EMMANUEL CHE
BOSTON,USA
Summary
IT Risk & Compliance Analyst with over 5 years of experience in information security, risk management, and audit. Skilled in developing IT risk management programs and ensuring compliance with GRC regulations. Proven track record in assessing compliance and providing best practice guidance. Strong analytical skills and ability to communicate complex data insights effectively.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Senior Infosec Compliance Analyst
Quanterix Corporation
Billerica, MA
04.2024 - Current
- Ensured Compliance: Analyzed management and technical controls, validating secure configurations.
- Mapped Requirements: Identified overlaps and improved compliance efficiencies in regulatory frameworks.
- Tracked Compliance: Monitored NIST, HIPAA, and SOC-2 compliance, maintaining accurate records.
- Conducted Risk Assessments: Monitored third-party and internal risk assessments for comprehensive management.
- Collaborated on Projects: Addressed IT project life cycle security policy and risk issues.
- Developed Metrics: Created performance metrics to track compliance and support security processes.
IT Risk & Compliance Analyst
Wells Fargo
San Francisco
01.2020 - 04.2024
- Conduct IT audit with internal Auditors, looking at Architectural, Network, and Data flow diagrams for proper configuration and security.
- Work with engineers and controls owners in security controls design and implementation to meet company policies and regulations.
- Review and approve change management requests and conduct BIA to identify impacts before submitting requests to the Change Control Board.
- Develop, review, and update Policies and procedures by Compliance regulations (ISO, NIST, and HITRUST)
- Maintain Risk Register and update as needed, Experience with risk control self-assessment which is a proactive approach to risk management to help organizations prevent or mitigate potential negative impacts by identifying and addressing risks before they become actual issues.
- Partake in Incident Response activities (tabletop, full functional tests), examine results, and make changes as needed.
- Review cloud-shared responsibilities and ensure Company controls are implemented based on cloud-shared responsibilities.
- Create ERM (Enterprise Risk Management) key risk reporting and provide monthly reports on risk reporting meetings.
- Complete any Security-related requests from the Company's clients (SIG, SOC reports).
- Evaluate Audits documentation provided by auditors after Audits, and review reports for exceptions.
- Worked on Compliance and Security tickets and developed remediation.
GRC Analyst
Dynamo
Boston
01.2018 - 01.2020
- Proficient in developing and implementing security policies and procedures to ensure compliance with regulatory and legal requirements.
- Experienced in ensuring corporate compliance with applicable standards such as SOX, HIPAA, ISO, and PCI-DSS
- Championed reporting skills by preparing and presenting reports on compliance activities to Upper Management and various audiences.
- Developed policy exceptions for activities against company procedures and tracked them for remediation.
- Performed detailed analysis of organizational processes to identify and assess potential risks.
- Conducted research on new Regulations to ensure new products meet compliances.
- Supported internal audits with internal auditors, for Company evaluation readiness.
- Worked in collaboration with controls owners during quarterly controls review, ensuring Implementation and evidence are available for review.
- Reviewed and made changes to the company GRC program, per Upper Management review and approval.
- Conducted Security Awareness training as well as phishing campaigns such as phishing and credit card scams to improve the best security practices in the company environment.
- Examined Audit reports provided by Auditors after audits and developed corrective action plans for exceptions identified in SOC 2 reports.
Education
Master of Science - Cybersecurity and Information Assurance
Western Governors University
Salt Lake City, UT08-2024
Bachelor’s degree - computer science
01.2017
Skills
- Vendor risk management frameworks (NIST, ISO, HITRUST)
- Compliance standards (SOC 2, HIPAA, ISO, PCI-DSS, SOX, GDPR)
- Vulnerability management tools
- Analytical and problem-solving skills
- Auditing and policy review
- Training and guidance
- Incident response planning
- Communication and teamwork skills
- Compliance expertise
- Vulnerability assessment
Certification
- Certified in Cybersecurity (ISC2 CC).
- CompTIA Security+ certified.
- CompTIA CySA+
- CISA.
- CAP- In Progress
Affiliations
- MEMBER, INFORMATION SYSTEMS AUDIT AND CONTROL ASSOCIATION (ISACA)
- MEMBER, INTERNATIONAL INFORMATION SYSTEM SECURITY CERTIFICATION CONSORTIUM (ISC)²
TOOLS
- TENABLE
- VENMINDER
- ZenGRC
- MICROSOFT 365
- JIRA
- SERVICENOW
- ARCHER
- VANTA
Timeline
Senior Infosec Compliance Analyst
Quanterix Corporation
04.2024 - Current
IT Risk & Compliance Analyst
Wells Fargo
01.2020 - 04.2024
GRC Analyst
Dynamo
01.2018 - 01.2020
Master of Science - Cybersecurity and Information Assurance
Western Governors University
Bachelor’s degree - computer science
Similar Profiles
Jerry ShawJerry Shaw
Laboratory Field Service Engineer II at Quanterix CorporationLaboratory Field Service Engineer II at Quanterix Corporation
Jarielys JavierJarielys Javier
Kitting Technician 1 at QuanterixKitting Technician 1 at Quanterix
Marco PadovaniMarco Padovani
Business Development Manager at QUANTERIXBusiness Development Manager at QUANTERIX
Venkatesh PandeyVenkatesh Pandey
Business Development Executive at ISIEINDIA PVT LTDBusiness Development Executive at ISIEINDIA PVT LTD
Charmaine BurrellCharmaine Burrell
Educational and Social Worker Assistant at Foxborough Public SchoolEducational and Social Worker Assistant at Foxborough Public School