Emmanuella Derilus

GRC Analyst and Security-First Software Engineer with 5+ years of full-stack software development experience and a focused transition into governance, risk, compliance, and secure SDLC practices. Strong foundation in ISO 27001, NIST CSF 2.0, NIST 800-53 concepts, risk assessments, control documentation, policy development, third-party risk, privacy-aware software practices, and audit-evidence support. Skilled at translating security and compliance requirements into practical technical controls, documentation, remediation plans, and stakeholder-ready summaries.

Security-First Developer - Clozr Inc.

(2026-01)

• Built and reviewed software features using TypeScript and Node.js while applying secure SDLC, privacy, access-control, and data-handling requirements throughout design and implementation.
• Authored security-by-design documentation covering authentication flows, data masking, access-control behavior, privacy controls, and technical risk decisions for cross-functional review.
• Conducted secure code reviews and third-party API evaluations to identify data exposure concerns, implementation gaps, and potential supply-chain risks before release.
• Partnered with technical stakeholders to translate security and compliance requirements into implementation tasks, documentation, and remediation steps.
• Supported risk-based discussions around sensitive data handling, regional privacy expectations, and secure architecture tradeoffs for software product features.

Full Stack Developer - FullHarvest Technologies

(2022-04 - 2025-12)

• Engineered and maintained SaaS web applications using React and Ruby on Rails, contributing to backend services, API endpoints, data persistence, and reusable front-end components.
• Created and maintained technical documentation, including feature notes, troubleshooting guidance, operational handoff details, and process documentation to support repeatable workflows and audit-friendly traceability.
• Supported production operations using PagerDuty, New Relic, and Papertrail to triage incidents, review logs, investigate performance issues, and coordinate remediation with engineering stakeholders.
• Wrote SQL queries and performed database investigations to validate application behavior, trace data issues, and support root-cause analysis across backend workflows.
• Used Jira to document bugs, production issues, feature work, and remediation tasks, maintaining clear ownership, status tracking, and change history across development workflows.
• Leveraged Looker dashboards and operational reporting to investigate data issues, validate trends, and provide evidence-based updates during troubleshooting and stakeholder reviews.
• Participated in peer code reviews, debugging, release coordination, and documentation practices that supported software quality, change traceability, and control-minded development.

Junior Developer - CodeBoxx Digital

(2021-01 - 2022-08)

• Managed full lifecycle delivery for Shopify and WordPress projects, from requirements gathering and implementation through testing, deployment, and basic server hardening.
• Built custom features using JavaScript, PHP, CSS, and responsive design practices while maintaining cross-browser compatibility and stable user experiences.
• Conducted debugging, unit testing, performance troubleshooting, and documentation to support application reliability and maintainable codebases.
• Worked directly with stakeholders to translate business goals into functional requirements, technical solutions, and client-ready documentation.

BA - Psychology - CUNY Brooklyn College

Diploma - Full Stack Developer - CodeBoxx (2020)