It Security Grc
Resume:
DEBORAH A. RODRIGUEZ, CISA, CISM, CISSP, CRISC, CGEIT, CPA
***** ******* ******, ***. * Phone: 248-***-****
Los Angeles, CA 90024 ****************@*****.***
PROFESSIONAL SUMMARY
Resourceful, persevering Manager, IT Security GRC with more than five years’ experience for publicly traded corporations. Identify, assess, mitigate and monitor risks per compliance frameworks such as Sarbanes-Oxley (SOX), SOC 2 (SSAE 18), CoBIT, NIST800-53, NIST Cybersecurity Framework (CSF) v2.0 and PCI-DSS. Accomplishments within the GRC domain include:
Develop and implement policies, procedures, and controls that ensure compliance with laws, regulations, and industry best practices.
Perform security risk assessments to identify gaps, develop recommendations for remediations
Leadership role in the SOX Audit effort required from IT Security by working with Internal/External Audit to gather compliance evidence and work though any potential issues
PROFESSIONAL EXPERIENCE
Pacific Life Insurance [Apex Consulting] Newport Beach, CA
GRC Analyst 10/2024 – present
Develop, revise IT Policies, Standards, Procedures and Guidelines, and Controls for Fortune 500 Insurance Company. Vet IT processes with client Operational Risk and Resilience leaders.
Apple [Inspyre Solutions] Austin, TX (remote)
SOX Analyst 5/2024 – 9/2024
Provide Sarbanes-Oxley (SOx) and compliance support for Apple Ad Platforms, a $7B business for the global corporation, including evidence gathering, test of controls, and year-end compliance reporting.
Chevron [Rose International] El Segundo, CA
Risk Analyst 4/2023 – 3/2024
Perform IT Risk Analysis and security assessments in a highly regulated environment for major energy client Chevron. Expertise in application of ServiceNow and OneTrust to perform security and compliance roles.
Intercontinental Exchange (ICE) Pleasanton, CA (remote)
Sr. Cybersecurity, Risk and Compliance Manager 9/2021 – 8/2022
Manage IT SOx ITGCs in annual audit preparation for FinTech division corporation with $56B market capitalization. Manage and conduct PCI-DSS (Payment Card Industry) Data Security Standards audit. Plan and perform pre-IT and post-implementation Cybersecurity assessments for enterprise projects.
LinkedIn [Genesis 10] Sunnyvale, CA (remote)
Information Security Analyst 11/2020 – 6/2021
Manage and address customer-facing Cybersecurity and privacy questionnaires for an Agile framework. Program knowledge base so that Cybersecurity and privacy requests are repeatable and sustainable at scale.
Aerojet Rocketdyne Canoga Park, CA
Specialist, IT Audit 4/2020 – 8/2020
Lead IT General Control reviews for Sarbanes-Oxley compliance, including review of Cybersecurity practices for public company. Cybersecurity domain reviews include Cloud Controls, Disaster Recovery, and Change Control.
NextGate Solutions Monrovia, CA
IT Security and Compliance Manager 1/2019 – 1/2020
Responsible for HITRUST IT Security Governance, Risk, and Compliance for healthcare software developer including incident response, HIPAA compliance, IT Security Project Management, and IT Risk Analysis. One hundred percent of previously untrained team passed Cybersecurity Awareness training (free resource).
Teradata Corporation Rancho Bernardo, CA
Cloud Compliance Analyst 2/2018 – 1/2019
Successfully implemented five Cybersecurity programs: PCI-DSS, GDPR, SOC 2, HIPAA, and ISO 27001 for large publicly traded provider of cloud computing. Perform table top exercise for enterprise.
IBM – Global Business Services Glendale, CA
Sr. Managing Consultant 11/2011 – 3/2017
Provide expert-level Cybersecurity and Privacy compliance to large (over $200 mm annual revenue) GBS projects for Public Federal, Industrial, Distribution and Financial sectors based on IBM Cybersecurity and Privacy framework. Responsibilities include implementation of Cybersecurity practices, data analysis, process improvement for on and off-boarding, user administration, IT governance, and risk mitigation. Plan and lead kickoff, status, and closing meetings with engagement team and clients.
Federal Public Sector – Food and Drug Administration, Department of Interior, US Forestry Service; High Performance Storage Systems (Department of Energy), Housing and Urban Development (HUD)
Public State and Local/Health/Higher Education – County of San Diego (CoSD), ConnectWell San Diego, Information Exchange with Curam, MDM, Cognos, architectural components; Ohio Department of Transportation (ODOT); Ohio Administration; Kaiser Permanente – Resilience/Availability; State of California Office of Integration, Case Management Services; Children’s Hospital of Los Angeles (CHLA) PeopleSoft.
Life Sciences – Johnson and Johnson; Glaxo Smith-Kline (GSK)
Industrial Sector – American Honda (CS), Honda Japan (AMS); Applied Materials ERP; Air Products, Hertz Oracle; Lockheed Martin Maximo; Hill-Rom Industries (J.D. Edwards), Raytheon
Financial Services Sector – Nationwide Mutual Insurance; Goldman Sachs (Global Payroll Project)
Intuit Financial Services Westlake Village, CA
IT Systems Analyst 8/2010–10/2011
Implemented SSAE-16 and IT General/SOX Controls, including technology recommendations for network, database, operating systems Cybersecurity. Leader of FFIEC Risk Assessment project, managing a six-person professional team.
Kaiser Permanente [NESS USA] Walnut Creek, CA
IT Controls Consultant 4/2010–6/2010
Provide IT and HIPAA controls consulting for large non-profit healthcare organization with annual revenues exceeding $26 B nationally. Performed Cybersecurity assessments at the database, application, and OS level.
Holloway and Associates Washington, DC
Senior Manager 6/2009–12/2009
Lead and execute IT assurance engagements for Federal government agencies, including Food and Drug Administration (FDA). Support A-123 engagements, conduct SSAE -16 (SAS 70) reviews for public clients.
EDUCATION AND CERTIFICATIONS
Tulane University, A. B. Freeman School of Business, New Orleans, LA
Master of Business Administration, Finance, GPA 3.4, Bachelor of Arts, Economics, Cum Laude, GPA 3.6
Certified Information Systems Security Professional, 2009 - # 88155
Certified Information Systems Auditor, 2010, Certified Information Systems Manager, 2013
Certified Risk and Information Security Consultant, 2014, Certified in the Governance of Enterprise IT, 2015
Contact this candidate