In role as IT Security Compliance Analyst, Responsible for the continual enhancement and sustenance of new and existing security compliance and risk management programs and supporting the security interests of the organization across all security domains and technology environments. Task with leading and driving the compliance posture of the organization to include PCI DSS, SOC 1 and 2, CCPA, GDPR, ISO 27001, HIPAA, SOX and other industry related frameworks and standards. Expert in creating and updating compliance testing procedures for each assigned compliance test including scope of the test, key business contacts, documentation to review, risk control self-assessments and transaction testing sampling. Also perform follow up and reporting on findings throughout the implementation phase of the remediation process and validating that the remediation plan fully mitigated the findings. Experience includes working collaboratively with internal teams, SMEs, external customers, vendors, auditors, and other stakeholders. Over 8 years of experience in IT Security, Compliance, Audit and Assessment. Tasked with various IT Security and Compliance responsibilities within Commercial and Federal organizations, leading and managing audits, both internal and external, developing organizational documentations such as policy and procedures. Excellent interpretation of frameworks and privacy laws such as NIST, SOC, HIPAA, ISO 27001, GDPR and PCI DSS Possess in-depth ability performing information security risk assessments and analysis, determine organization's risk appetite and developing a mitigation plan. Proficient in the use of risk management tools to aggregate data for accurate reporting. Possess excellent analytical/strong initiative and qualifications required to excel and succeed. Continuously upgrading and readily prepared to take on new challenges, absorb and easily adapt to any emerging technology. Quality-driven Compliance Analyst familiar with tracking, documentation and reporting requirements. Assesses work, materials and procedures and recommends adjustments to maintain compliance.
Assessing and delivering consulting service offerings either as standalone project or in support of one of managed services. Advise clients on strategy on how to improve, maintain, and measure their information security program.
Responsible for documenting and maintaining accurate vendor inventory in database
Accountable for identification and tracking of vendor issues and associated remediation plans including reporting and escalation activities
Completing the daily activities associated with but not limited to the following:
Identification of third parties not in the vendor database
Engaging vendor managers and/or vendors for onboarding of third parties
Onboarding third party engagements including performing/facilitating/documentation all efforts and results
Continued monitoring and management of third-party engagements
Support onsite/virtual vendor risk assessment process
Responsible for miscellaneous job-related duties as assigned by departmental leadership
Reviewed vendor responses and artifacts for security questionnaire
Managed follow up conversations with third and fourth parties to ensure compliance with security benchmarks
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Job Titles Held: