Open to opportunities

Rasmane Ouedraogo

@rasmaneouedraogo

GRC Analyst combining cybersecurity risk, compliance, and cloud security to deliver audit-ready programs and measurable risk reduction.

United States

Message

What I'm looking for

I’m looking for a role where I can own GRC and cloud security risk end-to-end in a regulated environment—automating evidence, partnering across IT/legal, and delivering executive-ready KPI/KRI reporting that improves audit readiness and reduces real risk.

I’m a results-driven GRC Analyst with 9+ years leading cybersecurity governance, risk management, and compliance programs for major US financial institutions. I own end-to-end GRC execution—coordinating audit response, collecting and organizing evidence, identifying non-conformance, and driving timely closure of findings with zero overdue audit items.

My risk work is built on NIST RMF and FAIR, including risk registers, control gap analyses, corrective action plans (CAPs), and security exception management. I report KPI/KRI metrics to executive leadership and mature GRC programs using frameworks such as NIST CSF 2.0, NIST 800-171/CMMC L2, ISO 27001, SOC 2, PCI-DSS, HIPAA, GDPR, FedRAMP, and HITRUST.

Beyond GRC, I bring hands-on SOC and cloud security strengths: triaging alerts with Splunk and Dynatrace, securing AWS environments, and implementing zero-trust architecture aligned to CMMC L2 and CIS Benchmarks. I also automate evidence collection and controls with ServiceNow GRC, AWS Audit Manager, Vanta, Ansible, and Terraform—while mentoring teams and translating complex requirements into actionable technical steps.

Experience

Work history, roles, and key accomplishments

GRC Analyst & Cloud Security

PNC Bank

Jul 2022 - Apr 2026 (3 years 9 months)

Designed and matured an end-to-end GRC program aligned to SOX, PCI-DSS, NIST CSF, NIST 800-171, and CIS Benchmarks, managing audit response, evidence collection, and remediation in ServiceNow GRC/JIRA with zero overdue findings. Led AWS control gap assessments, automated evidence collection via AWS Audit Manager and Vanta, and improved security operations by restoring services within 15 minutes on

Jira NIST RMF Vanta RSA Archer Splunk Dynatrace Ansible Terraform

GRC Analyst & DevSecOps

Citibank

Sep 2018 - Jul 2022 (3 years 10 months)

Built and matured cybersecurity compliance programs for PCI-DSS, SOX, HIPAA, and NIST CSF, using Drata to drive evidence collection, system gap identification, and audit-ready documentation. Improved security monitoring with Splunk and Dynatrace (20% lower MTTD), integrated SonarQube for OWASP-aligned secure coding, and automated auditable AWS infrastructure provisioning with CloudFormation and Te

Drata RSA Archer Dynatrace Splunk SonarQube AWS CloudFormation Terraform Jira Secure Coding PCI DSS

GRC Analyst & Cloud Security

EverBank Financial

May 2015 - Oct 2018 (3 years 5 months)

Administered PCI-DSS and SOX security protocols and compliance documentation to support continuous audit readiness. Conducted risk assessments and remediation planning, enforcing AWS IAM/VPC/Kubernetes RBAC to reduce security-related incidents by 30%, while implementing secure microservices with Docker and automated pipelines (Jenkins/Ansible) to cut deployment errors by 25% and accelerate deliver

PCI DSS SOX AWS IAM VPC Docker Jenkins Ansible Risk Assessment