RUPAL SHAH
Charlotte,NC
Summary
Results-driven business professional with experience in project management, process improvement and excellent customer relationship skills. Proven track record of successfully developing and managing net-new programs such as security trainings and controlled documents annual reviews. Experienced in developing, implementing and managing business processes and metrics with impeccable attention to detail and problem-solving skills. Action-oriented with strong organization and time-management skills. Ability to handle multiple high priority projects simultaneously with a high degree of accuracy.
Overview
15
15
years of professional experience
Work History
IT Project Mgmt Sr. Advisor
Cigna
03.2023 - Current
- Negotiate IT service level agreements, terms and conditions to limit and mitigate operational risk with 3rd party suppliers always striving to achieve 4 9's (99.99%).
- Manage all technology components within the scope of overall service delivery of SaaS vendors
- Redline contracts, approve changes, document meetings and provide status updates including management summary and detailed performance reports
- Develop personal rapport with each client to maintain customer loyalty and establish long-term accounts.
- Earned accreditation and certification in Harvard Business School Negotiation Mastery as senior advisor.
Sr. Security Governance Engineer
GitLab
11.2021 - 01.2023
- Worked with teams to develop company-wide security governance, information assurance, security policy, standards and procedures.
- Defined, developed, implemented and maintained net-new GRC programs and processes to maintain strict adherence to regulations such as NIST, SOC2, and SOX security standards.
- Researched and implemented necessary controls and procedures to protect confidential data in information system assets from intentional or inadvertent modification, disclosure or destruction.
- Sustained optimal scores on security awareness trainings, enhancing completion rates to 100% and training metrics while improving scores from 90% non-failure rate to 98% non-failure rate.
- Developed security training programs and offered preventive training to harden personnel against intrusion vectors such as phishing, ransomware and more.
- Collaborated organization wide to develop valuable training for teams in Legal, Privacy, Engineering and People Ops, developing customized training videos, transcribing to include Diversity, Inclusion and Belonging values.
- Developed and maintained controlled documents program, cross-collaborating with control owners for annual reviews including documents for FedRamp adherence to compliance regulations.
- Evaluated, implemented and maintained security GRC applications, such as PhishLabs, KnowBe4, ProofPoint, ZenGRC/ROAR, OneTrust, Vendorpedia, etc. working with vendors to consistently identify bugs, submit feature enhancements and apply best practices.
- System administrator of various SaaS applications for Security Assurance including onboarding, offboarding and system functionality management such as single-sign-on.
- Developed, implemented and maintained net-new organization-wide Cyber Security Awareness Month program.
- Established relationships to coordinate and implement HR policies and personnel management, onboarding, offboarding and contractor tracking.
- Completed BIA and security questionnaires as system administrator for core security governance tools.
- Interviewed and assessed potential candidates to expand teams.
Security Compliance Engineer
GitLab
10.2020 - 11.2021
- Implemented and managed third-party GRC application to build control frameworks, test plans and conduct continuous control monitoring.
- Engaged business and technology stakeholders to gather goals and requirements to collect auditor evidence and complete continuous control monitoring testing on in-scope compliance applications such as Okta, SalesForce, WorkDay, NetSuite, Tipalti, JAMF, etc for SOX and SOC2 control testing.
- Implemented necessary controls and procedures to protect information system assets from intentional or inadvertent modification, disclosure or destruction.
- Authored security and vulnerability reports, detailing logged incursions and suggesting remediation efforts.
- Identified solutions, working with application owners to isolate and diagnose common problems and consistently apply best practices and updates to in-scope applications.
- Developed security metrics and technical analysis to give insight into performance and trends.
- Worked with business partners to balance requirements, security and risk reduction.
- Created policies and procedures for emerging security regulatory frameworks and proposals including compliance control documents, Information Security Policy, ISO SoA (System of Applicability) to maintain legal and secure coding standards ensuring the practice of continuous compliance to manage and mitigate risk.
Sr. Compliance Manager
SocialCode
09.2015 - 07.2020
- Managed compliance efforts, reporting and audits by designing and implementing a net-new IT control framework, authoring and managing a multitude of compliance documents such as Compliance Controls, Information Security Policy, Business Continuity, Incident Response, etc to maintain legal requirements, support compliance regulations and mitigate risks of business information.
- Mapped and rationalized controls across multiple regulations to meet requirements and compliance standards adopting a one audit continuous compliance mindset.
- Reviewed documents, files, transcripts and other records to assess compliance and potential risk.
- Maintained effective working relationships with regulatory authorities and prepared records and data for regular audits.
- Conducted quarterly audits of SOC2 and SOX compliance, managing full life cycle of assigned audits in alignment with departmental procedures.
- Planned and led the execution of annual SOX ITGC and SOC compliance activities including the testing of control design and operational effectiveness, tracking remediation plans and performing follow-ups always receiving formal audit reports with 0 findings.
