Risk Management Cybersecurity Analyst

DANNY TRAN

Cybersecurity Analyst Governance, Risk & Compliance (GRC)

San Antonio, TX 78240 858-***-**** *********@*****.***

SUMMARY

Highly motivated Governance, Risk & Compliance (GRC) Analyst with over 1 year of hands-on experience in identifying and mitigating IT, cybersecurity, and regulatory risks. Expert in leveraging industry standards such as PCI DSS, HIPAA, NIST, and ISO 27001 to develop comprehensive risk management strategies. Proven success in using tools like Splunk, ServiceNow, and RSA Archer to track, report, and manage risks, while ensuring alignment with compliance frameworks. Adept at collaborating with cross-functional teams, preparing detailed risk assessment reports, and advising leadership on security posture. Seeking to contribute expertise in GRC to support strategic initiatives and improve cybersecurity.

PROFESSIONAL EXPERIENCE

Governance Risk & Compliance Analyst

Zachry Construction Corporation – San Antonio, TX

May 2023 – Present

Risk Management & Compliance:

oIdentify, assess, and monitor enterprise-wide risks in IT, cybersecurity, and regulatory compliance, ensuring alignment with PCI DSS, NIST, and HIPAA.

oLead comprehensive risk assessments, developing and implementing mitigation strategies in collaboration with cross-functional teams.

oSupport third-party risk management (TPRM) efforts using LogicGate to streamline risk identification, assessment, and remediation.

oProvide leadership with actionable insights on emerging risks through ServiceNow, contributing to informed decision-making.

Incident & Vulnerability Management:

oEvaluate Splunk dashboards to detect vulnerabilities, escalating critical security issues for prompt remediation.

oCollaborate with security teams to assess risks from vulnerabilities and incidents, maintaining a risk register to track remediation.

oOversee Jira projects for detailed risk remediation tracking, including documentation and timelines.

Governance & Reporting:

oFacilitate internal and external audits by providing risk-related documentation and remediation plans.

oLead the development of a strategic plan for maturing RSA Archer/GRC application implementation.

oUtilize Tableau to leverage data for making strategic decisions and communicating findings to leadership.

Process Improvement & Documentation:

oImprove team collaboration and documentation by creating and maintaining Confluence pages.

oAdvise senior management on risk strategies to ensure business continuity and regulatory compliance.

EDUCATION

Bachelor of Business Administration, Cybersecurity

University of Texas at San Antonio – San Antonio, TX

Expected Graduation: June 2024

Relevant Coursework: Risk Management, Cybersecurity Governance, IT Security, Network Security, Ethical Hacking.

Associate of Biology, Pre-Nursing

Northwest Vista College – San Antonio, TX

Graduated: June 2017

Associate of Liberal Arts, Kinesiology

Northwest Vista College – San Antonio, TX

Graduated: June 2015

KEY SKILLS

Risk Management: Enterprise Risk Assessment, Vulnerability Remediation, Third-Party Risk Management (TPRM), Risk Reporting

Compliance Frameworks: PCI-DSS, HIPAA, NIST, ISO 27001, CIS Controls

GRC Tools: RSA Archer, LogicGate, ServiceNow, Splunk, Tableau

Technical Tools: Nessus, Wireshark, Netcat, OWASP ZAP, BitSight

Security & IT: IT Security Audits, Security Controls, Vulnerability Management, Incident Response

Collaboration & Communication: Jira, Confluence, Documentation, Stakeholder Engagement

Contact this candidate