• Conduct comprehensive risk assessments to identify potential hazards and vulnerabilities within the center's operations and facilities.• Develops and updates Standard Operating Procedures (SOPs), System Security Plans (SSPs), and other policies to ensure alignment with industry standards and regulatory requirements.• Ensuring that all risk management policies and procedures adhere to Department of Labor (DOL) regulations, maintaining a proactive stance on compliance.• Establishing systems for incident reporting, conduct thorough analyses of incidents, and recommend corrective actions plans to prevent future occurrences.• Proactively identifying areas for improvement in risk mitigation strategies and recommend enhancements to existing processes, fostering a culture of continuous improvement.• Ensuring that policies, standards, and procedures is reviewed, relevant and updated.• Supervise all aspects of departmental audit processes, including SOC 2 Type 2, SOC 2 Type 1, and future compliance frameworks.• Gathering technical evidence and artifact requirements and communicate with relevant parties of ongoing compliance requirements.• Ensuring adequate and timely resolution to all internal and external audit and risk assessment findings/issues.• Provides support on regulatory and compliance initiatives.• Coordinates and perform IT risk-based audits to identify control gaps and areas for improvement.

• Executed day-to-day deliverables that support the ongoing compliance needs as well as any new regulatory requirements.• Executed ITGCs and IT Application controls (ITAC) testing, determining design appropriateness and operating effectiveness of controls.• Participated in the evaluation and risk assessment of business and IT processes, to identify risks and development recommendations for remediation.• Performed compliance IT audits in accordance with COSO and COBIT internal control framework.• Participated in all phases of IT audit process from planning, fieldwork, reporting and follow-up if required based on the result of the audit work.• Performed SDLC pre and post implementation reviews, identify control deficiencies and provide recommendations to fix it. • Conducted Business Continuity and Disaster Recovery audit.• Identified information, people, process, and technology risks and weaknesses.• Conducted assessment of the security and privacy controls to determine the overall effectiveness of the controls and the vulnerability state of components, applications and databases residing within the system boundary. • Liaised with statutory auditors for compliance audits, corporate internal audit team, and IT management throughout the annual compliance life cycle.• Planned and led IT complex Controls in areas of system development, information security, change management, business continuity, and disaster recovery. • Identified and communicated control weaknesses, proposes remediation possibilities, and reaches agreement in a timely manner with Management, taking into consideration the wholistic impact to the business and root cause.• Developed strategies, tools, and methodologies to measure, monitor, and report risks.

• Conducted periodic reviews of the Third-party risk management programs to identify areas for improvement and help ensure alignment with key business risks, regulatory requirements, and industry frameworks; revised program documentation as required.• Partnered with 3rd parties to acquire applicable due diligence material relating to service(s) being provided.• Reviewed due diligence material (policies and procedures, audit reports, certifications, BCP results, network scans, vulnerability assessments, etc.)• Conducted vulnerability assessments on the organization's infrastructure with Nexpose in configuring and running scans, analyzing scan results, prioritizing vulnerabilities based on risk, and tracking remediation efforts.• Reported findings and issues to all leadership levels within the organization.• Effectively tracked inherent risk and residual risk; established repeatable and sustainable processes around risk management of third parties/suppliers to reduce the overall enterprise risk exposure.• Conducted a comprehensive assessment of third parties’ security controls and practices.• Performed pre-contract due diligence review and post-contract ongoing monitoring activities based on specific third-party risk profile, country, and business requirements.• Performed gap analyses on various third parties and risk program standards to improve the business control environment, identify weak or broken controls and recommend ways to fix and strengthen controls.• Analyzed evidence and processes to assess controls enforced at third parties.• Performed audit of IT general and application controls, information security, system development, change management, business continuity, disaster recovery and computer operations.