Security Officer Compliance Analyst

MICHAEL J. SHANAHAN

978-***-**** **********@*****.*** Remote

RESULTS DRIVEN RISK AND COMPLIANCE LEADER

I am professional with over 25 years in the business, technical and IT Risk Sectors of Insurance, medical and retail industry. I am experienced as a project manager, business systems analyst, systems engineer, a former MCSE, CRISC and majority as an IT Risk & Compliance professional. I have extensive background in systems evaluation, support, risk analysis and business continuity.

SKILLS

Risk Management Compliance Reviews FTC Audit Management

Vendor Risk Management Assessments IT Controls NIST/ISO/COBIT/PCI

IT Security Education Incident Response Policy Development

PROFESSIONAL EXPERIENCE

CarMax Richmond Virginia 2022 to Present (Remote)

Senior IT Risk & Compliance Leader - Report to Director Cybersecurity and Compliance

oSupport and Drive PCI initiatives.

oValidate Risk Information collection ensuring accuracy while tracking progress of risk responses and remediation plan.

oPolicy Development. Proactively implement improvements and update Governance Documentation

oSecurity Awareness Admin, Design and Support

Southcoast Health, Fairhaven Ma. 2021

Governance, Risk and Compliance Analyst

Reports to the Chief Information Security Officer, performing a variety of assessments using a risk-based approach related to third-parties, technologies, and hardware.

Aligns with business and the project management office to make security-based recommendations to ensure adherence to Southcoast’s security standards regulations (PHI, PII, PCI, etc.)

Interface with various business units throughout the enterprise, as well as providers, internal technical teams, and external contacts as appropriate.

Researches and identifies industry information security best practices, develop action plans for executing changes.

Fallon Healthcare, Worcester, MA 2019-2020

Senior Risk & Security Analyst

Led and executed IT Security Compliance User Access Audits for the Fallon ISRM, Created and implemented monthly IT Brown Bag sessions for Fallon Corporate at the request of External Audit. Maintained security awareness training programs, content, and metrics. Developed and completed inventory and updates of Fallon Security Policy and Procedures.

Collaborated with vendors, external auditors, procurement & IT Security, legal and business partners to analyze and remediate exposure.

Triaged assessments, delegation of assessment work load, and supervision of 3 Junior team members.

Ensured the integrity, confidentiality and security are maintained and retained according to Fallon HealthCare guidelines.

Lead annual Incident Response Tabletop exercise successfully. Awarded by IT for success in this project.

Steward HealthCare, Boston MA 2017-2019

IT Risk and Compliance Analyst

Created the initial Steward functional Risk Register to fulfill regulatory compliance acting as a repository for all risks identified. Administered the GRC platform which supports the Third-Party Risk program. Owned 3rd Party risk assessments, compliance User Access review, and Policy Development.

Documented and provided security awareness training program in terms of testing, curriculum, tracking, and support.

Documented, published, and ensured compliance with set corporate policies and industry requirements, including PCI-DSS and GDPR.

DELL/EMC, Inc., Southborough, MA 2015-2017

Consultant GRC Risk Analyst – Global Security Organization (GSO)

Support, maintain and oversees an IT risk management framework that managed processes, policies, data classification and procedures to manage overall IT risk while promoting the delivery of quality IT solutions.

Managed IT Security policy, maintained compliance and risk posture across the DELL/EMC Federation. Supervised and coordinated projects for external examiner evaluations, reported internal control issues. Successfully Led multiple audits with external parties within DELL/EMC and their customers.

Acted as the Initial Point of contact for both security and compliance challenges. Managed all elements of risk for global and third-party projects.

Collaborated with other DELL departments to assist in evaluating IT infrastructure to identify and mitigate potential risks and liabilities and delivered solutions.

Devised and implemented Risk Assessments and reviews of SSAE16, SOC1, SOC2 efficiently.

BJ’s Wholesale Club, Westborough, MA 2007-2015

IT Lead Risk Analyst

Created and provided IT Risk and Security leadership with Risk Register producing metrics and executive-level status for review with BOD. Ensured all program management and technical operations were conducted in compliance with Payment Card Industry (PCI) and Federal Trade Commission (FTC) Audit requirements.

Managed successfully multiple Payment Card Industry audits. Project Team Member inserted in initiatives representing IT Risk and Compliance, implemented new IT risk initiatives, monitored, and managed risk mitigation program, and identified and corrected performance problems.

Collaborated with internal legal counsel to promote the use of IT Security controls, language and methodologies in all vendor contracts and agreements.

Identified risks and implemented mitigation strategies in coordination with IT Management, multiple teams, Project Management Office, business owners, end-users.

Spearheaded over 23,000 corporate-wide team members Security Awareness program following PCI, BJ’s Wholesale and Legislative requirements.

Led IT Risk Incident Response Management and escalation. Managed WAR room and coordinated all IT communication with leadership, including updates, escalations, documentation, and coordinator of resources and timelines. Awarded Quarterly Excellence in Effort.

CERTIFICATIONS AND AFFILIATIONS

•Certified in Risk and Information Security Controls 2017

•New England Information Systems Security Administration

•Information Systems Audit and Control Association

•2018 to Current – The Elected Auditor - Lakeshore Park Association, Gilford NH

Contact this candidate