Skip to main content
Ludrian MarreroLM
Open to opportunities

Ludrian Marrero

@ludrianmarrero

Security Governance Analyst advancing GRC, AI governance, and risk reduction for global teams.

United States
Message

What I'm looking for

I’m looking for a role where I can strengthen GRC and AI governance, lead security issue management and audits with strong evidence, and continuously reduce risk through frameworks, control testing, and practical vendor/third-party governance.

I’m a cybersecurity leader with 13+ years aligning security strategy and business objectives, driving measurable improvements in governance, risk, and compliance. I focus on AI Governance and end-to-end risk mitigation—reducing vendor risk by 30% and strengthening compliance across AI, SOX, GDPR, and FedRAMP.

In my most recent role as a Senior Security Governance Analyst, I lead security issue management from identification through remediation and closure, support audits with detailed risk evidence, and use GRC tools like Archer, ServiceNow GRC, and MetricStream to monitor control performance and KPIs. Previously, as a Senior Cybersecurity Specialist & BISO, I coordinated enterprise IT risk assessments across 10+ countries, achieved zero major audit findings over 3 years, improved third-party risk management by reviewing 50+ vendor contracts, and helped build compliance culture through cybersecurity awareness training.

Experience

Work history, roles, and key accomplishments

WB

Cybersecurity Specialist & BISO

WavIN (Anorbia Business)

Aug 2022 - Jul 2024 (1 year 11 months)

Coordinated IT and cybersecurity efforts across North America and LATAM and served as Business Information Security Officer (BISO). Conducted enterprise-wide IT risk assessments across 10+ countries, led third-party risk reviews (50+ vendor contracts), and implemented cybersecurity awareness programs that trained 2,000+ employees.

DO

Security & Compliance Analyst

Doma

Apr 2021 - Aug 2022 (1 year 4 months)

Assessed and approved vendors using cybersecurity and compliance frameworks, and reviewed vendor impacts on systems, applications, and sensitive data. Led remediation efforts to improve the security posture (reducing risk exposure by 30%) and delivered phishing/awareness training that increased employee threat recognition by 40%.

ZL

Information Security Consultant

Zyston LLC

Nov 2020 - Apr 2021 (5 months)

Provided cybersecurity consulting, including risk assessments and evaluations of external service providers across multiple industries. Designed assessment frameworks and implemented partner risk management programs aligned with SOC 2, GLBA, SOX, FedRAMP, and related security standards.

AB

Information Security Specialist

Amerant Bank

Sep 2019 - Nov 2020 (1 year 2 months)

Developed Amerant Bank GRC programs by implementing CoBIT 5, ISO 27001, NIST 800, and FedRAMP to enforce internal controls across on-premises and cloud systems. Led access rights reviews to support SOX/GLBA/FedRAMP compliance and directed phishing prevention initiatives that reduced employee susceptibility to phishing attacks by over 45%.

MB

IT Security Professional

MUFG Union Bank

Dec 2017 - Sep 2019 (1 year 9 months)

Conducted end-to-end risk assessments across the project lifecycle to minimize security gaps across software, networks, databases, middleware, and hardware. Led IT security audits and integrated GRC protocols into information security practices using CoBIT 5, ISO 27001, NIST 800, and FedRAMP.

MB

Information Security Engineer

MUFG Union Bank

Aug 2016 - Dec 2017 (1 year 4 months)

Performed audits of access controls, including privileged access, role-based permissions, password policies, and change management protocols, and delivered recommendations to remediate critical control gaps. Secured databases, servers, and operating systems, assessed network perimeter defenses, and applied IT governance frameworks to support compliance with GLBA, SOX, PCI, and HIPAA.

PR

Information Security Risk Analyst

Popular, Inc (Banco Popular de Puerto Rico)

Mar 2015 - Jul 2016 (1 year 4 months)

Conducted risk assessments for service providers across the corporation and its subsidiaries and reviewed SOC 2 reports and security questionnaires to support procurement decisions. Performed application risk assessments with threat modeling and residual risk scoring and contributed to SOX audit reviews while delivering security awareness content.

FB

Data Management Analyst

First Bank

Sep 2012 - Mar 2015 (2 years 6 months)

Designed and maintained MS Access databases to streamline banking operations and built reporting outputs for department performance and financial services. Developed reports using Crystal Reports, SAP Business Objects, and ODBC, and resolved technical issues involving database corruption, program failures, and network problems.

Education

Degrees, certifications, and relevant coursework

Polytechnic University of Puerto Rico logoPR

Polytechnic University of Puerto Rico

Master of Computer Science, IT Management & Information Assurance

Earned a Master in Computer Science (MCS) with a focus on IT Management & Information Assurance.

University of Puerto Rico at Mayagüez logoUM

University of Puerto Rico at Mayagüez

Bachelor of Science in Business Administration, Information Systems

Earned a Bachelor of Science in Business Administration (BBA) with a concentration in Information Systems.

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan