Sr Risk and Compliance Specialist
Send a job offer directly to this candidate
Results-driven Information Security, Risk, and Compliance leader with 20+ years of progressive experience driving enterprise-wide GRC programs across financial services, insurance, and telecommunications sectors. Proven track record of leading SOX, SOC 2, and ISO 27001 compliance initiatives that reduced audit findings by strengthening control frameworks and accelerating remediation timelines. Skilled in translating complex regulatory requirements (NIST CSF, GDPR, HIPAA, PCI DSS, COBIT) into actionable policies and scalable control architectures, advising C-suite stakeholders while managing cross-functional teams to deliver measurable risk reduction and continuous improvement.
Governance, Risk & Compliance: GRC Framework Design & Optimization – Policy Development & Lifecycle Management – Regulatory Compliance (ISO 27001, NIST CSF, SOC 2, GDPR, HIPAA, PCI DSS) – SOX IT General Controls – Risk Register & Dashboard Reporting
Audit & Controls Assurance: Information Systems Audits – ITGC & Application Controls Testing – SOC 1/SOC 2 Review – AML/Anti-Money Laundering Compliance – Infrastructure & Data Center Audits – Segregation of Duties
Security & Risk Management: IT Risk Assessments – Vulnerability & Cloud Security Monitoring – 3rd Party Risk Management – Business Continuity / Disaster Recovery – Security Awareness & Advisory – Information Assurance
Leadership & Delivery: Cross-Functional Stakeholder Advisory – Compliance Training & Onboarding Programs – Program & Project Management – Agile / SaFe Methodologies – Fraud / Anti-Money Laundering
PNC Financial Services September 2024 - Present
RumbleOn September 2023 - June 2024
Bank of America June 2022 - May 2023
AT&T March 2021 - June 2022
State Farm Insurance November 2015 - March 2021
Western Governors University, Millcreek, UT, Master of Science in Cybersecurity & Information Assurance
University of Arizona, Tucson, AZ, Bachelor of Arts in Business Management Information Systems
Certifications: CISM, CISA (ISACA) – Generative AI for Project Managers - PMP (PMI) – CompTIA Security+ – CompTIA CySA+ – CompTIA CASP+ – CompTIA Pentest+ – Certified Risk Manager – SAFe Agilist 5.0 – Scrum Master – Six Sigma Green Belt – Cybersecurity Foundations: GRC – Data Science Certification – Guidewire Tester – Section 508
