Zack Smith
Apex,NC
Summary
Security Compliance Analyst with 7+ years in SOX, SOC 2, FedRAMP, CMS, and NIST. Experience includes control framework, technical control implementation, IAM, change management, SOP development, and compliance automation using Python, YAML, Ruby, GitHub Actions, Nessus, Tenable Security Center, and Acunetix. Skilled in applying AI tools including ChatGPT, Google Gemini, and Cursor to improve control testing and efficiency.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Security Compliance Analyst
Shopify
01.2024 - Current
- Managed and enhanced the full range of SOX compliance controls, with a strong focus on Identity Access Management (IAM), change management, and access controls, while developing detailed SOPs to guide processes such as population generation and evidence gathering, ensuring consistency and audit readiness.
- Leveraged languages including Python, YAML, and Ruby, using AI to assist in developing and refining automation, alongside tools such as GitHub Actions and Nessus scanning to design, automate, and streamline compliance workflows.
- Applied AI platforms such as ChatGPT (advanced prompt engineering), Google Gemini, and Cursor (Claude) to accelerate control testing, improve data analysis accuracy, and automate repetitive compliance tasks - driving faster audit readiness and reducing manual workload.
Senior Security Analyst
Granicus
01.2024 - Current
- Led annual FedRAMP audit project planning and conducted control review meetings with department heads to ensure readiness and compliance.
- Directed FedRAMP and non-FedRAMP POA&M meetings, prioritizing remediation efforts based on vulnerability severity and risk ratings.
- Managed monthly continuous monitoring activities, verified and approved vulnerability scans, and facilitated Jira automation script updates.
- Tracked POA&M and continuous monitoring workflows using Jira and Confluence to ensure compliance with FedRAMP SLAs.
- Drafted evidence packages for vulnerabilities and developed compliance processes aligned with FedRAMP, FISMA, and ISO requirements.
Security Analyst
Granicus
01.2018 - 01.2024
- Administered Authorization & Accreditation (A&A/C&A) packages to ensure compliance with FedRAMP and CMS frameworks.
- Used Tenable Security Center and Nessus to perform vulnerability scanning and monitoring.
- Created and managed POA&Ms for internal technology and client systems based on security assessment findings.
- Tracked POA&M processes to meet SLA commitments, supporting internal audits and gap analyses.
- Assisted SaaS products in achieving FedRAMP authorization by implementing scanning protocols and prioritizing remediation activities.
Education
Master of Science - Computer Information Systems-Security Focus
Boston University
Boston, MA05-2026
Bachelor of Science - Cybersecurity Management And Policy
University of Maryland Global Campus
Hyattsville, MD09-2018
Skills
- SOX, SOC 2, FedRAMP/CMS/NIST
- Identity access management (IAM)
- Change management
- Authorization and accreditation
- Python and Ruby programming
- GitHub Actions and security tools
- AI prompt engineering and applications
- Risk management and mitigation
- Compliance auditing
- Vulnerability assessment
- Policy development
- Technical documentation
- Automation scripting
- Project management
- Standard operating procedure development
Affiliations
- Houseplants and Gardening
- Furniture Restoration
- Powerlifting
Certification
- Sec+
References
References available upon request.
Timeline
Security Compliance Analyst
Shopify
01.2024 - Current
Senior Security Analyst
Granicus
01.2024 - Current
Security Analyst
Granicus
01.2018 - 01.2024
Master of Science - Computer Information Systems-Security Focus
Boston University
Bachelor of Science - Cybersecurity Management And Policy
University of Maryland Global Campus
Similar Profiles
Abhishek RudraAbhishek Rudra
Senior Software Engineer at ShopifySenior Software Engineer at Shopify
Kaden SmaleKaden Smale
Entrepreneur at ShopifyEntrepreneur at Shopify
Dorian GreyDorian Grey
Software Engineer at ShopifySoftware Engineer at Shopify
Timothy SmithTimothy Smith
Staff Engineer at ShopifyStaff Engineer at Shopify
Amanuel NegasaAmanuel Negasa
Gene Therapy Operations Specialist II at PfizerGene Therapy Operations Specialist II at Pfizer