HM
Open to opportunities

Haddasah Mfam

@haddasahmfam

Experienced GRC analyst with a focus on compliance and risk management.

United States
Message

What I'm looking for

I am looking for a role that values compliance and risk management, offers opportunities for growth, and fosters a collaborative work environment.

I am a dedicated GRC professional with over four years of experience in governance, risk management, and compliance. My expertise lies in leading audits and managing risk to ensure organizations maintain compliance with frameworks such as SOC 2, PCI-DSS, and ISO 27001. I have successfully implemented compliance tools and owned the audit process from scoping to reporting, enhancing security posture and operational efficiency.

In my current role as a Senior GRC & Risk Analyst at Warren & Carter Technologies, I have led complete audit cycles and developed compliance metrics dashboards for senior leadership. My proactive approach has allowed me to coordinate annual penetration tests and develop comprehensive Information Security Policies. I am passionate about bridging the gap between compliance requirements and organizational needs, ensuring that compliance is not just a checkbox but a fundamental aspect of business operations.

Experience

Work history, roles, and key accomplishments

WT
Current

Senior GRC & Risk Analyst

Warren & Carter Techonologies

Nov 2023 - Present (1 year 7 months)

Led complete audit cycles for SOC 1 & 2 Type I/II, PCI-DSS v3.2/v4.0, and ISO 27001, delivering ROC/AOC and attestation reports across all frameworks. Owned and maintained the enterprise risk register, performing risk assessments and tracking remediation to support internal and external audits.

SOCSOC IIPCI DSSISO 27001Risk ManagementAuditCompliancePolicy DevelopmentPenetration Testing
WT

GRC Analyst

Warren & Carter Techonologies

Jan 2023 - Present (2 years 5 months)

Managed evidence collection and walkthrough coordination for multiple annual audits, identifying control owners, tracking deliverables, and validating evidence. Mapped controls across ISO 27001, SOC 2, and PCI-DSS requirements to streamline evidence tracking under a unified control framework using Drata.

ISO 27001SOCPCI DSSDrataThird Party Risk ManagementKnowBe4Vendor Management
SL

GRC Intern

Sochrist Ventures Limited

Jul 2022 - Present (2 years 11 months)

Assisted in evidence collection for Interim and Roll-Forward Period for SOC2 Type II and SOC 1 Type II Audits for legacy and new applications. Handled administrative tasks in coordinating third-party Internal Audits, resulting in reports being issued in a timely manner.

SOC2SOCTask ManagementPCI DSSISO 27001

Education

Degrees, certifications, and relevant coursework

Western Governors University logoWU

Western Governors University

Bachelor's of Science, Cloud Computing

Currently pursuing a Bachelor's of Science in Cloud Computing. Expected to graduate in December 2026.

Tech stack

Software and tools used professionally

Google Cloud Platform logo

Google Cloud Platform

OneTrust logo

OneTrust

Gmail logo

Gmail

Jira logo

Jira

Smartsheet logo

Smartsheet

sso logo

sso

Mapped logo

Mapped

ServiceNow logo

ServiceNow

Availability

Open to opportunities

Location

United States

Authorized to work in

United States

Job categories

GRC AnalystRisk ManagerCompliance Analyst

Skills

SOC2PCI DSSISO 27001NIST CSFDrataOneTrustServiceNowJiraSmartsheetSecurEndsAzureGoogle Cloud Platform (GCP)Google Cloud PlatformSSOMappedGmail

Interested in hiring Haddasah?

You can contact Haddasah and 90k+ other talented remote workers on Himalayas.

Message Haddasah

People also viewed

View all talent

Find your dream job

Sign up now and join over 85,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan
Haddasah Mfam - Senior GRC & Risk Analyst - Warren & Carter Techonologies | Himalayas