GRC Project Manager
Governance & Policy Architecture
- Architected and maintained the enterprise Information Security Policy Framework, authoring and refreshing 60+ security policies and standards aligned with NIST CSF and ISO 27001.
- Engineered executive governance dashboards in Tableau and Power BI, tracking 20+ KPIs and 15+ KRIs (Key Risk Indicators); provided real-time visibility into risk posture, resulting in a 30% reduction in reporting latency for senior leadership.
- Orchestrated and led successful activities for Cybersecurity Awareness Month (CSAM), significantly increasing employee engagement and fostering a proactive security culture
- Designed and storyboarded annual enterprise-wide security training programs, collaborating with SMEs to ensure relevance and impact.
Risk Management & Assessment
- Established and Directed the Insider Risk Program; convened cross-functional teams (Engineering, SOC, Legal) to define risk appetite and implemented controls that reduced data leakage incidents by an estimated 20% year-over-year.
- Executed comprehensive RCSA (Risk Control Self-Assessment) reviews, utilizing ServiceNow GRC to map processes, score inherent risks, and validate control effectiveness across the IT landscape.
- Collaborated with product and Infrastructure leads to integrate security milestones into technology roadmaps, ensuring Security by Design principles were met without delaying release cycles.
- Developed and executed complex phishing campaigns with varying scenarios, providing hands-on training to identify sophisticated threats and improve user resilience.
NYDFS Program Leadership & Regulatory Compliance
- Ran the delivery of compliance for NYDFS Part 500 requirements specific to the business unit and ensured full alignment with the Second Amendment to Section 500 compliance.
- Worked with cross-functional teams, including Corporate Cyber Security and app owners, to oversee the planning and execution of initiatives, actions, and projects to meet strict regulatory deadlines.
- Managed timelines, resources, and scope to drive towards compliance while leading technology uplift and process improvements across the IT landscape.
- Developed and maintained comprehensive documentation related to compliance processes, procedures, and project deliverables to ensure audit readiness and seamless regulatory examinations.
- Provided weekly reporting and updates on status to executive leadership, translating technical compliance metrics into actionable business intelligence.
- Directed the remediation of over 100 audit issues spanning infrastructure, cloud, and application security while acting as the primary liaison for regulators (NYDFS, Federal Reserve) and Internal Audit.
