Post Job Free
Sign in

Compliance Analyst Continuous Improvement

Location:
Deerfield Beach, FL
Salary:
$100an hour
Posted:
June 09, 2025

Contact this candidate

Resume:

Vito G Pontrelli

Boca Raton, Fl, US 949-***-**** ****.*********@************.*** www.linkedin.com/in/ponterelli-vito-0bb83635

Accomplished professional with a robust background in enhancing operational efficiency and integrating technological solutions across various sectors. Excel at driving process improvements and refining standard operating procedures to align with customer needs and organizational objectives. Proven track record in successful technology business management and strategic implementations improving team efficiency and adding substantial business value. Bring a strong focus on cross-functional collaboration, fostering continuous improvement and innovation. Leverage expertise in managing foundational services, IT security, compliance, and AI security to ensure robust system functionality, protect sensitive data, and mitigate emerging technological risks. Ensure secure AI integrations while optimizing performance, contributing to user satisfaction and organizational resilience

EDUCATION & LANGUAGE

USMC MCAS Study Command – El Toro, CA

7,000 hours in Finance with a Letter of Completion

Language – Italian, Spanish

CORE PROFICIENCIES

Microsoft SharePoint Word Service-Now PowerPoint Splunk Jira Google Documents Zero Trust

Compliance Project Management Cybersecurity Business Continuity Disaster Recovery Firewalls

GRC Platform Technical Writing Business Operations Process Improvement

PROFESSIONAL EXPERIENCE

TD Bank Fort Lauderdale, FL (Contract)

Security & Compliance Analyst Oct 2024 – Apr 2025

Led in-depth security and compliance analysis as part of enterprise-wide PCI DSS initiatives, including documentation review, risk assessments, and evaluation of control effectiveness.

Performed gap analyses to identify deficiencies in security and compliance posture, driving remediation strategies in collaboration with IT, operations, and compliance teams.

Developed and enforced access control and identity governance policies grounded in Zero Trust principles, enhancing user authentication, privilege management, and data access security.

Aligned security frameworks with NIST SP 800-53 and ISO 27001 standards, ensuring continuous regulatory readiness and robust internal control validation.

Spearheaded compliance risk reduction strategies, improving audit preparedness, enhancing documentation quality, and strengthening enterprise-wide data protection practices.

Delivered actionable compliance insights to leadership by translating technical assessments into strategic risk narratives and measurable security objectives.

Monitored and assessed ongoing compliance trends, proactively adjusting security controls and policy enforcement to adapt to evolving regulatory landscapes.

eMedicalPractice, LLC (EHR-SaaS) Delray Beach, FL (Contract)

GRC Compliance Management Mar 2023 – Present

Spearheaded internal audit and GRC compliance strategies within ServiceNow, enabling secure, scalable EHR SaaS deployments while ensuring continuous adherence to regulatory requirements.

Led internal control evaluations and audit readiness assessments, aligning policies and operational practices with HIPAA, PCI DSS, GDPR, and HITRUST standards.

Directed Business Impact Analyses (BIA) to assess critical systems and inform control design and audit planning across high-risk areas.

Integrated AI-powered analytics into CI/CD pipelines, enhancing real-time monitoring, continuous compliance validation, and proactive risk remediation.

Authored and maintained internal policies and audit documentation, supporting both internal and external audits with clear evidence and defensible controls.

Developed and implemented audit-aligned security controls based on NIST and ISO frameworks, significantly improving the organization's compliance maturity and risk posture.

Collaborated with audit committees, compliance officers, and technology stakeholders to track findings, validate control effectiveness, and ensure timely issue resolution.

Improved internal audit workflows by embedding automation and governance logic into compliance lifecycle processes, reducing audit fatigue and increasing efficiency.

Accomplishments: Achieved 97% on HIPAA, PCI, GDPR, and HITRUST re-certification audits; Saved $350K in penalties.

McKinsey & Company New York, NY (Contract)

Sr. Security Auditor Jun 2022 – Mar 2023

Led and executed complex cybersecurity audits across frameworks such as SOC 2, ISO 27001, CMMC, NIST 800-53, IRS Pub 1075, and HITRUST, with a strong focus on IAM controls and privileged access management.

Directed HITRUST recertification efforts, aligning identity governance frameworks and authentication mechanisms with evolving healthcare cybersecurity standards to ensure compliance and access accountability.

Authored detailed cybersecurity audit reports with emphasis on IAM-related findings, delivering strategic insights to executive stakeholders to drive identity and access remediation.

Designed and implemented Azure-based Disaster Recovery (DR) strategies, integrating IAM resilience features such as secure identity replication and MFA continuity to support business continuity.

