regulatory Compliance
  • Cyber-Risk Management
  • Cyber Security & Privacy

Industry Experience

  • Manufacturing
  • Energy
  • Information Technology
  • Healthcare
  • Federal/Local Government


  • M.S. in Information Technology, Information Assurance & Security

Professional Memberships and Certifications

  • Information Systems Audit and Control Association (ISACA)
  • FBI InfraGard Member
  • Certifications: ITIL, CSSGB, C|EH, E|CSA, C|NDA, L|PT


Download Resume