Summary
Overview
Work History
Education
Skills
Certification
Work Preference
Timeline
Generic
Open To Work

RANDALL HENRY

San Francisco,CA

Summary

Dynamic information security leader recognized for significantly enhancing compliance outcomes and audit efficiencies. Achieved 95% on-time control completion for major frameworks while cutting audit costs by 40% through targeted vendor negotiations. Proven ability to integrate security within product development, enabling growth and reducing risk.

Overview

12
12
years of professional experience
1
1
Certification

Work History

Senior Manager, Information Security

Omnissa, LLC
Mountain View, USA
07.2024 - 03.2026
  • Achieved and sustained ISO, PCI, and SOC 2 compliance with 95% on-time control completion, delivering two consecutive clean audit opinions for six SaaS products.
  • Oversaw security frameworks (SOC 2, ISO, PCI-DSS) achieving 95% on-time control completion for compliance reporting.
  • Built and led 7-person information security, GRC, & IAM team to meet 100% of targets and deliverables during company divestiture.
  • Reduced pre-production high-severity vulnerabilities ~25% and security exceptions 10% by embedding security-by-design and defense-in-depth practices across 12 scrum teams in close partnership with product and cloud engineering leadership.
  • Cut third-party audit costs 40% ($1.8M+ annual spend) by owning and executing the end-to-end audit firm RFP and vendor negotiation process, preserving service quality, audit rigor, and on-time delivery.
  • Increased audit efficiency 50%+ and eliminated ~285 staff hours per quarter by optimizing third-party GRC platforms, automating evidence collection across five control frameworks, and reducing manual compliance overhead.
  • Created continuous monitoring program that cut control deficiencies and audit findings by 75% while maintaining PCI-DSS and IRAP compliance.

Senior Cloud Compliance Manager

VMware
Palo Alto, USA
07.2022 - 06.2024
  • Led team of Cloud Security Architects and Engineers to reduce recurring audit findings 20% and raise compliance scores 15% through secure architecture reviews for four cloud initiatives per quarter.
  • Cut SOC 2 audit cycle time ~30% by leading the SSAE 18 SOC 2 portfolio for 40 cloud services, overseeing 35 reports annually and driving end-to-end remediation, progress tracking, and executive-level reporting.
  • Eliminated 60%+ of manual evidence-collection effort and saved ~240 hours annually by partnering with engineering, finance, and operations to automate audit evidence workflows across 40 systems.
  • Oversaw audit deficiency and management response process to ensure alignment with internal parties and external auditors, resolving 100% of identified issues within agreed timelines.
  • Managed and developed 14-person compliance team to improve engagement scores 40% and reduce voluntary attrition to 10% by implementing structured performance management and career development.

Cloud Compliance Manager

VMware
Palo Alto, USA
10.2020 - 06.2022
  • Owned overall program management for 35 cloud services under audit accounting for $10 billion in ARR (SOC 2, ISO and PCI) along with managing 5 products directly hitting 100% of deadlines and milestones.
  • Accelerated time-to-compliance (~120 days per service) and reduced audit costs by $45K annually through leading multi-control-family rationalization and executing targeted remediation plans.
  • Reduced audit findings 50% within three audit cycles and raised KPI attainment from 65% to 85% by partnering with engineering and product teams, designing audit-readiness programs, governance forums, and performance metrics that improved execution discipline.
  • Secured $5M+ in new and retained enterprise revenue by leading complex customer security questionnaires and due-diligence reviews with Sales, expediting deal closure and enhancing customer trust.

Engagement Manager

The Cadence Group
San Francisco, USA
08.2018 - 09.2020
  • Executed SOC 2 Type I and Type II engagements for 15 clients under AICPA SSAE standards, reducing repeat findings ~25% year over year through gap assessments and targeted corrective action strategies.
  • Conducted due diligence and risk reviews for 40 technology and service vendors, lowering third-party vendor risk scores ~25% by quantifying control deficiencies and translating findings into actionable risk treatment plans.
  • Improved SOX control effectiveness 40% over two testing cycles by leading post-IPO SOX testing for a newly public company in a co-sourced audit environment, partnering with control owners to design and execute remediation plans.

