Vice President Of Governance Risk And Compliance (Grc)
As the lead for strategic governance, risk, and compliance (GRC) initiatives and cybersecurity projects, I played a fundamental role in enhancing the company's governance program, managing technical risks, and ensuring compliance with industry regulations. Collaborating closely with executive management and senior stakeholders throughout the organization, I led large-scale efforts to address cybersecurity, risk, and compliance issues. In my role as Cybersecurity and Technology team lead, I maintained a high level of engagement with key stakeholders to drive successful outcomes.• Created and updated a comprehensive security plan that documented all internal requirements for meeting the company's security and privacy needs.• Assessed risks and established security standards, procedures, and controls to effectively manage those risks. Enhanced the organization's security posture by implementing process improvements, policies, automation, and ongoing monitoring of capabilities.• Conducted incident assessments, vulnerability management activities, scans for patching status and secure baselines, and tests for penetration, phishing, and social engineering attacks.• Oversaw relationships with third, fourth, and Nth party vendors and addressed risks associated with the organization's primary business systems.• Took ownership of the GRC process, overseeing the automation of GRC tools and leading the annual assessment of vendors. Coordinated efforts to obtain completed security questionnaires, including SOC2 reports, as required.• Planned and conducted regular assessments and tests to evaluate the effectiveness and efficiency of controls, and generated comprehensive GRC reports for presentation to the CEO/COO and Oversight Board.