Compliance Analyst Risk Management
Resume:
An experienced Senior IT Risk & Compliance Analyst with 6+ years of expertise in enhancing the company's IT compliance programs. I lead the execution of internal and external assessments for current and emerging regulations and standards such as SOC 1 & 2, ISO27001, PCI-DSS, etc. I collaborate closely with cross-functional teams to assess existing IT policies, procedures, and processes, offering actionable insights on risk areas, mitigation strategies, process enhancements, and control recommendations.
Work History
2023-02 - Current
Governance, Risk and Compliance (GRC) Analyst
TOYOTA
Update at least 10 cybersecurity policies, standards, and procedures annually, ensuring 100% alignment with industry best practices and regulatory requirements
Perform quarterly gap analyses, closing identified non-compliance issues within 30 days to maintain compliance
Oversee compliance with relevant regulations (GDPR, HIPAA, PCI DSS) and industry standards to safeguard organizational data
Conduct security risk assessments for 10+ new vendors annually, ensuring adherence to security policies and reducing vulnerabilities
Conducted regular audits of Splunk logs to ensure accuracy and compliance with regulatory frameworks, such as PCI-DSS, HIPAA, and NIST, enhancing the organization's overall security posture
Developed custom Splunk alerts and reports for critical compliance metrics, facilitating a reduction in incident response time by 30% and supporting GRC requirements
Strengthen risk management frameworks by 25%, aligning with NIST Special Publication 800-series and ISO standards
Monitor vendor performance, achieving 95% adherence to security KPIs, KRIs, and SLAs, improving security posture
Leverage GRC tools like RSA Archer and ServiceNow to track and manage security incidents, reducing incident response time by 30%
Lead comprehensive risk assessments and audits to ensure compliance with industry standards and enhance security posture by 15%
Identify control deficiencies during SOX audits, collaborating with stakeholders to develop corrective actions and improve control frameworks
Evaluate assessment artifacts to verify compliance with NIST SP 800-53 rev 4 control requirements
Review the effectiveness of existing controls by examining security questionnaires, independent audit reports (SOC 2, HITRUST, ISO), and artifacts, ensuring vendor compliance
Streamline SOX compliance projects, improving reporting processes and reducing the financial close cycle by 15%
Manage third-party vendor assessments, ensuring compliance with company security policies, and reducing external access risks
Assess firewalls, and IDS/IPS configurations to guarantee network security and adherence to organizational policies.
Execute regular PCI DSS compliance assessments, ensuring systems handling cardholder data meet the 12 core PCI DSS requirements, including secure network architecture and encryption.
2018-10 - 2023-02
Compliance Analyst
CAPITAL ONE
Worked closely with cross-functional teams to foster a culture of compliance and ensure that governance policies were effectively implemented across the organization
Led SOC II audit process and achieved an approximately 80% compliance rate with no major findings
Collaborated with the cybersecurity team to leverage Splunk's threat intelligence capabilities, aiding in the improvement of vendor risk management processes and incident investigation efficiency
Designed and implemented risk management frameworks, aligning with regulatory requirements (SOX, GDPR, PCI-DSS) to strengthen organizational security posture
Spearheaded the enhancement of compliance monitoring processes, leading to a 15% increase in regulatory adherence across different departments
Contribute to the development and upkeep of Governance, Risk, and Compliance (GRC) frameworks, aimed at strengthening governance and risk management practices
Collaborated with cross-functional teams to establish and enforce security policies and procedures, ensuring alignment with industry standards (NIST, ISO 27001) and organizational goal.
Supported HIPAA compliance program implementation and maintenance, ensuring adherence to regulatory requirements across the organization.
Contact
Phone
****************@*****.***
Skills
Security Tools: Splunk, ArcSight, RSA Archer, QRadar, Nessus, Qualys, OpenVAS, Nmap, Wireshark, Firewalls, IDS/IPS Incident Management: ServiceNow, Jira Frameworks and Compliance Standards: NIST AI RMF, ISO/IEC 24029, PCI-DSS, ISO 27001, GDPR, HIPAA, SOX, FedRAMP, HITRUST, SOC I, SOC II, TPRM
Collaboration Tools: Microsoft Suite, Office 365, SharePoint, OneDrive, Exchange Online, Microsoft Teams, Slack, Zoom
Programming Language: R Cybersecurity: Risk Management, Data Security, Incident Response, Threat Intelligence, Third-Party Vendor Assessment and Management, Security Documentation, Reporting, Technical Controls Implementation, Regulatory Compliance, Contract, SLA review, Network Security Development Lifecycle: SDLC
Operating Systems: Windows
Server Soft Skills: Analytical, Critical Thinking, Multitasking, Communication, Teamwork, Problem-Solving, Organizational Skills
Certifications
Certified Information Systems Auditor (CISA)
Education & Training
B.sc: Accounting
Ambrose Ali University - Nigeria
.
Martins O. Emeje
GRC Analyst
Contact this candidate