Post Job Free
Sign in

Risk Management Machine Learning

Location:
Houston, TX
Posted:
March 07, 2025

Contact this candidate

Resume:

Mona Azizullah ************@*****.*** Cell: 713-***-**** [LinkedIn Profile]

EXECUTIVE SUMMARY

Experienced GRC Analyst & IT Risk Auditor with expertise in Big Four auditing (KPMG, EY), Cloud Security, Generative AI (Gen AI), Artificial Intelligence (AI), Machine Learning (ML), SOX Testing & Compliance, ISO 27001 Testing, and Enterprise Risk Management (ERM). Proven track record working with Fortune 500 companies across financial, construction, oil & gas, technology, and pharmaceutical industries. Skilled in regulatory compliance, vendor risk management (VRM), data governance, security frameworks (ISO 27001, NIST, PCI DSS), IT risk assessments, and audit remediation. Adept at collaborating with internal teams, external auditors, and legal departments to drive compliance and mitigate risks.

CORE COMPETENCIES

Data Governance & Privacy: CCPA, CPRA, GDPR, PIPL, ISO 27001, NIST, PCI DSS, NIS 2

SOX & ISO 27001 Testing & Compliance: ITGC, ITAC, COSO, COBIT, SSAE16

GRC & Risk Management: ServiceNow, Archer, Vendor Risk Management (VRM), Third-Party Risk

Cloud Security, AI/ML & Gen AI: AWS, Azure, M365, CyberArk, Generative AI applications, AI/ML risk assessments, Machine Learning Use Cases

Policy & Procedure Development: Change Management, User Access Review (UAR), Data Protection Agreements (DPA)

Audit & Compliance Collaboration: Big Four experience (KPMG, EY), External & Internal Audit, ISO 27001 Certification

PROFESSIONAL EXPERIENCE

Virtuoso, Inc GRC Analyst April 2022 – Jan 2025

Developed and executed data governance frameworks, policies, and procedures to align with business goals and regulatory requirements.

Managed Vendor Risk Management (VRM), overseeing asset & vendor inventories to ensure accurate data and compliance.

Led ISO 27001 testing & compliance assessments, ensuring alignment with security frameworks and industry standards.

Conducted User Access Reviews (UARs) for SaaS applications, strengthening access control measures.

Conducted Generative AI risk assessments to analyze security vulnerabilities in AI/ML applications

Integrated Azure DevOps security best practices into governance frameworks, ensuring compliance with regulatory standards.

Led PCI Data Loss Prevention (DLP) compliance, including annual PCI Attestation of Compliance (AOC) assessments.

Reviewed Data Protection Agreements (DPA), Privacy Policies, and global regulations (CCPA, CPRA, GDPR, PIPL).

Developed and maintained ISO 27001:2013 security policies, including Information Security, Change Management, Risk Methodology, Password Policy, Asset Management, and Physical Security.

Conducted risk assessments and audits for ISO 27001 testing, ensuring compliance and continuous improvement.

Johnson & Johnson (Contract) GRC Analyst Sep 2021 – Feb 2022

Managed global AI/ML and Generative AI data privacy regulations, ensuring compliance with PIPL, APPI, GDPR, and U.S. AI data laws.

Developed user access request flowcharts to streamline data access governance.

Created a tracker for monitoring global AI & ML data privacy laws and ensuring regulatory updates.

Led ISO 27001 & risk assessments, collaborating with legal teams to align AI & ML compliance frameworks.

Par Pacific Holdings, Inc IT Risk & Compliance Analyst Feb 2020 – Aug 2021

Served as Information Security User Access Reviewer (UAR) Control Owner, working with IT, Operations, Sales, Finance, HR, Legal, and Audit teams.

Managed CyberArk AI Cloud Entitlements Manager for cloud security monitoring, reducing risks and enhancing access visibility.

Led GRC ServiceNow Incident & Change Management, identifying data governance & compliance issues in AWS & Azure environments.

Performed ISO 27001 testing, IT risk assessments, and audit compliance.

Conducted security awareness training using KnowBe4 and managed compliance dashboards.

Served as liaison between Business Owners, Internal & External Auditors to ensure SOX and ISO 27001 compliance.

