Cathy Noelle Wanda K.
Hyattsville,MD
Summary
Detail-focused Governance, Compliance and Risk Analyst with expertise in drafting and distributing organizational policies that adhere to sound practices and government mandates. Demonstrated success in handling practice frameworks and compliance issues to meet all controls guidance mandates over the course of 8 years. Possesses mastery of complex SOX, SOC 1 and 2, NIST 800 Framework, HIPAA, IS0 27001, RMF, GRC Tools, PCI DSS and other compliance guidelines, ensuring the implementation of policies. Specializes in certification processes, optimizing controls, and generating best practices.
Overview
11
11
years of professional experience
4
4
years of post-secondary education
3
3
Certifications
Work History
Senior Internal Controls Analyst
NESTLE USA
12.2022 - Current
- Reduce the segregation of duties (SOD) conflicts for RBAC and non-RBAC related roles
- Approved role requests for users including highly sensitive roles based on risks and least privilege principle through the LORA system
- Investigated SAP “Did Do” Alerts, followed-up with Line Managers and closed system alerts after obtaining sufficient appropriate evidence
- Reduced the closure of alerts as False Positives, implementing system enhancements wherever possible
- Performed 100% compensating Controls for all SOD conflicts within the US market
- Process lead for access controls, implementing Data cleansing for roles wherever necessary
- Reviewed highly sensitive roles allocated to users on a yearly basis
- Reviewed vacant positions with assigned roles, and users outside the US with access to US roles/baskets, users from the US with roles/baskets outside the US, and PRAM-delimited roles assigned to users, recommending improvement actions
- Implemented smart control optimization wherever possible in SAP to eliminate possibility of SOD violation
- Ensured SOD-free environment for new businesses migrating to SAP, with the least possible restrictions through derogation
- Obtained 100% derogation wherever exceptions are noted.
GRC Analyst
PRIMUS CLOUD SOLUTIONS INC. (US based Information Technology & Services Company)
06.2019 - 11.2022
- Conducted comprehensive risk assessments, identifying potential risks and vulnerabilities
- Developed strategies to mitigate risks across the organization
- Implemented and maintained the GRC framework, policies, procedures, and tools for the organization
- Conducted risk assessments utilizing industry standards like GDPR, ISO 27000, NIST CSF, PCI DSS compliance
- Review documentation like SOC 2 reports, ISO 27000 certificates, information security policies, vulnerability scan reports, Pentest reports
- Facilitated compliance activities, managed audit preparation and evidence collection
- Provided security awareness and compliance training to relevant stakeholders across the organization
- Highly skilled and experienced risk analyst, managed Risk and Controls Self-Assessment (RCSA) process end-to-end
- Analyzed and suggested improvements for security/IT controls in both design and operation effectiveness
- Periodically reviewed and monitored risks with various stakeholders
- Developed and managed Plans of Actions and Milestones POAM), to address identified risks and ensure timely mitigation
- Assisted in the design and implementation of security controls including access management, segregation of duties and monitoring mechanisms
- Performed ad-hoc audits of company policies and processes and provided recommendations on process improvement actions
- Stayed updated on the latest trends, developments, and best practices in the GRC domain, providing insights and recommendations to the organization.
Risk & Controls Analyst
DIAGEO (British Alcoholic Beverage Company)
08.2015 - 02.2018
- Led risk brainstorming sessions with process owners for various functions and projects and closely monitored mitigation actions with stakeholders, for timely implementation
- 100% timely completion of internal audits following a risk-based approach, conducted testing, documented, and communicated findings to Senior Management
- 100% timely completion of company’s Code of Business Conduct induction to new joiners and business partners to raise awareness and promote a compliance culture with company policies
- Followed up on Gift and Entertainment (Anti - Corruption) reviews with 100% of all issues identified communicated to teams, together with learnings, in a timely manner
- Implemented the KYBP (Know Your Business Partner Program) in-market in line with AML policies and procedures
- Performed due diligence on third parties across various domains such as Privacy, Operational, reputational, Country risk, Business Continuity, Technology and Financial risks
- Conducted risk assessments, categorization and review of Third Parties in line with AML guidelines
- Effectively planned and followed up on issues raised from external audits, leading to 100% timely implementation of remediation actions
- Increased closure rate from 60% to 90% in 6 months of all Governance and Risk Management Committee open actions
- Embedded a risk management culture in functions; with 100% of assigned functions having a risk footprint in place and reviews conducted on a regular basis
- Effectively implemented the company’s internal control process from scoping, mapping, design assessment to remediation of controls in-market, building from the global guidelines from the parent company’s controls and risk management framework.
Controls & Risk Assistant
DIAGEO (British Alcoholic Beverage Company)
10.2014 - 07.2015
- Worked closely with the Finance team leading to improved satisfactory ratings on Finance controls to 90%; overall, 10% increase in three months
- Effectively reviewed and communicated monthly functional control checklists for all departments which created a robust control environment by reducing the risk from 80% to 98% manageable in six months
- Improved timely implementation of audit recommendations to 90% from 80% within one year
- Planned and effectively rolled out training on company’s internal controls process (CARM) that greatly improved the quality of the internal audit process.
Risk & Controls Intern
DIAGEO (British Alcoholic Beverage Company)
04.2014 - 09.2014
- Robust follow up of various internal and external audit recommendations leading to an overall timely completion rate of at least 80% on all audit actions
- Developed and discussed audit findings from ad-hoc spot checks of various business processes, recommending improvement actions to senior management and monitored the implementation of agreed actions
- Reviewed various functional checklists, ensuring overall improvement on problematic internal controls across the organization
- Increased timely completion of governance and risk management actions by closely following up with stakeholders, including senior managers and company executives.
Education
BSc. in Applied Accounting (Hons.) -
Oxford Brookes University
09.2014 - 09.2018
Skills
Shell scripting
Internal and external auditing
Breach Management and Response
Vulnerability Management
Audit reporting
Fraud detection and prevention
Leadership
Teamwork
Compliance audits
SOC 1, SOC 2 Audits
Performance audits
Project Management
Time Management
Detail Oriented
Exceptional Communicator
OneTrust
ServiceNow
Venminder
Jira
BitSight
PowerBI
MySQL
IAM
CyberGRX
Process Unity
ZenGRC
GRC Archer
SharePoint
SAP
AWS
Linux
Interos
Rapid Ratings
Dun & Bradstreet
KnowBe4
Coupa
Microsoft Office 365
Docker
Ubuntu
Certification
Member - Association of Chartered Certified Accountants (ACCA), UK
Languages
Fluent in English and French
Timeline
Senior Internal Controls Analyst
NESTLE USA
12.2022 - Current
GRC Analyst
PRIMUS CLOUD SOLUTIONS INC. (US based Information Technology & Services Company)
06.2019 - 11.2022
Risk & Controls Analyst
DIAGEO (British Alcoholic Beverage Company)
08.2015 - 02.2018
Controls & Risk Assistant
DIAGEO (British Alcoholic Beverage Company)
10.2014 - 07.2015
BSc. in Applied Accounting (Hons.) -
Oxford Brookes University
09.2014 - 09.2018
Risk & Controls Intern
DIAGEO (British Alcoholic Beverage Company)
04.2014 - 09.2014
Similar Profiles
Jacob SmithJacob Smith
UHT Operator at Nestle USAUHT Operator at Nestle USA
VICTORIA BLOOMVICTORIA BLOOM
Field Sales Representative at Nestle USAField Sales Representative at Nestle USA
Marie GomezMarie Gomez
Machine Operator Technician at Nestle USAMachine Operator Technician at Nestle USA