GRC & Security Risk Professional | Audit Management & Project Delivery | CISM (In Progress)
Send a job offer directly to this candidate
I manage the security audit program at DDC Public Affairs, completing CAIQ, SIG, and TPRM assessments for a Fortune 500 client portfolio, coordinating SOC 2 Type II and ISO 27001 reviews, and handling third-party subcontractor risk as part of client audits. I built the intake process from scratch, including the tracking system, request queue, and weekly pipeline review with the BISO and SVP of IT.
On any given day that also means vulnerability triage, PGP-encrypted data transfers for FEC-regulated clients, and managing the compliance gate for new platform onboarding. My background in IT project management means the operational side runs cleanly and nothing falls through the cracks.
I hold a Master's in Health Informatics and a Graduate Certificate in Cybersecurity from Saint Joseph's University. CompTIA Security+ certified; CISM in progress. Based in Philadelphia, open to hybrid or remote roles in GRC, security risk, or third-party risk management.
Security Risk Project Manager, DDC Public Affairs (Jan 2024 - Present): Serve as the primary point of contact for all inbound client security assessments, completing CAIQ, SIG, and TPRM questionnaires for a Fortune 500 portfolio. Manage 100+ annual audit engagements, own the vendor risk program, and administer assessment workflows in OneTrust and ProcessUnity. Built the audit intake process from scratch including tracking systems and governance reviews with senior leadership.
IT Project Manager, DDC Public Affairs (Nov 2021 - Jan 2024): Managed up to 10 concurrent technology projects including data migrations, system integrations, and SSO implementations for Fortune 500 clients using Agile methodologies.
IT Project Manager, Highmark Health (Jan 2021 - Nov 2021): Supported a large-scale ERP migration across 120+ integrations in a HIPAA-regulated environment.
Business Configuration Analyst / Client Implementation Specialist, AmeriHealth Administrators (Jan 2018 - Jan 2021): Managed health plan implementations and claim processing resolution in a HIPAA-regulated environment.
Master of Health Administration (Health Informatics), Saint Joseph's University. Graduate Certificate in Cybersecurity, Saint Joseph's University. Bachelor of Science in Health Sciences, University of the Sciences. CompTIA Security+ certified. CISM in progress.