Integrated secure-by-design IAM practices into the SDLC, incorporating privileged access reviews, identity validation, and least-privilege enforcement at every development phase.

Enforced enterprise-wide access control models using Role-Based Access Control (RBAC), Zscaler, and multi-factor authentication (MFA), supporting zero trust architecture and audit transparency.

Collaborated with internal audit, compliance, and IT security teams to assess IAM-related audit findings, implement identity lifecycle enhancements, and remediate access control gaps.

Streamlined IAM audit readiness by automating identity logging, access reviews, and entitlement tracking, improving audit response time and reducing identity-related nonconformities.

Continuously refined IAM-related security policies and user provisioning workflows to reduce identity sprawl, strengthen access governance, and align with evolving regulatory mandates.

Accomplishments: Passed HIPAA, HITECH, GDPR, CCPA, HITRUST audits with scores in the high 90s.

eMedicalPractice, LLC (EHR-SaaS) Delray Beach, FL (Contract)

Risk Control Management Dec 2021 – Jun 2022

Directed enterprise-wide cybersecurity audit and risk control initiatives, conducting Business Impact Analyses (BIA) and in-depth IT risk assessments aligned with SOC 2, NIST 800-53, and FedRAMP to identify mission-critical assets and strengthen cyber resilience.

Led internal and external cybersecurity audit engagements, deliver detailed documentation, control testing, and remediation planning to ensure regulatory compliance and audit success.

Implemented Immuta as a central data protection and access governance platform, automating fine-grained, attribute-based access controls (ABAC) and dynamic data masking to secure sensitive data across cloud environments.

Leveraged Immuta’s integration with Snowflake and Databricks to enforce privacy controls at scale, reducing manual policy maintenance and enhancing real-time compliance monitoring.

Developed and executed enterprise-class disaster recovery (DR) and business continuity (BC) strategies, minimizing downtime and aligning with audit and regulatory expectations.

Utilized Archer and ServiceNow IRM platforms alongside Immuta’s audit capabilities to track compliance gaps, produce defensible audit trails, and improve governance transparency.

Engineered technical and administrative access controls grounded in NIST and HIPAA frameworks, supporting regulatory adherence while enabling secure data sharing.

Performed pre-audit control assessments and remediation mapping, ensuring audit readiness and proactively closing compliance gaps.

Partnered cross-functionally with IT, data governance, and compliance leaders to interpret audit findings, apply Immuta-driven access policies, and reinforce organizational data protection posture.

Streamlined cybersecurity audit workflows and automated evidence collection with Immuta's compliance reporting, reducing audit timelines and ensuring strong outcomes.

Accomplishments: Closed 85 audit findings, adding $1M in value; Saved $200K by optimizing compliance models.

University of Minnesota MN (Contract)

HIPAA Compliance Analyst Jun 2021 – Dec 2021

Conducted gap analysis and risk assessments across regulatory frameworks to identify and address HIPAA compliance gaps.

Engineered and implemented robust NIST-based access controls alongside HIPAA-compliant policy frameworks, securing sensitive healthcare data and supporting regulatory adherence.

Collaborated with cross-functional teams to implement HIPAA policies, ensuring strict adherence to privacy and security rules.

Facilitated employee training sessions on HIPAA regulations, improving organizational awareness and reducing risk of violations.

Monitored ongoing compliance through regular audits and assessments, maintaining thorough documentation for regulatory reviews.

Worked closely with legal and IT teams to remediate findings and enforce corrective actions, minimizing compliance risks.

Reviewed and updated privacy and security procedures to align with evolving HIPAA regulations and industry best practices.

Coordinated responses to HIPAA breach investigations, supporting timely reporting and mitigation efforts.

Accomplishments: Achieved 100% HIPAA compliance and reduced violations through training.

eMedicalPractice, LLC (EHR-SaaS) Delray Beach, FL (Contract)

Compliance Management Jul 2020 – Jun 2021

Collaborated cross-functionally with legal, IT, and clinical operations teams to maintain compliance with HIPAA, HITECH, and GDPR standards.

Oversaw third-party vendor compliance evaluations and remediation plans to ensure alignment with corporate security policies.

Developed and enforced data privacy and retention policies for sensitive health data in accordance with federal and state regulatory frameworks.

Led internal readiness assessments and mock audits to prepare for formal certification processes (EHNAC, HITRUST, etc.).

Authored compliance documentation, control procedures, and user training materials to promote awareness and enforce best practices.

Monitored regulatory changes and proactively updated SOPs and controls to maintain continuous compliance posture.

Conducted internal audits and compliance scorecard reviews to track performance and identify areas for improvement.

