Darren Lamison-White

Senior Security Analyst @Arctic Wolf

Security AnalystIT

CAREER ACHIEVEMENTS Enterprise Risk Management Expert: Successfully implemented enterprise-wide risk assessment methodologies across multiple domains (Finance, IT, Legal, Information Security) resulting in comprehensive risk identification and mitigation. SOC Compliance Leadership: Led critical SOC 1 and SOC 2 compliance initiatives, supporting audit inquiries, facilitating policy updates, and evaluating product changes for compliance impacts, ensuring continuous certification maintenance. Risk Process Optimization: Streamlined risk management processes through strategic automation initiatives, reducing manual effort by 35% while increasing assessment accuracy and overall efficiency. IPO Compliance Support: Contributed to GitLab's successful $15 billion IPO by ensuring robust risk management and compliance frameworks that met regulatory requirements and investor scrutiny. Cross-Functional Collaboration: Developed strong partnerships with control owners across organizations to provide risk-appropriate control requirements that balanced security needs with business objectives. Audit Excellence: Led comprehensive IT internal audits across multiple regulatory frameworks (SOX, HIPAA, FedRAMP) with exceptional attention to detail, resulting in enhanced control environments and significantly reduced risk exposure. Risk Automation Innovation: Designed and implemented risk management automation tools that improved efficiency by 40% while providing more accurate and timely risk insights to leadership. Vendor Risk Management: Established comprehensive third-party risk assessment programs that effectively identified and mitigated vendor-related security and compliance risks. Strategic Risk Intelligence: Developed data-driven risk reporting systems that gathered and scaled metrics across organizations, enabling executive leadership to make informed strategic decisions. Regulatory Compliance Expertise: Demonstrated deep knowledge of multiple regulatory frameworks including SOC 1, SOC 2, ISO 27001, HIPAA, and FedRAMP,

People also viewed

Eugene Ditkovsky

Founder @Netterr

🔥 Startup FounderMoscowRussia

Software Architect, Patternmaker, Grading Technologist, and Technical Fashion Designer @Design To Fashion LLC

Startup FounderITC-level Executive+21 tags

Procurement Manager @G&G Industrial Lighting

Digital Marketing Executive @Anand Sales Corporation

Danielle Anderson

Social worker @DaVita Kidney Care

Strategy manager @Motorway

Quality Analyst @Revolut

CopywritingContent WriterMarketing+10 tags

Marketing Manager @Continental

MexicoCommentatorInfluencer+25 tags

Associate Creative Director @Mint Mobile

IT Specialist @Prosecutors Office

🧑‍🔬 Engineer✔️ IT

Feedback from Darren’s ex-colleagues

user-post-1

user-post-2

user-post-3

Keep in touch with meI'm using Intch to connect with new people. Use this link to open chat with me via Intch app

Work Background

Senior Governance Risk and Compliance (GRC) Analyst

Arctic WolfSenior Governance Risk and Compliance (GRC) Analyst

Senior Security Risk Engineer (Third Party Vendors)

GitLabSenior Security Risk Engineer (Third Party Vendors)

May. 2021 - Nov. 2022Remote- Contributing to the security assurance team that helped the company go public. GitLab was valued at $15 billion at the time of IPO. - Completing customer security assessments, questionnaires and sales enablement activities. - Maintaining the Customer Assurance Package and other self-service customer security resources. - Maintaining GitLab's standard security response database (RFP). - Supporting Risk Management activities including Third Party Vendor and Security Operational Risk assessments. - Triaging new or changing security requirements, security issues, and/or Security Operational, Third Party or Customer risks. - Maintaining handbook pages, policies, standards, procedures and runbooks related to Risk and Field Security. - Identifying opportunities for Risk and Field Security process automation. - Maintaining Risk and Field Security automation tasks. - Leading sales enablement activities, including customer security assessments and contract reviews. - Executing end to end Risk and Field Security initiatives in accordance with the compliance roadmap. - Maturing the Customer Assurance Package and other self-service customer security resources. - Monitoring industry trends and demands to position GitLab as an industry leader in Security and execute initiatives to support these trends. - Executing Risk Management activities including Third Party Vendor and Security Operational Risk Assessments. - Executing peer reviews and provide meaningful feedback. - Designing requirements for Risk and Field Security automation tasks. - Recommending new Risk and Field Security metrics and automate reporting of existing metrics.

