Open to opportunities

Moises Gomez

@moisesgomez

Senior GRC and Information Security leader improving PCI DSS, SOC 2, and third-party/application security risk programs.

United States

Message

What I'm looking for

I’m looking to lead GRC and information security programs where I can own risk management for applications and vendors, drive PCI DSS/SOC 2 readiness, and use NIST-aligned controls and metrics to strengthen security posture.

I’m a Senior GRC and Information Security professional with 8+ years of experience across governance, risk, compliance, third-party risk management, PCI DSS, SOC 2, and security assessments in enterprise and high-growth environments.

In my current role as Lead Information Security Engineer, GRC, I own the application security risk management program, performing security assessments for new and existing SaaS applications and translating technical risk into actionable business decisions aligned to regulatory and industry standards.

I’ve managed governance of approximately 200 enterprise applications, led the organization’s PCI ROC assessment with an external QSA, and coordinated evidence collection across business and technical stakeholders to maintain PCI DSS compliance. I also lead annual private data inventory initiatives supporting NYDFS regulatory compliance.

I build scalable controls and operating mechanisms—developing security and compliance key controls aligned to NIST CSF 2.0, leading exception management, and implementing automated ServiceNow workflows. I define KRIs and KPIs for risk and exceptions, enabling leadership reporting and visibility into program health and risk trends.

Experience

Work history, roles, and key accomplishments

Current

Lead Information Security Engineer

Current

Root Insurance

Mar 2024 - Present (2 years 3 months)

Owned the application security risk management program, leading security assessments for new and existing SaaS applications and maintaining alignment to enterprise security standards. Managed governance for ~200 enterprise applications and led PCI ROC evidence coordination, exception management automation in ServiceNow, and leadership reporting via KRIs/KPIs.

Application Security PCI DSS Exception Management KPIs Risk Assessment

Senior Third-Party Security Risk Analyst

Contentsquare

Jul 2022 - Jan 2024 (1 year 6 months)

Conducted third-party vendor and partner risk assessments to evaluate security posture and risk exposure during procurement and onboarding. Developed third-party security policies and monitored vendor compliance with security and privacy regulations and standards.

Third Party Risk Management Vendor Assessment Security Posture Procurement Security Reviews Security Policies Risk Assessment Vendor Onboarding

Senior GRC Security Analyst

Policygenius

Oct 2021 - Jun 2022 (8 months)

Led annual enterprise risk assessments with cross-functional stakeholders to identify operational and emerging security risks. Supported SOC 2 audit readiness through evidence collection and maintained IT security policies aligned to regulatory requirements and industry standards.

Governance Risk & Compliance (GRC)SOC 2 Audits Security Compliance

Global PCI Compliance Analyst

Chubb

Jan 2020 - Oct 2021 (1 year 9 months)

Led enterprise PCI DSS compliance initiatives, including assessments, documentation, and remediation tracking for payment card processing systems. Developed and maintained PCI-aligned security policies, controls, and compliance procedures to support ongoing compliance.

PCI DSS Compliance Assessments Security Controls Policy Development Security Compliance

Experienced IT Risk Analyst

Chubb

Jul 2017 - Jan 2020 (2 years 6 months)

Participated in IT risk assessments and audit programs across enterprise systems and control domains. Performed IT control testing and compliance reviews to support audit reporting, remediation efforts, and stakeholder communication.

IT Risk Management IT Audit Controls Testing Audit Reporting Risk Mitigation Risk And Compliance