Information Security Risk Management
Resume:
Jimmy Mullick CSM, CC-ISC*, CCT
Charlotte, NC 214-***-**** *****.*******@*****.*** LinkedIn
Summary
Proactive Information Security Leader with 10+ years of experience driving security policy development, compliance, and risk management across banking, healthcare, and government clients. Skilled in aligning organizational security posture with NIST, ISO 27001, and CIS Controls frameworks. Adept at translating security policies into actionable procedures, fostering security awareness, and enabling risk-informed decision-making through clear reporting and cross-functional collaboration. Currently pursuing CISSP and CISM certifications to strengthen strategic governance expertise.
Core Competencies & Technical Skills
Risk Management & Compliance Frameworks
●Third-Party Risk Lifecycle Management & Vendor Onboarding
●Regulatory Governance & Compliance Readiness
●COBIT HIPAA GDPR Cloud Security Framework CIS Controls
●Three Lines of Defense
●Audit Support & Remediation
●SOP & Policy Development
●Vulnerability Management
Security Standards & Control Frameworks
●ISO 27001, ISO/IEC 27034, ISO/IEC 27035, ISO/IEC 27036
●NIST SP 800-53, SP 800-61, SP 800-161
●SOC 2 OWASP NIST SSDF SANS Incident Response
●Application & Physical Security (Defense-in-Depth)
●Cybersecurity Risk Tools: Tenable, SentinelOne, Balbix
●Identity & Access Management (IAM)
●IT Security Controls Implementation
●Automated Controls Design
●GRC Platform Management
Threat Intelligence & Incident Readiness
●MITRE ATT&CK Diamond Model Cyber Kill Chain
●STIX/TAXII Standards
●Incident Response Planning & Threat Modeling
Tools & Technical Proficiency
●JIRA Toad Data Point Postman SailPoint
●ETL/Data Validation & AI Driven QA Automation
Governance, Strategy & Delivery
●Vendor Onboarding & Third-Party Assessments
●Risk Reporting & Documentation
●Agile/SAFe Project Methodologies
Cross-Functional Team Collaboration
Certifications: Six Sigma Green Belt Six Sigma Black Belt Certified Scrum Master (CSM) Cisco Certified Support Technician (CCST) – Networking & Cybersecurity Cybersecurity Certificate (CC) – ISC2 Google Essentials in AI Certified Information Systems Security Professional (CISSP) – in progress Certified Information Security Manager (CISM) – in progress
Work Experience
IT Risk Manager June 2023 - Present
Caprizo Consulting
Information Security Policy Development & Governance:
Led the implementation and refinement of security policies for regulated state and financial organizations, ensuring alignment with NIST CSF, ISO 27001, COBIT, and DORA frameworks.
Translated high-level policy into enforceable procedures and runbooks for technical and non-technical teams, improving adoption and compliance across departments.
Maintained a centralized security policy and risk repository, ensuring timely updates and audit readiness.
Compliance & Risk Management:
Conducted enterprise-wide risk assessments, calculating inherent and residual risk, and recommending mitigation strategies to strengthen organizational security posture.
Supported internal and external audits by compiling evidence of compliance, reducing audit cycle time and improving stakeholder confidence.
Partnered with Legal, Compliance, and GRC teams to ensure policy adherence across global regulatory jurisdictions.
Security Awareness & Stakeholder Engagement:
Developed training content and knowledge-sharing platforms to promote security awareness and consistent policy interpretation.
Delivered executive briefings and security risk dashboards to guide leadership on compliance gaps, tradeoffs, and treatment strategies.
Championed organization-wide rollout of the technology risk and security program, embedding security-first practices into daily operations.
Team Development & Leadership:
Built and mentored a high-performing team of analysts, fostering expertise in policy management, compliance, and security risk governance.
Coordinated cross-functional pressure testing of controls, driving continuous improvement of the organization’s security and compliance maturity
Risk & Compliance Analyst (Software QA Analyst) March 2023 - May 2023
Bank of America
Audit Support & Data Integrity:
•Developed backend automation scripts to support compliance controls for Mortgage LOS platform scalability, aligning with NIST SP 800-53, ISO 27001, and SOC 2 requirements.
•Drove compliance documentation efforts under SAFe Agile practices and JIRA tracking, decreasing defect escape rate by 30% and enabling audit traceability.
•Conducted test case validation in support of control requirements for ITGC and vendor access review processes.
Compliance Project Delivery:
•Created backend scripts to enhance ERP Mortgage LOS platform scalability, achieving 98% coverage.
•Applied Safe Agile practices and JIRA tracking to drive audit documentation and reduce defect escapes by 30%.
Risk Analysis & Reporting:
•Analyzed performance rating data across financial branches, improving processing time by 20%.
Vendor Risk Testing Lead (QA Lead / Test Coordinator) June 2017 - March 2023
Tata Consultancy Services (TCS)
Third-Party Risk & Audit Governance:
•Conducted vendor security reviews, ensuring compliance with ISO 27001, SOC 2, and NIST 800-53 standards.
•Validated IAM privilege class settings via SailPoint & Postman to meet security governance protocols with 100% API coverage.
•Supported SOX and internal audit readiness by maintaining 99.5% detection accuracy and implementing secure development practices.
Stakeholder Engagement & Cross-Functional Leadership:
•Led Tech Connect meetings with Product and Dev teams, driving alignment on compliance-focused features.
•Oversaw offshore testing teams, ensuring 99.9% end-to-end test case coverage for all regulatory workflows.
System Security & Scalability Testing:
•Executed performance and reliability testing of SSIS interfaces for ERP Mortgage Platform, reducing load times by 50%.
•Supported confidential government and healthcare system upgrades under C2 clearance.
Clients: Bank of America, AGFirst Bank, AAA-Michigan, Bakkt, East Dil
Third-Party Risk Tester (Senior Software System Tester) September 2013 - June 2017
UST Global
Policy & Test Documentation:
•Uploaded test cases to Quality Center and managed comprehensive defect records ensuring traceability.
•Maintained defect closure rate of 95% through disciplined regression and system testing.
Vendor Platform Testing & UAT:
•Delivered Agile UAT for Java-based e-Brokerage systems, achieving 98% story completion.
•Executed functional test coverage across Java web apps for institutional finance clients.
Cross-Tool Collaboration:
•Worked across ALM, VersionOne, and Agility for test tracking and stakeholder alignment.
Clients: Vanguard, Lowes Corp, Blue Cross Blue Shield of South Carolina, Well Fargo Advisors
Education & Certifications
BS in Information Systems – University of Texas at Arlington, TX
Professional Affiliations
IT Professionals Community – committee member as Head of Logistics
ISSA.org – Event Planning & Security Networking ISC2 Charlotte Chapter Member
Volunteer Engagement at Charlotte SecureWorld Conference – 2023 and 2024
UNC Charlotte Cybersecurity Symposium – 2023 and 2024
NCAAT – North Carolina Asian Americans Together
Contact this candidate