Taurean McDade
Summary
Seasoned Governance, Risk, and Compliance leader with 7+ years of experience in third-party risk management, vendor security assessments, compliance program development, and security operations. Deep expertise in SOC 2, ISO 27001, PCI-DSS, GDPR, FedRAMP, and NIST 800-53 with a strong track record of building and optimizing security programs. Adept at automating security workflows, mitigating vendor risks, and collaborating cross-functionally with legal, IT, and security teams. Proven ability to manage vendor security issues, oversee remediation efforts, and drive compliance improvements in dynamic, high-growth environments.
Overview
9
9
years of professional experience
1
1
Certification
Work History
Senior Cybersecurity GRC Analyst
Scout Motors
01.2024 - Current
- Led third-party security risk management, assessing vendor security controls and ensuring compliance with FEDRAMP, NIST 800-53, ISO 27001, SOC 2, PCI-DSS, and GDPR
- Spearheaded and maintained the Vendor Security Program, collaborating with Legal, IT, and Procurement teams to enforce security policies and remediation processes
- Managed vendor security assessments from onboarding through ongoing monitoring, implementing risk-based prioritization strategies to streamline evaluations
- Managed security audits by gathering and organizing evidence, collaborating with internal compliance teams, and assisting in the development of remediation plans for external assessors
- Authored and updated security documentation, policies, and procedural guidelines using Confluence and Google Apps, facilitating cross-functional collaboration and regulatory compliance
Senior Cybersecurity Risk Analyst, Trust & Assurance
Cruise
07.2023 - 01.2024
- Conducted comprehensive risk evaluations of cloud-native environments (AWS, GCP), developing risk mitigation strategies and monitoring plans to ensure compliance with NIST and SOC 2 frameworks
- Partnered with engineering and product teams to operationalize risk management processes, including KPI generation and risk register maintenance, enhancing transparency in decision-making
- Oversaw remediation efforts for audit findings and regulatory changes, implementing solutions that strengthened the organization's security posture
- Conducted internal and external audits, including risk-based assessments, and collaborated with stakeholders to address gaps, ensuring readiness for external regulatory reviews
Senior GRC Analyst
General Mills (Contract)
05.2022 - 07.2023
- Conducted security risk evaluations for third-party cloud environments (AWS, GCP), identifying security gaps and compliance deficiencies
- Led vendor security reviews, working with engineering teams to align vendor security controls with company risk tolerance
- Developed risk remediation strategies for external vendors, ensuring they met compliance obligations under SOC 2, ISO 27001, and NIST 800-53
- Evaluated and documented IT risk impacts for key business processes, including incident retrospectives and quarterly business reviews, aligning operations with enterprise risk management objectives
Security GRC Consultant
Deloitte (Contract)
10.2021 - 04.2022
- Developed governance frameworks and risk policies for Fortune 500 clients, ensuring adherence to NIST, ISO, GDPR, and HIPAA compliance standards
- Collaborated with Fortune 500 clients to assess and document technology risks, leveraging frameworks such as COBIT, ISO 27005, and NIST SP 800-53 to enhance control environments
- Conducted risk remediation for regulatory gaps and proposed process enhancements to align with emerging compliance requirements
- Delivered concise, actionable metrics to stakeholders, including risk dashboards and incident reports, ensuring clear communication and accountability
GRC Security Engineer
S&P Global
08.2020 - 09.2021
- Conducted vulnerability assessments and reported findings while facilitating security awareness training for technical teams, focusing on control implementation and policy adherence
- Conducted bi-monthly security risk assessments, identifying and addressing vulnerabilities, leading to a 30% reduction in potential security breaches
- Collaborated with DevOps and security teams to embed compliance controls into CI/CD pipelines, ensuring secure cloud deployments
Blockchain Risk Strategist
Ernest & Young
01.2018 - 04.2020
- Led risk assessments and compliance audits for blockchain-based solutions, identifying vulnerabilities and ensuring alignment with SOC 2, GDPR, and financial regulations
- Drafted and maintained technical and procedural documentation, translating complex IT risks into actionable insights for business leaders and engineering teams
- Provided thought leadership on integrating risk management practices into blockchain and fintech environments, supporting innovation while managing operational risks
- Partnered with cross-functional teams to design controls and governance mechanisms that mitigated technology risks in crypto and blockchain ecosystems
Information Security Analyst
The Associated Press
06.2016 - 11.2017
- Developed cybersecurity playbooks and facilitated interactive security training for journalists and content creators to mitigate data protection risks
- Monitored and analyzed security alerts across various tools, responding to over 100 incidents monthly
- Implemented effective incident response protocols, reducing the average resolution time
- Implemented data protection guidelines for secure data handling in news reporting, ensuring alignment with NIST 800-53 standards and regulatory requirements
Education
Bachelor of Arts - Digital Marketing
Fairleigh Dickinson University
Teaneck, New Jersey05.2017
Certification
- Certified Information Systems Security Professional (Pending)
- Certified in Risk and Information Systems Control (CRISC)
- Certificate of Cloud Security Knowledge (CCSK)
- AWS Certified Cloud Practitioner
- Google Cloud Associate Cloud Engineer
- Google Cloud Digital Leader
- ProofPoint Certified Data Loss Prevention Specialist
- CMMC Certified
Timeline
Senior Cybersecurity GRC Analyst
Scout Motors
01.2024 - Current
Senior Cybersecurity Risk Analyst, Trust & Assurance
Cruise
07.2023 - 01.2024
Senior GRC Analyst
General Mills (Contract)
05.2022 - 07.2023
Security GRC Consultant
Deloitte (Contract)
10.2021 - 04.2022
GRC Security Engineer
S&P Global
08.2020 - 09.2021
Blockchain Risk Strategist
Ernest & Young
01.2018 - 04.2020
Information Security Analyst
The Associated Press
06.2016 - 11.2017
Bachelor of Arts - Digital Marketing
Fairleigh Dickinson University
Similar Profiles
Zachary J. ParrinelloZachary J. Parrinello
Deskside Support Technician at Scout MotorsDeskside Support Technician at Scout Motors
Alaina MeyerAlaina Meyer
Lead Art Assist at Scout Motors / New MoonLead Art Assist at Scout Motors / New Moon
Hamilton HyppoliteHamilton Hyppolite
Ramp Up Steering Specialist at Scout Motors, IncRamp Up Steering Specialist at Scout Motors, Inc
Valentine UtohValentine Utoh
Cybersecurity GRC Analyst at Expertedge Consulting GroupCybersecurity GRC Analyst at Expertedge Consulting Group
Kennedy Osei AsibeyKennedy Osei Asibey
Cybersecurity, GRC Analyst at Freelance and RemoteCybersecurity, GRC Analyst at Freelance and Remote