Summary
Overview
Work History
Education
Skills
Timeline
Generic

Jonathon Herrera

Austin,United

Summary

Seasoned GRC Analyst with ten years of experience working collaboratively with top leaders and staff to optimize adherence to policies, procedures, standards and regulations. Well-versed in comprehensive analysis of operations, process improvement recommendations and best practice introduction. Current certifications are listed below:

* CISA (Certified Information Systems Auditor)

* SSCP (Systems Security Certified Practitioner)

* CGRC (Governance, Risk, and Compliance, Certification)

* CISM (Certified Information Security Manager)

* CISSP (Certified Information Systems Security Professional)

Overview

14
14
years of professional experience

Work History

Privacy and Compliance Analyst

GetInsured
02.2025 - Current
  • Evaluated internal operations and procedural compliance
  • Analyzed and updated existing compliance policies and related documentation
  • Assisted in audit activities interfacing with the Auditors, translating audit evidence requests to actual requirements and work with teams to collect and submit evidence
  • Developed and executed new compliance policies and procedures as required.

Security Governance Specialist

James Avery Artisan Jewelry
01.2024 - 01.2025
  • Lead Governance, Risk and Compliance (GRC) efforts. Track and manage vulnerabilities and threats across the organization.
  • Develop and implement comprehensive governance policies, ensuring alignment with industry regulations and standards.
  • Responsible for security and risk management strategies. Manage vulnerability management processes, ensuring timely identification and mitigation of security risks.
  • Conduct thorough risk assessments to identify vulnerabilities and formulate effective risk mitigation strategies.
  • Oversee compliance efforts, including monitoring, reporting, and audits, to meet regulatory requirements.
  • Collaborate cross-functionally to enhance security awareness and promote a culture of information security.
  • Provide strategic guidance to executive leadership on GRC and security matters, highlighting potential risks both internal and third party related and solutions.
  • Stay current with industry trends, emerging threats, and regulatory changes to adapt security strategies accordingly.
  • Foster continuous improvement by implementing best practices, technologies, and processes within the GRC and Security Operations domains.

Sr Security Governance and Compliance Analyst

Silicon Labs
02.2021 - 10.2023
  • Counseled committees and department heads regarding compliance risks and standards.
  • Developed and implemented internal control tests to verify employee compliance with established policies and procedures.
  • Wrote and presented reports outlining findings and recommendations from compliance audits.
  • Gathered, organized and evaluated data to make accurate assessments of current operations.
  • Oversaw proper maintenance and dissemination of filing documentation as well as records and reports for review by various departments.
  • Scheduled and conducted evaluations of company policies, procedures and internal control structures.

IT GRC Analyst III

Forcepoint
07.2019 - 02.2021
  • Identified clear connections between policies and business results to eliminate or reduce confusion and help employees achieve goals.
  • Optimized core processes to improve business performance and operational agility.
  • Recommended process improvements to continually identify, analyze and fix constraints and challenges.
  • Led company projects to be compliant with FedRAMP controls.
  • Conducted workplace compliance training to reduce operational risks and operate effectively.

InfoSec Sr Audit Analyst

Public Consulting Group
05.2017 - 07.2019
  • Identified control gaps in processes, procedures and systems through in-depth research and assessment and suggested methods for improvement.
  • Developed audit policies, guiding administrative and technical functions.
  • Administered auditing program to address risks and evaluate compliance with regulatory requirements.
  • Performed observations and evaluated supporting documents to supplement audit findings.
  • Communicated with auditee staff to obtain necessary information for audits.
  • Coordinated, managed and implemented auditing projects and prepared for evaluation.

Compliance & Audit Specialist

OnRamp, LightEdge Solutions
07.2015 - 04.2017
  • Improved collection process via solicitation and analysis of feedback as well as detailed reporting.
  • Reviewed contracts for compliance and privacy-related issues.
  • Monitored data export from internal and external systems, identifying and reporting potential risks.
  • Scheduled and conducted evaluations of company policies, procedures and internal control structures.
  • Developed and implemented internal control tests to verify employee compliance with established policies and procedures.
  • Provided guidance, advice and training to improve business' understanding of related laws and regulatory requirements.

Tier II Datacenter Technician

OnRamp
04.2012 - 06.2015
  • Promoted to Tier II Datacenter Tech on 6/2013
  • Applied critical thinking and research to address complex issues.
  • Read manuals and manufacturer instructions to install and troubleshoot devices.
  • Performed troubleshooting and diagnosis on malfunctioning equipment.
  • Set up and performed test activities.
  • Tested components and systems to evaluate performance and identify concerns.
  • Maintained quality assurance and customer satisfaction objectives.
  • Addressed routine equipment maintenance according to established schedule.
  • Mentored junior technicians in maintenance, repair and reporting duties.

Education

Bachelor Of Science - Information Systems And Cybersecurity

ITT Technical Institute
Austin, TX
03-2014

Associate’s Degree - Information Technology - Computer Network Systems

ITT Technical Institute
Austin
06-2012

Skills

  • Compliance Reporting
  • Audit Coordination
  • Service Delivery
  • Problem Resolution
  • Internal Policy Implementation

Timeline

Privacy and Compliance Analyst

GetInsured
02.2025 - Current

Security Governance Specialist

James Avery Artisan Jewelry
01.2024 - 01.2025

Sr Security Governance and Compliance Analyst

Silicon Labs
02.2021 - 10.2023

IT GRC Analyst III

Forcepoint
07.2019 - 02.2021

InfoSec Sr Audit Analyst

Public Consulting Group
05.2017 - 07.2019

Compliance & Audit Specialist

OnRamp, LightEdge Solutions
07.2015 - 04.2017

Tier II Datacenter Technician

OnRamp
04.2012 - 06.2015

Bachelor Of Science - Information Systems And Cybersecurity

ITT Technical Institute

Associate’s Degree - Information Technology - Computer Network Systems

ITT Technical Institute

Similar Profiles

  • Suzette JunierSuzette Junier

    Chief Compliance and Privacy Officer at Q2 Software,Inc.Chief Compliance and Privacy Officer at Q2 Software,Inc.

  • Alexandra LeitchAlexandra Leitch

    Privacy Compliance Officer (Contractor) at Citi BankPrivacy Compliance Officer (Contractor) at Citi Bank

  • Danyle MartinezDanyle Martinez

    Title 31 Compliance (AML/AML/Title 31 Compliance (AML/AML/Senior KYC Analyst at Wynn ResortsTitle 31 Compliance (AML/AML/Title 31 Compliance (AML/AML/Senior KYC Analyst at Wynn Resorts

  • Nicole HemmerNicole Hemmer

    Security Compliance Analyst at TEK SystemsSecurity Compliance Analyst at TEK Systems

CREATE PROFILE