Bianca Van As

GRC Analyst

Talent

Cape Town, City of Cape Town400 ZAR/hourMember since 7 March 2023

Hire their services

Request a quote with no obligation

data privacycompliance programsit grc analystinformation security risk managementthird-party risk managementrisk assessments

About

IT GRC Analyst with expertise in information security risk management, data privacy and security, and third-party risk management. Skilled in conducting internal/external risk assessments, managing compliance programs, and articulating complex security concepts into actionable insights for stakeholders at all levels. I am passionate about leveraging digital optimization and transformation to maintain a secure and competitive advantage in today’s threat landscape.

Experience

Governance, Risk & Compliance Analyst

Travelopia | March 2024 – Present

•Currently leading the migration and optimization of the InfoSec risk register from Excel to OneTrust, focusing on inputting quality data for the reporting and outputs to be more concise, enhancing risk visibility across senior stakeholders and for the team to view risks centrally.

•Managed annual PCI DSS re-attestations across 8 brands and multiple business units, ensuring timely compliance for Face-to-Face (F2F), MOTO, and e-commerce payment channels.

Responsibilities included stakeholder engagement, training and staying current with updates and changes from the PCI SSC.

•Continuously improving and developing the third-party risk assessment life cycle and management processes within the GRC framework, focusing on identification and tracking of IT risks while ensuring clear risk communication across multiple stakeholder groups from technical teams to executive leadership regarding business impact and risk exposure.

•Collaborated with Group DPOs to ensure compliance with evolving data privacy frameworks and emerging legislation, while effectively articulating the business importance of proper data handling and disposal practices to drive organizational commitment to data protection across all business units.

•Coordinated external penetration testing engagements and vulnerability assessments, managing remediation timelines and tracking closure of critical and high findings while articulating technical results into risk-prioritized action plans for both technical and non-technical audiences.

•Conducted annual policy reviews and development aligning with information security frameworks.