Vijay Gurung I CRISC

Experience

• 

  Uber

  Mar 2018 - Dec 2019

  GRC Security Engineer Analyst | UBER

  •Improved navigation accuracy and efficiency by leveraging MapKit features, designing interfaces, and collaborating with teams which improved navigation features and increased user satisfaction. •Implemented security awareness program, reducing security incidents caused by human errors.•Established and maintained proactive SIEM system for threat monitoring and response.•Conducted risk assessments on third-party vendors to ensure compliance with security requirements.•Developed and maintained security documentation library for audits and regulatory reviews.•Acted as a liaison between technical and non-technical teams for compliance tasks.•Prioritized security initiatives based on risk assessment, optimizing resource allocation.•Collaborated with internal audit teams to address security findings promptly.•Advised development teams on secure coding practices for application security.•Developed incident response playbooks for swift security incident handling.•Conducted regular security training sessions for staff on data privacy and GDPR compliance.•Implemented security controls for mobile device management (MDM) to secure corporate data.•Conducted data privacy impact assessments (DPIAs) with legal teams for compliance.•Contributed to business continuity plan development and testing for organizational resilience.•Optimized data security measures through encryption, monitoring, and stakeholder education.•Conducted regular security training sessions for IT and non-IT staff, emphasizing the importance of data privacy and protection in compliance with GDPR and other applicable regulations.•Mitigated data breach risks and elevated navigation precision in the rideshare experience by conducting thorough security assessments, implementing encryption protocols, and refining data handling processes, ultimately resulting in heightened user satisfaction and improved ratings. Show less

• 

  NEW YORK CITY COLLEGE OF TECHNOLOGY ALUMNI ASSOCIATION

  Jan 2020 - Dec 2020

  GRC Security Engineer Analyst | New York City College of Technology

  •Led engaging security compliance workshops by integrating hands-on activities, case studies, and real-world scenarios, fostering active participation and a comprehensive understanding of compliance standards, ultimately improving security awareness and adherence. •Developed and maintained metrics and key performance indicators (KPIs) to measure the effectiveness of security controls and compliance efforts, presenting regular reports to executive leadership.•Collaborated with legal teams to draft and review security and privacy policies, ensuring alignment with regulatory frameworks and industry standards.•Implemented a Continuous Monitoring program to ensure real-time visibility into security controls, promptly addressing non-compliance issues and enhancing overall security posture.•Conducted gap analyses against regulatory requirements and security frameworks, providing actionable recommendations for improvement and ensuring ongoing compliance.•Facilitated the creation and management of security baselines and configuration standards, ensuring that systems were deployed and maintained securely.•Conducted thorough security reviews of third-party vendors, assessing their security controls and ensuring they met the organization's security and compliance requirements.•Actively participated in industry forums, conferences, and training programs to stay informed about the latest developments in GRC and cybersecurity.•Contributed to the development of a comprehensive risk appetite statement, providing clarity on acceptable risk levels and guiding decision-making processes across the organization.•Implemented targeted communication campaigns and engaging initiatives to raise security compliance awareness. Resulted in a significant increase in the organization's commitment to adhering to security standards. Show less

• 

  Cranberry LIC

  May 2021 - Aug 2022

  GRC Security Compliance Analyst Administrator

  ▪ Implemented and enhanced data security measures for payroll and payments by conductingassessments and audits to identify vulnerabilities, ultimately ensuring precise data accuracy in atrustworthy and compliant financial environment.▪ Implemented stringent security protocols by fostering secure partnerships and optimizingtransactions through the meticulous integration of encryption, multi-factor authentication, andreal-time monitoring, leading to a substantial reduction of security incidents.▪ Optimized fund transfers by implementing automation, standardized procedures, and robustencryption, fostering strong partnerships with financial institutions and comprehensivecontingency plans for transfer continuity.▪ Delivered impactful security awareness trainings by conducting engaging sessions with realworld examples, leveraging interactive discussions, simulations, and multimedia content toenhance comprehension which fostered a culture of heightened security consciousness Show less

• 

  Buddha Tax & Accounting Inc.

  Oct 2022 - Sept 2023

  GRC Compliance Analyst Engineer | Buddha Tax & Accounting Inc.

  •Led the team in enhancing data security by engaging with key members, assessing risks, implementing regular updates, and employing advanced technologies, resulting in proactive security measures that identified vulnerabilities and improved overall data security. •Developed and implemented compliance programs, aligning the organization with industry-specific standards such as NIST, ISO 27001, HIPAA, PCI-DSS, and FISMA.•Conducted comprehensive assessments to evaluate the organization's compliance with relevant security frameworks, identifying gaps and implementing corrective actions.•Designed, documented, and maintained security policies and procedures, ensuring adherence to regulatory requirements and industry best practices.•Led the organization through successful audits, ensuring compliance with various regulatory standards and frameworks, including facilitating communication with auditors.•Collaborated with cross-functional teams to integrate security controls into the system development life cycle (SDLC), ensuring security considerations from project initiation to deployment.•Conducted internal training sessions to educate teams on the importance of GRC principles, fostering a proactive approach to security and compliance within the organization.•Implemented security incident response plans and conducted tabletop exercises to ensure the readiness of the organization to respond effectively to security incidents.•Collaborated with IT and development teams to integrate security into the DevOps pipeline, promoting a secure-by-design approach to software development.•Stayed abreast of emerging trends, threats, and technologies in the GRC space, providing recommendations for proactive adjustments to security strategies.•Conducted security awareness training by developing and facilitating interactive sessions which fostered a security-conscious culture organization-wide and heightened security awareness among team members. Show less

• 

  Baxter Clewis Consulting

  Nov 2023 - now

  GRC Security/Analyst Engineer

  •Led a top-performing team of Cybersecurity Consultants in conducting regional scope by meticulously examining systems, processes, and documentation, while enforcing compliance and security through organized meetings, role assignments, and transparent communication, which enabled the company to complete scop within four months instead of the estimated six months.•Streamlined compliance processes by collaborating with cross-functional teams, gathering information to understanding requirements, mapping payment data flows, and collecting evidence of compliance to complete a Self-Assessment Questionnaire (SAQ-A), ultimately enhancing client satisfaction while ensuring the company remained PCI compliant. ▪ Safeguarded sensitive financial data by incorporating advanced encryption protocols and stricter access controls, leading to robust data protection and a significant reduction in potential breach risk.•Performed an in-depth vulnerability assessment by conducting penetration testing, code analysis, and security scans while employing cutting-edge tools and methodologies which led to a strengthened system security posture. Show less