Cybersecurity GRC Analyst with hands-on experience across governance frameworks, enterprise risk, third-party risk, and privacy compliance in healthcare, SaaS, and legal environments.
Real engagements โ from consulting to capstone
Audited genzapp.com and mapped controls to PIPEDA and Bill S-5 data-blocking rules, producing a gap remediation roadmap ahead of public launch.
Maintained risk registers and compliance checklists aligned to ISO 27001 and SOC 2 control objectives, reducing pre-launch compliance gaps.
Designed a PIPEDA & GDPR compliance framework for a clinical mental-health platform โ policies, data processing agreements, and PIAs to protect PII/PHI.
Ran quarterly vulnerability assessments and vendor reviews, tracking 15+ critical misconfigurations in a risk register with prioritized remediation.
Mapped organizational controls against ISO 27001 and SOC 2 Type II, producing gap analysis, remediation priorities, and an audit evidence inventory.
Led a 5-analyst team through a simulated multi-stage breach, applying NIST CSF-aligned containment and recovery, plus a board-level executive summary.
Grouped the way I actually work with them
Side experiments, outside the GRC lane
A separate space for side projects and experiments outside GRC work.
Open to full-time GRC roles and select consulting engagements โ audits, framework buildouts, and privacy program design.