GRC - INTERNAL CONTROLS ASSOCIATE (focus on Information Technology and Information Security Risk)

Itaú USAGRC - INTERNAL CONTROLS ASSOCIATE (focus on Information Technology and Information Security Risk)

Mar. 2020 - Apr. 2021Miami, Florida, United States- Working with various business partners (in USA, Bahamas, Chile, and Brazil) to facilitate the completion of risk assessments and targeted Information Technology and Information Security risk assessment projects. - Analyzing, developing, evaluating, improving, and documenting compliance procedures for more complex and varied issues. - Assisting the Principal Risk Owners and Principal Risk Coordinators with the identification of key risks and mitigating controls in their business units, as well as action plans to address any gaps in the mitigating measures identified. - Investigating and assessing the root causes of a loss/gain events, and assisting business partners in addressing control deficiencies that surfaced as a result of such events. - Reviewing new product proposals to ensure same are supported by internal policies, suitability process, documentation, and in compliance with laws and regulations. Providing feedback and comments in preparation for the products committee. - Testing self assessment to identify possible control weaknesses in departments and functions and other operational areas and recommending changes to minimize those weaknesses. - Certifying third party providers IT control frameworks (ITGC’s) through testing for services such as SWIFT. - Assisting ERM with the overall assessment process and ongoing monitoring of outstanding items requiring follow-up and resolution. - Conducting regulatory research, disseminating regulatory information, and providing opinions and advice on regulatory matters. - Examining Bank policies, procedures, and practices to ensure compliance with laws and regulations and implementing any needed changes. - Monitoring the completion of all assigned activities of business partners to ensure agreed upon changes have been completed to address identified control weakness. - Conducting Compliance Testing of Foreign Units with requirements set by the Central Bank of Brazil as well as Anti-Money Laundering (AML) regulations.

Senior IT and Security Auditor

LennarSenior IT and Security Auditor

Apr. 2017 - Mar. 2020Miami/Fort Lauderdale Area- Senior IT Auditor carrying out the planning and overseeing the performance of compliance and substantive testing on the financially material activities and processes of the IT Department. - Supervising the work of staff auditors and consultants. - Developing IT Risk Assessments, and performing risk analysis. - Performing SOX and Non-SOX audits of Distributed IT Environments (Windows, Active Directory, etc.), Enterprise Applications (JDE, Essbase, Destiny, QRM, BOSS, BuildPro, DocuSign), Relational Database systems (Oracle, SQL), and General Computer Controls testing (Change Management, Security Administration, Information Integrity, Capacity Planning, Disaster Recovery, and Incident Management). - Conducting SSAE16 and SAS70 reviews, and user control consideration audits for 3rd party software. - Presenting findings to auditees, and tracking the remediation of findings. - Finalizing and delivering final audit reports to be presented to the audit committee. - Managing and tracking of quarterly Information System Control Templates across various business units. - Implementing SOX Requirements, ISACA Standards, and COBIT Audit Framework principles. - Extensive communication with various levels of IT Management. - Planning and performing of Cyber Security reviews.

Information Systems Auditor

LennarInformation Systems Auditor

Apr. 2013 - Mar. 2017Miami, Fl- Lead Auditor carrying out the planning and overseeing the performance of compliance and substantive testing on the financially material activities and processes of the IT Department. - Supervising the work of staff auditors and consultants. - Developing IT Risk Assessments, and performing risk analysis. - Performing SOX and Non-SOX audits of Distributed IT Environments (Windows, Active Directory, etc.), Enterprise Applications (JDE, Essbase, Destiny, QRM, BOSS, BuildPro, DocuSign), Relational Database systems (Oracle, SQL), and General Computer Controls testing (Change Management, Security Administration, Information Integrity, Capacity Planning, Disaster Recovery, and Incident Management). - Conducting SSAE16 and SAS70 reviews, and user control consideration audits for 3rd party software. - Presenting findings to auditees, and tracking the remediation of findings. - Finalizing and delivering final audit reports to be presented to the audit committee. - Managing and tracking of quarterly Information System Control Templates across various business units. - Implementing SOX Requirements, ISACA Standards, and COBIT Audit Framework principles. - Extensive communication with various levels of IT Management. - Planning and performing of Cyber Security reviews.

