Risk Management Grc Analyst

ABIGAIL NATHANIEL

McKinney, TX 323-***-**** ********@*****.*** www.linkedin.com/in/abigail-nathaniel-907337267/

Professional Summary: I am an enthusiastic GRC Analyst with experience in the financial and banking industry. With my expertise in risk management, compliance, and regulatory requirements, I have a proven track record of successfully leading and implementing projects to ensure organizational alignment with industry standards. I am skilled at identifying vulnerabilities, developing mitigation strategies, and driving process improvements. I am also very analytical with my excellent communication skills, and I have a keen ability to collaborate cross-functionally to deliver measurable results.

SKILLS

GRC Frameworks: NIST, ISO 27001, GDPR, HIPAA

Risk Assessment and Mitigation

Third-Party Risk Management

SharePoint

IT and SOX Audits

Policy Development and Implementation

Vulnerability Management

Incident Response Planning

Data Governance and Privacy

Compliance Management

Strong Analytical and Problem-Solving Skills

Excellent Communication and Collaboration Abilities

PROFESSIONAL EXPERIENCE

Certification:

Certified Information Systems Auditor (CISA)

Professional Experience:

Bank of America, Plano, TX July 2023 – July 2025

Business Control Specialist

Responsibilities:

Provided critical support and coordinated business controls for the Global Technology Policy Management and Governance program

Reviewed and edited executive summary presentations from content providers and stakeholders on matters requiring attention to the Global Technology Risk Committee, including findings and outcomes

Identified operational risks and implemented controls by monitoring risks and reporting insights to guide decision-making

Partnered with risk teams to ensure teams meet all regulatory and policy requirements, adapt to regulatory updates, and conduct regular reviews.

Collaborated with the risk and compliance team to align control efforts, facilitate teamwork to resolve gaps, and enhance control systems

Supported quality assurance of risk assessments by reviewing necessary documentation using a checklist to address findings

Collaborated with technology teams and control partners to enhance compliance and mitigate risks through robust controls and monitoring, thereby driving efficiency and effectiveness

Trained and created awareness to educate and ensure compliance, including documentation of best practices and lessons learned.

GRC Analyst

JP Morgan Chase & Co.- Dallas, TX Nov 2021 – Mar 2023

Successfully mapped NIST and ISO 27001 frameworks to identify and mitigate security gaps and risks, resulting in a 30% reduction in cybersecurity incidents

Collaborated successfully in the development and implementation of the NIST Framework and ISO 27001, resulting in improved security controls and alignment with industry’s best practices

Conducted comprehensive risk assessments and audits to identify potential vulnerabilities, developed risk mitigation strategies to ensure compliance, resulting in a 20% reduction in identified risks, including HIPAA and PCI DSS

Developed and maintained the company's GRC system, streamlining risk assessment processes and increasing efficiency by 30%

Implemented automated monitoring tools, resulting in a 15% reduction in manual effort and improved accuracy in risk reporting

Assessed GDPR compliance and developed remediation plans to address compliance gaps, ensuring compliance with regulations and standards, using SharePoint to report and interact to make informed decisions

Collaborated with internal stakeholders to define risk appetite and establish risk management strategies

Assisted and collaborated with internal teams in developing policies and procedures to ensure compliance with relevant regulations and standards

Collaborated with cross-functional teams to design and deliver customized training programs on risk awareness, regulatory compliance, and information security.

GRC Analyst

Pabak Contractors LLC, Carmel, IN

Jan 2017 - Jan 2021

Conducted thorough analysis of system vulnerabilities, identified potential threats, and recommended appropriate security measures

Implemented and managed SIEM and IAM solutions to monitor and control access to sensitive data, enhancing security posture and reducing the risk of unauthorized access

Assisted in the planning and execution of penetration testing and vulnerability assessments, resulting in improved system resilience and reduced cyber risks

Worked closely with development teams to implement secure coding practices and conduct code reviews to ensure adherence to security guidelines

Led incident response efforts, investigating and resolving security incidents, and providing recommendations to prevent future occurrences

Developed and implemented policies and procedures to ensure compliance with relevant regulations and standards, including ISO 27001 and NIST, reducing the risk of unauthorized access and mitigating potential data breaches

Prepared reports on GRC metrics for management and stakeholders

Assisted in the development and implementation of security awareness training programs, resulting in increased employee awareness and a 50% decrease in security incidents caused by human error

Conducted security audits and developed remediation plans to address vulnerabilities and control weaknesses.

Gaps are due to relocation, having my kids, while taking my associate degree and master’s, respectively.

Compliance Analyst

Intercontinental Bank PLC - Lagos, Nigeria Jul 2007 - Dec 2011

Monitored implementation of a new GRC framework, resulting in improved compliance and 20% reduced risk exposure

Ensured compliance with banking regulations and internal policies

Conducted risk and security assessments, implemented security controls to mitigate risk and vulnerabilities

Conducted regular vulnerability assessments and penetration testing to identify system weaknesses and recommend appropriate remediation measures

Assisted in the development and implementation of incident response plans and ensured swift and effective responses to security incidents

Coordinated and collaborated with legal and compliance teams to ensure adherence to privacy regulations and compliance with regulatory requirements, such as NIBSS-NIP

Provided guidance and support to internal teams on GRC matters, including security incident response and disaster recovery planning

Prepared and presented compliance reports to management, highlighting areas of improvement and providing recommendations for risk mitigation

Collaborated with cross-functional teams to design and deliver customized training programs on risk awareness, regulatory compliance, and information security to educate employees on best practices and reduce security incidents.

EDUCATION

Master of Science in Human Services - Kaplan University – Davenport, Iowa

Bachelor of Science in Mass Communication - Ahmadu Bello University - Zaria, Nigeria

Associate of Arts in Marketing - West Los Angeles College – Los Angeles, California

Contact this candidate