Senior It Data Governance
Resume:
LEO
ZAMBRANO
SENIOR IT AUDITOR/
SENIOR IT DATA GRC ANALYST
Extensive experience performing IT Audit and IT Risk and Data Governance reviews in accordance with IT Audit Standards. Perform AI Governance reviews including principles, strategies and business alignment with business objectives to mitigate AI risk. Perform IT Audit risk assessments on a periodic basis. Perform annual IT SOX testing which includes SAP GRC reviews. Perform IT Audits for Network, Database, Operating Systems and Data Center. Created best practices for effective AI governance. Work with IT organizations to align with IT strategy and associated risks. Assist in the identification of value-added projects for partnering Audit and/or Risk Governance working with IT teams. Perform PCI privacy reviews to comply with regulatory requirements. Perform Cybersecurity
reviews and ensured threats and vulnerabilities are remediated within defined timelines. Reviewed vulnerability management process which included threat hunting and threat intelligence components within Rapid7 System. Perform application security audits and system development disciplines (SDLC). Perform initial IA governance reviews and evaluate machine learning (ML) solutions to assess risk and assist with adoption recommendations. Perform various data governance reviews pertaining to corporate and regulatory requirements. Certified Information Systems Auditor (CISA) and Certified Risk Management Accessor (CRMA).
CONTACT INFO
MOBILE:
EMAIL:
************@*******.***
LINKEDIN PROFILE:
Linkedin.com/in/leoz
WEBSITE:
github.com/lazambrano (Portfolio)
San Antonio, Texas
EXPERIENCE
Marathon Petroleum Corporation – Senior IT Auditor
Jun 2023 - Present
San Antonio, Texas
Perform AI Governance reviews including principles, strategies and business alignment with business objectives to mitigate AI risk. Created best practices for effective AI governance.
Perform IT Audit risk assessments on a periodic basis. Perform IT Audits for Network, Database, Operating Systems and Data Center.
Perform Cybersecurity audits including threat hunting and intelligence reviews. Review vulnerability scanning and Cybersecurity policy and procedures which include intelligence components within Rapid7 System.
Perform Data Governance audits including review of data standards, data sharing requirements and the data catalog system access and change management process.
Perform IT SOX testing on a periodic basis that includes SAP GRC reviews of T codes of high-level security functions.
Perform OT Refinery reviews and ensure NIST 800-82 and NIST 800-53 requirements are in place. Provide insights into secure architecture and access control, and network segmentation and vulnerability management are also maintained.
Perform audit security risk reviews that conform with NERC-CIP requirements.
Perform SCADA infrastructure audits with high-quality execution including reviews of IT Architecture, applications and special project audits.
Perform reviews of DRP/BCP planning and advise on readiness to maintain compliance with evolving corporate and regulatory requirements.
Perform reviews of Change Control, Access Management systems, Disaster Recovery and Backup and Recovery procedures.
Perform initial IA governance reviews and evaluate machine learning (ML) solutions to assess risk and assist with adoption recommendations.
Perform various data governance reviews pertaining to corporate and regulatory requirements.
USAA – Senior Data Governance Analyst
Jun 2021 – Jun 2023
San Antonio, Texas
Performed initial AI Governance reviews and evaluated machine learning (ML) solutions to assess risk and assist with adoption recommendations.
Performed various Data Governance reviews pertaining to corporate and regulatory privacy requirements (PCI).
Implemented projects and applied data management practices to address data risk and control requirements.
Utilized Jira System along with ServiceNow Change Management System to track Data Catalog changes.
Experience working in Agile methodology and performed Scrum Master duties.
USAA – Senior IT Risk Analyst
Feb 2014 – Jun 2021
San Antonio, Texas
Executed SOX control testing on a periodic basis.
Experience with various GRC and Audit Management Systems.
Executed IT service management practices around incident, Change, Problem and Solution Development Lifecycle (SDLC) delivery methodologies for improvement and collaboration
Experience with ServiceNow incident tracking system.
Performed cost benefit and return on investment analyses for proposed systems to aid management in making implementation decisions.
Experience with Microsoft IT Networking Systems and Cisco Management Systems.
NuStar - Corporate IT SOX Specialist
Mar 2013 – Jan 2014
San Antonio, Texas
Plan and oversee IT SOX testing controls. Perform SAP GRC reviews of risk IDs and mitigation of controls.
Valero Energy - Corporate IT SOX Specialist
Mar 2007 – Mar 2013
San Antonio, Texas
Perform audit security risk reviews that conform with NERC-CIP requirements.
Performed OT Refinery reviews and ensured industry standard requirements were in place.
EDUCATION
The University of Texas at Dallas
Master of Science, Information Systems Management
The University of Texas at San Antonio
Data Analytics Cohort Program, School of Data Science
Southern Methodist University
School of Engineering and Applied Science, Microsoft Networking System Engineering Program
The University of Texas at El Paso
Bachelor of Business Administration
CERTIFICATIONS
Certified Information Systems Auditor (CISA)
Certified Risk Management Assessor (CRMA)
SKILLS
OT
SCADA
Regulatory Standards
Cybersecurity
Data Science
AI Governance
Machine Learning
Neural Networks
Deep Learning
LLMs
Data Modeling
Data Analytics
Microsoft Copilot
Google Gemini
SQL
SAS
Python
Power BI
R
Tableau
Hadoop
Java
SAP
Excel
Power Point
Teammate
Archer
AuditBoard
Agile
Contact this candidate