Audit Enterprise Risk Consultant

DeloitteAudit Enterprise Risk Consultant

Jan. 2012 - Mar. 2013McLean, VaPerforming risk assessments through auditing the internal IT controls regarding access to computer systems that are tied to an entities financial processes, in order to determine a client’s risk of a material misstatement. Utilized platforms ranging from JDE, SAP, Windows, and Unix through the use of technologies such as SAS in order to perform analysis of Journal Entry Data Routines in order to accurately evaluate the internal controls of a client’s IT environment (Data Center Network Operations, Information Security, and System Change Control).

IT ADVISORY CONSULTANT

KPMGIT ADVISORY CONSULTANT

Aug. 2011 - Jan. 2012McLean, VaConducted internal and external audit engagements on defense contractor clients with the goal of Testing ITGC/GITC’s, including Access to programs, data, and computer operating systems across Business Information Technology Systems and North American Division platforms, Oracle Database, Unix, C-Vantive, CBRM/EBRM, and SAP.

Information Security Analyst

Freddie MacInformation Security Analyst

Jan. 2009 - Mar. 2011McLean, VaInformation Security Analyst - Operated the internal transfer and termination process that affects accounts across various platforms in order to address possible security risks. Processing tickets in Remedy to disable account access when owner is no long in compliance. - Gather ownership and user relevance information for the cleanup and remediation of redundant platform accounts - Consolidate server and directory information for various platforms to assist with the departments Account Application Assessment Initiative - Enforce IT general control standards. Information Technology Risk Analyst - Analyzed and reduced the number of internal IT risk controls within the company - Responsible for assembling a written problem/solution reports to prove that any system and potential audit findings have been closed and created closure packages detailing the initial issue and how it was resolved. Programmer Analyst - Assisted the development team by using shell script to run autosys box jobs to ensure that hundreds of commands were processed on a UNIX platform (Linux). - Documented the functions, use and purpose of programs coded in Visual Basics as a part of the Financial Accounting & Corporate department’s initiative to assess the relevance of pre-existing code. - Created a wiki page that highlighted the accomplishments of the organizations initiatives within the company. Test Engineer - Implemented scripts ensuring test result accuracy. - Regression testing for the company’s in house enterprise application software Phoenix. - Utilized DOORS to compare the test results with the teams expected results. - Utilized ClearQuest in regression testing as quality assurance for the development team.

Intern

Arctic Region Supercomputing CenterIntern

Jun. 2008 - Aug. 2008Matrices of relationships among the words found in documents, across large collections of text. Computation of cooccurrence matrices, from which eigensystems are derived. Analysis of the eigensystems for their utility in information retrieval systems, including statistical analysis and visualization. Identification, implementation and performance analysis of algorithms for eigensystem computation for very large sparse symmetric matrices.

Summer Hire

Bellamy Management Services, LLC.Summer Hire

May. 2007 - Aug. 2007I worked as both IT and help desk.

Intern

SIPHER/ISISIntern

May. 2006 - Aug. 2006Using the synchronous-reactive model of computation, I built various controllers for Lego Mindstorm robots.

Intch is a Professional Networking App for the Future of Work

300k+ people

130+ countries

AI matching

Get Intch if you'd like to

Get Recommended to New Customers

Connect with Like-Minded People

Find a side project

Reach Top Niche Experts

Find Jobs on a Hidden Market

Find a Perfect Co-Founder

Find a Trusted Mentor

Hire Top Global Professionals

See more people like Darren on Intch

IT

490477 people

24

Data Scientist Intern @ Newell Brands

16

Program Manager @ DISH Network

18

Senior Software Engineer @ EarnIn

ITSecurity Analyst

27004 people

17

Major Crimes Det/CFCSI (Ret.) Business Owner, MBA @ CID / U of A / Rahbuilds.com

16

Programmer @ Castro Studios

23

Director