Rene Fonjong
GRC Analyst
Detail oriented and result driven cyber security professional with track records in GRC framework, Vendor risk management. Proven track records of assessing, monitoring, incident responds, risk management strategies, and regulatory compliance. I am seeking a challenging position to leverage expertise.
ad2arv@r.postjobfree.com
www.linkedin.com/in/rf001
Education
Work Experience
Bachelor’s Degree (Information Technology)
Siantou University
09/2005 - 06/2009
GRC Analyst
PNC Bank. MD
11/22 - Present
Led development and implementation of the GRC farmwork, mapping with industry standards and regulatory requirements.
Conduct risk assessment and identify vulnerabilities to strengthen information security controls and provide actionable recommendations to mitigate identified risk.
Collaborate with stakeholders and cross functional teams to establish and enforce compliance policies and procedures to ensure the right controls are put in place and operates effectively.
Led internal and external audit processes for compliance including state regulations and security frameworks, GDPR, SOC2, ISO 27001, NIST CFS, PCI DSS, HIPAA, and SOX.
Provide management with a clear incident respond plan, a strategic mitigation, treatment plan, and a detailed risk report.
SOC Analyst
CITI Bank
04/22 - 10/2022
Install and configure Qualys to perform vulnerability scan. Developed automated remediation process to deal with vulnerabilities from Cloud to third party software.
Monitoring security information and event management (SIEM) solutions for real time threat detection, investigate potential incidents and provide timely responses to mitigate threats.
Analysis security logs, network traffic, and other data sources to identify security incidents and collaborate with incident response teams to contain and eradicate security threats.
Developed and maintained documentation for incident response procedures and security policies/procedures.
Third Party Risk Analyst
BLUE CROSS
09/2020 - 03/2022
Conduct a comprehensive risk assessment on third party vendors, make sure they are compliant with internal policies and regulatory requirements.
Developed and maintained a robust risk management framework, identifying potential vulnerabilities and proposed mitigation strategies.
Collaborated with cross functional teams to evaluate vendor contracts. Work with internal audit team to ensure regulatory guides and compliance with standards.
Prepared detailed report for senior management to facilitate decision making processes.
Skills
Good Communication
Multi-tasking independent/team
Documentation
Microsoft Suit
Plan of Action and Milestone
Risk Assessment and Mitigation
Vendor Management
Compliance Monitoring
Threat Detection and Analysis
Incident Response
Vulnerability Assessment
Network Security
Audit Coordination
GRC Frameworks Development
Policy Development and Enforcement
Data Analysis
Awards
Attestation of hard work
Worker of the year