A Security Compliance Analysts with a focus on Compliance assessments, information assurance, and internal control audit engagements. I have over 5 years of experience helping organizations to perform Information Security System evaluation, Improving GRC processes, System Monitoring, Security Control Testing. I am looking to use my skills and expertise for enterprise-wide information risk prevention. A strong critical thinker with great interpersonal, and communication skills, capable of thriving in challenging, fast-paced environments where accuracy and efficacy matter.
NIST, ISO 27001/27002, CIS, CSF, CCPA, GDPR, HIPAA, HITRUST, PCI DSS etc.
Third party Risk
Policy Development
Compliance Reporting
Audit Coordination
Risk Identification
Process Implementation
Risk Assessment
Due Diligence
Documentation Skills
Audit Documentation
Critical Thinking
Risk Mitigation
Data Security
Privacy and Confidentiality
Experience
05/2020 to Current
Security Compliance AnalystDesert Financial Federal Credit Union – Flagstaff, AZ,
Performed process walkthroughs and internal controls testing that resulted in the identification of gaps and their remediation efforts
Manage maintenance of Third-Party Risk Management policies, standards, and procedures
Provide oversight and reporting of Third-Party by utilizing data and facts collected during due-diligent process to satisfy regulatory and security requirements
Track enterprise compliance across multiple security frameworks including ISO 27001/27002, SOC 2 Type 2, NIST and HIPAA, maintain up-to-date records of requirements and corresponding mitigating controls
Assist in the performance of regular third-party vendor due diligence processes that include third party vendor going concern reviews and controls practices
Coordinating with subject matter experts in areas such as information security, finance, procurement, and legal, among others, to ensure compliance with policies and regulatory guidance
Providing Subject Matter Experts (SMEs) necessary assistance to execute due diligence tasks including data privacy, information security, business continuity, and compliance
Develop and refine training, awareness, and phishing campaigns to further improve the cyber education and awareness of all our employees
Collect, triage, and partner with technology owners to document remediation strategies, and report on remediation progress.
05/2019 to 05/2020
Security Risk and Compliance AnalystIsn Software Corp. – Dallas, TX,
Obtained and analyzed control process policies, standards and supporting documentation
Supported and documented investigations regarding audit findings, policy deviations, and incident handling activities
Identify and document areas of gaps or risks in existing control processes and work to develop solutions with internal business partners
Ensured remediation efforts meet security and compliance requirements
Support the Security & Compliance team in ensuring compliance with industry standards and privacy regulations
Served as an advisor to engineering, IT, and business process teams, assisted in support of compliance efforts with ISO, PCI DSS, GDPR, CCPA, regulation
Performed due diligence on an individual third-party relationship to assess the technology and other business-related risks
Classified, risk tier, categorized and rated vendors using a risk metrics to determine business critical and non-critical vendors
Assessed and completed questionnaires to ensure they meet expectations
Establish effective relationships across multi-functional teams, providing consultative advice and guidance regarding compliance
09/2017 to 05/2019
IT Risk and Compliance AnalystTexas Capital Bancshares, Inc. – Austin, TX,
Perform IT security risk assessments of both new and existing vendor, recommended, designed, and constructed risk/security metrics, policies and standards
Worked with leadership and technical team to develop strategies and plans to enforce security requirements and address identified risks
Established and matured the Third-Party Risk Management Program by developing standard operating procedures
Supported internal resilience programs and testing, including business continuity plan (BCP) and disaster recovery (DR) maintenance
Assisted with annual planning and owning core compliance tasks
Managed and executed risk management projects to determine deficiencies and appropriate corrective actions.
Assisted with response efforts to implement process improvements in response to findings and recommendations from regulators, internal and external Quality Assessment Reviews, maturity assessments, and first and second-line business partner recommendations
Validated that actions or decisions taken to address risks are appropriate and report appropriately
Education and Training
Expected in
BA: Business Administration Imo State University - , GPA:
Certifications
Security +
Certified Information System Auditor (CISA).
Certified Information Security Manager (CISM) in Progress
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
How this resume score could be improved?
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
