| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
PHONE NUMBER AVAILABLEEMAIL AVAILABLEEdina MN, Street Address , USALINKEDIN LINK AVAILABLEPage 1 of 3PROFILEInnovative Information Security Governance, Risk Management, and Compliance Leader with IT background and proven success in bringing various-sized companies in financial, banking, medical, and retail industries to acceptable information security risk levels and desired compliance state. Core competencies include deep knowledge and practical application of various standards, laws, and regulations such as ISO27001, NIST 800-53, NIST CSF, PCI-DSS, HIPAA, HITRUST, CRI, NYDFS, FFIEC, GLBA, CCPA, GDPR and Sarbanes-Oxley Act (SOX).GRC EXPERIENCESZILLOW GROUP, Remote, WA 01/2024 PresentIT GRC Manager Served as interim director for a team of six regulatory compliance analysts during the maternity leave of their manager, ensuring seamless operations and team synergy. As a consultant, ensured adherence to IT regulatory standards and frameworks, significantly enhancing compliance across all company departments. Facilitated regular training sessions and workshops for GRC analysts and IT staff on regulatory changes and compliance best practices, thereby increasing the compliance knowledge base across the organization. Established a project management process by customizing the Jira workflow, which enhanced the efficiency of the teams project management operations. Participated in the development and implementation of new business initiatives to ensure they supported compliance functionality. Managed the process to obtain and prepare internal metrics and presentation materials, ensuring accurate and timely reporting. Assisted in the requirements, development, and implementation of GRC tools, contributing to the efficiency and effectiveness of compliance operations. Developed and monitored key performance indicators (KPIs) and metrics to evaluate the effectiveness of IT regulatory compliance initiativesJENIUS BANK (SMBC), Remote, CA 10/2022 01/2024IT GRC Manager Led GRC practices for a newly established Business Line of products of a major Japanese Banking Corporation, resulting in the adoption of new compliance processes organization-wide and contributing to a 15% increase in regulatory examination success rates over a 15-month period. Designed and re-organized Internal Audit operations and brought communication with SMEs to an effective level, reducing audit preparation time by 25%. Provided consulting services to various teams in regard to new product compliance and security architecture, utilizing strong communication and interpersonal skills to effectively bridge the gap between technical and non-technical stakeholders. Planned for future audits and assessments to reduce the cost of such engagements and minimize the impact on stakeholders, achieving a 20% cost reduction. Facilitated the Information Security response to regulatory exams, internal and external audits, risk assessments, and challenges from the 1st, 2nd, and 3rd line risk functions, resulting in a 25% reduction in audit findings. Candidate's Name
PHONE NUMBER AVAILABLEEMAIL AVAILABLEEdina MN, 55435, USALINKEDIN LINK AVAILABLEPage 2 of 3AUTOBOOKS, Remote, MI 09/2021 08/2022Director of IT Governance, Risk Management and Compliance Led IT GRC team and influenced leaders of other teams to promote a risk-aware culture throughout the company Presented to the members of the Board of Directors and provided updates on GRC program development Designed, expanded, and maintained controls based on PCI-DSS, FFIEC, NIST, CCPA, and AICPA SSAE18 standards Prepared the organization for frequent third-party audits and assessments in an effort to achieve business expansion Defined internal processes related to data privacy, vendor risk, and IT risk management Researched, implemented, and maintained an automated solution for Due Diligence Questionnaires increasing process efficiency up to 10 timesPENTAIR, Golden Valley, MN 09/2019 09/2021Sr. IT Regulatory Compliance Analyst Served as primary Subject Matter Expert on PCI-DSS and act as the primary contact with PCI QSA Worked with IT security leadership to develop a comprehensive compliance program Measured and ensured that controls were in place and managed properly to meet legal & regulatory compliance EXPRESS SCRIPTS, Bloomington, MN 09/2017 09/2019 Sr. IT Regulatory Compliance Analyst Headed first-time HITRUST CSF certification effort on a scale of 300 SMEs and 750 controls, Worked with the Information Risk Management, Legal, and Privacy departments to ensure compliance Coordinated internal and external regulatory IT and Security audits in partnership with Private and Private Sectors BOULAY, Eden Prairie, MN 07/2016 08/2017IT Governance, Risk and Compliance Manager Managed Service Organization Control (SOC) examinations, SOC1 and SOC2, and issued multiple SOC reports Provided custom consulting services to clients within the scope of business development and client retention strategy