GRC Professional

DANA BESSEY

Augusta, ME USA ****.*********@*****.***

SUMMARY

Result-oriented Senior Cybersecurity Audit and Compliance Lead with extensive expertise driving ISO 27001, HITRUST, HIPAA, SOC 2, and URAC certification initiatives while embedding robust ISMS and risk management practices across complex organizations. Proven track record in developing and implementing comprehensive security policies, controls, and procedures aligned with NIST and industry-leading frameworks, ensuring regulatory compliance, and operational resilience. Adept at leading third-party risk management, vendor assessments, and audit readiness programs, delivering actionable insights and mitigation strategies. Recognized for optimizing cybersecurity governance, enhancing process efficiency, and supporting enterprise-wide security awareness initiatives. Accomplished in leveraging technical and strategic leadership to elevate compliance posture and strengthen organizational trust.

CORE COMPETENCIES

Risk Analysis

Team Leadership

Decision Making

Strategic Planning

Process Improvement

Stakeholder Management

Problem Solving

Ethical Judgment

Audit Coordination

Client Engagement

Policy Development

Adaptability Flexibility

Attention Detail

Knowledge Sharing

Vendor Management

Communication Skills

Compliance Oversight

Resource Management

TECHNICAL COMPETENCIES

ISO 27001 HITRUST HIPAA SOC 2 NIST SP 800-53/171 NIST CSF NIST RMF Cybersecurity Framework PCI DSS Compliance AirWatch MDM SaaS Governance ERP Systems Risk Remediation Security Policy Security Awareness TISAX Compliance Claude AI ChatGPT Nano Banana Gemini

EXPERIENCE

Cyber Compliance Officer 09/2024 to Current

Syensqo Brussels Belgium

Led the organization's ISO 27001 compliance program, developing, implementing, and maintaining the Information Security Management System (ISMS) to achieve and sustain certification.

Established and enforced security controls, policies, and procedures aligned with ISO 27001 and industry best practices, ensuring consistent governance across ongoing and new projects.

Coordinated internal and external audit activities, collaborating with business and IT stakeholders to prepare for certification audits, respond to compliance inquiries, and facilitate continuous improvement.

Conducted ongoing cyber compliance assessments and risk monitoring, identifying gaps, recommending remediation actions, and driving process enhancements to improve security posture.

Supported business and customer cybersecurity engagements by responding to customer surveys, managing customer audit requests, and guiding IT Security Champions to strengthen platform security awareness, and compliance culture.

Sr. Information Security GRC Analyst 11/2022 to 09/2024

Certilytics Louisville, KY

Led and supported enterprise compliance audits, including HITRUST, HIPAA, SOC 2, and URAC, by coordinating evidence collection, ensuring audit readiness, and validating that submitted documentation met third-party auditor requirements.

Performed risk management and security assessments by identifying, evaluating, and prioritizing risks; recommending remediation strategies; and advising leadership on risk mitigation plans aligned with regulatory and framework requirements.

Developed, implemented, and maintained security policies, standards, and procedures using recognized frameworks and regulatory guidelines, while monitoring regulatory changes and aligning controls to protect the confidentiality, integrity, and availability of organizational data.

Managed client and third-party security review processes by assembling required documentation, drafting responses to security questionnaires, conducting vendor risk reviews, coordinating with control owners, and ensuring compliance obligations were met across business operations.

Senior Information Security Compliance Analyst 08/2018 to 11/2022

Kelley Drye & Warren LLP Washington, D.C.

Authored, implemented, and maintained information security policies, standards, and procedures aligned with recognized security frameworks and regulatory requirements, ensuring that security governance remained current and effective.

Identified and assessed regulatory and compliance changes impacting the firm's security posture, recommending updates to controls and documentation to maintain compliance, and reduce organizational risk.

Conducted vendor and third-party security risk assessments by evaluating vendor systems and interfaces, determining compliance scope, supporting onboarding activities, and ensuring appropriate controls over data access and technology resources.

Led and supported enterprise security compliance initiatives, including ISO 27001 certification, privacy program governance, SaaS provider oversight, vendor management, and firmwide security awareness training, to strengthen overall security maturity.

Senior AdaptiveGRC SME 01/2018 to 08/2018

C&F Loveland, CO

Leveraged advanced expertise in NIST and industry compliance frameworks to guide clients in developing, refining, and operationalizing governance, risk, and compliance (GRC) programs aligned with organizational and regulatory requirements.

Supported product enhancement initiatives by testing configurations in controlled environments, providing feedback for resiliency improvements, and contributing to ongoing product development and refinement.

Delivered client-facing GRC enablement and advisory services, including conducting solution demos, facilitating speaking engagements, providing hands-on guidance, and offering expert support throughout implementation and adoption.

Represented the organization at industry conferences and professional events, promoting product capabilities, strengthening client relationships, and positioning the platform as a trusted GRC solution.

IT Security Technical Consultant 10/2014 to 01/2018

Berry Dunn Accounting/Consulting Portland, ME

Served as a Governance, Risk, and Compliance (GRC) subject-matter expert, advising government and enterprise clients on the application and implementation of security frameworks, including NIST SP 800-53/171, NIST CSF, and NIST RMF.

Developed and reviewed information security policies, procedures, and security programs, ensuring alignment with regulatory requirements, legal obligations, and industry best practices to support the organizational security strategy.

Performed comprehensive information security and risk assessments, identifying control gaps, developing prioritized remediation roadmaps, and guiding stakeholders on risk mitigation aligned with business and IT objectives.

Supported business development efforts through proposal writing and the creation of deliverables for Requests for Proposals (RFPs), contributing to client engagement success and the growth of security consulting services.

Information Technology Manager 12/2009 to 08/2014

Day's Jewelers Waterville, ME

Managed and maintained IT infrastructure, including data processing, telecommunications, network equipment, and related software, ensuring security, availability, and operational efficiency across the organization.

Planned, recommended, and implemented IT solutions by assessing software, hardware, and communication systems to enhance organizational processes and support company objectives.

Directed technology resources and teams, including human, vendor, and financial assets, while providing training, guidance, and knowledge transfer to strengthen IT capabilities and performance.

Oversaw disaster recovery, risk, and change management initiatives, maintained PCI compliance, managed AirWatch Mobile Device Management, and ensured effective administration of enterprise systems, including C4W ERP.

EDUCATION

Mare Island Navy Electronics School — Electronics Training

Jan 1990 – Jan 1992

CERTIFICATIONS AND AWARDS

Certified CSF Practitioner HITRUST 12/2022

HITRUST Academy

Certified in Data Protection (CDP) Identity Management Institute 11/2022

Identity Management Institute

Certified Information Systems Security Professional (CISSP) 11/2017

Systems Security Certified Practitioner (SSCP) ISC2 03/2017

ISC2 SSCP

Navy Achievement Medal US Navy

#HRJ#b985850b-6292-42bc-9a62-9f724d313e5d#

Contact this candidate