Wells Fargo Operational Risk Analyst – PCI Compliance Sep 2019 – Jan 2020

Conducted security risk analyses for financial products, leveraging ISO 27001, NIST, PCI DSS, and ISO frameworks.

Collaborated with SMEs & stakeholders to assess security requirements for new & existing products.

Performed ISO 27001 testing, compliance reviews, and implemented risk mitigation strategies.

McAfee PCI Consultant – Risk Assessments Oct 2018 – Jan 2019

Conducted PCI Risk Assessments for third-party applications (FedEx, MasterCard) to ensure PCI DSS & ISO 27001 compliance.

Worked with stakeholders to track and remediate risk findings.

Chevron IRM Consultant – Risk Assessments March 2018 – June 2018

Conducted risk assessments for SaaS, IaaS, and PaaS applications.

Utilized Archer & AWS security tools for ISO 27001 testing, risk reporting, and compliance tracking.

Engaged with third-party vendors & internal teams to address security risks & compliance concerns.

IT Audit & Cybersecurity Consulting (Various Clients: KPMG, CITGO, Occidental Petroleum, Rowan, Direct Energy, Total Safety, Sterling Construction, Dover, ENI Petroleum, FMC Technologies, Cardtronics, Board Member – Audit & Compliance Committee) 2007 – Present

Sr. IT Internal Auditor IT Risk Analyst Cybersecurity Auditor

Conducted IT risk assessments, SOX compliance testing, and cybersecurity audits for Fortune 500 companies.

Assessed and tested IT General Controls (ITGC), application security, and business continuity plans (BCP/DRP) across ERP systems (SAP, Oracle, PeopleSoft).

Performed penetration testing, vulnerability assessments, and third-party security audits to enhance IT security postures.

Identified and remediated segregation of duties (SOD) conflicts, ensuring compliance with SOX, NIST, COBIT, and ISO 27002 frameworks.

Collaborated with senior management and external auditors (PwC, Deloitte, KPMG) to streamline audit processes and reduce compliance costs.

Led investigations into fraud, bribery (FCPA), and forensic data analysis, uncovering financial discrepancies and policy violations.

TECHNICAL SKILLS & CERTIFICATIONS

Frameworks & Compliance: SOX 404, NIST, COBIT, ISO 27001, ITIL, PCI DSS, NIS 2

ERP & Systems: SAP, Oracle, PeopleSoft, GRC, QuickBooks

Security & Risk Management: Cybersecurity Audits, Vulnerability Assessments, Incident Response, SOD Testing

Cloud & AI Technologies: AWS, Azure, M365, CyberArk, AI/ML Risk Assessments

GRC Tools: Archer, ServiceNow, Paisley Risk Navigator, SIEM Systems, KnowBe4

Additional Experience

GRC, IT Risk, & Compliance Roles at EY, RSM, AIG, Envoy Mortgage, Baker Hughes, MasterCard, Occidental Petroleum, Chevron, Direct Energy, Total Safety, and more.

SOX & ISO 27001 Testing & ITGC Compliance (Archer, SAP, Oracle, NIST, COBIT).

Data Governance & Security Policy Development (ISO 27001, GDPR, CCPA).

Vendor Risk & Third-Party Compliance (Cloud Security, AWS, Azure, CyberArk).

EDUCATION & CERTIFICATIONS

B.A. in Economics, Minor in Sociology – Punjab University

Kaplan University – Project Management Courses

Certifications:

oSecurity+ (Pursuing)

oHIPAA Security Awareness Certification (2017)

oOracle Database 7i, 8i, 9i

TECHNICAL SKILLS

Cloud & Security: AWS, Azure, M365, CyberArk, ServiceNow, Archer

GRC & Compliance Tools: ISMS, OneTrust, OpenPages, SAP, Oracle R12

Data Governance & Privacy: GDPR, CCPA, CPRA, PIPL, PCI DSS, ISO 27001

Audit & Risk Management: NIST, COBIT, ISO 27001, ITGC, ITAC, NIS 2

LANGUAGES

English, Arabic, Urdu, Punjabi, Hindi



Contact this candidate