Ludrian Marrero
@ludrianmarrero
Security Governance Analyst advancing GRC, AI governance, and risk reduction for global teams.
What I'm looking for
I’m a cybersecurity leader with 13+ years aligning security strategy and business objectives, driving measurable improvements in governance, risk, and compliance. I focus on AI Governance and end-to-end risk mitigation—reducing vendor risk by 30% and strengthening compliance across AI, SOX, GDPR, and FedRAMP.
In my most recent role as a Senior Security Governance Analyst, I lead security issue management from identification through remediation and closure, support audits with detailed risk evidence, and use GRC tools like Archer, ServiceNow GRC, and MetricStream to monitor control performance and KPIs. Previously, as a Senior Cybersecurity Specialist & BISO, I coordinated enterprise IT risk assessments across 10+ countries, achieved zero major audit findings over 3 years, improved third-party risk management by reviewing 50+ vendor contracts, and helped build compliance culture through cybersecurity awareness training.
Experience
Work history, roles, and key accomplishments
Security Governance Analyst
Contene Corporation
Jul 2024 - Present (2 years)
Led the end-to-end security issue management lifecycle, including triage, root cause analysis, remediation planning, and closure. Supported AI/ISO 42001/ISO 27001/NIST CSF/SOX/SOC 2/PCI DSS audits and used GRC tools to track risk, control performance, and compliance metrics.
Cybersecurity Specialist & BISO
WavIN (Anorbia Business)
Aug 2022 - Jul 2024 (1 year 11 months)
Coordinated IT and cybersecurity efforts across North America and LATAM and served as Business Information Security Officer (BISO). Conducted enterprise-wide IT risk assessments across 10+ countries, led third-party risk reviews (50+ vendor contracts), and implemented cybersecurity awareness programs that trained 2,000+ employees.
Security & Compliance Analyst
Doma
Apr 2021 - Aug 2022 (1 year 4 months)
Assessed and approved vendors using cybersecurity and compliance frameworks, and reviewed vendor impacts on systems, applications, and sensitive data. Led remediation efforts to improve the security posture (reducing risk exposure by 30%) and delivered phishing/awareness training that increased employee threat recognition by 40%.
Information Security Consultant
Zyston LLC
Nov 2020 - Apr 2021 (5 months)
Provided cybersecurity consulting, including risk assessments and evaluations of external service providers across multiple industries. Designed assessment frameworks and implemented partner risk management programs aligned with SOC 2, GLBA, SOX, FedRAMP, and related security standards.
Information Security Specialist
Amerant Bank
Sep 2019 - Nov 2020 (1 year 2 months)
Developed Amerant Bank GRC programs by implementing CoBIT 5, ISO 27001, NIST 800, and FedRAMP to enforce internal controls across on-premises and cloud systems. Led access rights reviews to support SOX/GLBA/FedRAMP compliance and directed phishing prevention initiatives that reduced employee susceptibility to phishing attacks by over 45%.
IT Security Professional
MUFG Union Bank
Dec 2017 - Sep 2019 (1 year 9 months)
Conducted end-to-end risk assessments across the project lifecycle to minimize security gaps across software, networks, databases, middleware, and hardware. Led IT security audits and integrated GRC protocols into information security practices using CoBIT 5, ISO 27001, NIST 800, and FedRAMP.
Information Security Engineer
MUFG Union Bank
Aug 2016 - Dec 2017 (1 year 4 months)
Performed audits of access controls, including privileged access, role-based permissions, password policies, and change management protocols, and delivered recommendations to remediate critical control gaps. Secured databases, servers, and operating systems, assessed network perimeter defenses, and applied IT governance frameworks to support compliance with GLBA, SOX, PCI, and HIPAA.
Information Security Risk Analyst
Popular, Inc (Banco Popular de Puerto Rico)
Mar 2015 - Jul 2016 (1 year 4 months)
Conducted risk assessments for service providers across the corporation and its subsidiaries and reviewed SOC 2 reports and security questionnaires to support procurement decisions. Performed application risk assessments with threat modeling and residual risk scoring and contributed to SOX audit reviews while delivering security awareness content.
Data Management Analyst
First Bank
Sep 2012 - Mar 2015 (2 years 6 months)
Designed and maintained MS Access databases to streamline banking operations and built reporting outputs for department performance and financial services. Developed reports using Crystal Reports, SAP Business Objects, and ODBC, and resolved technical issues involving database corruption, program failures, and network problems.
Education
Degrees, certifications, and relevant coursework
Polytechnic University of Puerto Rico
Master of Computer Science, IT Management & Information Assurance
Earned a Master in Computer Science (MCS) with a focus on IT Management & Information Assurance.
University of Puerto Rico at Mayagüez
Bachelor of Science in Business Administration, Information Systems
Earned a Bachelor of Science in Business Administration (BBA) with a concentration in Information Systems.
Tech stack
Software and tools used professionally
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Ludrian?
You can contact Ludrian and 90k+ other talented remote workers on Himalayas.
Message LudrianGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
