• Develop, update, and implement security policies, standards, and procedures for the organization in compliance with TPRM, PCI DSS, and ISO Frameworks. • Conduct security assessments, audits, and risk analyses to identify vulnerabilities and recommend appropriate security controls to mitigate risks, ensure compliance, and address non-compliance issues. • Coordinate with cross-functional teams to ensure compliance with various security frameworks, including PCI DSS, ISO, and NIST, resulting in a 15% reduction in compliance violations. • Monitor security-related events and incidents investigate and resolve them with key stakeholders and regulatory bodies. • Collaborate with IT and security teams to develop and implement access controls, security awareness, and employee training programs, reducing the risk of unauthorized data breaches by 20%. • Implement GRC software solutions to streamline and automate compliance and risk management processes. • Conduct Vendor due diligence assessment to ensure security standards, compliance, and reliability. • Map organization Information security controls with ISO 27001 Framework to identify gaps. • Develop an action plan based on gaps identified and prioritize the ones that require immediate action for different day milestones.

• Conducted IT control risk assessments, including reviewing organizational policies, standards, and procedures and advising on their adequacy, accuracy, and compliance with industry standards. • Ensured all Security Authorization documentation for assigned systems remained accurate and up to date continuously, including, but not limited to, correct and valid lists of assets (hardware/software), accurate boundary diagrams, accurate ports, protocols, etc. • Performed regular security and vulnerability assessments of IT Systems and applications, identifying vulnerabilities and recommending remediation measures, resulting in a 20% decrease in cybersecurity incidents. • Assisted in implementing a cloud security strategy, evaluating vendor risk, and ensuring compliance with relevant data privacy regulations (e.g., GDPR, PCI-DSS). • Compiled, wrote, updated, finalized, produced, and supported activities for IT Security Common Control Catalogs and related documentation, including security plans or other required documents. • Conducted regular audits and reviews of internal controls to ensure adherence to industry standards, resulting in a 20% reduction in audit findings. • Monitored and reported on compliance with internal policies and external regulations, achieving a 95% compliance rate. • Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational, and technical security controls adhere to NIST SP 800-53 standards.

• Conduct comprehensive risk assessments on third-party vendors, evaluating security controls, financial stability, and overall risk exposure.• Utilize ServiceNow to streamline TPRM processes, including risk assessments, due diligence, and vendor performance monitoring.• Collaborate with legal and compliance teams to ensure third-party contracts align with industry standards and regulatory requirements.• Collaborate in developing the organization's TPRM framework, including risk assessment methodologies, vendor categorization, and risk scoring models. • Contribute to negotiating vendor contracts, including robust security and compliance clauses.• Conduct regular vendor performance reviews to evaluate compliance with contractual obligations and service-level agreements.