Grc Security Engineer
Current• Certified the firm from scratch in ISO 27001, 27701, & 22301.• Prepared and managed audits, compliance assessments, and security due diligence questionnaires.• Developed and implemented policies, procedures, and standards to ensure compliance with industry regulations and legal requirements.• Ensured a mature vendor management program, including selection criteria based on risk factors.• Managed the firm’s Data classification and Data Loss Prevention programs to protect confidential and privileged information and safeguard against unauthorized access, modification, destruction, and disclosure.• Assisted in the review of security requirements in outside counsel guidelines and vendor contracts.• Collaborated with cross-functional teams to establish and maintain effective Governance, Risk, and Compliance processes and practices.• Conducted risk assessments to identify vulnerabilities and potential security threats.• Monitored and assessed security controls to mitigate risks and enhance data protection.• Participated in incident response and security incident investigations as required.• Ensured compliance with backup, logging, patching, anti-virus, audit, and technical remediation activities.• Identified opportunities, through policy-driven security practices, the Principle of Least Privilege (PoLP), Role Based Access Controls (RBAC) for applications, infrastructure, and business/practice groups to prevent excessive permissions and rights to the firm’s IT environment.• Managed security awareness activities to ensure training was completed in accordance with firm requirements.• Stayed up to date with relevant laws and regulations, ensuring the firm's adherence to compliance requirements.• Kept abreast of emerging trends and technologies in information security and GRC.• Acted as a subject matter expert in GRC matters, offering training and support to colleagues as needed.• Provided guidance and recommendations to management on security best practices.