Post Job Free
Sign in

Risk Management Enterprise

Location:
Bethesda, MD
Posted:
April 26, 2025

Contact this candidate

Resume:

Ismail Budanur

PMP, CISM, CRISC, Security+, Splunk, QRadar

Bethesda, MD 202-***-**** *************@*****.*** https://www.linkedin.com/in/budanur

Professional Profile

Risk Manager

Risk management professional with over 7 years of experience driving Enterprise Risk Management (ERM), Governance, Risk and Compliance (GRC) initiatives, business continuity, and disaster recovery efforts. Skilled at operationalizing risk frameworks, enhancing risk registers, and coaching cross-functional teams to strengthen organizational resilience aligned with ISO 27001, NIST CSF, and ISACA standards.

Core Competencies:

●Enterprise Risk Management (ERM)

●Governance, Risk & Compliance (GRC) Tools

●Risk Register Development

●Business Continuity & Disaster Recovery Testing

●Risk Mitigation & Remediation Tracking

●Operational Risk Assessments

●ISO/IEC 27001 Standards

●NIST Cybersecurity Framework (CSF)

●Information Security Risk Management

●Cross-Functional Collaboration

●Coaching & Risk Methodology Training

●Critical Thinking, Analytical, and Problem Solving

●Project Management & Prioritization

●Verbal and Written Communication Skills

●Relationship Building & Accountability

●Willingness to Learn and Adapt

●Creative Governance Solutions

Professional Experience

CUSTOMER VALUE PARTNERS, Washington, DC 12/2024 -4/2025

Cybersecurity Risk & Operations Manager Enterprise Risk Management (ERM)

●Conducted targeted operational risk assessments across 10+ business units, identifying 120+ control deficiencies and tracking 95% remediation closure rate through Archer GRC and ISO/IEC 27001 methodologies.

●Developed and maintained enterprise-wide risk registers and risk profiles, reducing residual risk scores by 22% over two quarterly reviews.

●Partnered with Compliance, Information Security, and business leadership to align 100% of mitigation activities with NIST Cybersecurity Framework (CSF) and ISACA standards.

●Designed Power BI dashboards that decreased executive risk reporting cycle time by 30% and improved decision-making speed.

●Coordinated and executed disaster recovery testing and tabletop exercises, resulting in a 15% improvement in response time and business continuity plan maturity scores.

●Built trust-based relationships across engineering and business operations teams to coordinate remediation, demonstrating willingness to learn and adapt to evolving risk conditions.

DEPOSITORY TRUST & CLEARING CORPORATION, McLean, VA 03/2022 - 11/2024

Lead Risk & GRC Engineer

●Directed internal risk assessments and audit programs across 15+ systems, achieving an 85% reduction in operational risk exposure through control revalidation and proactive remediation.

●Led audit gap analysis and readiness projects, reducing audit preparation cycle time by 25% while aligning control frameworks with ISO 27001, NIST CSF, and ISACA governance standards.

●Utilized Archer and MetricStream GRC platforms to manage over 250 risk records, improving compliance tracking and regulatory reporting efficiency.

●Conducted third-party vendor assessments, increasing vendor compliance rates by 18% over two audit cycles.

●Developed executive dashboards and KPIs, improving leadership understanding of risk profiles and top enterprise risks by 35%.

●Strengthened Enterprise Risk Management (ERM) governance across capital markets by embedding risk scoring into 100% of operational processes.

GovCIO, Washington, DC 07/2021 - 03/2022

Cybersecurity Architect - Federal Risk Initiatives

●Managed the security risk posture across 120+ federal business units, reducing critical vulnerability exposure by 30% through continuous risk monitoring and control validation.

●Led WAF deployment and compliance tuning efforts, training 40+ developers in secure rule validation and log analysis, resulting in a 25% improvement in web application risk scores.

●Delivered targeted vulnerability assessments and compliance gap analyses to support IT audit readiness, improving audit pass rates across business units by 18%.

●Designed and maintained Power BI dashboards to visualize system risk posture and trend analysis for executive stakeholders.

●Coordinated firewall deployments and vulnerability management projects across 120+ business units, achieving 98% SLA compliance.

●Strengthened network-level security governance by aligning security policies with ISO 27001 and NIST CSF frameworks.

●Managed SOC vulnerability dashboards, incident ticketing workflows, and log audit readiness tasks to enhance operational resilience.

●Designed and maintained Power BI dashboards to visualize system risk posture and trends, improving executive visibility and supporting data-driven, analytical decision-making.

INFOSYS, Washington, DC 11/2020 - 07/2021

Cloud Security Architect & Risk Advisor

●Led AWS security architecture design for U.S. financial systems, implementing ISO 27001 and PCI-DSS compliant controls, resulting in a 22% reduction in cloud security gaps during annual audits.

●Conducted cloud risk evaluations and compliance reporting for financial services platforms, achieving 100% audit pass rates across quarterly reviews.

●Created hardened EC2 AMIs, managed AWS WAF, and deployed GuardDuty, increasing threat detection visibility by 35% in production environments.

●Reduced cloud operational costs by 18% through Cloudability cost optimization projects while maintaining compliance controls.

●Designed resilient, scalable AWS environments to support emerging technologies, including blockchain applications for financial services.

