| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateCandidate's Name
Governance, Risk & Compliance AnalystEmail: EMAIL AVAILABLEPhone: PHONE NUMBER AVAILABLEAddress: Street Address
PROFESSIONAL SUMMARYA GRC Analyst with 3 years experience and over 7 years experience in the Cyber Security world of driving impactful results through assessments and strategic security implementations. Sought-after for leveraging the knowledge of regulatory compliance frameworks (GDPR, HIPAA, and SOX) and IT Security Frameworks (ISOPHONE NUMBER AVAILABLE, GLBA, NIST, CIS Control, NCUA and PCI DSS/SSAE 18), ensuring 100% compliance. Recognized for managing risk, reduced high-risk vulnerabilities within assessed systems by an impressive 60%. Partner with legal teams to interpret and implement regulations across various jurisdictions, ensuring company policies and procedures adhere to legal standards.SKILLSEXPERIENCEGRC Analyst Living Well Disability Services Aug 2021 CurrentDesign and execute security simulations and Pen testing (using tools like Metasploit and Burp Suite) to assess the effectiveness of existing security controls and identify vulnerabilities.Analyze results from simulations to recommend improvements and enhancements to the security posture, following guidelines from frameworks such as NIST (National Institute of Standards and Technology) and OWASP (Open Web Application Security Project).Analyze and respond to phishing emails and other social engineering attacks. Implement strategies for phishing simulation exercises and training programs for employees. Develop and use DLP (Data Loss Prevention) tools to protect against data breaches resulting from phishing attacks.Led comprehensive third-party risk assessments to evaluate vendor security practices, identify potential vulnerabilities, and ensure compliance with regulatory requirements, resulting in a 30% reduction in overall third-party risk exposureCollaborated with cross-functional stakeholders such as Legal, IT, HR, and Security teams to develop and implement audit plans in accordance with industry standards and regulatory requirements.Led comprehensive third-party risk assessments to evaluate vendor security practices, identify potential vulnerabilities, and ensure compliance with regulatory requirements, resulting in a 30% reduction in overall third-party risk exposure.Perform regular vulnerability scans using industry-standard tools (e.g., Nessus, Qualys) to identify and assess potential security weaknesses.Conduct comprehensive RA (Risk Assessments) to identify and prioritize enterprise risks, Implement ERM (Enterprise Risk Management) strategies and monitor effectiveness.Provided guidance on security best practices and ensured alignment with industry frameworks such as ISO 27001, NIST, and PCI DSS. including SOC 1, SOC 2, and SOC 3 (Service Organization Control Reports) analyses.Executed risk assessments to identify potential threats and vulnerabilities, proposing mitigation strategies to enhance overall security posture.Led vendor risk assessments for high-profile clients, evaluated and mitigated cyber threats, contributing to a remarkable 20% increase in vendor reliability and trust.Managed compliance programs related to HIPAA (Health Insurance Portability and Accountability Act) and CCPA (California Consumer Privacy Act).Conducted regular compliance audits and BIA (Business Impact Analysis) to assess the impact of regulatory changes.Third- Party Risk Analyst Premium Choice Care LLC Nov 2017 Jun 2021Led the successful execution of internal audits, identifying and rectifying compliance gaps, ultimately achieving a 15% improvement in audit outcomes.Developed and maintained DRP (Disaster Recovery Plans) and BCP (Business Continuity Plans) to ensure organizational resilience.Provided training on CISA (Certified Information Systems Auditor) and CISM (Certified Information Security Manager) principles to enhance staff awareness.Develop and track KRI (Key Risk Indicators) to provide early warnings of potential risk exposures.Ensure compliance with GDPR (General Data Protection Regulation) and SOX (Sarbanes-Oxley Act) requirements.Utilize COSO (Committee of Sponsoring Organizations of the Treadway Commission) and COBIT (Control Objectives for Information and Related Technologies) frameworks to improve internal controls and governance.Prepare detailed risk and compliance reports, including SOC 1, SOC 2, and SOC 3 (Service Organization Control Reports) analyses.Established and maintained effective communication channels with regulatory bodies, fostering positive relationships and facilitating a 20% reduction in response time to inquiries.Spearheaded the development of an updated policy manual, enhancing clarity and accessibility and contributing to a 40% decrease in policy misinterpretations.I.AM Risk Analyst Memorial Hermann Hospital Dec 2015 Feb 2017Security compliance with HIPAA Regulations and internal policies related to user access. Conduct regular audit of access to ensure adherence to HIPAA and other health care standards.Incident Response: Investigate and resolve access-related issues and security incidents. Coordinate with other departments to address and mitigate potential security breachesPolicy Development: Develop and update IAM policies and procedures in line with industry best practices and hospital requirements. Assist in the creation of training materials and provide training to staff on IAM practices.Administer and manage user accounts, including creation, modification, and termination.Ensure that access rights are granted based on the principle of least privilege.Leveraged the Medicaid Portal and verified health insurance details through Availity, resulting in a 20% improvement in the efficiency of the billing process for diverse insurance providers, including Commercial Insurance, Aetna, BCBS, and others.Technical Support: Provide technical support for IAM systems and troubleshoot any related issues. Work with vendors to address and resolve technical problems with IAM solutions.Project Management: Participate in IAM-related projects, including system upgrades, deployments, and improv events. Coordinate with cross-functional teams to ensure successful project implementation. claims efficiency by 45%.EDUCATION- Bachelors degree in Computerized Project Management - University of Douala, Cameroon, Africa- Associate of Applied Science in information technology Major in Cybersecurity Century College White Bear MN, USACERTIFICATIONCertified Information Systems Auditor (CISA)Certified CompTIA Security + (reference SYO-701) Verify at: http://verify.CompTIA.org Code: 76TXQBEZP14E1B5VCertified level 3 Cyber security maturity model certification. (CMMC)Security GovernanceISO 27001, NIST, PCI DSSCompliance and controlsI.AM procedure MasteryMitigation StrategiesRisk Assessment & ManagementVendor Risk ManagementServiceNow ProficiencyNetworking (Wireshark understanding)Qualys, HIPAA, HITRUST, Nessus, FIPS 199Vulnerability AssessmentSystem ConfigurationRisk ManagementSIEM Tools (WAZUH)Third Party Risk AssesmentsWireshark, OpenVAS, Wazuh,Policy Development and ImplementationLinux, Kali Linux specialistPOA&M managementSAPSARComputer programming (Python, C++, Java) |
