Open to opportunities

Elias fon

@eliasfon

Message

Seasoned GRC Analyst with expertise in risk management and compliance.

United States

Message

What I'm looking for

I am looking for a role that challenges me and allows for professional growth in risk management and compliance.

I am a seasoned GRC Analyst with over 9 years of experience driving enterprise risk management, regulatory compliance, and governance initiatives across diverse industries. My expertise lies in implementing frameworks such as NIST, ISO 27001, SOX, and PCI-DSS, conducting risk assessments, and managing third-party risk. I have a proven track record of aligning cybersecurity and business objectives, developing policies, and leveraging tools like ServiceNow GRC, Archer, and Splunk to enhance security posture and ensure continuous compliance.

Throughout my career, I have spearheaded risk assessments for critical SaaS applications, collaborated with internal audit and legal teams to support external regulatory audits, and maintained enterprise risk registers to improve visibility for executive leadership. My ability to automate compliance reporting and streamline audit preparation processes has significantly reduced onboarding cycle times and ensured 100% audit readiness with zero major findings. I am passionate about fostering a compliance-driven culture and continuously improving organizational security practices.

Experience

Work history, roles, and key accomplishments

Current

GRC Analyst

Current

HenryScheinOne

Jul 2023 - Present (2 years)

Spearheaded risk assessments for 25+ critical SaaS applications, identifying control gaps and aligning mitigation plans with NIST 800-53 and ISO 27001 standards. Conducted third-party vendor risk assessments using OneTrust and ServiceNow GRC, reducing onboarding cycle time by 30% and ensuring contract compliance with HIPAA and GDPR.

NIST 800 53 ISO 27001 OneTrust HIPAA)GDPR SOX PCI DSS Active Directory Okta Sailpoint Splunk

GRC Analyst

TCS

Aug 2020 - Jun 2023 (2 years 10 months)

Performed enterprise-wide risk assessments for over 40 internal applications and client environments, aligning mitigation efforts with NIST 800-53 and ISO 27001 frameworks. Managed third-party risk reviews across 60+ vendors using RSA Archer and OneTrust, reducing overall vendor onboarding risk exposure by 35%.

NIST 800 53 ISO 27001 RSA Archer OneTrust SOX HIPAA)PCI DSS Splunk

GRC Analyst

TEKGLOBAL Inc.

Feb 2017 - Aug 2020 (3 years 6 months)

Conducted risk assessments for over 30 internal systems and client environments, aligning findings with NIST 800-53, ISO 27001, and COBIT frameworks to guide mitigation planning. Oversaw third-party vendor risk management processes for more than 50 suppliers using LogicManager and OneTrust, reducing onboarding time by 25% and improving risk visibility.

NIST 800 53 ISO 27001 COBIT OneTrust SOX PCI DSS HIPAA)Active Directory Okta RSA Archer

GRC Analyst

Bavin Corp Consulting

Apr 2015 - Feb 2017 (1 year 10 months)

Conducted IT risk assessments across 20+ client environments, aligning findings and remediation plans with NIST 800-53, FISMA, and ISO 27001 frameworks. Assisted in the development and implementation of security policies, standards, and procedures for public and private sector clients, improving compliance posture by 30%.

NIST 800 53 FISMA ISO 27001 PCI DSS SOX HIPAA)RSA Archer Excel Multi Factor Authentication Endpoint Protection

Education

Degrees, certifications, and relevant coursework

University of Buea

Bachelor of Science, Computerized Business Management

Graduated with a Bachelor of Science in Computerized Business Management. The program focused on the intersection of computer science and business administration, preparing students for roles in technology-driven business environments.