Cary D. Boucher, MBA, CISA, CGEIT, CRISC, CDPSE

* ********* ****, ***** *******, MA 01864

978-***-**** (H) 978-***-**** (C) ad40ad@r.postjobfree.com Skype Username: cary.boucher

a

GOVERNANCE, RISK MANAGEMENT, AND COMPLIANCE CONSULTANT

I am a skilled and energetic GRC professional that can pay attention to details and keep projects on track. My experience includes working in fast-paced GRC environments across multiple industries. I am seeking a position that will utilize and build on my governance, risk management, and compliance expertise.

Highlighted qualifications include:

Excellent presentation, interpersonal communication, thought leadership, and negotiation skills

Experienced in IT Risk Architecture, Road Mapping, and Regulatory and Compliance Frameworks, and Vendor Strategies

Over 15 years of software development requirements analysis, user acceptance test results analysis, and user test script execution

Performed SDLC Audits and provided Go-Live Decision Collaboration and Support

Strategic expertise in in threats, vulnerabilities, and patch management

Evaluated and developed information security policies and procedures

Working knowledge of PCI-DSS, ISO 27001, NIST SP 800-53 R5, HITrust, HIPAA, FISMA, CSA, SOX, and FTC frameworks and regulations

In–depth experience with technology audit and planning in the financial services and healthcare industry sectors

Skilled at identifying and evaluating systemic and operational controls

Superior Lean Project Management Acumen including Agile Scrum Master, JIRA, and Confluence skills

Proven to excel in a collaborative team environment to service multiple clients

Comprehensive technical and operational procedure documentation skills

PROFESSIONAL EXPERIENCE

AON RISK SERVICES, MARCH 2022 TO MARCH 2024

ASSISTANT THIRD PARTY RISK MANAGEMENT DIRECTOR VIA TCS, Boston, MA

Primary responsibilities included:

Consulted on the management and oversite of the 3rd Party Risk Management Program upon the retirement of the program’s director.

Developed policies, procedures, and tools for identifying and managing risks using the PCI-DSS, ISO 27001, NIST 800 R-53, HITrust, SA SIG (Shared Assessment Standard Information Gathering Tool), and CIS CSC (Center for Internet Security Critical Security Control) frameworks.

Ensured security assessment compliance to the NYDFS (New York Department of Financial Services), GDPR (General Data Protection Regulation), CCPA (California Consumer Privacy Act), and Schrems II regulations.

Performed Project Management Office (PMO) Coordination/Liaison activities for both the delivery management (Intake) and assessment team of the 3rd Party Risk Management Program.

Worked with the Cybersecurity Team to perform application risk assessments.

Advised the handling of risk assessment approaches for specific engagement scenarios.

Trained newly hired employees to perform risk assessments.

Updated all departmental documentation.

Developed program standards, guidelines, and performance metrics.

STATE OF MASSACHUSETTS, AUGUST 2021 TO MARCH 2022

GOVERNANCE, RISK, AND COMPLIANCE ASSISTANT DIRECTOR VIA MANPOWER, Boston, MA

Primary responsibilities included:

Developed and maintained Enterprise Risk Management Program encompassing Risk Identification, Risk Appetite, Risk Register, Materiality Risk Evaluation, and Risk Reporting.

Managed Enterprise Risk Management and Operational Risk Management Practices and Processes.

Oversaw AWS Cloud Migration Initiative using FedRamp (Federal Risk and Authorization Program).

Lead security, compliance, and privacy programs.

Progressed system security plans from development though Authorized to Operate (ATO) approvals.

Governed the workflows and communications for issue escalations and incidents.

Developed policies, procedures, and tools for identifying and managing risks using the PCI-DSS, NIST 800-53 R5, ISO 27001, and CIS CSC (Center for Internet Security Critical Security Control) frameworks.

Performed IT Control Testing and evidence collection.

Interfaced with multiple state agencies to understand and coordinate risk and mitigating controls.

Worked with business owners, responsible control owners, and stakeholders to develop remediation plans with reasonable target dates for control failures, audit, and compliance issues.

Maintained, communicated, and executed control testing schedules based on frequency to control owners.

Assigned and monitored progress on control testing activities with control owners via JIRA ticketing system.

Assisted responsible control owners with documenting existing and future state process artifacts and publishing of process documentation (e.g., standards, procedures etc.).

Maintained IT control artifact and evidence in the Sharepoint repository.

LIBERTY MUTUAL INSURANCE, SEPTEMBER 2016 TO JULY 2021

PRINCIPAL GOVERNANCE, RISK, AND COMPLIANCE SPECIALIST AT LIBERTY MUTUAL, Portsmouth, NH

Primary responsibilities included:

Advised Archer GRC Platform implementation including test script development and execution.

Developed and facilitated enterprise-wide program initiative goals and security awareness training materials introducing the 3rd Party Vendor Management Information Security Due Diligence Program. Performed road shows to communicate the requirements of the program and security awareness initiative.

Grew the 3rd Party Vendor Management Due Diligence Program from ground-zero to six out of seven continents with tens of thousands of remediation plans under management.

Identified, coordinated, and implemented ServiceNow Integrated Risk Management GRC Platform enhancements.

Innovated new third-party security assessment coverage coordination approaches and Process Improvement techniques including STP (Straight-Through-Processing) as well as remediation and next steps guidance.

Implemented, automated, and performed Privacy Impact Assessments on OneTrust.

Performed Project Management Office (PMO) Coordination/Liaison activities for the Vendor Risk Management Program in the areas of security, privacy, and business continuity assessments.

Evaluated, tested, and implemented a new 3rd Party Vendor Management application - RSAM.

Ensured security assessment compliance to the NYDFS (New York Department of Financial Services), GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) regulations.

Infrastructure project management included implementation for products for ServiceNow IRM, Palo Alto Networks, ZScaler (Zero-Trust Micro-Segmentation), Google, Amazon AWS, Microsoft, SAP, Splunk, Archer, Risk Observer, and IBM.

Initiated, coordinated, and trained colleagues on the Security Refresh Assessment Program.

Coordinated Single Signon (SSO), MFA, Data Encryption at Rest (AES-256), Data Encryption In-Transit (TLS Version 1.2 and greater), and logging (Splunk) projects with the internal security teams.

Remotely trained colleagues and new personnel during the Covid-19 Pandemic.

Developed program standards, guidelines, and performance metrics.

EDUCATION

MASTER’S IN BUSINESS ADMINISTRATION

Babson College, Wellesley, MA

Bachelor of SCIENCE DEGREE

University of Massachusetts at Amherst

PROFESSIONAL CERTIFICATIONS, SKILLS, TRAINING, AND CLEARANCES

CISA: Certified Information Systems Auditor

CGEIT: Certified in the Governance of Enterprise Information Technology.

CRISC: Certified in Risk and Information Systems Control

CDPSE: Certified Data Privacy Solutions Engineer

Government Clearances: Public Trust - High

Contact this candidate