Sr Cyber Security Compliance Specialist

Sione Fonua ********@*******.***

***** * **** ******* * Independence MO 64055 816-***-****

**** - ******* ** ********** *********** Nations Holding Companies Mission, KS

Promoted to senior governance, risk, and compliance security analyst. I handled all internal audits, external audits by banks, third party audits (data centers and paper archives), and annual audits like SOC and internal/3rd party penetration testing.

Executed GRC initiatives and security attestation and vendor risk management

Regulatory Standards and Compliance – NIST, SIG, SOX, GLBA, SOC, COBIT, ISO, PCI, and Best Practices

Risk Analysis and Mitigation – identifying, cataloging, analysis, and mitigation of security vulnerabilities, threats, and risks

Implemented security controls, risk assessment framework and programs that align to regulatory and industry requirements

Developed the internal employee training application for security awareness

Documents and reports control failures and gaps to stakeholders and providing remediation guidance and prepares management reports to track remediation activities

Established and managed the Change Management process governing all Development and IT changes

2010 – 2012 Quality Assurance Manager Nations Holding Companies Shawnee, KS

I directly managed 4 groups; Help Desk, Software Test Group, Business Analysts, and Website Development, supporting our financial services companies and e-commerce sites.

Help Desk – supports in-house users with any issues with their office equipment, system applications, network, telephony, etc.

oCreated help desk operations and procedures including support system, workflows, prioritizing, metrics, scheduling, and follow-up validation

oManaged and maintained help ticket system and request lifecycle including triage, assignment, and support

Software Test Group – tested 9 in-house applications including desktop, web, and mobile applications, client sites, and integrations.

oApplication testing – use cases for end users, technical test cases, test scenarios, SQL scripts, and test libraries

oExpert in agile and waterfall project management methodologies. Known for ability to produce deliverables that meet or exceed timeline and budgetary targets

Business Analysts – provided product documentation, project coordination, client communication, led SCRUMs, and did the training.

oApplication documentation – user manuals and technical support documentation for mobile and custom web and desktop applications and integrations

Website Development Group – this group did the applications for the online website stores

oEstablished their SDLC

oEstablished their document library of their applications, job aids, procedures, and code library

Managed and maintained SharePoint portals for internal business documentation and processes

Onboarding of new hires (full/part-time/contractor), transfers, and terminations of employees

2003 – 2010 Quality Assurance Manager Cyberhomes Olathe, Kansas

(FNIS which later became FNF in 2004, FNRES in 2006, then Cyberhomes in 2008)

Directly managed the Application Test Group with peripheral responsibilities with the Application Support Group, Code Deployment Group, and Code Librarians

Provided QA Analysts with direction on day to day test activities i.e. requirement gathering, test design, test development, test execution, and test reporting in a waterfall/agile environment

Provided test schedules based on available resources and scope of project

Provided all related documentation including templates for test plans, test cases, use cases, and metrics

Worked in coordination with Business Analysts, Software Developers, Customer Support groups, End Users, and 3rd party vendors

Supervised projects involving the QA Department including third party software integration, data processing, application enhancements, code migration, code deployments, and server builds

Performed functional, regression, use cases, user acceptance, systemic, negative, stress, load, automation testing using Selenium, and SQL testing

Performed/provided constant process improvements for processes directly associated to the SDLC process including issue tracking, issue reporting, issue resolution, release schedules, testing processes and procedures, general QA methodologies, and risk management

Identified and prioritized application defects for quick resolution and prevention

Provided application support for both the online, desktop, and mobile applications

Certifications

Certified Information System Security Professional (CISSP) Cert #2342247 Cert Cycle: 3/1/2025 – 2/29/2028

References upon request

Contact this candidate