Providing bespoke GRC resources and professional services for clients ranging from 100 employees to over 20,000, in industries ranging from commercial banking to aerospace and defense, from companies founded barely a year ago to 50-year industry stalwarts.I specialize in third-party risk management, security policy management and architecture, and control-based risk assessments.

- Create and manage a Third Party Risk Management Process to classify third parties based on quantitative and qualitative risk aspects and assess third party relationships based on relevant controls.- Write all security-centric documentation and assist non-security stakeholders with relevant technical writing, and manage the lifecycle of all corporate information security policies.- Lead documentation deployment initiative to have security policies more effectively encapsulate global requirements and work with stakeholders in the EMEA and APAC regions to create and manage localized policies, including translation efforts.- Re-design Change Management process and participate on the Change Advisory Board.- Design and utilize sophisticated manual control-tracking documents to prepare the organization for CMMC Level 3 attestation.- Perform access recertification efforts for key systems.- Provide insight into contracts with external firms to protect the company from liability related to information security obligations.- Member of Diversity, Equity, and Inclusion Committee.

- Manage tactical and strategic Third-Party Risk Management initiatives. o Design and enhance review and assessment processes, including supply chain, business risk, and reporting metrics. o Create and update existing documentation to reflect business demands. o Manually track over 300 vendors, performing over 250 assessments in 2019- Develop new assessment methodologies to properly capture risks affecting the organization as it transitions from manual processes to automated ones.- Conduct data governance review tasks to track information flow.- Provide continuous process improvements to risk-related efforts by independently identifying new strategies.- Increase departmental transparency by engaging and educating key stakeholders about leading risk management practices.- Create and maintain removable storage asset inventory to track asset deployment and disposal.- Perform audit and compliance readiness tasks, including writing and revising technical documentation and control validation and for regulations such as FISMA (including NIST SP800-53r4), PCI, HIPAA, and SAFETY Act

- Conducted on-site assessment of key vendor to assess and analyze security posture, focusing on disaster recovery and physical security.- Performed back-end risk analysis of key vendors to identify risks and build metrics to track remediation efforts.- Developed risk scoring methodology to rate vendors based on unique security posture compared to the business.- Enhanced IT Security Controls program by conducting a mapping exercise of NIST SP 800-53 r4 to identify gaps in the internal IT security control library.- Performed risk analyses of SIG questionnaires to identify business and technical risks to the organization and work with stakeholders to determine appropriate actions.- Managed SOX compliance processes relating to access management to validate that ITGCs are effectively implemented and present evidence to key stakeholders, including internal and external auditors.- Designed a Policy Architecture to further mature the organization’s documentation structure.- Developed technical documentation such as guidelines and SOPs to supplement IT controls and processes.- Created observation repository of vendor risks to streamline processes and add consistency to reports.- Performed software reviews of ticket requests as the Information Security approver to validate business case and identify potential risks to the organization.

- Performed IT risk assessments based on NIST SP800-53 r4 and ISO 27001/27002 frameworks to identify security gaps within the healthcare and financial sectors.- Conducted third party vendor assessments of IT security controls and present executive summary reports to project stakeholders.- Participated in conducting PCI readiness assessments for validating that adequate controls, such as those related to developing and maintaining secure systems and applications (SDLC) are in place. - Developed objective risk scoring methodologies based on ISO 27001/27002 gap analyses to categorize vulnerability severity and prioritize remediation projects.- Performed mapping exercises using NIST SP800-53 r4, ISO 27002, and HIPAA controls for clients.- Built questionnaires based on NIST SP800-53 r4 to facilitate information gathering during assessments.- Revised drafts of IT security policies, standards, and procedures to meet regulatory, corporate, and customer requirements.- Assisted in creating Data Loss Prevention (DLP) training material presented to first time system users. - Created technical documentation such as policies and SOPs, as well as review technical documents like SSAE16 and SOC2.

- Created and managed social media platforms and email to engage a wider customer base.- Helped streamline menu and customer flow for customers, as well as fixed inconsistencies within the store and website.- Assisted in designing promotions and advertisements for additional family-owned businesses.

- Led the Bacterial Cellulose Synthase project and performed all experimental duties, including making competent cells, transformation, and data logging.- Helped found GEARs as a fully student-run organization, and learned laboratory management and maintenance skills.- Competed in the 2011 and 2012 International Genetically Engineered Machine symposium, earning bronze in 2011 and gold in 2012.- Promoted from Laboratory Technician in January 2012.- Worked in the lab of Dr. Andrew Vershon in the Waksman Institute of Microbiology.

- Assisted in gathering final physical data by performing and using various lab techniques and equipment, such as perfusions and cryostats.Literature - Sokolowski K, Morrel-Falluel A, Zhou X, DiCicco-Bloom E. Methylmercury (MeHg) elicits mitochondrial-dependent apoptosis in developing hippocampus and acts at low exposures. (Neurotoxicity, October 2011)