●Led secure infrastructure migration projects, ensuring zero unmitigated risk findings post-migration through rigorous pre-production risk assessments.

●Collaborated with Finance, Operations, and Engineering leaders to align cloud security strategies with organizational risk appetite and compliance requirements.

CYBERNOW LABS, Sterling, VA 01/2020 - 10/2020

Cybersecurity SOC Analyst - Threat Detection & Response

●Analyzed logs using Splunk and QRadar to detect malware, anomalies, and .security violations and supported information security improvements.

●Conducted penetration testing using Kali Linux, Metasploit, and Nessus to simulate threats and validate defenses.

●Performed risk and compliance assessments aligned with ISO 27001 and NIST 800-53.

●Generated IOC reports, assessed threat sources, and supported internal control reviews.

●Performed data analysis and contributed to control testing documentation for audit preparedness.

●Assisted in process improvement by identifying gaps in SOC logging and threat hunting procedures.

●Applied strong visual acuity during log reviews and anomaly detection using Splunk and QRadar.

●Participated in internal control reviews and executed corrective actions to resolve recurring audit deficiencies.

●Demonstrated adaptability and flexibility in rotating SOC responsibilities and rapid incident analysis.

●Applied strong visual acuity and verbal communication skills during SOC log reviews, enabling rapid incident escalation and response coordination.

SAIS, Vienna, VA 07/2017 - 01/2020

IT Risk and Security Consultant Governance, Risk, and Compliance Programs

●Delivered internal consulting and cybersecurity services to enterprise clients on IT risk mitigation and cybersecurity governance.

●Developed security policies and supported risk remediation initiatives in line with ISO and NIST standards.

●Coordinated cross-functional incident response planning and business continuity documentation.

●Assisted clients with business continuity documentation and secure IT solutions design.

●Recommended improvements to strengthen process excellence in governance practices.

●Consulted clients on how to implement processes that maintained data confidentiality, compliance, and governance alignment.

●Supported organizational change initiatives in IT risk mitigation by realigning governance practices and incident documentation.

●Engaged in policy development for enterprise clients to meet ISO/NIST alignment goals.

●Delivered secure architecture recommendations aligned with client goals to protect customer information and support evolving industry regulations.

●Consulted clients on governance and compliance improvements, applying creative approaches to strengthen security posture and regulatory alignment.

Turkish Embassy, Washington, D.C. 08/2015 - 09/2016

Senior Risk and Compliance Program Manager Multinational Risk and Resilience Operations

●Directed strategic risk assessments and compliance initiatives across 20+ diplomatic and military operations, reducing operational risk exposure by 25% through process optimization and control integration.

●Led cross-agency collaboration with U.S. military, NATO, and federal partners, strengthening bilateral risk governance frameworks and compliance continuity efforts.

●Oversaw security training programs for 500+ personnel, achieving a 95% compliance adherence rate with international security standards.

●Conducted strategic evaluations of high-value asset protections, leading to a 30% improvement in asset resilience scores during external audits.

●Delivered operational resilience guidance to multinational teams, enhancing business continuity and incident response capabilities across critical operations.

●Developed and implemented improvements to cross-border compliance reporting procedures, reducing reporting cycle time by 20%.

●Provided risk-informed strategic planning support for multinational security projects, promoting continuous organizational resilience through risk mitigation frameworks aligned to ISACA and ISO 27001 principles.

NATO / Turkish Navy - Turkey & Netherlands 08/2010 - 07/2015

Senior Operational Risk Manager Multinational Crisis and Resilience Programs

●Led multinational incident response initiatives across NATO maritime operations, reducing crisis recovery times by 20% through strategic lessons-learned integration and risk control optimizations.

●Directed compliance alignment with NATO resilience frameworks, achieving a 95% adherence rate across 10+ operational units during security audits.

●Developed crisis response strategies and post-incident audit frameworks, embedding risk-informed decision-making practices aligned with ISO 27001 and NIST CSF standards.

●Fostered cross-national collaboration and resilience-building exercises, strengthening mission criticality resilience scores by 18%.

●Oversaw multinational crisis response teams, supervising incident management processes under urgent, high-pressure conditions.

●Implemented corrective action programs based on incident root cause analyses, significantly improving operational risk posture across multiple maritime operations.

●Integrated post-incident findings into SDLC and IT control frameworks to reinforce organizational resilience and continuous improvement efforts.

Education

Master of Science (M.S.), Computer Science Naval Science and Engineering Institute, Istanbul, Turkey

Master of Arts (M.A.), Security Strategies and Management, Naval War College, Istanbul, Turkey

MicroMasters, Cybersecurity, Rochester Institute of Technology, Rochester, NY

Bachelor of Science (B.S.), Electrical and Electronics Engineering, Naval Academy, Istanbul, Turkey

Certifications

CISM - Certified Information Security Manager

CRISC - Certified in Risk and Information Systems Control

PMP - Project Management Professional

CompTIA Security+

CISSP - Certified Information Systems Security Professional (In Progress)

ISO/IEC 27001 Lead Auditor (In Progress)

CISA - Certified Information Systems Auditor (Pursuing)

AWS Certified Security - Specialty (In Progress)

Splunk Core Certified Power User

IBM QRadar SIEM Foundations



Contact this candidate