Risk Analyst Management

Gregory McCormick

******************@*****.*** 617-***-**** Roswell, GA

https://www.linkedin.com/in/gregory-mccormick-76a61395 SUMMARY

Experienced GRC Analyst with a strong track record of implementing ISO 27001 and NIST CSF across enterprise environments to enhance compliance and risk management and to support audit readiness. WORK EXPERIENCE

Delta Air Lines Atlanta, GA

IT Security Engineer Oct 2023 - Present

• Conducted in-depth security control assessments on over 500 high- and critical-risk vendors using ISO 27001, NIST CSF, and the FAIR Institute frameworks, which reduced organizational risk exposure and saved business profits.

• Advised over 10 business units, through monthly meetings and office hours, on methods to identify and mitigate risks associated with vendor relationships, resulting in an increase of policy adherence and an 80% reduction in onboarding delays due to compliance gaps.

• Submitted over 300 executive-level vendor risk reports, which enhanced decision-making for leadership and increased awareness of security gaps across 75% of all critical and high-risk vendors.

• Authored 4 internal information security policies and procedures that aligned with ISO 27001 standards.

• Collaborated cross-functionally with partner teams—including IT, legal, and various business units—to identify and resolve compliance gaps by aligning security controls with regulatory requirements and driving implementation of remediation plans across the organization.

• Utilized GRC platforms Archer and BitSight to continuously monitor, analyze, and act on potential vendor risk.

• Led data breach management and remediation efforts on over 250 vendors through virtual and on-site interviews, as well as partnered with internal control owners to implement risk-mitigating strategies. Rapid7 Boston, MA

Information Security Risk Analyst II Nov 2020 - Oct 2023

• Conducted the comprehensive risk evaluations of over 600 third-party vendors annually and developed mitigation strategies for identified security findings.

• Matured the Third-Party Vendor Risk program by sponsoring TPRM tool Aravo, which reduced assessment times by 50%.

• Through gap assessments, cross-functional coordination, control mapping, and risk assessments, led an enterprise-wide initiative that received an ISO 27001 certificate and a clean SOC 2 Type II.

• Developed and continuously maintained ISMS documentation for certification readiness.

• Through GRC tools AuditBoard and ServiceNow, provided leadership with monthly metrics to inform resource allocation, track performance, and align strategic goals.

• Conducted daily monitoring of vulnerability management and audit tools InsightVM, Risk3Sixty and BlackKite to identify and respond to internal and external threats as well as remediate findings.

• Led security awareness training for 2,600 employees globally, utilizing phishing simulations, remedial training sessions, and security newsletters, which reduced the failed phishing rate by 90%. The Edward Davis Company Boston, MA

Cybersecurity Specialist Aug 2020 - Aug 2021

• Conducted detailed risk assessments on physical and logical systems to ensure data integrity and employee safety.

• Compiled and presented comprehensive reports to clients, highlighting security strengths and identifying areas for improvement.

• Performed pre-employment background checks using open source intelligence to support customer security needs. Boston Police Department Boston, MA

Police Officer/Investigator Apr 2006 - Aug 2020

• Conducted over 250 annual felony warrant investigations and arrests, showcasing advanced investigative skills and attention to detail.

• Collaborated with multiple law enforcement agencies to execute multijurisdictional operations effectively.

• Delivered expert testimony in over 100 criminal and civil cases across state and federal courts, significantly contributing to the justice process.

• Analyzed and identified crime trends through comprehensive data analysis, producing over 50 classified intelligence reports for statewide dissemination.

EDUCATION

Compass Technical Training School

Certificate

Quincy, MA

Oct 2020

CERTIFICATIONS

Security+, CompTIA Oct 2020

Network+, CompTIA Sep 2020

A+, CompTIA Aug 2020

InsightVM Certified, Rapid7 Jan 2023

SKILLS

ISO 27001 Framework • GDPR • Hitrust CSF • Privacy • NIST CSF • SOC 2 • COBIT • Project Management • Data Analysis • Regulatory Compliance

Contact this candidate