Senior Information Security, Governance, And Risk Management Consultant Resume
2.00/5 (Submit Your Rating)
SUMMARY
- Proven ability to create, redesign, and implement enterprise - wide strategies for IT security and risk management
- Disruptor of the status quo within technology organizations, with an eye toward fostering secure and efficient processes
- Helps companies implement security and privacy frameworks for business unit / vendor risk evaluations
- Frequently uses the COBIT and NIST frameworks to determine risks and control objectives
- Participates in business process redesign, technology needs assessment, and IT governance projects
- Builds partnerships with business and IT staff to resolve complex cybersecurity challenges and promote effective information security practices.
- Rationalizes controls for multiple areas of governance, risk, and compliance -- including PCI, NIST, COBIT, HIPAA, ISO27002, SOX, California Consumer Privacy Act of 2018, and other considerations
PROFESSIONAL EXPERIENCE
Senior Information Security, Governance, and Risk Management Consultant
Confidential
Responsibilities:
- Design, implement, monitor, and evaluate organizations’ risks and controls.
- Orchestrate IT Security Assessments with an eye toward HIPAA Compliance Standards
- Develop methodologies for IT control owners to evaluate controls that resided within their vendors’ processes
- Evaluate requests for exceptions to Information Security Policies and Standards for companies
- Train client personnel on audit procedures for IT General Controls
- Liaison to external auditors, facilitating significant reliance on IT audit work conducted internally
- Identify requirements to comply with the California Consumer Privacy Act of 2018
- Conduct third-party risk assessments to ascertain that vendors had appropriate security and privacy controls
- Interviewed process owners and wrote procedures for E-Business (marketing) processes
- Identified and assessed key operational controls and compliance points
- Assessed processes supporting email campaigns, social media, and mobile platform development
- Wrote control and process narratives to support compliance efforts
- Made recommendations for control design efficiencies and designed new cybersecurity controls
- Conducted SOC 2 Testing for a financial services start-up company operating in a DevOps environment
- Assessed the design and effectiveness of controls related to project governance, deliverables, and readiness
- Worked with SAP security reports and related controls
- Conducted controls rationalization exercises, as a foundation for IT audit plans and risk mitigation strategies