Summary
Experience
Senior GRC AnalystSalesforce
- Led SOC 2 Type 2 audits for 5+ product lines, reducing audit findings by 30% through proactive control implementation and evidence collection.
- Developed and managed the enterprise risk register, identifying 75+ critical risks and implementing mitigation strategies that decreased overall risk exposure by 25%.
- Automated compliance reporting processes using ServiceNow GRC, cutting weekly reporting time by 15 hours and improving data accuracy by 90%.
- Authored and updated 10+ security policies and standards aligned with NIST CSF, ensuring compliance across 3000+ employees.
- Conducted 20+ vendor security assessments annually, ensuring third-party compliance with internal security requirements and reducing supply chain risk.
GRC AnalystCisco
- Supported HIPAA and GDPR compliance initiatives for cloud services, contributing to a 100% successful external audit rate for regulated products.
- Assisted in the design and implementation of security controls, resulting in a 15% improvement in vulnerability remediation rates.
- Maintained security awareness training for 5000+ employees, achieving a 95% completion rate and a 10% reduction in phishing incident reports.
- Performed quarterly internal audits of critical infrastructure, identifying and documenting 25+ control gaps and recommending remediation actions.
Projects
GRC Policy Generator
- Developed a Python script to automate the generation of security policies based on customizable templates and regulatory inputs, reducing manual effort by 40%.
- Integrated with a local database of NIST and ISO 27001 control objectives to ensure policy alignment and coverage.
- Created user-friendly interface for non-technical users to quickly create compliant documentation.
Open-Source Risk Register Tool
- Designed and implemented a web-based application using Flask and PostgreSQL for managing an open-source risk register, tracking 50+ unique risks.
- Enabled customizable risk scoring methodologies (likelihood x impact) and visualized risk posture through interactive dashboards.
- Facilitated better risk communication by allowing collaborative input and status updates from multiple stakeholders.
Cloud Security Benchmark Audits
- Performing regular automated security configuration audits against AWS accounts using custom scripts and open-source tools (e.g., Prowler, ScoutSuite).
- Identifying and reporting on misconfigurations and non-compliant resources to enhance cloud security posture.
- Developing remediation playbooks for common findings, contributing to a more secure cloud environment.
Education
University of California, BerkeleyB.S. in Cybersecurity & Privacy
- Graduated Cum Laude with a GPA of 3.7/4.0.
- Relevant coursework included Information Security Management, Network Security, and Cryptography.
- Participated in the Cyber Defense Club, securing 3rd place in the regional collegiate competition.
Skills
GRC Frameworks
NIST CSFISO 27001SOC 2HIPAAGDPRPCI DSSSOX
Risk Management
Enterprise Risk ManagementThird-Party Risk ManagementSecurity AssessmentVulnerability ManagementBusiness Continuity Planning
Compliance Tools
ServiceNow GRCArcherLogicManagerJiraConfluence
Security Controls
Access ControlData Loss PreventionIncident ResponseSecurity ArchitectureCloud Security (AWS, Azure)
Audit & Reporting
Internal AuditExternal Audit LiaisonCompliance ReportingPolicy DevelopmentRemediation Planning