Summary
Overview
Work History
Education
Skills
Certification
Affiliations
TOOLS
Timeline
Generic

EMMANUEL CHE

BOSTON,USA

Summary

IT Risk & Compliance Analyst with over 5 years of experience in information security, risk management, and audit. Skilled in developing IT risk management programs and ensuring compliance with GRC regulations. Proven track record in assessing compliance and providing best practice guidance. Strong analytical skills and ability to communicate complex data insights effectively.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Senior Infosec Compliance Analyst

Quanterix Corporation
Billerica, MA
04.2024 - Current
  • Ensured Compliance: Analyzed management and technical controls, validating secure configurations.
  • Mapped Requirements: Identified overlaps and improved compliance efficiencies in regulatory frameworks.
  • Tracked Compliance: Monitored NIST, HIPAA, and SOC-2 compliance, maintaining accurate records.
  • Conducted Risk Assessments: Monitored third-party and internal risk assessments for comprehensive management.
  • Collaborated on Projects: Addressed IT project life cycle security policy and risk issues.
  • Developed Metrics: Created performance metrics to track compliance and support security processes.

IT Risk & Compliance Analyst

Wells Fargo
San Francisco
01.2020 - 04.2024
  • Conduct IT audit with internal Auditors, looking at Architectural, Network, and Data flow diagrams for proper configuration and security.
  • Work with engineers and controls owners in security controls design and implementation to meet company policies and regulations.
  • Review and approve change management requests and conduct BIA to identify impacts before submitting requests to the Change Control Board.
  • Develop, review, and update Policies and procedures by Compliance regulations (ISO, NIST, and HITRUST)
  • Maintain Risk Register and update as needed, Experience with risk control self-assessment which is a proactive approach to risk management to help organizations prevent or mitigate potential negative impacts by identifying and addressing risks before they become actual issues.
  • Partake in Incident Response activities (tabletop, full functional tests), examine results, and make changes as needed.
  • Review cloud-shared responsibilities and ensure Company controls are implemented based on cloud-shared responsibilities.
  • Create ERM (Enterprise Risk Management) key risk reporting and provide monthly reports on risk reporting meetings.
  • Complete any Security-related requests from the Company's clients (SIG, SOC reports).
  • Evaluate Audits documentation provided by auditors after Audits, and review reports for exceptions.
  • Worked on Compliance and Security tickets and developed remediation.

GRC Analyst

Dynamo
Boston
01.2018 - 01.2020
  • Proficient in developing and implementing security policies and procedures to ensure compliance with regulatory and legal requirements.
  • Experienced in ensuring corporate compliance with applicable standards such as SOX, HIPAA, ISO, and PCI-DSS
  • Championed reporting skills by preparing and presenting reports on compliance activities to Upper Management and various audiences.
  • Developed policy exceptions for activities against company procedures and tracked them for remediation.
  • Performed detailed analysis of organizational processes to identify and assess potential risks.
  • Conducted research on new Regulations to ensure new products meet compliances.
  • Supported internal audits with internal auditors, for Company evaluation readiness.
  • Worked in collaboration with controls owners during quarterly controls review, ensuring Implementation and evidence are available for review.
  • Reviewed and made changes to the company GRC program, per Upper Management review and approval.
  • Conducted Security Awareness training as well as phishing campaigns such as phishing and credit card scams to improve the best security practices in the company environment.
  • Examined Audit reports provided by Auditors after audits and developed corrective action plans for exceptions identified in SOC 2 reports.

Education

Master of Science - Cybersecurity and Information Assurance

Western Governors University
Salt Lake City, UT
08-2024

Bachelor’s degree - computer science

01.2017

Skills

  • Vendor risk management frameworks (NIST, ISO, HITRUST)
  • Compliance standards (SOC 2, HIPAA, ISO, PCI-DSS, SOX, GDPR)
  • Vulnerability management tools
  • Analytical and problem-solving skills
  • Auditing and policy review
  • Training and guidance
  • Incident response planning
  • Communication and teamwork skills
  • Compliance expertise
  • Vulnerability assessment

Certification

  • Certified in Cybersecurity (ISC2 CC).
  • CompTIA Security+ certified.
  • CompTIA CySA+
  • CISA.
  • CAP- In Progress

Affiliations

  • MEMBER, INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION (ISACA)
  • MEMBER, INTERNATIONAL INFORMATION SYSTEM SECURITY CERTIFICATION CONSORTIUM (ISC)²

TOOLS

  • TENABLE
  • VENMINDER
  • ZenGRC
  • MICROSOFT 365
  • JIRA
  • SERVICENOW
  • ARCHER
  • VANTA

Timeline

Senior Infosec Compliance Analyst

Quanterix Corporation
04.2024 - Current

IT Risk & Compliance Analyst

Wells Fargo
01.2020 - 04.2024

GRC Analyst

Dynamo
01.2018 - 01.2020

Master of Science - Cybersecurity and Information Assurance

Western Governors University

Bachelor’s degree - computer science