IT Regulatory Compliance Specialist
February 2013 — Present
• Define and implement roles and responsibilities for Governance, Risk Management, and Compliance (GRC) tool: Audit, Compliance, Enterprise and Vendor Risk, Exception, Incident, and Policy Management.
• Administer consolidated register for open information security vulnerabilities and audit findings, including risk ranking, control owners, and tracking to completion.
• Create compliance/risk assessments in RSAM, manage surveys and responses, report on control effectiveness, and ensure reviews/approvals of compensating controls to mitigate risk.
• Manage third-party secure code reviews for internally developed applications.