Risk Management Grc Analyst
Resume:
ARMEL NGUESSAN
Minnesota 218-***-****
Email: ************@*****.***
CAREER SUMMARY
Results-driven GRC Analyst with expertise in Governance, Risk, and Compliance (GRC) frameworks, regulatory requirements, and risk management strategies. Skilled in conducting risk assessments, implementing security controls, and ensuring compliance with industry standards such as NIST, ISO 27001, GDPR, etc to drive needed organizational goals. Proficient in utilizing GRC tools, preparing security documentation, strong analytical skills, and collaborating with cross-functional teams to strengthen organizational security posture.
SKILLS
● Security Framework and Standard (ISO 27001, NIST, HIPAA, NDPR, PCI DSS, GDPR)
● Vendor Risk Management
● Security Awareness Training and Education
● Regulatory Compliance Assessment and Documentation
● Policy, Procedure, and Control Development
● Attention to Details
● Team Collaboration
● Project Management
● Business Continuity Plan and Incident Response Planning Recovery
TOOLS
● Operating Systems (E.g. Windows OS, Microsoft 365, MacOS, Linux)
● Cloud Environments: AWS, AZURE, and Google Cloud
● Security Tools: eMASS, ServiceNow, SIEM Solutions, Firewall Management, Intrusion Prevention Systems (IPS)
● GRC Tools: RSA Archer, MetricStream, SAP GRC
● Risk Management Software: LogicManager, RiskWatch
● Data Privacy Tools: OneTrust, TrustArc
● Audit Management: ACL Analytics, TeamMate+
WORK EXPERIENCE
ENKISHON LLC CONSTRUCTION
GRC Analyst Oct 2020 – Till Date
● Led and facilitated the implementation and maintenance of the new ISO 27001 to ensure all departments are compliant with the new policy, also specified the gap analysis difference for proper adjustment during meetings.
● Developing and administering monthly training programs for staff members improving overall compliance awareness by 30% and also reducing phishing clickbait by creating phishing simulation exercises.
● Develop the strategic plan and roadmap to mature the initial implementation of our GRC application and software.
● Leverage industry and technical expertise in incident detection to assist the SOC team in addressing more effectively risks associated with business intrusion detection and prevention procedures.
● Spearheaded the implementing of a third-party due diligence program, leading to enhanced vendor selection processes and a 45% reduction in risk within the organization. This initiative aimed to strengthen relationships with external partners while ensuring compliance and minimizing potential risks associated with third-party engagements.
● Continued to stay on trend with developments in cybersecurity and recommends ways for the organization to minimize risks increase system security by 55%, and take advantage of new technology and techniques for efficiency.
ST. CLOUD HOSPITAL, ST. CLOUD, MN
GRC Officer Oct 2017 – Aug 2020
● Collaborated with the internal audit team to evaluate the effectiveness of compliance control and manage industry risks effectively.
Recognized for streamlining data processing workflows at a leading analytics firm, eager to apply quantitative skills to assess and enhance IT controls and operational efficiency.
● Collaborated with the IT department to implement robust compliance monitoring software, enhancing data analytics capabilities and reducing manual effort by 50%.
● Remained up-to-date with the latest industry standards and frameworks, including overseeing the successful implementation of ISO 27001:2022. This involved ensuring that the organization's information security management system met the requirements of the ISO standard, demonstrating a commitment to maintaining robust cybersecurity practices and protecting sensitive information assets.
● Drafted Acceptable Use Policy to tackle issues related to mishandling office equipment and gadgets.
● Educated colleagues on cybersecurity trends and keeping safe during the cybersecurity awareness month.
● Monitored and reviewed compliance activities to ensure adherence to established policies and procedures, resulting in a 95% compliance rate across all departments.
PAN-O-GOLD BAKING, ST. CLOUD, MN
Risk Analyst July 2015 – Aug 2017
● Performed variance analysis, root cause analysis, and trend analysis on variances and socialized the results with risk partners.
● Assessment and documentation for regulatory compliance.
● Generated effective testing programs, reducing the audit test cycle time by 25%, and guaranteeing policy compliance.
● Works with legal, and internal audit global security to create a corporate global anti-fraud policy.
● Developed and tracked Key Risk Indicators (KRI) for the organization
ST. CLOUD TECHNICAL AND COMMUNITY COLLEGE (SCTCC)
Registration & Risk Compliance Specialist Assistant July 2013 – July 2015
● Conducted data integrity audits, ensuring FERPA, Title IX, and ADA compliance.
● Assisted in implementing policies that improved institutional regulatory adherence by 20%.
● Coordinated risk assessments, identifying vulnerabilities in enrollment and registration processes.
WORLD BANK FUNDED PROJECT, IVORY COAST
Project Coordinator and Compliance Specialist Jan 2011 – April 2013
● Implemented cybersecurity compliance frameworks aligned with international risk management standards.
● Led compliance audits, reducing regulatory compliance risks by 20% and identifying control gaps within the organization.
EDUCATION
UNIVERSITY OF BOUAKE
● BSc – Business Law 2016
TRAINING AND CERTIFICATION
CompTIA
● Security+ 2024
UNIVERSITY OF MINNESOTA
● Cybersecurity Certification 2024
COLLEGE OF ST. SCHOLASTICA
● Certified Associate Project Manager (CAPM) 2021
SCTCC
● Health Information Technology Management Coursework 2019
GOODWILL EASTER SEALS OF MINNESOTA
● Financial Services Skills Certification – (08/2015)
PROJECTS
● Assisted in implementing corporate-wide compliance policies for data privacy and risk management.
● Conducted regulatory risk assessments, ensuring compliance with state and federal requirements.
● Led internal compliance audits, identifying and resolving compliance gaps by 20%.
● Developed and maintained audit-ready documentation, improving organizational regulatory efficiency.
Contact this candidate