• Working knowledge in compliance (SOX, HIPAA, PCI, GDPR, CCPA)• Assisted with writing, implementation, monitoring, and testing compliance policies and procedures.• ·Experience with (SOX, ISO 27001, PCI DSS, Nist 800-53) and state compliance implementations, certifications, and maintenance• ·Experience with GRC tools (Jira, Zen, Tenable, archer, and Service now)• Monitor, track, and report control implementations• Experience in all facets of integrated security governance, risk, and compliance management• Support with vendor risk management program by performing due diligence and ongoing monitoring• Assist with review and analysis of final assessments• Gather, analyze, and interpret security control evidence from third parties• ·Knowledge in reviewing SSAE 18, SOC (1,2,3) reports• Review standard Information gathering (SIG) assessment• Write reports, briefs and create presentations resulting from the third-party vendor assessments• Partner with procurement and Legal team members to ensure the requested vendor meets all guidelines and assist with drawing up vendor contract • redlining contracts, and ensuring security safeguards are met and protected • Escalate gap findings • Manage Vendor Risk Lifecycle activities to completion including vendor tiering, onboarding, continuous monitoring, and offboarding processes• Stay current with the latest changes to applicable regulatory standards and company procedures• Review, audit, and monitor reports related to consumer and client activities• Participate in the team’s preparation for internal audits• Articulate technical concepts to non-technical stakeholders and follow basic troubleshooting steps to resolve issues.

• Provided safety reports and data analysis to building managers to inform security processes• • Collaborated with external vendors to perform penetration tests on network devices, operating systems, and databases.• Working knowledge of the RMF Security Assessment and Authorization process• Developed risk assessment reports to identify threats and vulnerabilities.• ·Ability to capture and evaluate vulnerabilities, document, and report findings to include real-world criticality, and make recommendations for improvement• ·Experience in evaluating weakness findings and development of POA&M• experience with vulnerability scanning software (Qualys, Tenable Nessus,)• Clearly communicate threats, vulnerabilities, and risk information to stakeholders in executive management positions• Understanding of Risk Assessment Methodologies• Knowledge of scoring models CVSS and CCSS• Knowledge of vulnerability attack methods, exploit results, and attack chains• In-depth understanding of reviewing penetration results