- Prepared and presented comprehensive progress reports, delivering closing reports to senior management and audit team covering issues and recommendations.
- Developed and delivered training programs to inform new and current employees about compliance awareness and best practices and tracked security training organization wide to safeguard continuing security awareness.
- Played instrumental role in company-wide risk assessment efforts, supporting enhancements in business processes and controls.
- Consulted with teams on best practices and served as project manager for all process improvements and regulatory initiatives.
- Defined and developed policies and procedures for compliance reporting and privacy practices.
- Liaised with department heads to identify and target inefficiencies in areas of risks and business controls, process gaps and workflow discrepancies and formulated detailed recommendations based on audit findings to support annual planning and definition of goals.
- Collaborated with HR and IT to develop and implement code of business and ethics and anti-harassment policies and related personnel training along with developing compliance training initiatives and materials, educating staff on regulations.
- Drove optimization of regulatory risks management, control testing and process improvements.
- Kept new and modified products and services in conformance with security and compliance regulations.
- Facilitated company-wide review of personnel system access and and offboarding practices.
- Implemented effective compliance policies and procedures to meet regulatory requirements and performed regular compliance reviews and audits, identifying non-compliance issues and addressing compliance issues by developing and implementing corrective action plans across departments.
- Developed remediation plans for audit findings, prioritized risks and provided detailed recommendations to Executive Management.
- Developed and improved business processes to sustain continuous compliance and implemented appropriate segregation of duties between various team members to sustain compliance.
- Conducted quarterly system user access management reviews for 30+ SaaS applications confirming and retaining evidence and artifacts, tracking requests, modifications and approvals of new or existing user rights and role changes along with removal of user accounts for termination or department transfers.
- Provided General Counsel with expert analysis to resolve difficult legal compliance issues and adjust documentation and requirements to support GDPR and CCPA requirements.
- Performed information technology risk assessments via dynamic risk analysis to identify, prioritize and improve overall risk score identifying control gaps, risk impact, vulnerability and residual risk related to governance, risk management and internal controls within IT processes; delivering achievable, meaningful recommendations for management to mitigate the identified risks
- Implemented a Third-Party Vendor Management Program for review and approval of all integrated applications and completion of all incoming Third-Party Vendor Security Questionnaires with quick turnarounds to close client deals
Escalation/Process Manager
BlackBoard
04.2009 - 09.2015
- Established team priorities, maintained schedules and monitored performance to drive operational excellence.
- Managed and prioritized the workload of 17 Engineers' support ticket case ques, ensuring all SLAs were being met and over 150+ cases were appropriately worked and resolved at any given time.
- Evaluated impact of process changes and determined return on investment by defining and implementing departmental processes to improve performance and closure rates.
- Conducted focus groups, surveys and feedback sessions to gather input from stakeholders and presented team recommendations and concerns during corporate Quarterly Business Reviews.
- Maintained positive customer relations by addressing problems head-on and implementing successful corrective actions to resolve customer concerns.
- Liaise with multiple teams on client support incidents, bug tracking and patch releases advising management on prioritizing critical cases for release cycles and providing key metrics data to increase productivity and decrease backlog highlighting development priorities.
- Identified and assisted in resolving integration issues between SalesForce and JIRA.
- Conducted case analysis and reviews identifying the need for escalation for hot clients to alleviate critical issues and authored professional correspondence to clients via developments code review/analysis.
- Worked on metrics reporting and ad-hoc/special projects as requested by upper management.
- Interviewed and assessed potential candidates to expand the customer support department.
Education
Bachelor of Arts - Management Information Systems, Communication
West Virginia University
Morgantown05.2000
Skills
- Program/Project Management
- Process Implementation
- Data Analysis
- Escalation Management
- Asset Inventory Management
- Vendor Contract Negotiations
- Vendor Evaluations/Selection
- Software Application Training/Strategy
- Executive Correspondence
- Critical Thinker/Problem Solver
- Customer Support/Relations
- Policy Creation/Deployment
- Control Frameworks (SOX, SOC1, SOC2, ISO27001, NIST, GDPR, CCPA, SCF, FedRamp)
- Application Skills (GSuite, Zoom, GitLab, GitHub, Atlassian, ProofPoint, PhishLabs, KnowBe4, AWS, JAMF, SalesForce, Slack, Archer, ControlCase, ZenGRC/ROAR, WorkDay, Paylocity, SequoiaOne, ISF Benchmark, SocialMedia Tools, ISF Benchmark, Looker, Ariba, Icertis
Timeline
IT Project Mgmt Sr. Advisor
Cigna
03.2023 - Current
Sr. Security Governance Engineer
GitLab
11.2021 - 01.2023
Security Compliance Engineer
GitLab
10.2020 - 11.2021
Sr. Compliance Manager
SocialCode
09.2015 - 07.2020
Escalation/Process Manager
BlackBoard
04.2009 - 09.2015
Bachelor of Arts - Management Information Systems, Communication
West Virginia University