PaycomTeam Lead, IT Governance Risk and Compliance/ Enterprise Data Governance
Feb. 2016 - Aug. 2021Oklahoma City, Oklahoma Area• Developed the IT GRC and Data Privacy Teams from inception and oversaw the day-to-day activities of 11 direct reports. Developed KPIs for both teams and reported across multiple levels of management, from executives to individual contributors, and across various technical and non-technical audiences.
• Designed and implemented the workflows for IT GRC and Data Privacy, aligning all IT controls across the entirety of Paycom’s compliance frameworks and programs, including SOX, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 22301, PCI-DSS, FedRAMP, PrivacyShield, WCAG AA, and HIPAA. • Served as a highly trusted advisor to Legal and Development teams, delivering guidance regarding privacy, risk, and compliance requirements and technical capabilities for issues, projects, and proposed functionality. • Participated in meetings with clients and prospective customers to address security and privacy concerns. • Used specialized knowledge and expertise to identify improvements by reducing data redundancy and appropriate data reuse. • Identified and remediated data privacy issues including data collection, handling, compliance, and sanitization.
• Strengthened and developed the IT Audit and Compliance, IT Risk Assessment/Management, Data Privacy and Governance, Change Management, Business Continuity and Disaster Recovery, Crisis Management and Response, Vulnerability Mitigation, Information Security and Privacy Awareness Training, Vendor Risk Management, and WCAG/Accessibility Compliance programs.
• Contributed significantly as a highly trusted advisor to Legal and Development teams, delivering guidance and information regarding privacy, risk, and compliance requirements and technical capabilities for issues, projects, and proposed functionality.
• Frameworks in use included SOX, SOC 1, SOC 2, ISO 27001, ISO 27701, ISO 22301, PCI-DSS, FedRAMP, WCAG AA, and HIPAA. Privacy requirements included PrivacyShield, GDPR, and all state and federal privacy regulations including BIPA.