Risk Management Compliance Analyst
Resume:
Sean F. O’Connor, CISSP
Cybersecurity Engineer, GRC Technical Writer
Seattle, WA *************@*******.*** 206-***-**** LinkedIn: linkedin.com/in/sean-o-connor-cissp-745ab15/ SUMMARY
Cybersecurity, Audit and GRC technical writing professional with 20+ years of experience in GRC and 15+ years in Cybersecurity. Expertise in risk assessments, security governance, IT auditing, and compliance with global IT/OT security frameworks (ISO 27000, NIST, CIS, PCI-DSS, SOC2, HIPAA, SOX). Adept at designing and implementing security programs to protect digital assets, system security plans, writing enterprise security policies and procedures, creating presentations and reports for executive management to detail regulatory compliance and security risks across diverse industries.
● Certifications: CISSP CISA CISM (exam passed)
● Industries Served: Healthcare, Biotech, Manufacturing, Software, Telecom, Finance, Gaming, Government
● Seeking: Full-Time Contract Consulting Roles EXPERIENCE
Cyber Security Engineer
RedCloud Consulting Google Data Centers June 2024 – Feb 2025 Seattle, WA (Hybrid)
● Developed and implemented a cyber risk management program of Google Data Centers aligned with Google’s Enterprise Risk Management framework, incorporating the latest security trends.
● Led technical risk assessments of IT and OT systems and networks, defined mitigation strategies, wrote policies/standards/procedures to implement controls, and ensured business alignment.
● Tracked risk mitigation progress and resolved technical and organizational roadblocks
● Crafted reports of and presentations of security risk findings and recommended solutions to senior leadership for acceptance.
Page 1
Key Skills: Technical Writing IT Compliance Cyber Risk Management Enterprise Risk Management NIST Frameworks (SP 800-53r5, SP 800-82r3, SP 800-37) IT Security Assessments Security Controls Policy Development Senior Security Consultant
CORTAC Group Mar 2022 – Mar 2024 Seattle, WA (Remote)
● Lead projects to implement Government and customer security requirements per contracts, program protection plans, and NIST and ISO standards.
● Conducted risk assessments and threat modeling to identify security gaps.
● Coordinating with executives, engineers, and analysts on implementing security and compliance solutions to protect CUI.
● Created and implemented customized security policies, system security plans, procedures, and risk management frameworks to codify compliance for all levels of management.
Key Skills: IT Compliance Security Architecture NIST SP 800-171r2 Cloud Security Risk Mitigation Policy Development Technical Writing Information Security Consultant (Contract)
Signet Jewelers Dec 2021 – Jan 2022 Seattle, WA (Remote)
● Crafted third-party risk management (TPRM) policies and frameworks.
● Reviewed vendor security ratings and recommended best practices. Key Skills: Technical Writing Security Policy Development Third Party Risk Management Compliance Analysis
Information Security Consultant (Contract)
Cytokinetics May 2021 – Oct 2021 Remote
● Managed and optimized the Prevalent vendor risk management program to identify and mitigate third-party security risks.
● Consulted on security tool deployments, including Okta, Secret Server, Deepwatch, and Rapid7.
Key Skills: Vendor Risk IT Compliance Cybersecurity Strategy Incident Management Page 2
Director of Security
Ziply Fiber Mar 2020 – Apr 2021 Kirkland, WA
● Designed and led cyber and physical security programs to protect the digital and physical assets of a regional telecommunications provider.
● Execute incident response investigations for cyber and physical security incidents.
● Implemented PCI-DSS compliance, end-point protection, data loss prevention, incident response, and vulnerability management programs.
● Led security technology procurement and implemented CrowdStrike, Forcepoint DLP, and Microsoft Defender.
Key Skills: Cybersecurity Management Cybersecurity Operations Incident Response PCI-DSS Compliance EDR deployment Data Loss Prevention Physical Security Operations Chief Information Security Officer (CISO)
Maana, Inc. Dec 2018 – Jan 2020 Bellevue, WA
● Designed and implemented a company-wide cybersecurity governance program and system security plan for an Azure hosted system.
● Led SOC2 Type II compliance, from gap analysis, to control design and implementation/codification, to testing and monitoring.
● Executed contract security reviews, and cloud vulnerability management.
● Managed customer security and external auditor inquiries and concerns.
● Operated cloud IAM, SAST/DAST, cloud security monitoring, and risk assessments. Key Skills: SOC2 Compliance Cloud Security IT Governance Software Testing & Security Security & Compliance Consultant (Contract Roles at Various Companies) Apr 2012 – Sep 2018 Seattle, WA (Hybrid)
Clients Included: Teleion Consulting, Puget Sound Energy, Whitepages, Juno Therapeutics, Wizards of the Coast, Millman, Inc.
● Conducted SOC2 Type II readiness audits, PCI-DSS, SOx, and IT general control
(ITGC) testing.
● Led the implementation of an ISMS per ISO/IEC 27001 per the Accenture framework
● Implemented PCI-DSS and ISO 27002 controls for compliance programs. Page 3
● Performed vulnerability assessments and risk evaluations for enterprise clients.
● Conducted contract security reviews and third-party risk assessments. Key Skills: IT Governance IT Audit Security Assessments SOC2 ISO 27001, ISO 27002 PCI-DSS Sarbanes Oxley Risk Remediation Third Party Risk Management Security Requirements in contracts Vulnerability Management Policy Development Senior Security Analyst/Manager
UW Medicine June 2008 – March 2012 Seattle, WA
● Resolved security incidents
● Performed risk assessments for hospital departments and IT system owners
● Developed policies and procedures to comply with UW regulations and HIPAA/HITECH
● Principal developer of the cloud computing security strategy for users and departments
● Led a team of 8 security analysts
Key Skills: Risk Management Compliance Remediation Incident Management Policy Development
Senior IT Auditor
University of Washington Sep 2005 – Jun 2008 Seattle, WA
● Led IT audits of campus and medical center IT systems, including HIPAA, GLBA, and PCI compliance.
● Conducted risk assessments and security control testing. Key Skills: IT Audit Compliance Testing Risk Mitigation Report Writing Policy Development Education & Certifications
Bachelor of Science – Industrial Engineering Technology University of Idaho
Computer Science Henry Cogswell College (1998-1999)
US Army Officer Training – Armor School, Fort Knox
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM) exam passed 2015
Commissioned US Army Officer, 1994
Page 4
Technical Skills & Security Frameworks
Risk Management & IT Audit: NIST SP 800-53, NIST CSF, ISO 27001, ISO 27002, COBIT, CIS, ITGC, SOX 404
Compliance & Governance: SOC2, PCI-DSS, HIPAA/HITECH, GDPR, ITIL, ISMS
Security Tools & Platforms: CrowdStrike, Okta, Microsoft Defender, Rapid7, Proliant, Veracode, Lenel, Secret Server
Cloud Security & Infrastructure: Microsoft Azure, Secure SDLC, Incident Response Why Hire Me?
24+ years of expertise in Cybersecurity Risk Management & IT Audit
Hands-on & strategic experience across multiple industries
Certified & results-driven (CISSP, CISA)
Available for full-time, part-time, contract, or consulting roles
Contact: *************@*******.*** 206-***-**** LinkedIn: https://www.linkedin.com/in/sean-o-connor-cissp-745ab15/ Page 5
Contact this candidate