U.S. BANCORP, Minneapolis, MN 12/2012 01/2015Sr. Information Security Analyst Lead PCI consulting and advisory services to all teams in PCI-DSS compliance efforts to ensure compliance Designed corrective actions for data security incidents, mitigating risks and preventing future occurrences. IT EXPERIENCESLIFETIME FITNESS (1 year), Chanhassen, MN - Vulnerability Management Lead, built VM processes and infrastructure USBANK (2 years), Minneapolis, MN - Business Intelligence Platforms Engineer, managed BI infrastructure JETBLUE AIRWAYS (1 year), New York, NY - PCI-DSS Integration Engineer, ensured systems technical compliance THOMSON REUTERS (5 years), Sr. Systems Engineer, implemented complex financial systems BLOOMBERG (6 years), New York, NY Sr. Systems Engineer, implemented and support in-house TV systems Candidate's Name
PHONE NUMBER AVAILABLEEMAIL AVAILABLEEdina MN, 55435, USALINKEDIN LINK AVAILABLEPage 3 of 3EDUCATION CERTIFICATIONSBachelor of Science in Electrical EngineeringEast-Ukrainian National UniversityLugansk, Ukraine - 1996 CISA Certified Information Systems Auditor, 16133559 PCIP - PCI Security Standards Council, 1002-255 ISA - PCI Security Standards Council, 802-747Auditboard; Alyne; RSA Archer; Onspring GRC; RSAM; SharePoint; Jira; Service Now; Microsoft Azure; Google Cloud Platform; GCP; AWS ; Data loss prevention; DLP; SEIM; Security Event and Incident Management; Windows; Linux; Unix; Solaris; Macintosh; Apple; Firewalls; Routers; Switches; Wireless technologies; Network segmentation; Web application firewalls; WAF; PCI-DSS (Payment Card Industry); Regulatory Compliance; "Governance; Risk; and Compliance (GRC)"; Information Security Governance; Audit; Technical Compliance; Security Audits; Internal Audit; Product Compliance; Risk Assessments; SOC Examinations Management; FFIEC; "NIST (800-53; CSF)"; Due Diligence; GDPR; GLBA; HIPAA; HITRUST; ISO27001; NYDFS; Sarbanes-Oxley Act (SOX); CCPA; Compliance Program Development; Compliance Assessment; Compliance and Auditing; Regulation and Best Practices Evaluation; Regulatory Analysis and Compliance; Regulatory Compliance; Regulatory Knowledge; Regulatory Response Management; AICPA SSAE18; ISA - PCI Security Standards Council; PCIP - PCI Security Standards Council; CISA - Certified Information Systems Auditor; Subject Matter Expert (SME); Qualified Security Assessor (QSA); Virtual Machine (VM); Systems Engineer; Business Intelligence; Security Architecture; IT Risk Management; Due Diligence Questionnaires; Data Loss Prevention (DLP); Firewalls; Networking; Amazon Web Services (AWS); Google Cloud Platform; Microsoft Azure; Linux; Solaris; Unix; Active Directory Management; Web Application Firewalls (WAF); Routers; Switches; Wireless Technologies; Vulnerability Management; Incident Management; Log and Security Incident Management (SEIM); Key Performance Indicators (KPIs); Network Segmentation; "GRC Tools Implementation (Auditboard; Alyne; RSA Archer; Onspring GRC; RSAM)"; Scripting and Automation; SharePoint Configuration and Maintenance; SharePoint Development and Reporting Tools; VMware; Citrix; Tenable Security Center; Nessus Scanners; Operations; Business Development; Metrics Management; Project Management; Workflow; Team Leadership; Process Definition; Process Design and Improvement; Process Efficiency Improvement; Performance Monitoring; Operational Change Management; Program Management and Development; Infrastructure Design and Implementation; Automation; Technology Roadmap Development; Project Engineering; Training and Development; Training and Mentorship; Board Communication; Vendor Collaboration; Security Access Management; Security and Privacy Control Integration; Security Awareness Training; Security Documentation; Security Standards and Policies Development; Data Security Policy Evaluation and Improvement; Vulnerability Management Integration; Vulnerability Scans and Analysis; Risk and Vulnerability Management; Risk Assessment and Gap Analysis; Penetration Testing and Remediation; Corrective Actions Design; Issue Remediation; Control Assurance and Management; Control Design and Maintenance; Control Evaluation; Documentation and Reporting; Documentation and Standards Development; Reporting and Recommendations; Audit Planning; Audit Preparation; Audit Coordination; Audit and Assessment Execution; Audit Reporting; Audit Response and Remediation; Security Documentation; Security and Configuration Standards Development; Metrics; Data Analysis and Monitoring; Data Integrity and System Configuration Maintenance; Evaluation of GRC Solutions; Knowledge Base Development; Testing and Analysis; Testing Procedures and Plans; Standardization and Testing; Collaboration and Coordination; Consulting Services; Business Initiative Development; Business Partnership Development; PCI Consulting and Advisory Services; PCI DSS Awareness Program Development; PCI Engagement Management; PCI Services Framework Development; Consulting; Research and Development; Evaluation of GRC Solutions |
