Summary
Overview
Work History
Education
Timeline
Generic

Chan G. Im

Henderson,NV

Summary

Product Compliance and Security Risk Leader with extensive experience driving global regulatory programs across complex cloud environments. Proven success integrating compliance requirements into the product lifecycle and delivering certifications across SOC, ISO 27001, PCI, C5, IRAP, ENS, and ISMAP to enable market expansion and reduce regulatory risk. Skilled at leading cross-functional initiatives across engineering, legal, and product teams to operationalize scalable governance and strengthen global compliance posture.

Overview

9
9
years of professional experience

Work History

Security GRC Senior Lead

Salesforce
Henderson, NV
12.2021 - Current
  • Led global product compliance programs, achieving 100% on-time certification issuance across SOC, PCI, ISO 27001, C5, IRAP, ENS, ISMAP, and CSP Safety, by integrating regulatory requirements into product lifecycle governance and coordinating cross-functional execution across engineering, legal, and product teams.
  • Accelerated international market expansion, reducing certification readiness timelines by 15%, by executing control mapping between centralized control frameworks and country-specific regulatory standards (e.g., ISMAP, IRAP, TX-RAMP) to support global regulatory entry requirements.
  • Improved audit and compliance operational efficiency by 20%, by implementing structured compliance artifact automation and standardized evidence collection processes across multiple Salesforce cloud products.
  • Operationalized regulatory risk management at the product level, safeguarding Annual Contract Value (ACV) and Annual Order Value (AOV), by embedding compliance requirements into product development workflows and proactively mitigating regulatory exposure prior to external assessments.
  • Directed cross-functional compliance execution across 2–10 analysts and consultants, increasing delivery predictability and stakeholder satisfaction scores, by implementing program governance structures, milestone tracking, and risk escalation mechanisms.
  • Strengthened global regulatory posture, enabling product deployment in APAC and EMEA markets, by navigating country-specific data residency, privacy, and regulatory compliance requirements in collaboration with public sector and legal stakeholders.
  • Partnered with security engineering teams to operationalize technology risk controls, reducing audit findings to zero material exceptions, by aligning control implementation with external regulatory expectations and third-party assurance standards.

Senior Manager

Coalfire Systems
Seattle, WA
06.2017 - 12.2021
  • Delivered 200+ regulatory compliance engagements, improving client security posture maturity across SOC, PCI-DSS, HIPAA, HITRUST, ISO 27001, and FedRAMP, by leading risk assessments, control validation, and regulatory readiness programs.
  • Led 25+ multi-framework consolidated audit programs, reducing client audit fatigue and duplicative effort, by harmonizing control mappings across regulatory standards and implementing structured compliance program governance.
  • Advised executive stakeholders on regulatory risk exposure, improving remediation cycle time, by translating complex technical findings into actionable compliance roadmaps aligned with regulatory requirements.
  • Strengthened client control environments, reducing repeat audit findings year-over-year, by evaluating system architecture, security controls, and regulatory alignment against formal attestation criteria.
  • Enhanced enterprise-wide compliance visibility, by implementing structured reporting mechanisms that aligned regulatory requirements with technical control owners across distributed engineering organizations.

Director

Cloud Security Alliance
Redmond, WA
08.2017 - 09.2021
  • Oversaw local CSA chapter operations, coordinating monthly member meetings and contributing to global cloud compliance research.
  • Managed volunteer staff, tracked research deliverables, and ensured alignment to CSA’s mission of advancing cloud security best practices.

Security Analyst / Penetration Tester

NewSky Security
Redmond, WA
11.2016 - 06.2017
  • Conducted penetration testing of IoT devices, identifying vulnerabilities and providing remediation guidance.
  • Developed technical reports detailing security flaws, strengthening client device security and regulatory readiness.

Education

Master of Science - Information Management

University Of Washington
Seattle, WA
08.2021

Bachelor of Science - Informatics

University Of Washington
Seattle, WA
06.2017

Timeline

Security GRC Senior Lead

Salesforce
12.2021 - Current

Director

Cloud Security Alliance
08.2017 - 09.2021

Senior Manager

Coalfire Systems
06.2017 - 12.2021

Security Analyst / Penetration Tester

NewSky Security
11.2016 - 06.2017

Master of Science - Information Management

University Of Washington

Bachelor of Science - Informatics

University Of Washington

Similar Profiles

CREATE PROFILE