JOSH MALLOY
Bartlesville
Summary
Strategic and detail-oriented GRC professional with over 13 years of IT experience including leading risk assessments, managing third-party security, and strengthening compliance programs across enterprise IT environments. Proven success driving alignment with NIST, ISO27001, and SOC 2 standards while building scalable, audit-ready governance frameworks. Recognized for cross-functional collaboration with Legal, Procurement, and Cybersecurity teams to streamline processes, enhance vendor assurance, and reduce organizational risk. Currently pursing CRISC certification to deepen expertise in IT risk management nd control frameworks.
Overview
14
14
years of professional experience
Work History
Analyst, Policy, Risk, & Third Party Security
ConocoPhillips
02.2023 - Current
- Lead approximately 75 annual comprehensive third-party and enterprise risk assessments in alignment with NIST and ISO frameworks, identifying and mitigating control gaps across high-impact vendors.
- Develop and maintain governance documentation, including risk registers, policy updates, and control matrices, improving audit readiness and regulatory compliance.
- Provide risk mitigation recommendations, and report on residual risk to senior leadership.
- Review contracts and vendor controls to identify cybersecurity and compliance risks.
- Partner with Information Security, Legal, and Procurement teams to establish enhanced vendor due diligence, and streamline compliance workflows.
- Serve as Scrum Master for the Risk & Compliance team, managing Jira sprints, and optimizing task tracking for greater efficiency.
Senior Analyst, Sourcing & Contracts
ConocoPhillips
10.2020 - 02.2023
- Oversaw high-value IT vendor relationships, managing contract renewals, license optimization, and SLA compliance.
- Partnered with Cybersecurity and Legal teams to ensure supplier compliance with internal controls and risk standards.
- Led RFP processes and negotiated contract terms aligned with corporate governance standards.
- Streamlined post-award contract review processes enhance audit readiness and cost transparency.
Core Platform Engineer
ConocoPhillips
01.2017 - 10.2020
- Managed Microsoft Teams implementation, enterprise conference room upgrades, and content distribution network modernization.
- Maintained security and uptime for Microsoft Exchange, O365, and Active Directory environments, supporting 10K+ users globally.
- Monitored vulnerabilities, applied patches, and documented remediation activities for auditor purposes.
- Collaborated with IT Security on compliance initiatives, including access review and configuration management.
IT Export Compliance Analyst
ConocoPhillips
01.2012 - 12.2016
- Ensured global IT operations and data transfers complied with the U.S. Export compliance regulations.
- Conducted risk assessments of technology exports, software deployments, and vendor access in restricted regions.
- Developed and maintained export compliance procedures, audit documentation, and exception tracking.
- Partnered with Legal and IT Security to strengthen the control framework and policy adherence.
- Led training initiatives to improve awareness of export control requirements, and compliance obligations.
Education
Masters of Business Administration -
Southern Nazarene University
Bethany, OKB.S. - Management Information Systems
University of Texas At Dallas
Dallas, TXSkills
- Third-party risk assessment
- NIST compliance
- ISO framework implementation
- Governance documentation
- Cybersecurity risk analysis
- Scrum Master leadership
- Risk mitigation recommendations
- Contract negotiation
- Audit readiness improvement
Timeline
Analyst, Policy, Risk, & Third Party Security
ConocoPhillips
02.2023 - Current
Senior Analyst, Sourcing & Contracts
ConocoPhillips
10.2020 - 02.2023
Core Platform Engineer
ConocoPhillips
01.2017 - 10.2020
IT Export Compliance Analyst
ConocoPhillips
01.2012 - 12.2016
Masters of Business Administration -
Southern Nazarene University
B.S. - Management Information Systems
University of Texas At Dallas