Quantcast

Risk Management Continuous Improvement R...
Resumes | Register

Candidate Information
Name Available: Register for Free
Title Risk Management Continuous Improvement
Target Location US-VA-Herndon
Email Available with paid plan
Phone Available with paid plan
20,000+ Fresh Resumes Monthly
    View Phone Numbers
    Receive Resume E-mail Alerts
    Post Jobs Free
    Link your Free Jobs Page
    ... and much more

Register on Jobvertise Free

Search 2 million Resumes
Keywords:
City or Zip:
Related Resumes

Information Security Risk Management Washington, DC

Risk Management Security Officer Riverdale, MD

Risk Management Data Analyst Leesburg, VA

Risk Management First Aid Washington, DC

Risk Management Machine Learning Oxon Hill, MD

Business Analyst Risk Management Laurel, MD

Information Security Risk Management Washington, DC

Click here or scroll down to respond to this candidate
Candidate's Name , EbhojieCentreville, VA PHONE NUMBER AVAILABLE EMAIL AVAILABLEExperienced Cybersecurity Professional with 7+ years of demonstrated success in GRC compliance, risk management, continuous monitoring, and IT auditing. Proven track record in safeguarding CIA principles by crafting robust security policies, procedures, and controls. Skilled in assessing IT controls, driving compliance with industry frameworks, and conducting internal audits to proactively identify and mitigate IT risks. Adept at driving continuous improvement in organizational security posture.SKILLSAssessments & Compliance: SOC 2 - Type 1 & 2 Reports, PCI-DSS, GRC,CAIQ, SSAE 18, SIG, HITRUST, HIPAA, ISO 27001/2, NIST 800 series, FedRAMP, ITGC, Vendor/Supplier Security Audit, FIPS 199, ITCG, FISMA, ITILIT Program Directorship & Management: Cybersecurity Technical Writing (Policies, Standards, and Procedures), Third-Party Risk Management, Business Continuity & Disaster Recovery (BC/DR),SDLC Security Controls, Policies and Procedures, Implementation, Incident Response, Supplier management, Risk Assessment and Risk Mitigation Analysis, Access Control Management, Contingency Plan, Policy Review, Continuous Monitoring, Artifacts gathering, Remediation,SSP, SCRM,SAR, SAP, CMP.IT Security Tools: RSA Archer, Vanta, OneTrust, Knowbe4, Privacera, NContracts, Quantivate, Riskonnect.Productivity Tools: Microsoft 365, ServiceNow, Jira /Confluence, Sharepoint, Slack,Teams, Google Docs, MS Teams, BOX.Soft Skills: Teamwork,Problem Solving, Interpersonal Communication, Conflict resolution.CERTIFICATIONSCertified Information Security Auditor (CISA)AWS Certified Solution ArchitectPROFESSIONAL EXPERIENCEMolina Healthcare July 2021 - PresentGRC Analyst ContractorInitiate and lead planning meetings with system owners to define assessment scopes, system boundaries, and classifications, ensuring alignment with security requirements.Assess internal controls against security and privacy frameworks (HIPAA, PCI-DSS, HITRUST, SOC2) to ensure comprehensive compliance.Conduct risk assessments targeting the protection of client information, identifying and mitigating vulnerabilities.Leverage OneTrust to streamline risk assessments, control testing, and compliance reporting for operational efficiency.Scrutinize audit findings to pinpoint root causes of compliance issues and design effective corrective measures.Communicate complex compliance matters with clarity and conciseness to diverse audiences, fostering understanding.Utilize KnowBe4 to promote mandatory security training resources and reinforce security consciousness.Facilitate the setup of the company's Trust Portal by gathering essential documentation (e.g., CAIQ, SIG).Oversee the Third-Party Security Vendor Risk program, conducting assessments and leveraging OneTrust for inquiries.Perform detailed assessments aligned with industry standards and best practices.Use OneTrust to collect, analyze, and report findings, including the administration of questionnaires.Conduct direct security evaluations with clients to ensure robust security posture.Review third-party documentation to verify the proper implementation of security controls.Analyze data to pinpoint security weaknesses and compliance gaps.Meticulously document assessments, pinpointing risks, and associated threats.Effectively communicate identified risks and remediation strategies to stakeholders.Coordinate evidence requests in Jira to streamline communication and review processes.Establish and enforce policies aligned with industry benchmarks (SOC 2, ISO 27001, HIPAA and PCI DSS) for data security and compliance.Generate regular reports for senior management on security status, compliance updates, and potential non-compliance areas.Conduct security assessments for recently onboarded applications.Wells Fargo January 2019 - June 2021Third-Party Risk Analyst ContractorConducted in-depth vendor risk assessments, spanning security, financial stability, operational practices, regulatory compliance, and ethical standards.Analyzed third-party security assessments (SOC 2, penetration tests, vulnerability scans, etc.), pinpointing critical risks and recommending mitigation strategies.Managed the entire third-party lifecycle, ensuring robust risk management from planning and due diligence through contracting, monitoring, and exit.Evaluated third-party risk by comprehensively reviewing security reports (SOC 2, penetration tests, vulnerability scans), business continuity plans, and incident response plans.Identified control weaknesses through assessments, mitigating potential vulnerabilities in vendor security measures.Escalated critical risks to ensure timely mitigation and maintain third-party compliance.Collaborated with procurement, legal, cybersecurity, and business teams to unify risk management strategies and address vendor risks holistically.Tracked vendor performance against contractual obligations, SLAs, and industry standards, ensuring ongoing compliance.Leveraged SIG and IRQ questionnaires to gather extensive vendor information, enabling accurate risk posture assessment.Provided clear recommendations to vendors, facilitating security improvements and adherence to risk management guidelines.Implemented KnowBe4 phishing simulations, identifying vulnerabilities and providing targeted training to enhance employee awareness.MoneyGram July 2016 - December 2018IT Auditor ContractorIdentified and assessed key risks and controls, developing effective test plans for engagements as assigned.Conducted rigorous risk assessments to identify critical control weaknesses, developing and executing targeted audit test plans.Led audit planning, walkthroughs, and control testing, meticulously evaluating the internal control environment for compliance and effectiveness.Executed comprehensive Tests of Design (TOD) and Tests of Effectiveness (TOE) to ensure the integrity and operational efficiency of key controls.Assessed cloud environments (AWS, Azure, GCP), pinpointing security risks, compliance gaps, and vulnerabilities to safeguard sensitive financial data.Collaborated with cloud teams to implement robust security controls and best practices, aligning cloud infrastructure with organization's risk tolerance.Managed and tracked Internal Risk Control Self-Assessments (RCSA), ensuring adherence to policies, timely remediation of gaps, and escalation of critical issues.Maintained detailed SOX documentation, guaranteeing accurate representation of scope, testing methodologies, and remediation activities.Proactively identified and addressed control deficiencies, partnering with stakeholders to mitigate risks and maintain a strong security posture.Produced comprehensive reports on audit findings, risk assessments, and recommended actions, facilitating informed decision-making.Participated in key security projects, driving the secure implementation of new technologies and ensuring ongoing compliance with regulations.Audited IT general controls in support of Sarbanes-Oxley 404 and SOC compliance initiatives, protecting the integrity of financial reporting.Optimized audit department efficiency by successfully managing multiple projects simultaneously, delivering high-quality results within established timelines.EDUCATIONUNILAGBachelor of Science in Public AdministrationFull Sail UniversityAssociate in Information Technology

Respond to this candidate
Your Message
Please type the code shown in the image:

Note: Responding to this resume will create an account on our partner site postjobfree.com
Register for Free on Jobvertise