Open to opportunities

Dominique McConduit

@dominiquemcconduit

I’m a GRC Analyst who builds audit-ready controls and secure SDLC documentation to reduce risk in regulated environments.

United States

Message

What I'm looking for

I’m looking for a role where I can own GRC deliverables—policy, audit-ready evidence, and risk remediation—while partnering with engineering on secure SDLC and control implementation to strengthen compliance posture end to end.

I’m a Governance, Risk, and Compliance (GRC) Analyst with 8 years of experience supporting regulated systems across consulting, production software, and human resources environments. I build and maintain policy-driven controls, audit-ready recordkeeping, and disciplined documentation that stand up to real-world scrutiny.

In my current consulting role, I lead client-facing compliance engagements from intake through delivery—developing policy suites, standard operating procedures, and audit-evidence frameworks aligned to NIST Cybersecurity Framework and NIST Risk Management Framework concepts. I conduct compliance posture assessments, identify control and recordkeeping gaps, and deliver structured findings with prioritized remediation recommendations.

I also bring a secure software foundation to my compliance work, including secure SDLC practices, access governance workflows, and least-privilege alignment guidance. Previously, I administered SQL and dynamic SQL environments, performed vulnerability research, and embedded input validation, authentication handling, and dependency review into the software maintenance workflow.

Earlier in my career, I served as a compliance auditor for HRIS operations, where I maintained sensitive personnel data controls and authored onboarding procedures that produced repeatable, audit-ready records. Across every engagement, my focus is the same: translate risk into clear governance documentation, support engineering with actionable guidance, and strengthen accountability through confidentiality and validated evidence.

Experience

Work history, roles, and key accomplishments

Current

GRC Analyst

Current

Axis Security Solutions

Jan 2025 - Present (1 year 4 months)

Led client-facing GRC engagements, producing NIST CSF/RMF-aligned policy and audit-evidence portfolios and prioritized remediation findings from compliance posture assessments. Designed access governance workflows to support least-privilege and continuous monitoring, and advised leadership on emerging regulatory and secure SDLC requirements.

NIST CSF NIST RMF Compliance Assessments

IT Compliance Analyst

NDI Engineering Company

Oct 2023 - Oct 2024 (1 year)

Maintained audit trails for production control systems by enforcing change documentation and validating configuration updates. Administered SQL/dynamic-SQL stored procedures with data validation, conducted vulnerability research, and documented incident triage and remediation evidence.

Secure SDLC Concepts SQL Data Validation Vulnerability Research Incident Triage & Evidence

Nonprofit Compliance Consultant

Independent Consulting Practice

Mar 2018 - Oct 2023 (5 years 7 months)

Partnered with small business and nonprofit clients to formalize policies and SOPs for recordkeeping, digital asset handling, approvals, and access permissions. Delivered confidential documentation practices and monthly reporting packages that created verifiable, audit-ready records for leadership decision-making.

Policy Development Confidentiality

Compliance Auditor

InspiraNOLA Charter Schools

Sep 2016 - Mar 2018 (1 year 6 months)

Administered HRIS for a multi-site charter school network, controlling access to sensitive employee data and running scheduled records audits for accuracy and policy compliance. Authored network-wide onboarding procedures, tracked corrective actions, and produced bi-weekly compliance/workforce reports while enforcing confidentiality and least-privilege handling.

HRIS Administration Auditing Compliance Reporting