Resume

Alexandria F. Seven
Principal GRC Consultant
Governance, Risk & Compliance | Security Policy | Audit Strategy | Risk Management
San Francisco Bay Area, CA
LinkedIn

PROFESSIONAL SUMMARY

IT Security and GRC professional with a strong track record delivering enterprise governance, risk, and compliance programs across SaaS, banking, healthcare, real estate, and tech sectors. Skilled in aligning security strategies with business goals, enabling digital transformation, and ensuring regulatory compliance. Proven success leading GRC automation, risk governance, and third-party security initiatives to strengthen security posture, reduce audit fatigue, and drive operational efficiency.

EXPERIENCE HIGHLIGHTS

Enterprise GRC Leadership – Supported GRC program maturity capabilities that align security, risk, and compliance with business objectives.
Regulatory Audit & Controls – Managed lifecycle execution of audits including SOC 2, ISO 27001, HITRUST, HIPAA, and SOX.
Risk Assessments & Cloud Governance – Conducted security risk assessments across product and enterprise in cloud, on-prem, and hybrid infrastructure environments and implemented security controls.
Security Policy Governance – Established enterprise frameworks with automated policy-control mapping in ServiceNow.
Third-Party Risk Management – Developed TPRM programs with automated vendor intake, risk tiering, and SLA enforcement.
Compliance Automation & Platforms – Implemented GRC tools and workflows.

EXPERIENCE

Principal GRC Consultant

A3INFOSEC | Remote / San Mateo, CA
2022 – 2025

Led compliance transformation initiatives for SaaS and technology clients, delivering full lifecycle audit readiness across internal departments and cloud infrastructure.
Directed the unification of security controls across SOC 2, ISO 27001, and HITRUST e1 frameworks; created scalable policy libraries, mapped controls, and aligned evidence with system owners.
Built a TPRM program for a virtual assistant platform, including vendor risk tiering, threat intelligence integration, and automated review cycles.
Conducted risk assessments using SIG, tailored scorecards, and business-aligned threat models for enterprise clients with global vendor footprints.
Recommended and implemented GRC platforms such as SecureFrame, RiskConnect, and ServiceNow for policy governance, control management, and automated reporting.
Developed audit dashboards and remediation trackers for executives, improving visibility into audit readiness and control performance.

Senior GRC Advisor / GRC Engineer

Equinix | Remote / Sunnyvale, CA
2020 – 2022

Spearheaded the implementation of ServiceNow GRC (Policy, Risk, and Compliance modules) across global business units.
Mapped 1,000+ controls using UCF; integrated internal policies for continuous monitoring and audit coverage.
Defined and tested business requirements in Agile sprints; led UAT and stakeholder training sessions.
Automated policy governance workflows, version control, and control exception management using ServiceNow.
Presented program maturity metrics and platform adoption progress to senior executives, influencing roadmap planning and funding.

IT Audit Lead

RingCentral | Belmont, CA
2019 – 2020

Directed SOC 2 Type II, HITRUST CSF, and ISO/IEC 27001 readiness across multiple cloud environments (AWS, GCP).
Performed walkthroughs, tested controls, and documented evidence across enterprise applications and cloud infrastructure.
Conducted third-party risk assessments using SIG and OneTrust; validated vendor compliance with GDPR, CCPA, and C5.
Established a corporate trust center to streamline due diligence and share audit reports with customers.
Defined enterprise-wide risk treatment plans based on maturity assessments and internal control gaps.

Senior Security Risk Analyst

Federal Reserve Bank | San Francisco, CA
2018 – 2019

Performed security risk assessments aligned with NIST RMF for moderate-impact internal systems and third-party applications.
Authored SSPs, POAMs, and SARs using RSAM to support ATO processes and continuous monitoring.
Conducted threat modeling and remediation planning in coordination with system owners and compliance teams.
Ensured traceable documentation and alignment with internal audit expectations and control testing evidence.

GRC Lead / Security Policy Lead

Blue Shield of California | San Francisco, CA
2017 – 2018

Designed and implemented an enterprise security policy lifecycle program; integrated workflows into ServiceNow GRC.
Mapped security policies to HIPAA, NIST 800-53, SOC 2, and ISO 27001 requirements.
Reduced audit response time by automating policy attestation, versioning, and exception workflows.
Facilitated cross-functional policy alignment with Legal, Security, and Compliance teams.

Principal GRC Analyst

Move Inc. (Realtor.com) | Westlake Village, CA
2016 – 2017

Developed a unified GRC program post-acquisition to align with global corporate policies.
Authored data classification policy; prioritized security of high-value assets via the Crown Jewels initiative.
Embedded security controls into Agile SDLC and CI/CD pipelines; coordinated with Engineering, DevOps, and PMO teams.
Delivered targeted training and awareness campaigns, including phishing simulations and SDLC workshops.

Security Risk Assessor

Visa | Foster City, CA
2014 – 2016

Performed security risk assessments for payment product lifecycles, third-party services, and infrastructure changes.
Authored and operationalized a NIST 800-30-based risk assessment playbook used enterprise-wide.
Integrated playbook into Archer GRC for standardized intake and remediation tracking.
Updated 50+ policies and standards across ISO 27001, PCI DSS, FFIEC, and OCC requirements.

Senior Security & Risk Consultant

Protiviti | San Francisco, CA
2013 – 2014

Delivered PCI DSS and NIST 800-53 assessments for Fortune 500 SaaS and FinTech clients.
Conducted control testing, authored remediation plans, and managed readiness efforts for certification.
Executed SOX ITGC/ITAC reviews; identified deficiencies and delivered actionable audit reports.