Information Security Risk Management

Charlotte Tsawodzi

234-***-**** *******************@*****.*** U.S. Citizen

SUMMARY

GRC Analyst with 5+ years of experience supporting cybersecurity governance, risk, and compliance initiatives across highly regulated industries. Skilled in implementing GRC frameworks, managing third-party risk, performing security assessments, and supporting compliance with PCI DSS, SOX, ISO 27001, and NIST CSF. Proven ability to identify control gaps, assess information security risks, and collaborate cross-functionally to improve organizational security posture. Strong communicator with a proactive approach to process improvement, policy development, and incident response.

CORE COMPETENCIES

Risk Assessment

Compliance Reporting

Vendor Risk Management

IT Infrastructure Management

Data Privacy

Policy Development

Governance Frameworks

Stakeholder Communication

Audit & Assurance

Regulatory Compliance

Incident Response Planning

HIPAA & Privacy Act Compliance

PHI & HITRUST Compliance

Tableau Power BI Visio ETL

PROFESSIONAL EXPERIENCE

SoftAfrique LLC – Newark, NJ

• Assisted in the implementation of cybersecurity GRC programs aligned with industry-standard frameworks (PCI DSS, NIST CSF, ISO 27001).

• Conducted risk analysis on systems, configurations, and third-party applications to identify threats and recommend mitigation strategies.

• Performed internal control assessments and collaborated with audit teams on PCI DSS compliance and remediation efforts.

• Maintained corporate security policies and facilitated security awareness training and phishing simulations to reduce risk exposure.

• Used GRC tools (Archer, ServiceNow) to document control ownership, workflows, and remediation tracking.

• Supported incident management by reviewing vulnerability scans, patch management reports, and penetration test results.

• Investigated and documented information security risks and exception requests, providing recommendations for remediation.

• Developed and presented risk and compliance reports to stakeholders and executive management.

• Managed privacy workflows and ensured regulatory compliance with data protection standards (GDPR, HIPAA).

Reviewed and assessed all service calls, ensuring resolution times consistently met and exceeded company standards.

Applied extensive knowledge of security controls, risk management, and compliance frameworks.

Led and facilitated PCI DSS compliance audits and assessments.

Collaborated effectively with cross-functional teams and stakeholders.

Investigated security threats through SOC processes and developed breach preparedness plans.

Promoted cybersecurity awareness and best practices across departments.

Applied SOX frameworks to ensure defense systems were adequately functioning.

Coordinated with internal and external auditors to facilitate PCI DSS compliance audits.

Performed gap analyses to identify differences between the current state of legacy applications and PCI DSS 3.2.1 requirements.

Managed engagement activities among compliance, internal audit, and external audit teams.

Supported management through risk identification, control testing, and process improvement procedures.

Conducted client meetings to identify and assess business controls, risks, and workflow inefficiencies.

Collected audit evidence through interviews, financial research, and document reviews.

Communicated audit results through comprehensive written reports and presentations.

Provided advisory services to internal IT and business units as well as internal and external audit teams.

Recorded control weaknesses and testing outcomes in templates, reducing security issues by 75%.

Performed vendor risk assessments and tracked vendor security posture.

BIITECH Solutions – Washington, DC

GRC Compliance Analyst March 2016 – April 2019

Administered ongoing continuous monitoring (ISCM) following NIST 800-53 and NIST 800-137 Rev 1 guidelines.

Maintained 100% accuracy in documentation of supporting artifacts and results.

Documented migration processes, including application changes and security control implementations.

Provided guidance to clients on PCI DSS compliance requirements.

Reviewed and analyzed complex systems independently and collaboratively with clients.

Collected, consolidated, and analyzed evidence of PCI DSS compliance.

Produced final compliance reports detailing observed controls for PCI DSS standards.

Ensured the confidentiality, integrity, and availability of PHI in all systems.

Maintained compliance with HIPAA guidelines

Assessed FedRAMP compliance based on client and cloud provider responsibilities.

Audited and improved compliance with NIST 800-53 and FIPS 140-2, enhancing security standards by 45%.

Updated and maintained System Security Plans (SSP), Risk Assessments (RA), and Privacy Impact Assessments (PIA).

Conducted risk assessments supporting Authorization & Accreditation (A&A) activities, boosting operational performance by 20%.

Evaluated security and privacy controls, assessing vulnerabilities within system boundaries.

Investigated application controls related to data protection, access, contingency planning, and data transmission.

KEY SKILLS

Advanced Analytics Cyber Risk Assessment Actuarial Methods SQL Python R

Data Visualization (Tableau, Power BI) AWS Azure GCP

SIEM (Splunk, QRadar) GRC Tools (ServiceNow, OneTrust, Archer)

Vulnerability Management (Nessus, Qualys) PCI DSS ISO 27001 SOX Section 404

GDPR HIPAA HITRUST FedRAMP Risk Management Framework (RMF)

SDLC (Waterfall & Agile) Network & Infrastructure (LAN/WAN)

Vulnerability Scanning Information Assurance Privacy and Compliance Management

NIST 800-53, NIST 800-171, NIST CSF, ISO 31000, COBIT, ITIL

Risk Mitigation Vendor Risk Assessments Vendor Onboarding Sanction Checks

EDUCATION

Bachelor of Science in Cybersecurity and Information Assurance

Western Governors University — Graduated May 2022

TECHNICAL EXPERIENCE

Cloud Services: AWS, Azure

Operating Systems: Linux, Windows

Security Tools & ITSM Platforms: Splunk, ServiceNow

Documentation & Compliance Processes: PTA, PIA, SSP, CP, SAR, POA&M, ATO

Compliance Standards: PCI DSS, ISO 27001, SOC 1, SOC 2, SOX, NIST SP 800-53A, NIST SP 800-37, HIPAA, FISMA, FedRAMP

CERTIFICATIONS

Certified Information Systems Auditor (CISA) – ISACA

Certified Information Privacy Technologist (CIPT) – IAPP

KEY ACHIEVEMENTS

Enhanced audit readiness by 25% by maintaining comprehensive control documentation and streamlining evidence collection.

Successfully supported SOC 2 and ISO 27001 audits, contributing to certifications with no major findings.

Reduced organizational compliance gaps by 15% through consistent tracking and timely remediation of findings.

Automated the tracking of risks and controls using Archer, reducing manual efforts by 30%.

Contact this candidate