Rene Fonjong

GRC Analyst

Detail oriented and result driven cyber security professional with track records in GRC framework, Vendor risk management. Proven track records of assessing, monitoring, incident responds, risk management strategies, and regulatory compliance. I am seeking a challenging position to leverage expertise.

+1-301*******

ad2arv@r.postjobfree.com

www.linkedin.com/in/rf001

Education

Work Experience

Bachelor’s Degree (Information Technology)

Siantou University

09/2005 - 06/2009

GRC Analyst

PNC Bank. MD

11/22 - Present

Led development and implementation of the GRC farmwork, mapping with industry standards and regulatory requirements.

Conduct risk assessment and identify vulnerabilities to strengthen information security controls and provide actionable recommendations to mitigate identified risk.

Collaborate with stakeholders and cross functional teams to establish and enforce compliance policies and procedures to ensure the right controls are put in place and operates effectively.

Led internal and external audit processes for compliance including state regulations and security frameworks, GDPR, SOC2, ISO 27001, NIST CFS, PCI DSS, HIPAA, and SOX.

Provide management with a clear incident respond plan, a strategic mitigation, treatment plan, and a detailed risk report.

SOC Analyst

CITI Bank

04/22 - 10/2022

Install and configure Qualys to perform vulnerability scan. Developed automated remediation process to deal with vulnerabilities from Cloud to third party software.

Monitoring security information and event management (SIEM) solutions for real time threat detection, investigate potential incidents and provide timely responses to mitigate threats.

Analysis security logs, network traffic, and other data sources to identify security incidents and collaborate with incident response teams to contain and eradicate security threats.

Developed and maintained documentation for incident response procedures and security policies/procedures.

Third Party Risk Analyst

BLUE CROSS

09/2020 - 03/2022

Conduct a comprehensive risk assessment on third party vendors, make sure they are compliant with internal policies and regulatory requirements.

Developed and maintained a robust risk management framework, identifying potential vulnerabilities and proposed mitigation strategies.

Collaborated with cross functional teams to evaluate vendor contracts. Work with internal audit team to ensure regulatory guides and compliance with standards.

Prepared detailed report for senior management to facilitate decision making processes.

Skills

Good Communication

Multi-tasking independent/team

Documentation

Microsoft Suit

Plan of Action and Milestone

Risk Assessment and Mitigation

Vendor Management

Compliance Monitoring

Threat Detection and Analysis

Incident Response

Vulnerability Assessment

Network Security

Audit Coordination

GRC Frameworks Development

Policy Development and Enforcement

Data Analysis

Awards

Attestation of hard work

Worker of the year

Contact this candidate