Herschel McLemore III

Richmond, VA *****

540-***-****

ad3g1l@r.postjobfree.com

Summary

Solution-focused and dedicated GRC Policy Analyst Cybersecurity Analyst with 4 years of experience in developing and implementing effective security policies, procedures, and controls to protect organizations from cyber threats. Proven ability to work collaboratively with cross-functional teams to ensure compliance with various security frameworks such as HIPAA, PCI-DSS, TPRM, ISO 27001, NIST 800-53, SOX, SOC, and COBIT. Skilled in conducting security assessments, risk analyses, and audits. Experience leveraging GRC tools such as Process Unity, RSA Archer, One Trust, Service Now, and Bit Sight

Skills

Service NOW

SOC 2 & 1 Review

Telecommunications Systems

Risk Mitigation/Remediation

NIST 800-53

Cloud Security

Internal Audit

JIRA

PCI-DSS

RSA -Archer (Aurora)

Security Questionnaire

Business Continuity

SAQD

Access Management

Vulnerability Management

SOX

Chat GBT

Experience

June 2023

to

January 2024

T-Mobile 3650 131st Ave SE Bellevue, WA 98006

Information Security Analyst

I evaluated and conducted risk reviews/assessments of existing and engaging third parties.

I prescribed risk assessments and BU Intake questionnaires with a stern focus on analyzing vendors that require ANY customer data (PCI) and documented my results via Excel and our centralized tool before batching any vendor.

Used Aurora centralized tool (RSA Archer) and Microsoft Azure dual authentication. Detail-oriented assuring all vendor/business owner’s information was logged in every necessary tool.

Leveraged the Guardian automation tool with prebuilt compliance templates.

Constant Slack and Email communication with managers and vendor/business owners from 8 am to 9 pm.

I logged and kept track of every vendor I worked on with Excel

February 2022

to

April 2023

Salesforce San Francisco, CA

Risk and Compliance Analyst

Reviewed company policies against best practices to better understand level of compliance.

Conducted comprehensive end-to-end information security risk assessments to identify, assess, and measure information security risks.

Leveraged the ServiceNow GRC platform in carrying out risk activities (Risk assessment, remediation, etc.)

Assess Cloud Security for encryption, cloud-based repository, key management process, and if public or private.

Assisted in the assessment, monitoring, and tracking of the TPRM lifecycle activities (risk assessment & due diligence, and ongoing monitoring)

Conducted security control testing and consultation with stakeholders.

Provided in depth analysis of each identified vulnerability, outlining/ describing the control/security area affected to help leadership respond quick.

Facilitated third party risk assessments for initial due diligence and ongoing oversight of third-party vendor services. This includes collection of documents and analysis, third party risk assessment questionnaire requirements, reviewing audited reports of controls (i.e., SSAE18, SOC Type II, PCI AoC/RoC) and other information to support full evaluation of any potential outsourcing risks.

Review documentation with TPRM Process and Internal Audit Process.

January 2021

to

January 2022

Atlantic Union Bank Glen Allen, VA

Compliance Analyst

Ensured timely completion of examinations and audits to ensure achievement of the annual Corporate Compliance Audit Plan.

Performed and completed examinations and testing of controls that support procedures and processes.

Performed Internal Audits to assess the effectiveness of our financial and accounting operations.

Conducted internal and external business continuity assessments.

Documented and tested SOX internal controls, and assessed their effectiveness in mitigating financial risks and preventing fraud.

Evaluated compliance with contractual agreements and company policies, which were developed to address applicable laws and regulations.

Communicated verbally and in writing the results of audit activities and the associated issues to PRA and vendor management to include recommendations and time frames for remediation.

Worked with vendors to validate the remediation of audit issues.

Tracked results of audit activities and issue remediation.

Assisted in the development or tailoring of audit testing programs to meet specific business needs.

Performed other projects or special assignments as required.

Provided expertise to projects outside of direct span of control.

Assisted and provided guidance to Audit Support Staff and Vendor Relationship Owners or External Legal Recovery Coordinators with vendor related issues.

December 2018

to

December 2019

Apple Federal Bank Washington, DC

Financial Analyst Intern

Managed accounts payable and accounts receivables.

Created financial models using Microsoft excel (3 statement and budget models)

Attended meetings and conference calls where key leaders were present.

Assisted in preparing weekly, monthly, quarterly, and annual financial reports.

Worked closely with the compliance team for Security Audit

Trained on how to Answer Security Questionnaire

Developed and utilized spreadsheets, databases, and other computer applications to complete assigned tasks.

Wrote reports on Internal assessments.

Assisted with daily operational tasks, including tuning and utilization of cybersecurity tools.

Education and Training

University Of Richmond: Expected December 2024

Bachelor’s: Electronic Systems Tech

Certifications - CompTIA Security+ in progress

Contact this candidate