. • Spearheaded audit readiness initiatives, achieving a 100% audit success rate by effectively identifying control owners and testing controls ahead of external audits.• Collaborated with external auditors, gathering and presenting audit artifacts to ensure compliance with requirements.• Developed and implemented Third-Party Risk Governance practices that reduced vendor risk exposure by 20%.• Partnered with stakeholders to oversee Third-Party Risk Management and mitigate identified risks.• Conducted control assessments, identifying vulnerabilities and providing remediation guidance, leading to a 15% reduction in high-risk findings.• Managed RFPs, RFIs, contracts, and security inquiries, partnering with Sales, Legal, and Customer Success teams. Streamlined the RFP and contract review process, reducing the time to respond to security inquiries by 30%.• Delivered assessment reports that highlighted key risks and proposed actionable remediation strategies, enhancing organizational security posture.• Created and reviewed security policies, standards, and procedures, ensuring adherence to global standards, HIPAA, and HITRUST frameworks.

. Coordinated a cross-functional team of subject matter experts to implement an automated risk evaluation process within the Technology GRC Platform, employing Agile methodology for efficient execution.. Identified and enacted operational enhancements within the technology GRC platform to streamline processes, leading to significant efficiency gains for the business line.. Served as a subject matter expert in GRC, offering guidance on regulations, best practices, and procedural development, while also facilitating training and communication of new policies to support technology initiatives.. Provided oversight for Technology & Operations findings, ensuring compliance with service-level agreements through proactive engagement strategies, resulting in a notable decrease in past-due findings disposition.. Established a governance oversight program for quality assurance and control environment within the business line through collaborative efforts across organizational functions.

. Conducted annual risk assessments of both internally and vendor-hosted systems.. Collaborated with third-party entities to evaluate Requests for Proposals (RFPs), Contracts, and overall risk assessments associated with the vendor life cycle.. Managed enterprise procurement contracts, including vendor onboarding and contract redlining.. Produced comprehensive Risk Reports for business and IT stakeholders, effectively quantifying the potential impact and likelihood of data compromise identified during the risk review process.. Presented risk-driven metrics to stakeholders, covering areas such as risk acceptance/mitigation, third-party risk assessment, risks within Lines of Business linked to third-party engagements, and regulatory compliance risk.. Provided consultancy services on internal projects and initiatives as a Security Subject Matter Expert, offering project requirements and security control recommendations to various business units and IT departments.