HimalayasHimalayas logo
MR
Open to opportunities

Michael Ruiz

@michaelruiz1

Senior cybersecurity executive specializing in third-party risk management, GRC, privacy, and identity governance.

United States
Message

What I'm looking for

I’m looking for a senior leadership role where I can run third-party risk and GRC programs end-to-end—partnering with executives to measurably improve security posture, privacy compliance, identity governance, and regulatory outcomes.

I’m a seasoned information security leader who drives strategic, measurable outcomes across third-party risk management, GRC, cybersecurity, privacy, and AI risk governance. I translate executive priorities into practical programs that protect critical systems, sustain business continuity, and strengthen organizational resiliency.

I’ve built and matured TPRM and identity governance capabilities across enterprise environments—partnering with teams across security, IT, procurement, legal, and senior leadership. I improved third-party program maturity by 80%, increased risk awareness by 71% through global supply chain due diligence, and boosted data privacy compliance by 50% with policy development for PII and data classification.

My work consistently delivers compliance and security posture gains. I’ve driven CMMC engagement resulting in an 80% uplift in security posture, increased regulatory compliance in gaming by 35% via TPRM directives, and improved identity governance maturity using role-based access control models and enhanced authentication workflows.

I lead with transformation and advisory clarity, negotiating and influencing to remove friction while meeting strict regulatory and control requirements. I’ve secured over $100K in contract savings, advanced ISO/NIST-based control frameworks (including NIST 800-53, NIST 800-63, and NIST CSF), and operationalized continuous monitoring and risk scoring using tools like ZenGRC, OneTrust, RSA Archer, and SecurityScorecard.

Experience

Work history, roles, and key accomplishments

BL
Current

Principal Cybersecurity Consultant

BoldMarc LLC

Jan 2025 - Present (1 year 3 months)

Served as a trusted cybersecurity and TPRM subject matter expert, maturing TPRM and supply-chain lifecycle requirements by 80% and improving identity governance controls to boost security posture by 80%. Delivered data privacy improvements (50% compliance increase), elevated CMMI maturity from 2 to 4 in under a month, and increased internal compliance by 30% through optimized policy and procedure

Third Party Risk ManagementIdentity GovernanceCMMCCMMI Governance
AM

Senior Cybersecurity Risk Auditor

Ampcus

Jan 2025 - Jan 2026 (1 year)

Provided expert advisory support assessing business and technology risks, evaluating control effectiveness, and communicating audit findings and recommendations to stakeholders and audit leadership. Planned and executed multiple TPRM assessments to validate controls, identify vulnerabilities, and strengthen governance.

GRCControl EffectivenessAudit Stakeholder Communication
AD

Third-Party Risk Manager

American Tire Distributors

Jan 2021 - Jan 2025 (4 years)

Led the company’s Third-Party Risk Management (TPRM) program, integrating it with enterprise risk management and reducing third-party risk incidents by 90%. Streamlined vendor due diligence and assessments (70% faster), increased contract/security requirements compliance, reduced onboarding time by 75%, and operationalized continuous monitoring to cut post-onboarding incidents by 90%.

Third Party Risk ManagementDue DiligenceIdentity GovernanceMonitoringContract Requirements (PCI SOC2 SOX)
BL

Principal Cybersecurity Consultant

BoldMarc LLC

Jan 2018 - Jan 2021 (3 years)

Led TPRM and supply-chain improvement engagements across multiple client environments, increasing program maturity globally and improving onboarding due diligence to raise risk awareness by 71%. Supported identity access management assessments and implemented security requirements into vendor contracts to reduce vendor risk and improve governance outcomes.

Third Party Risk ManagementGRC ConsultingIdentity & Access Management (IAM)Due DiligenceExecutive Advisory
GF

Cybersecurity Analyst III

GM Financial

Jan 2015 - Jan 2018 (3 years)

Executed internal and third-party cybersecurity risk assessments and contract negotiations, reducing GM Financial’s risk exposure by 44%. Improved TPRM workflows by 35%, increased vendor compliance by 26%, negotiated master service agreements and statements of work for $50K in corporate savings, and mentored junior risk team members (80% improvement).

GRCContract NegotiationMentorship & Coaching
WT

Principal Security Consultant

World Wide Technology

Jan 2014 - Jan 2015 (1 year)

Collaborated to establish a GRC Center of Competency and launched a security practice, leading information security projects and improving risk assessment artifact consistency and quality by 30%. Enhanced data segmentation and security environments and led security/privacy risk assessments, improving security and privacy posture by 32%.

Security ConsultingSegmentationSecurity And Privacy Risk AssessmentsCross Industry DeliverySecurity Program LaunchClient Advisory

Education

Degrees, certifications, and relevant coursework

American Military University logoAU

American Military University

Master of Arts, Homeland Security

Grade: GPA: 3.74

Earned a Master of Arts in Homeland Security. GPA reported as 3.74.

The University of Baylor logoTB

The University of Baylor

Bachelor of Business Administration, Entrepreneurship / International Business

Earned a Bachelor of Business Administration with a double major in Entrepreneurship and International Business.

Tech stack

Software and tools used professionally

BitSight logo

BitSight

ZenGRC logo

ZenGRC

Black

Enhance logo

Enhance

Increase logo

Increase

Matter

Availability

Open to opportunities

Location

United States

Authorized to work in

United States

Website

michaelstephenruiz.com

Job categories

Senior Managercybersecurity risk managementThird Party Risk ManagementGovernance Risk and Compliance (GRC)CybersecurityPrivacyIdentity And Access ManagementSenior Leadership RolesSenior ExecutiveSenior DirectorSenior Executive Management

Skills

Third Party Risk ManagementGRCRisk ManagementCybersecurityPrivacyAI Risk ManagementIdentity & Access ManagementAccess GovernanceRole Based Access ControlAuthentication SystemsAuthorization SystemsPrivilege Identity ManagementUser ProvisioningContinuous Control MonitoringIdentity GovernanceVulnerability ManagementData Loss PreventionIntrusion DetectionData ClassificationPII PoliciesVendor Risk ManagementDue DiligenceContract NegotiationContractual Security RequirementsISO 27000ISO 27001NIST 800 53NIST CSFCMMCGDPRCCPASOC1 ControlsSOC2PCIHIPAASOXGLBAFFIECZenGRCOneTrustRSA ArcherVenminderProcessUnityPrevalent PlatformBitSightBlack KiteRecorded FutureCVE NVD IntegrationSoftware Bill Of MaterialsBlackEnhanceIncreaseMatter

Interested in hiring Michael?

You can contact Michael and 90k+ other talented remote workers on Himalayas.

Message Michael

People also viewed

View all talent

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan