Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

GEORGE AWA

Menifee,USA

Summary

CISSP-certified Senior Security & GRC Leader with 6 years of combined experience across healthcare IT, cybersecurity, and regulatory compliance, including 4 years leading enterprise-scale GRC, PCI DSS 4.0, and audit readiness programs. Proven owner of PCI scope definition, CDE segmentation, third-party risk management, and PCI DSS audits for Level 1 and Level 2 environments. Deep expertise across NIST CSF, NIST 800-53, ISO 27001, CIS v8, HIPAA, HITRUST, SOC, GDPR, and enterprise policy governance. Trusted partner to executive leadership, legal counsel, auditors, and engineering teams, known for translating complex regulatory requirements into scalable, business-aligned security controls that reduce risk and sustain compliance.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Senior Security Analyst

Apex Systems
11.2023 - Current
  • Performed initial and periodic inherent and residual vendor risk assessments across security, privacy, operational, financial, and regulatory compliance domains, strengthening third-party risk posture and alignment with PCI DSS, HIPAA, NIST 800-53, ISO 27001, and SOX-relevant controls.
  • Issued, tracked, and analyzed standardized vendor risk questionnaires while reviewing SOC 1/SOC 2 reports, ISO certifications, insurance certificates, privacy policies, and BC/DR plans, identifying control gaps and remediation requirements.
  • Maintained accurate vendor inventories and lifecycle records including risk ratings, findings, remediation actions, and residual risk decisions within the TPRM system of record, ensuring audit-ready documentation and traceability.
  • Supported contract and legal reviews by identifying and assessing key risk clauses (SLAs, data protection requirements, audit rights, breach notification, and regulatory obligations), escalating material gaps to senior leadership for risk acceptance or mitigation decisions.
  • Monitored third-party risk using internal KPIs/KRIs and external intelligence sources (financial health indicators, adverse media, regulatory actions), triggering re-assessments and continuous monitoring activities when defined thresholds were met.
  • Prepared dashboards, management reports, and evidence packages for internal audits, external audits, regulatory examinations, and governance committees, supporting executive-level risk visibility and decision-making.
  • Coordinated cross-functional stakeholders (security, privacy, legal, procurement, finance, IT) to track remediation activities, validate control implementation, and verify timely closure of vendor issues in accordance with agreed due dates.
  • Contributed to TPRM process documentation including playbooks, procedures, templates, and operational workflows, improving assessment consistency, audit outcomes, and operational efficiency.
  • Maintained current knowledge of emerging third-party risk trends, regulatory requirements, and industry standards, while completing annual compliance and information security training and participating in professional development and educational events to support a strong risk and compliance culture.

Cybersecurity GRC Analyst

Palomar Health
02.2023 - 11.2023
  • Conducted 50 third-party risk assessments by reviewing BAAs, SOC 2 Type II reports, ISO 27001 certifications, and vendor security questionnaires in Archer GRC which enabled the company to close security gaps.
  • Led privacy and compliance programs for HIPAA, HITECH, and PCI DSS audits by preparing evidence, coordinating with legal counsel, and supporting external auditors, which ensured timely audit readiness.
  • Performed enterprise security risk assessments (SRAs) by using the NIST Cybersecurity Framework and CIS v8 controls and leveraging risk registers to identify gaps and implement administrative, technical, and physical safeguards.
  • Reviewed and updated 30 organizational policies and procedures in collaboration with IT and compliance teams, aligning them with evolving governance frameworks including HIPAA, PCI, ISO 27001.
  • Investigated 20 HIPAA confidentiality incidents using Proofpoint, VMware Carbon Black, and Expel Security tools, thus remediating compliance gaps and reducing reportable privacy events.
  • Participated in tabletop exercises and incident simulations alongside the Cybersecurity Incident Response Team (CSIRT), contributing to the development of 5 new incident response playbooks that improved response time by 13%.

GRC Analyst Intern

Eretnis Inc
11.2020 - 02.2023
  • Managed the PCI compliance program, achieving 95% audit readiness with zero major findings during annual assessments.
  • Led 15 PCI readiness assessments, identified 50 compliance gaps, and drove remediation to full compliance.
  • Reviewed due diligence for 150 third-party providers, resolving 95% of identified security gaps.
  • Partnered with vendors to design and implement 20 mitigation plans, strengthening overall risk posture.
  • Led continuous vendor monitoring, reducing third-party risk exposure by 30%.
  • Authored and maintained 20 PCI policies and implementation guides supporting DSS compliance and audit readiness.

IT Risk Compliance Analyst

Wellstar Kennestone Health System
09.2019 - 11.2020
  • Customized security awareness materials to address specific vulnerabilities within an organization, enhancing employee vigilance.
  • Developed and implemented strategies to enhance the organization’s knowledge management capabilities.
  • Coordinated with cross-functional teams to gather and organize information relevant to governance and compliance.
  • Maintained accurate records and documentation related to governance and knowledge management activities.
  • Assisted in the preparation of governance and compliance reports for internal and external stakeholders.
  • Spearheaded development of comprehensive disaster recovery plan, preparing organization for efficient response to various cyber incidents.
  • Utilized the NIST Cybersecurity Framework to overhaul the hospital’s security program, resulting in enhancements in security posture.

Education

Master of Science - Information Technology

Wilmington University
New Castle, DE
01.2018

Skills

  • GRC & Compliance: PCI DSS 40, HIPAA, HITRUST, SOC, GDPR, NIST CSF, NIST 800-53, ISO 27001, CIS Controls
  • Risk & Governance: Third-Party Risk Management, Audit Readiness, Risk Registers, Policy Development, Control Testing
  • Security Operations: Vulnerability Management, Incident Response, BCP/DR, Phishing Simulation, Email Security
  • Cloud & Tools: Cloud Security, DevOps Security, Proofpoint, VMware Carbon Black, Expel Security, Trend Micro Apex One, Workspace ONE
  • Identity and Access management
  • Risk mitigation

Certification

  • CISSP
  • CompTIA Security Plus
  • PMP

Timeline

Senior Security Analyst

Apex Systems
11.2023 - Current

Cybersecurity GRC Analyst

Palomar Health
02.2023 - 11.2023

GRC Analyst Intern

Eretnis Inc
11.2020 - 02.2023

IT Risk Compliance Analyst

Wellstar Kennestone Health System
09.2019 - 11.2020

Master of Science - Information Technology

Wilmington University

Similar Profiles

CREATE PROFILE
GEORGE AWA