Lorretta Addai
High Point,United States
Overview
7
7
years of professional experience
1
1
Certification
Work History
GRC Analyst
PayPal
12.2022 - Current
- Work closely with business unit teams to ensure proper and timely remediation of Information Security control
- Lead the annual risk assessment process
- Prepare updates to management, including management control remediation plans
- Assess the adequacy of action taken by management to correct reporting deficiencies, accepting adequate corrective action and continuing reviews with appropriate management on action considered inadequate until satisfactory resolution
- Assist in the execution of the operating effectiveness monitoring program of the internal control framework to ensure controls are tested periodically and reporting is created to showcase status
- Supporting the on-going development and improvement of the Third Party Risk Management process, through collaboration with stakeholders, process, technology and automation
- Collaborate with internal business partners, along with client and vendor contacts to ensure that audits and/or questionnaires are completed accordingly
- Assist as needed in conducting regular assessments of vendors to ensure compliance with all regulatory requirements to reduce/mitigate risks
- Managing the pipeline of incoming requests across the procurement intake system and TPRM system to ensure due diligence questionnaires are scoped and sent to third parties and timely responses are received
- Conducted comprehensive audits and assessments of company data processing activities to ensure compliance with CCPA, HIPAA, and GDPR, identifying areas for improvement and implementing corrective actions to mitigate risks
- Coordinating with cross-functional review teams including Sanctions, Security, Compliance, Risk, Privacy and others to ensure reviews are progressing and assessments are completed within SLAs
- Following-up with third parties regarding incomplete submissions or follow-up questions required to complete assessments
- Assist in updating policies and procedures
- Contributing to periodic monitoring, program and process documentation and risk remediation efforts.
Compliance Analyst
Ameris Bank
01.2021 - 12.2022
- Perform compliance monitoring reviews, as assigned, to ensure regulatory compliance with applicable regulations
- Contribute with documentation request information as requested in support of reviews, audits or regulatory exams
- Monitoring open issues and mitigation plans to ensure timely closure
- Review customer compliance with key regulations and provide recommendations for improvement and remediation
- Conducting audit testing and analysis and completing documentation of high quality in accordance with departmental standards
- Provide governance with quality reviewing teams audit reports, including audit findings in line with internal audit procedures
- Provided expert guidance and training to cross-functional teams on compliance obligations under CCPA, HIPAA, and GDPR, fostering a culture of data privacy awareness and accountability throughout the organization
- Conducts supplier audits; reviews the effectiveness of security controls and other agreed requirements, as required by the business, aligning to our internal audit processes, where required
- Assist in responding to security questionnaires
- Monitor security controls and processes to ensure compliance with internal policies and external regulations
- Monitor third-party risk assessments and assist in performing internal risk assessments
- Assist in auditing and documenting internal security controls
- Perform compliance monitoring of all business communications (email, social media, text messaging, etc.)
- Perform compliance testing, monitoring, and preparing reports to support the registered investment adviser and broker/dealer and conduct audits to ensure the policies are effective.
Information Security Analyst
Sentara Health
01.2018 - 12.2020
- Assist in responding to security questionnaires
- • Monitor security controls and processes to ensure compliance with internal policies and external regulations
- • Monitor third-party risk assessments and assist in performing internal risk assessments
- • Assist in auditing and documenting internal security controls Perform compliance monitoring of all business communications (email, social media, text messaging, etc.
- • Perform compliance testing, monitoring, and preparing reports to support the registered investment adviser and broker/dealer and conduct audits to ensure the policies are effective.
- • Led the implementation of the HITRUST CSF framework across multiple departments, ensuring alignment with industry standards and regulatory requirements.
- • Conducted comprehensive gap assessments to identify areas of non-compliance, developed remediation plans, and tracked progress towards HITRUST certification.
- • Collaborated with cross-functional teams to design and enforce security controls, policies, and procedures in line with HITRUST CSF requirements.
- • Facilitated internal audits, including evidence gathering, documentation, and coordination with auditors, leading to successful HITRUST certification.
- • Provided training and awareness programs to staff on HITRUST CSF requirements, enhancing the organization’s overall security posture.
Education
Master of Science - Cybersecurity
Liberty University
Lynchburg, VA05.2025
Bachelor Of Arts - Information Systems Technology
Regent University
Virginia Beach, VA05.2024
Associate In Arts - Information systems
Regent University
Virginia Beach, VA05.2022
Skills
- ISO COMPLIANCE
- NIST 800-53
- ISO IMPLEMENTATION
- SOC 1&2 REVIEW
- BUSINESS CONTINUITY & DISASTER RECOVERY
- CONTROL TESTING
- INTERNAL AUDIT
- BITSIGHT
- RISK RECKON
- ONETRUST
- SERVICENOW
- ARCHER
- Hitrust CSF implementation
Certification
- Certified COMPTIA SECURITY plus
- Certified Information Systems Auditor (CISA)
- Certified SCRUM MASTER
Timeline
GRC Analyst
PayPal
12.2022 - Current
Compliance Analyst
Ameris Bank
01.2021 - 12.2022
Information Security Analyst
Sentara Health
01.2018 - 12.2020
Master of Science - Cybersecurity
Liberty University
Bachelor Of Arts - Information Systems Technology
Regent University
Associate In Arts - Information systems
Regent University
- Certified COMPTIA SECURITY plus
- Certified Information Systems Auditor (CISA)
- Certified SCRUM MASTER
Similar Profiles
Shaun GarnerShaun Garner
Risk Operations Agent at PayPalRisk Operations Agent at PayPal
MALLIKARJUN NMALLIKARJUN N
Business Analyst at PayPalBusiness Analyst at PayPal
James AbelJames Abel
Head of EMEA Collections (PayPal Site Lead) at PayPalHead of EMEA Collections (PayPal Site Lead) at PayPal
Sharath SriramaSharath Srirama
PMO Program Manager at PayPalPMO Program Manager at PayPal
Felicia SmithFelicia Smith
Lead Substantial Damage Assessor at Tidal BasinLead Substantial Damage Assessor at Tidal Basin