Cybersecurity
Resume:
ALEXANDRIA F. SEVEN
****************@*****.*** 415-***-****
LinkedIn: www.linkedin.com/in/lna3infosec
PROFESSIONAL OVERVIEW
Information Security professional with experience across digital payments, banking, healthcare, technology, and SaaS. Specialized in IT Security Governance, Risk, and Compliance (GRC) program management with a history of building and maturing security frameworks in both global enterprises and high-growth organizations. Expertise includes leading GRC initiatives, managing security risk, streamlining compliance, and directing IT audits across multiple regulatory frameworks. Skilled at aligning security strategies with business goals to enable secure operations and deliver measurable results that strengthen resilience and reduce audit fatigue. EXPERIENCE HIGHLIGHTS
● GRC Leadership & Automation – Led enterprise and SaaS GRC initiatives with an automation-first approach, streamlining evidence collection, continuous control monitoring, and real-time reporting to drive audit readiness and executive risk visibility.
● Audit Management & Compliance Operations – Oversaw end-to-end external audit programs, overseeing evidence lifecycle management, remediation tracking, and cross-functional stakeholder engagement.
● Risk Assessment & Control Testing – Executed enterprise and product-level security risk assessments, embedding governance into SDLC to ensure controls aligned with risk appetite and operational priorities.
● Policy & Framework Alignment – Directed the development of security policy architecture, control harmonization, and unified framework mapping across security frameworks, enabling scalable compliance alignment.
● Third-Party Risk Management (TPRM) – Managed vendor security risk with automated onboarding workflows, risk-tiered due diligence, SIG-based assessments, and continuous monitoring. SKILLS
Governance & Risk: GRC Program Development, ISMS (ISO 27001), NIST RMF, Risk Registers, Unified Compliance Framework, Risk Reporting
Compliance & Audit: SOC 2, ISO 27001, HIPAA, HITRUST, PCI DSS, SOX, GLBA, OCC, FFIEC, GDPR, CCPA, FISMA, CUI Vendor Risk & TPRM: SIG, Risk Scoring, Continuous Monitoring Security Policies & Controls: Lifecycle Management, Control Mapping, UCF Integration, Policy Automation
Tools & Platforms: ServiceNow GRC, Archer, RSAM,
RiskConnect, OneTrust, ProcessUnity, SecureFrame, Sprinto Cloud & DevOps: AWS, GCP, SDLC, Jira, Agile, CI/CD, DevOps Collaboration
Security Operations: IAM, RBAC, DLP, Threat Modeling CERTIFICATIONS
● CISSP (09/2011 – 09/2026), GRCP, GRCA (11/2022 – 11/2023) PROFESSIONAL DEVELOPMENT
● CRISC Certification (Expected Q1 2026)
EDUCATION
● B.S. Business Administration – Accounting Information Systems, CSU Sacramento WORK EXPERIENCE
A3INFOSEC LLC – San Mateo, CA (Freelance Corp-Corp) Sep 2022 – May 2025 Senior GRC Consultant
Client: SaaS Virtual Assistant Platform (2023 – 2025)
● Led SOC 2 Type I readiness and first SOC 2 Type II audit, coordinating across security, engineering, and operations.
● Built a unified control framework spanning SOC 2, ISO 27001, and HITRUST e1, streamlining evidence collection and enabling cross-framework compliance reporting.
● Conducted enterprise risk assessments and gap analyses, providing remediation roadmaps tied to AWS and CI/CD environments.
● Facilitated remediation activities across cloud infrastructure, pipelines, and business processes to embed continuous control enforcement.
● Designed and implemented a Third-Party Risk Management program with intake workflows, risk-tiering, standardized due diligence, and monitoring processes.
● Evaluated and deployed Secureframe to automate vendor onboarding, compliance tracking, and remediation management.
● Managed audit support including mock audits, evidence capture, auditor interaction, and documentation for SOC 2, HITRUST, and ISO 27001 frameworks.
Client: Multinational Conglomerate (2022 – 2023)
● Performed security risk assessments for 50+ third-party vendors, evaluating data sensitivity, access levels, and regulatory exposure.
● Supported remediation activities for high-risk vendors, including control validation and contract adjustments.
● Assisted in integrating SecurityScorecard with OneTrust to improve vendor monitoring and scoring.
● Partnered with Security, Legal, and Procurement teams to track remediation efforts and maintain oversight.
● Supported executive reporting through dashboards and trackers on vendor posture and remediation progress. PRI Global (Data Center Provider) – Remote, CA (Contract)Mar 2020 – Jan 2022 Senior Security GRC Engineer
● Led the global deployment and customization of ServiceNow GRC, implementing enterprise workflows for Policy & Compliance, Vendor Risk, and Internal Audit.
