Open to opportunities

Tewan Teams

@tewanteams

Message

Proven Senior GRC Analyst specializing in security solutions and compliance.

United States

Message

What I'm looking for

I seek a role that values security, promotes continuous learning, and offers opportunities for growth.

I am a Senior GRC Analyst with extensive experience in designing and implementing security solutions for both federal and commercial clients. My expertise lies in compliance management and vendor risk assessments, where I have successfully managed the implementation of security awareness training and developed security authorization packages. I am passionate about leveraging my risk management skills to transition into a Cyber Security Consultant role, ensuring that all systems maintain their confidentiality, integrity, and availability.

Throughout my career, I have worked with various frameworks such as FISMA, FEDRAMP, and ISO 27001. At Xerox Corporation, I redesigned the ESS Compliance program, elevating its maturity to industry standards, and implemented annual FedRAMP assessments that improved our federal compliance posture. My ability to collaborate with product teams to integrate security-by-design methodologies has enabled earlier identification of compliance risks, significantly enhancing our operational efficiency.

My previous roles at the World Bank and NCC Group Security Services have further honed my skills in vendor risk management, vulnerability assessments, and incident response. I have a proven track record of reducing vendor onboarding lifecycles and improving audit readiness through effective policy development and training initiatives. I am committed to fostering a culture of security awareness and continuous improvement within organizations.

Experience

Work history, roles, and key accomplishments

Current

Senior GRC Analyst

Current

Xerox Corporation

Sep 2020 - Present (4 years 9 months)

Redesigned the ESS Compliance program, elevating its maturity to industry standards. Implemented annual FedRAMP assessments and maintained the ServiceNow-based risk register, improving federal compliance posture. Designed and executed Organization-wide security/privacy training, establishing KPIs for continual improvement.

FedRAMP ServiceNow ISO 27001 NIST CSF CMMC PCI DSS GRC

Senior GRC Analyst / Vendor Risk Analyst

World Bank

Nov 2019 - Present (5 years 7 months)

Developed and enforced GRC policies and directed ISO 27001 & SOC 2 Type audits. Performed Nessus vulnerability scans and vendor end-to-end risk assessments. Delivered vendor-risk awareness training and created a GRC services catalogue.

ISO 27001 SOX PCI DSS Nessus Vendor Assessment Incident Response

Information System Security Officer (ISSO)

NCC Group Security Services, Inc (WT. Solutions)

Nov 2016 - Present (8 years 7 months)

Prepared ATO and Certification and Accreditation packages as per NIST 800-53 and FedRAMP. Worked with engineers to implement/monitor AWS & Azure security controls. Reviewed vulnerability reports and tracked remediation through the POA&Ms.

NIST 800 53 FedRAMP AWS Azure Vulnerability Management SOPs Incident Response

Vendor Risk Analyst / GRC Analyst

Cardinal Health (WTS)

Jan 2012 - Present (13 years 5 months)

Directed vendor due-diligence assessments and developed worldwide TPRM policies and procedures. Contributed to HIPAA, ISO 27001, and SOX audits. Provided implementation and support for a vendor risk management solution using JIRA.