Evan Djou
Washington,DC
Summary
As an experienced GRC Analyst with over 7 years in the industry, I have a comprehensive understanding of governance frameworks, risk management practices, and compliance standards. I designed and implemented robust risk management strategies, conducted thorough risk assessments, and ensured compliance with standard and regulatory requirements such as (NIST, COBIT,ISO 27001,SOC1 and 2, PCIDSS,SOX). I identified potential risk, developed mitigation plans, and fostered a culture of compliance within the organization. I excel in collaboration with cross- functional teams to integrate GRC initiatives seamlessly into business processes, enhancing overall operational resilience. With a keen eye for detail and strong analytical skills. I developed and maintained GRC policies, conducted internal audits, and provided actionable insights to senior management. I effectively communicate complex risk scenarios and compliance issues to stakeholders at all levels ensures that our organization remains proactive and prepared for emerging challenges.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Information Security Risk Analyst
West Chester, PA
West Chester, PA
01.2021 - Current
- Developing and implementing policies and procedures to comply with COBIT, ISO 27001, SOC 2, PCIDSS, SOX
- Coordinating with various departments to ensure COBIT, ISO 27001, PCIDSS, SOC 2, SOX, standards are integrated into daily operations
- Conducting internal audits to assess compliance with COBIT, NIST, ISO, SOX, SOC 2, PCIDSS standards
- Identifying non-conformities and working with teams to develop correction actions
- Monitoring ongoing compliance through regular assessment and reviews
- Maintaining accurate and up-to-date documentation required for ISO certification
- Ensuring policies, procedures, and records are properly documented and accessible
- Conducting training and awareness programs to educate employees about ISO 27001, PCIDSS, SOC 1 and 2, SOX, and compliance throughout the organization
- Identifying opportunities for improvement in processes and efficiency
- Implementing best practices and fostering a culture of continuous improvement
- Preparing for external auditors and providing necessary documentation and evidence of compliance
- Managing the certification process to achieve and maintain ISO 27001, PCIDSS, SOC 1 and 2, SOX, COBIT
- Identifying and assessing risks related to non-compliance of ISO 27001, PCIDSS, SOC 2, SOX
- Developing and implementing risk mitigation strategies to address identified risks
- Preparing compliance reports and areas for improvement
- Communicating compliance requirements and updates to all relevant stakeholders
- Providing guidance and support to teams to ensure understanding and adherence to ISO 27001, PCIDSS, SOX, SOC 2 standards
- Developing and updating policy in alignment with ISO standards
- Ensuring policies are reviewed and approved by appropriate authorities
- Investigating compliance incidents and breaches, implementing corrective action and preventive action to prevent recurrence
- Staying updated with technological advancements that enhance compliance.
Third Party Risk Analyst
JONES DAY
Pennsylvania, PA
01.2017 - 01.2021
- Conducted initial and periodic risk assessments of 3 third-party vendors
- Evaluate vendors security policies, compliance with regulations, and risk management practices
- Analyze audit reports, certifications, and other documentation provided by vendors
- Continuously monitor vendors for any changes in their risk profile
- Tracking and monitoring evolving risks and threats maintained within the centralized risk register, including third party risks, and collaborating with business owners to develop and implement threat mitigation strategies
- Conducting training sessions for internal teams on third-party risk management processes and best practices
- Providing advisory support in the completion of divisional risk assessments
- Governing and supporting associates in the completion of third-party risk assessments to ensure the adequacy of control self-assessments to ensure adequacy of controls are in place to safeguard the organization, including tracking, monitoring, and managing issues identified
- Supporting maintenance of the centralized repository for third party relationships including accountable business owners, inherent risk, and tier for each respective party relationship
- Providing support to integrated compliance teams to ensure compliance with the Third-Party Risk Management (TPRM) framework and standards to ensure that controls in place surrounding data protection, privacy, and access (among other areas) are compliant with corporation standard and risk appetite
- Supporting completion of due diligence on third party controls in place both corporately and with the third party, in collaboration with subject matter resources across all relevant risk domains to determine residual risk of third-party relationships
- Maintaining framework to reach industry standard
- Communicate findings and risk concerns to relevant stakeholders.
Education
Bachelor of Science - Information Technology
Skills
- Risk assessment and management
- Identifying, analyzing, and mitigating potential risks
- Developing and implementing risk management strategies
- Meetup with compliance management
- Ensuring adherence to regulatory requirements such as ISO 27001, PCIDSS, SOC1 and SOC2, SOX, NISTCSF
- Conducting compliance audits and assessments
- Strong analytical skills
- Ability to analyze data and identify trends or anomalies
- Proficiency in using analytical tools and software
- Strong communication and effective communication on risk-based scenarios and compliance issues to stakeholders
- Preparing detailed reports and presentations
- Conducting internal audits to assess the effectiveness of controls
- Recommending improvements based on audit findings
- Strong problem-solving skills
- Familiarity with GRC tools such as Archer, One Trust, ServiceNow etc
- Attention to detail in GRC-related activities
- Meticulous in documentation and reporting
- Training and awareness
- Conducting training sessions and awareness programs for employees
- Managing activities related to change management related to GRC
Certification
- CISA (Certified information security auditor.)
- CompTIA Security+
- CISSP (in progress)
Timeline
Information Security Risk Analyst
West Chester, PA
01.2021 - Current
Third Party Risk Analyst
JONES DAY
01.2017 - 01.2021
Bachelor of Science - Information Technology
Similar Profiles
Chamere thomasChamere thomas
Housekeeper at Microtel Inn and Suites West Chester PaHousekeeper at Microtel Inn and Suites West Chester Pa
Ginger Hale QuinnGinger Hale Quinn
Reading Support Teacher/Wilson Reading for MTSS at The Stepping Stones Group LLC, Thorndale, PA. Coatesville Area School DistrictReading Support Teacher/Wilson Reading for MTSS at The Stepping Stones Group LLC, Thorndale, PA. Coatesville Area School District
Joseph RossJoseph Ross
Paramedic at VMSC of Lansdale-Montgomeryville, PAParamedic at VMSC of Lansdale-Montgomeryville, PA
Brian ReamBrian Ream
Senior Associate, Talent Acquisition at THE PALLADIUM GROUPSenior Associate, Talent Acquisition at THE PALLADIUM GROUP
Zandria RobersonZandria Roberson
Ambassador, Guest Services at Jeni'sAmbassador, Guest Services at Jeni's