GRC Senior Specialist

Social Finance (SoFi) Inc.
San Francisco, USA
09.2017 - 03.2018
  • Cut high-risk compliance findings 50% in six months and reduced recurring SOC 1 / SOC 2 issues 20% by leading state and federal regulatory assessments across three business units, closing 10 material gaps, and driving root-cause remediation.
  • Delivered $100K+ in annual cost savings and reduced access risk 25% by identifying and deprovisioning 1,000+ orphaned accounts across critical systems and strengthening enterprise access-management processes.
  • Reduced enterprise governance and vendor risk by refreshing 20 NIST- and ISO-aligned policies, improving adherence 15%, and launching third-party risk program for 45 vendors, lowering high-risk vendor relationships 35%.

Operational Risk Consultant

Wells Fargo Bank
San Francisco, USA
04.2016 - 08.2017
  • Accelerated remediation of control gaps to ~45 days and improved mitigation plan completion 25% by leading quarterly enterprise security risk assessments, refreshing risk registers for 16 processes, and tracking issues through closure.
  • Reduced open high-severity security issues 75% across 10 critical initiatives by validating corrective actions, strengthening risk and control reporting, and partnering closely with the enterprise network security team.
  • Reduced audit preparation time 20% by coordinating five risk-based assessments annually with internal and external auditors, ensuring alignment with corporate risk methodology.
  • Created internal training program that boosted employee morale and engagement scores by 60% and improved retention by 20%.

IT Audit Leader

Wells Fargo Bank
San Francisco, USA
07.2014 - 04.2016
  • Condensed critical audit findings by 40% and mitigated ~$10M in potential regulatory exposure by leading IT and end-to-end divisional audits covering four core processes and 60 controls, driving systemic issue resolution across bank divisions.
  • Accelerated remediation of high-priority issues by 33% (45 → 30 days) through investigation and escalation of audit findings to senior and executive leadership across two lines of business, enforcing accountability and execution discipline.
  • Enhanced vendor control alignment by ~20% through support of third-party audits and application of ISO-based methodologies to vendor environments for five mission-critical applications.

Education

Masters of Business Administration -

University of Illinois
Urbana-Champaign

Bachelor of Science - Accounting and Economics

University of Kentucky

Skills

  • Security Compliance Assessment
  • Product Security Audit
  • Incident Response
  • Regulatory Compliance
  • Third-Party Risk
  • Risk Quantification
  • Security metrics frameworks
  • Secure SDLC
  • DevSecOps
  • Project Management
  • Audit Management
  • Security model design

Certification

  • Certified Information Systems Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Systems Security Certified Practitioner (SSCP)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Security Manager (CISM)
  • ISO/IEC 27001:2022 Lead Auditor
  • HiTrust Certified Assessor (CCSFP)

Work Preference

Job Search Status

Open to work

Work Type

Full Time

Location Preference

RemoteHybridOn-Site

Salary Range

$235000/yr - $275000/yr

Timeline

Senior Manager, Information Security

Omnissa, LLC
07.2024 - 03.2026

Senior Cloud Compliance Manager

VMware
07.2022 - 06.2024

Cloud Compliance Manager

VMware
10.2020 - 06.2022

Engagement Manager

The Cadence Group
08.2018 - 09.2020

GRC Senior Specialist

Social Finance (SoFi) Inc.
09.2017 - 03.2018

Operational Risk Consultant

Wells Fargo Bank
04.2016 - 08.2017

IT Audit Leader

Wells Fargo Bank
07.2014 - 04.2016

Masters of Business Administration -

University of Illinois

Bachelor of Science - Accounting and Economics

University of Kentucky
RANDALL HENRY