About

Alexandria F. Seven
Principal Consultant, Governance, Risk & Compliance (GRC)

www.linkedin.com/in/alexandriafsln

ABOUT ALEXANDRIA

I help organizations turn security and compliance into strategic assets. As a GRC consultant, I specialize in building scalable, risk-aligned governance programs that support growth, reduce audit fatigue, and increase executive confidence. With a portfolio spanning fintech, healthcare, SaaS, and government sectors, I deliver outcomes that drive business resilience and operational trust.

CORE CAPABILITIES

GRC Program Strategy & Execution

• Development and rollout of enterprise GRC frameworks

• Integration of security governance with business operations

• Maturity assessments, multi-year roadmaps, and executive reporting

Risk Management & Audit Readiness

• End-to-end risk assessments and mitigation planning

• Control design and validation aligned with leading standards

• Audit coordination for SOC 2, ISO 27001, HITRUST, HIPAA, PCI, SOX, and others

Third-Party Risk Governance

• Vendor risk frameworks with tiered scoring and automation

• Regulatory due diligence and SLA compliance enforcement

• Integration of continuous monitoring tools (OneTrust, SecurityScorecard)

Policy & Compliance Automation

• Deployment of platforms like ServiceNow, RiskConnect, and SecureFrame

• UCF control mapping, policy lifecycle automation, and real-time dashboards

• Streamlined workflows for policy governance, evidence collection, and audit traceability

PROFESSIONAL EXPERIENCE

A3INFOSEC – Principal GRC Consultant

SaaS Virtual Assistant Platform
Led a multi-framework compliance initiative, achieving SOC 2 Type I readiness while aligning with ISO 27001 and HITRUST e1. Standardized policies, conducted control gap assessments, and orchestrated remediation efforts across Security, DevOps, and Operations. Designed and operationalized a vendor risk management program with automation, scoring logic, and real-time dashboards. Evaluated GRC platforms and led stakeholder onboarding for Security, Legal, and Procurement.

Multinational Conglomerate
Directed global TPRM engagement. Developed structured risk scoring models, performed vendor due diligence, enforced SLAs, and deployed automation for continuous monitoring. Aligned compliance objectives with procurement and legal functions for sustained vendor oversight.

Equinix – Senior GRC Engineer

Led global ServiceNow GRC implementation, enabling real-time policy governance, risk tracking, and control monitoring across SOC 2, ISO, SOX, and CUI domains. Defined technical requirements, executed Agile sprints, and created Jira user stories and UAT test plans. Integrated 1,000+ UCF controls into the knowledge base and facilitated cross-functional platform adoption.

RingCentral – Cloud GRC Lead

Managed end-to-end audit engagements and readiness for SOC 2 Type II, HITRUST, and BSI C5. Delivered ISO 27001 readiness assessments and oversaw the creation of risk treatment plans. Centralized audit documentation and developed a public-facing Trust Center to accelerate enterprise procurement cycles.

Federal Reserve Bank – Senior Security Risk Analyst

Performed RMF-based risk assessments across cloud and SaaS platforms. Led threat modeling sessions and technical reviews to identify architectural vulnerabilities. Authored and maintained all RMF documentation including SSPs, SARs, and POAMs. Enabled ATO decisions through risk treatment and remediation tracking in RSAM.

Blue Shield of California – IT Security Policy Lead

Designed and governed the enterprise policy framework in alignment with HIPAA, ISO, and NIST standards. Created ServiceNow workflows to automate policy approvals, versioning, and audit mapping. Centralized policy evidence and improved auditor readiness through traceable control mapping.

Move Inc. (Realtor.com) – Senior GRC Analyst

Built the post-M&A GRC program aligned with NewsCorp standards. Classified critical assets, embedded controls into the CI/CD pipeline, and conducted targeted risk assessments. Delivered phishing simulations and secure SDLC awareness campaigns to improve compliance culture.

EARLIER CAREER

PayPal – Led ISMS gap assessments and PCI SAQ-D validation for post-merger integration. Supported SOX control alignment and stakeholder coordination.

Visa – Authored Visa’s NIST-aligned Risk Assessment Playbook and operationalized it in Archer GRC. Led threat modeling and secure SDLC reviews.

Fremont Bank – Delivered GLBA compliance oversight, mobile device governance, and FFIEC audit remediation.

Protiviti – Conducted internal audits, PCI/SOX reviews, and risk assessments across regulated clients.

E*TRADE – Oversaw IAM audits, vendor security assessments, and OCC regulatory compliance.

TECHNICAL PROFICIENCIES

• GRC Tools: ServiceNow, RiskConnect, Archer, OneTrust, SecureFrame, SecurityScorecard

• Frameworks: SOC 2, ISO 27001, HITRUST, HIPAA, PCI DSS, NIST 800-53, SOX, GLBA, FFIEC, OCC

• Cloud Environments: AWS, GCP, SaaS, Hybrid Infrastructure

• Workflows: Agile, UAT, SDLC, CI/CD, Jira, Policy Automation

ENGAGE WITH ME

If your organization is looking to scale compliance, automate governance, or build a risk management function that delivers value—let’s connect. Now accepting U.S.-based remote and California on-site consulting engagements.
www.a3infosec.tech