Khang T. Email and Phone Number

Lead the ISO 27001 compliance and certification program for Enterprise IT organization.- Supervise team of Compliance analysts performing ISO 27001 security control compliance, audit execution, and issue remediation. - Implement programs to expanse ISO security compliance scope across IT and business units.Establish CMMC compliance program for government businesses.- Implement NIST 800-171 security control framework.- Coordinate CMMC compliance process, document templates and assessment procedures.Manage GRC technology enablement group for Cybersecurity team.- Lead the deployment of ServiceNow IRM application to automate policy, risk and control management process.- Participate in planning and strategy for security GRC tooling.

- Proven leader and technical subject matter expert in the IT Audit organization through leading complex IT risk, compliance, and security reviews. Expertise in assessing control compliance across application security, business operations, cloud environment, cybersecurity, and IT infrastructure. - Demonstrated strong project management, executive communication and report writing skills. Experienced with presenting audit results and coordinating issue remediation effort with Executive, VP and Director level management.- Led teams of staff and senior in executing control testing, delegating tasks, and providing performance feedback. - Planned, delegated, and executed annual IT SOX risk assessment and control testing between internal business stakeholders and external auditors.- Experienced with technical security tools and processes, such as firewall configuration, identity access governance, data loss prevention, vulnerability scanning and reporting.- Strong expertise in ERP, financial and manufacturing application controls (SAP, JDE, BPCS, Hyperion Financial) with hands-on experience navigating through application transactions, menus, or commands to get the data required for control testing. - Proficient in sequel query writing and system configurations for back-end databases such as Oracle, Microsoft SQL, DB2 and AS400. Familiar with reading and writing programing script (Java, Visual Basic) and OS command line (UNIX, Windows PowerShell).

- Led the implementation of ServiceNow GRC/IRM solutions, including working with key business stakeholders from Audit, Security, Privacy and Compliance to gather requirements, design technical specifications, develop and deliver end products. - Proficient in end-to-end ServiceNow software development process, including application configuration, Java script writing, report/dashboard creation, and moving change packages across environments.- Expertise in collaborating with security, risk, and compliance functions across Medtronic to translate IT compliance requirements into risk and control frameworks. - Facilitated functional design of ServiceNow GRC/IRM application to accommodate various IT compliance frameworks (NIST 800-53, ISO 27001, GDPR, HIPAA, SOX, COBIT). Developed and implemented end-to-end risk assessment and control testing process.- Acquired strong working knowledge of key ServiceNow GRC/IRM modules: Policy & Compliance, Audit Management, Risk Management, SOX, and Advanced Risk Management. Experienced “citizen developer” working with low-code development, script writing, job scheduling and dashboard creation.

-Led audit and security risk assessment projects with responsibility of planning staff resource, budget, project timeline and execution from start to end. - Designed and implemented tests to evaluate effectiveness of the control activities surrounding IT applications and infrastructures in compliance with the Sarbanes-Oxley Act (SOX) or other internal control requirements/regulations. - Specialized in technical SAP security audit with more than 4 years of experience reviewing ABAP systems role configurations, SAP GRC security rulesets, and transport change management process.- Performed external control assessment for SOC 2 report, including execution of test plans, management reporting and response gathering.

- Database administration and report generation for client portfolios.- Migrated company database from Microsoft Access to Sequel Server. Proficient in sequel queries.

- Provided IT help desk support for faculty and staff.