Risk Management Third-Party

Craig Snyder

Scottsdale, AZ

Email: ******.******@*****.*** Phone: 480-***-**** LinkedIn:

linkedin.com/in/craig-snyder-grc

GRC Analyst Risk & Compliance Consultant

Forward-thinking and pragmatic Governance, Risk, and Compliance (GRC) professional with 15+ years of experience successfully leading compliance initiatives across Fortune 100 enterprises, midsize organizations, and high-growth startups. Expert in regulatory frameworks including NIST, HITRUST, ISO 27001, HIPAA, SOC 2, and FedRAMP. Skilled in aligning controls with regulatory mandates, enhancing organizational resilience, and bridging technical and business priorities. Adept communicator with proven ability to influence stakeholders.

Core Competencies

GRC Strategy Risk Assessments Compliance Readiness (SOC 2, HITRUST) IAM/PAM Maturity Reviews Regulatory Mapping Third-Party Risk Management (TPRM) Control Implementation Audit Readiness Data Privacy & Protection Policy & Governance Development

Professional Experience

GRC Consultant

2020 – 2024 Contract Roles / Project-Based Assignments Note: Roles since 2020 have been project-based contracts aligned to initiative, scope, and budget.

Capital One (Contract via Xforia)

GRC SME Jun 2021 – Jan 2025

- Identified 6 vendor risk gaps; tripled third-party risk management (TPRM) due diligence.

- Built RCSA-based InfoSec posture framework; integrated with ServiceNow and Archer. CVS Health (Contract via Insight Global)

Security Risk Consultant Sep 2023 – Aug 2024

- Led NIST CSF 2.0 and HITRUST readiness assessments.

- Automated SOC audit reporting via Power BI, saving 40+ hours per month. F5 Networks (Contract via Simplicity)

GRC Strategy Consultant Mar 2023 – Aug 2023

- Mapped 14 governance gaps; developed a 12-month remediation roadmap.

- Partnered with legal on legal hold policy and documentation improvements. Bose (Contract via Optiv)

Security Risk Analyst Aug 2022 – Nov 2022

- Cut incident response time by 20% through development of cross-functional playbooks.

- Enhanced CSET-based model to increase accuracy and delivery speed. Wells Fargo (Contract via Insight Global)

GRC Consultant Jun 2021 – Feb 2022

- Resolved 6 FFIEC consent orders through targeted NIST/FFIEC audits.

- Delivered improved tech risk metrics and elevated data quality controls. Optiv Security

Senior Security Advisor Jun 2019 – Mar 2021

- Implemented centralized risk management tools; saved 15+ hours weekly.

- Assessed IAM and PAM maturity using NIST CSF and HITRUST; identified provisioning and RBAC gaps.

DXC Technology

GRC Strategy Consultant Oct 2015 – Jun 2019

- Led ISO, HIPAA, NIST, and FedRAMP client assessments.

- Co-managed FedRAMP ATO initiatives across three verticals. Microsoft

Senior Program Manager, Risk Strategy Sep 2012 – Sep 2015

- Designed quantitative risk assessments for Trustworthy Computing.

- Standardized governance reporting for O365, Xbox, and Skype. Ernst & Young LLP

Senior Manager, Risk Transformation May 2009 – Jun 2012

- Led global GRC solution rollout; drove a 25% revenue increase.

- Built KPIs and KRIs to support global delivery programs. Education

MPA, Public Policy and Regulation – University of New Mexico BA, Political Science – University of New Mexico

Frameworks

NIST SP 800-53, NIST CSF, NIST 800-171 ISO 27001/27002 HIPAA HITRUST CSF FedRAMP PCI DSS GDPR CCPA ITIL DFARS TISAX Tools & Technologies

ServiceNow, RSA Archer, LogicGate, MetricStream, AuditBoard Power BI Jira, Confluence DLP, IAM, SIEM, SOAR Microsoft 365 Agile Frameworks AI-Aware & Automation-Savvy

Contact this candidate