| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateSean DePalma Email: EMAIL AVAILABLEAddress: Street Address
Phone: PHONE NUMBER AVAILABLEOBJECTIVE Dedicated GRC Professional with 15+ years of experience in identifying and mitigating potential risks. Strong knowledge of compliance, auditing, and regulatory requirements. Skilled in conducting risk assessments and developing effective strategies.EXPERIENCEApr 2022 - Mar 2024 PRINCIPAL SOFTWARE ENGINEERDow JonesApr 2017 - Apr 2022 STAFF SYSTEMS ENGINEERThe Home DepotJan 2015 - Apr 2017 INFORMATION SECURITY ANALYST IV Global Payments CorporationJul 2013 - Jan 2015 GRC ManagerGlobal Payments CorporationJul 2010 - Jul 2013 INFORMATION SECURITY GOVERNANCE MANAGERSynovus Financial CorporationEDUCATIONSep 1998 - May 1999 Computer ScienceBryant & StrattonSKILLSCERTIFICATIONS & COURSES CRISCSTATUS: ACTIVENUMBER: CRISC-1824089CERTIFICATION DATE: 10 May 2018CERTIFIED THROUGH: 20243-YEAR REPORTING-CYCLE: 2022-2024Primary security and compliance resource for 31 multi-application containers within the AWS cloud Primary compliance resource for the B2B division Led the NIST-218 initiative to successful self-attestation. Led technical design and implementation of key security features for complex software systems Led the successful ISO certification effort for the B2B division. Designed and implemented policy/risk exception process. Committee member for all application/architecture reviews prior to production releaseManaged and mentored cross-functional teams to deliver high- quality software products.Collaborated with product managers to define and prioritize product requirements and roadmap.Conducted code reviews and provided technical guidance to ensure adherence to best practices.Team lead for Information Security Risk Assessments for hosted and Google cloud infrastructure.Mentoring other team members in one-on-one setting and running group knowledge sharing sessions.Team lead for Risk Exception documentation. Review all RA's and determine LOE for remediation vs. actual risk.Work with the business to design workable/compliant mitigation/compensation controls.Third Party Risk Management lead. Responsible for Archer development and management of The Home Depot vendor risk life cycleCollaborated with vendors to evaluate new technologies and make recommendations in line with business goals.Led cross-functional team in migrating critical systems to cloud infrastructure, ensuring uptime and scalability.Designed and implemented automated deployment processes, reducing manual errors and increasing efficiency.Provided technical expertise in troubleshooting complex system issues and implementing effective solutions.Responsible for vendor due diligence assigned by the Vendor Management OfficeDesigned the Information Security Tools template process used for tuning of information security tools. Responsible for all Application design build documentation review Conducted vulnerability assessments and penetration testing on network infrastructure to identify risks.Implemented and maintained security controls to ensure compliance with industry regulations and standards.Collaborated with cross-functional teams to develop and execute strategies for improving security posture.Managed security incident response, investigations, and remediation activities to safeguard data.Implemented risk management framework, including risk assessments and mitigation strategies.Led cross-functional teams in developing and implementing compliance programs.Conducted regular audits to ensure adherence to regulatory requirements and company policies.Collaborated with senior leadership to develop and update governance policies and procedures.Conduct quarterly and yearly information security risk assessments based on data type (GLBA, SOX HIPAA and PCI)Manage and measure Service Provider performance and productivity relative to the Service Level AgreementsLed development and implementation of security policies and procedures for organization-wide compliance.Conducted regular risk assessments and audits to identify vulnerabilities and mitigate security risks.Served as a primary point of contact for incident response and managed security incidents.Collaborated with cross-functional teams to ensure alignment of security initiatives with business objectives. IT Audit, Risk Assessment and BCP experience Information Security Governance Enterprise Risk Management CRISC Certification background working for service providing Project initiative leader pushing projects SOX, PCI, GLBA, CCPA, Privacy PCI ISA Certification AWS and Google Cloud Infrastructure, NIST 800-218, 800-53 Team Motivator / Turnaround Specialist Team Mentoring / Knowledge Sharing |