Accomplishments: Passed HIPAA, GDPR, HITRUST audits with 96% score; Avoided $350K in penalties.

MCCI-Conviva Medical Group, LLC Miami, FL (Contract)

Risk Management Project Lead Sep 2016 – May 2020

Directed enterprise-wide GRC and cybersecurity audit initiatives, integrating robust access governance frameworks aligned with HIPAA, HITECH, and NIST 800-53 to ensure compliance and audit readiness.

Led cross-functional cybersecurity and IT audit engagements, conducting in-depth evaluations of identity lifecycle management, entitlement reviews, and privileged access controls across critical systems.

Performed Business Impact Analyses (BIA) to identify sensitive data flows and access governance gaps, guiding prioritization of remediation and protection strategies.

Designed and enforced NIST-based access control models with embedded data masking techniques to minimize unauthorized data exposure and maintain compliance with HIPAA and GDPR.

Deployed enterprise-wide Role-Based Access Control (RBAC) across 165+ clinical centers, ensuring least-privilege principles and aligning access rights with job functions.

Established standardized, audit-ready access control policies and access monitoring workflows, streamlining review processes and strengthening compliance defensibility.

Leveraged Splunk for real-time anomaly detection, access log analysis, and event correlation, enabling rapid identification of inappropriate access and policy violations.

Partnered with security, compliance, and IT leadership to remediate critical access-related findings, resulting in over $8M in organizational risk reduction.

Produced executive-level cybersecurity audit reports focused on access governance performance, presenting actionable insights and compliance metrics to C-suite stakeholders.

Conducted staff training on access provisioning, data masking standards, and regulatory mandates, fostering a strong compliance culture and reducing audit exposure.

Accomplishments: Resolved 200+ audit findings ($8M value); Managed 165 clinical centers.

MCCI-Conviva Medical Group, LLC Miami, FL (Contract)

Clinical Trials Supply Management Jun 2015 – Aug 2016

Oversaw end-to-end clinical trial supply chain logistics, ensuring on-time delivery of investigational products across 165 centers.

Managed vendor qualification, risk assessments, and performance monitoring to uphold regulatory compliance and mitigate supply chain disruptions.

Coordinated with clinical operations, regulatory, and QA teams to align supply activities with FDA and GCP guidelines.

Developed SOPs for storage, handling, and distribution of investigational medicinal products (IMPs), reducing protocol deviations.

Implemented inventory control measures that minimize waste and optimized supply utilization across multi-site trials.

Led documentation reviews for IRT systems, chain-of-custody, and shipping conditions to ensure data integrity and regulatory readiness.

Accomplishments: Oversaw compliance and reporting for 165 centers.

MCCI-Conviva Medical Group, LLC Miami, FL (Contract)

Compliance Management Sep 2014 – May 2015

Directed enterprise-wide IT compliance programs and CMS regulatory initiatives, effectively managing budgets exceeding $3M.

Ensured adherence to HIPAA, HITECH, and CMS regulatory requirements by implementing robust compliance frameworks across IT systems.

Engineered and implemented robust NIST-based access controls alongside HIPAA-compliant policy frameworks, securing sensitive healthcare data and supporting regulatory adherence.

Led the development and enforcement of security policies, audit procedures, and data governance protocols to maintain regulatory readiness.

Collaborated cross-functionally with legal, IT, and clinical departments to standardize compliance documentation and evidence gathering.

Spearheaded internal audits and risk assessments, resulting in early detection and remediation of potential noncompliance issues.

Streamlined reporting and escalation workflows for compliance violations, improving response time and reducing audit penalties.

Accomplishments: Delivered $1.1M in project savings.

OTHER PROFESSIONAL EXPERIENCE 2004 - 2014

In addition: Designed and implemented comprehensive security roles across financial modules, tailored to the needs of diverse organizations—from mid-sized companies to large, highly regulated enterprises—ensuring precise access control and alignment with SOC 1, SOC 2, and SOX compliance requirements. Streamlined governance, risk management, and compliance (GRC) processes through strategic policy development and operational oversight. Applied deep expertise in SOC 1 & 2 controls, SOX frameworks, and risk mitigation strategies to strengthen internal controls and uphold regulatory standards across complex, multi-entity environments.

Companies include:

US Perishables (CFO)

Global Trash Solutions (Mgmt.)

Dreams Inc. (SOX Mgr.)

Zucker & Associates (Fraud Investigator)

Dyadic International (CFO)

Peachtree (Financial Advisor)

HEICO (SOX Advisor)

Falconbridge (SOC 1&2 Auditor)

Tyco/ADT (SOX IT Auditor)

DANKA Italia (SOX Auditor)

Cross Country (SOX Auditor)



Contact this candidate