Jessie Williams
Ooltewah,TN
Summary
Quality-driven Compliance Analyst familiar with tracking, documentation, and reporting requirements seeking to utilize my Security Governance Compliance and Risk background, knowledge, and experience. Over 11 years of experience, with a motivated and energetic mindset in compliance and auditing. Knowledgeable in developing and implementing tracking and training programs to promote Global Enterprise-wide Risk and Compliance culture. Highly ethical and focused team player with productive, diligent approach.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Security Governance Risk & Compliance Analyst
Reyes Holdings
04.2022 - Current
- Built a Risk Aware Culture by maturing the methods and measures to monitor and report risk, compliance, and assurance efforts through automation and process improvement, including an implementation of a GRC tool.
- Improved company''s risk management strategy by identifying, assessing, and mitigating potential risks related to noncompliance.
- Develop the compliance evaluation for the information security management framework based on the following: NIST 800-53, CISv8, and ISO 27001/2
- Conducted gap analyses on existing controls systems, recommending improvements where necessary for increased effectiveness in maintaining regulatory compliance.
- Assessed and recommended policies, standards, procedures, controls, and security solutions to assure the confidentiality, integrity, and availability of the information technology environment
- Develop and facilitate a metrics and reporting framework to measure the effectiveness and maturity of the information security program
- Participate in meetings with Reyes Holdings IT and Business Unit executives to provide all required documentation when identifying deficiencies
- Developed accurate and intelligible auditing and reporting capabilities to report on current security controls in alignment with GRC objectives.
- Collaborated with cross-functional teams for the successful implementation of new compliance initiatives.
- Monitored adherence to industry regulations, ensuring timely reporting of any discrepancies or violations.
- Served as a subject matter expert on compliance matters, providing guidance and support to colleagues across various departments.
- Prepared documentation and records for upcoming audits and inspections.
- Enhanced regulatory compliance by conducting thorough risk assessments and implementing effective control measures.
- Assisted in the preparation of reports for senior management, outlining findings from investigations into suspected non-compliant activities.
- Developed improvement and corrective action plans to bring operations in line with requirements.
- Assisted in the development of a comprehensive risk assessment framework for evaluating potential threats to organizational compliance systems.
- Participated in external audits, liaising with regulators to address any concerns raised during inspections effectively.
- Conducted regular reviews of company policies and procedures for alignment with regulatory requirements and industry best practices.
- Implemented robust monitoring systems to track compliance performance and detect possible areas of concern.
- Played an active role in industry forums and conferences, staying informed of the latest regulatory developments and best practices to incorporate into company operations.
- Supported incident response efforts when breaches were identified by coordinating remediation efforts between multiple departments.
- Streamlined internal audit processes for improved efficiency and accuracy in detecting potential compliance issues.
Information Security Governance & Compliance Consultant II
BCBST
01.2018 - 04.2022
- Assisted in the management and coordination of IT controls, policies, and processes, including Model Audit Rule, SOC1, Payment Card Industry, NIST COBIT, HIPAA and other compliance initiatives
- Coordinated the tracking and reporting of audits, follow-up actions, audit requests, and key metrics for compliance
- Reduced the potential for fines and penalties by proactively monitoring changes in regulatory requirements and updating policies accordingly.
- Facilitated cross-functional collaboration to address complex compliance issues, fostering open communication and efficient problem solving.
- Played a key role in the successful resolution of complex compliance issues, demonstrating strong problem-solving abilities and adaptability under pressure.
- Assisted with the development of company-wide codes of conduct, promoting ethical behavior among all employees.
- Developed metrics-driven approaches to tracking compliance performance across the organization, providing valuable insights into overall program effectiveness.
- Conduct self-assessment efforts in preparation for Internal and External Audits; provide Management Result Reports & Recommendations
- Manage monthly FIM; collection process, tracking and status reports to management
- Perform reviews of MAR/SOC control wording, narratives, and in scope applications validation
- Created and managed updates to procedures for daily tasks required to support the IT Compliance and Risk functions while adhering to all applicable regulatory requirements and/or specific guidelines
- Worked with subject matter experts to gather technical data; analyze and interpret data to determine appropriate syntax, style and grammatical usage
- Monitored documents and communicate with document owners, regarding compliance with annual document review requirements
- Manage and coordinate detailed Risk Assessment, Cyber Security Assessment, HITRUST, and other engagements annually
- Provided Management Result Reports & Recommendations on annual engagements
- Identified areas of risk, negative impacts, and weaknesses within the IT area in regards to reporting, regulatory compliance and business operations before audits are conducted
- Conducts self-assessment efforts in order to classify, evaluate, and monitor the company’s risk.
Education
Associate in Computer Science - Programming
Chattanooga State Technical Community College
Skills
- Regulatory knowledge: HIPAA, PCI, SOC 1 & 2, CIS, & NIST CSF
- Auditing experience
- Compliance Monitoring
- Data Analytics
- Risk management
- Controls assurance
- Risk Assessment
- Cybersecurity
- Information Security regulations
- Industry standards
- Internal policies frameworks
- Internal Control Analysis
Certification
- OneTrust Third Party Risk Management Expert
- ISC2 Candidate Certification
- Lean Six Sigma
Timeline
Security Governance Risk & Compliance Analyst
Reyes Holdings
04.2022 - Current
Information Security Governance & Compliance Consultant II
BCBST
01.2018 - 04.2022
Associate in Computer Science - Programming
Chattanooga State Technical Community College