We provide IT Staff Augmentation Services!

Senior Information Security, Governance, And Risk Management Consultant Resume

SUMMARY

  • Proven ability to create, redesign, and implement enterprise - wide strategies for IT security and risk management
  • Disruptor of the status quo within technology organizations, with an eye toward fostering secure and efficient processes
  • Helps companies implement security and privacy frameworks for business unit / vendor risk evaluations
  • Frequently uses the COBIT and NIST frameworks to determine risks and control objectives
  • Participates in business process redesign, technology needs assessment, and IT governance projects
  • Builds partnerships with business and IT staff to resolve complex cybersecurity challenges and promote effective information security practices.
  • Rationalizes controls for multiple areas of governance, risk, and compliance -- including PCI, NIST, COBIT, HIPAA, ISO27002, SOX, California Consumer Privacy Act of 2018, and other considerations

PROFESSIONAL EXPERIENCE

Senior Information Security, Governance, and Risk Management Consultant

Confidential

Responsibilities:

  • Design, implement, monitor, and evaluate organizations’ risks and controls.
  • Orchestrate IT Security Assessments with an eye toward HIPAA Compliance Standards
  • Develop methodologies for IT control owners to evaluate controls that resided within their vendors’ processes
  • Evaluate requests for exceptions to Information Security Policies and Standards for companies
  • Train client personnel on audit procedures for IT General Controls
  • Liaison to external auditors, facilitating significant reliance on IT audit work conducted internally
  • Identify requirements to comply with the California Consumer Privacy Act of 2018
  • Conduct third-party risk assessments to ascertain that vendors had appropriate security and privacy controls
  • Interviewed process owners and wrote procedures for E-Business (marketing) processes
  • Identified and assessed key operational controls and compliance points
  • Assessed processes supporting email campaigns, social media, and mobile platform development
  • Wrote control and process narratives to support compliance efforts
  • Made recommendations for control design efficiencies and designed new cybersecurity controls
  • Conducted SOC 2 Testing for a financial services start-up company operating in a DevOps environment
  • Assessed the design and effectiveness of controls related to project governance, deliverables, and readiness
  • Worked with SAP security reports and related controls
  • Conducted controls rationalization exercises, as a foundation for IT audit plans and risk mitigation strategies

Hire Now