● Mapped 1,000+ controls using the Unified Compliance Framework (UCF) to support scalable compliance tracking for SOC 2, ISO 27001, SOX, and CUI programs.
● Designed and automated workflows for policy governance, risk assessments, policy exceptions, and audit lifecycle management, improving transparency and reducing manual effort.
● Partnered with engineering and compliance teams to develop user stories, process documentation, and training resources, accelerating enterprise-wide platform adoption.
● Delivered platform demos, targeted training, and structured feedback sessions to drive sustained adoption and continuous improvement.
● Managed Jira workflows for enhancements, issue tracking, and backlog grooming, ensuring timely delivery of upgrades and resolution of operational gaps.
Insight Global (Bank) – San Francisco, CA (Contract) Dec 2018 – Dec 2019 Senior Security Risk Analyst
● Executed NIST SP 800-53 Rev. 4 control assessments across 15+ FISMA Moderate systems, including SaaS, COTS, and on-premises platforms supporting high-value financial transactions and interbank payment operations.
● Performed STRIDE-based threat modeling to identify attack vectors, assess exploitability, and prioritize remediation based on asset criticality, business impact, and residual risk.
● Authored gap analysis reports and developed risk-based mitigation plans with system owners, aligning remediation actions with enterprise risk appetite and operational constraints.
● Produced and maintained the full RMF documentation suite—System Security Plans (SSP), Security Assessment Reports (SAR), and Plans of Action & Milestones (POA&M)—ensuring traceability from control objectives to evidence. Blue Shield of CA – San Francisco, CA (FTE) Oct 2017 – Dec 2018 IT Security Policy Lead
● Managed the enterprise-wide security policy governance program to align IT, clinical, and business operations with NIST SP 800-53, ISO/IEC 27001, SOC 2, and HIPAA requirements, ensuring consistent control coverage and regulatory compliance.
● Designed and implemented a policy lifecycle management framework covering drafting standards, SME review workflows, version control, and deprecation schedules—fully embedded into IT and business processes.
● Engineered ServiceNow GRC workflows to automate policy approvals, assign role-based reviews, map controls to governing policies, and capture compliance attestations for audit readiness.
● Linked centralized policy repositories to ServiceNow GRC modules, enabling multi-framework control traceability and evidence reuse across regulatory, contractual, and client audits.
● Coordinated control testing and evidence collection for HIPAA, MAR, and SOC 2 audits, delivering timely, auditor-ready packages and walkthrough documentation.
Realtor.com – Westlake Village, CA (FTE)Jul 2016 – Sep 2017 Senior GRC Analyst
● Partnered with the CISO to implement ISO/IEC 27001–aligned governance, authoring security assurance policies and executive reporting frameworks to unify controls and strengthen audit readiness during post-acquisition integration.
● Standardized governance across business units, harmonizing risk management processes, policy frameworks, and compliance reporting for consistent control enforcement.
● Established enterprise data classification and handling standards and assigning data ownership and embedding controls into the SDLC.
● Conducted enterprise risk assessments spanning infrastructure, applications, and third-party environments; prioritized remediation and Integrated security controls into CI/CD pipelines, embedding automated policy enforcement, artifact validation, and role-based access restrictions to secure software delivery.
● Launched a security awareness and phishing simulation program to drive policy adoption. EARLIER CAREER
Various Client Engagements – San Francisco Bay Area, CA (Contract)2013 – 2016 Senior Security Consultant
● PayPal (2016): Delivered ISO 27001 and PCI DSS gap analysis post-merger; completed PCI SAQ-D and updated SOX RCMs.
● Visa (2014 – 2016): Conducted ISO, NIST, and PCI risk assessments; authored global NIST 800-30 playbook; realigned 80+ policies.
● Fremont Bank (2014): Managed threat detection using QRadar and FireEye; closed FFIEC audit gaps with SANS CSCs.
● Protiviti (2013): Performed NIST 800-53 and PCI DSS audits; supported SOX ITGC/ITAC testing for SaaS and financial clients. E*TRADE Financial – Menlo Park, CA (FTE)2008 – 2013 Information Security Assurance & IAM Specialist
● Supported security operations, compliance, and risk assessments for a high-volume brokerage. Automated IAM access reviews, conducted SOX, GLBA, and PCI DSS control testing, managed vendor due diligence, maintained policy libraries, supported awareness programs, and prepared audit evidence packages.
Contact this candidate