Rana Khan

As an accomplished GRC Analyst with a proven track record of 5 years, I bring a wealth of robust expertise in IT governance analysis, risk management, and agile project management to the table. 

As an accomplished GRC Analyst with a proven track record of 5 years, I bring a wealth of robust expertise in IT governance analysis, risk management, and agile project management to the table. Major achievements include:

• Collaborated with cross-functional teams to gather requirements for GRC tools, ensuring alignment with business objectives and achieving a 25% improvement in risk assessment accuracy
• Consistent success in implementing risk management strategies, conducting detailed assessments, and offering actionable mitigation recommendations resulting in a 30% reduction in potential threats
• Streamlined security risk management processes by introducing standardized procedures and documentation
• Implemented security controls and best practices, ensuring compliance with regulatory requirements (PCI-DSS, GDPR) demonstrating mastery of NIST CSF, 800-53, MITRE & Cyber Threat Intelligence Frameworks
• Applied dashboarding tools such as Power BI and Tableau to visualize risk assessment data, enabling stakeholders to make informed decisions and resulting in a 50% improvement in data-driven insights

CERTIFICATIONS

CORE COMPETENCIES

Security Governance I Risk Management I Requirement Gathering I Stakeholder Management I Vendor Selection I Agile Project Management I NIST Frameworks & Compliance Tools I Gap Analysis I Microsoft Power BI I Tableau 

CYBERSECURITY EDUCATION PUBLICATIONS

Authored multiple online articles at medium.com/@Rana.Khan to distil complex cybersecurity concepts into user-friendly information for diverse audiences and business sectors:

• Improving Cybersecurity Posture with the NIST Cybersecurity Framework
• Cyber Risk Awareness: How Businesses Can Protect and Grow 
• Threat and Risk Assessment: A Vital Element of Security Management
• Mitigating Cyber Risk, Maximizing Security
• Quantitative vs Qualitative Risk Analysis: Which is More Effective?

PROFESSIONAL EXPERIENCE   

Cyber Security Analyst | The Fields Institute for Research in Mathematical Sciences         01/2023 - 03/2023

Toronto, Canada | Internship       

• Conducted thorough gap analysis to identify areas of improvement in existing risk assessment practices, resulting in a 25% enhancement in risk identification and mitigation
• Utilized strong understanding of security risk management processes to effectively identify and prioritize risks, resulting in a 30% reduction in potential vulnerabilities
• Collaborated with the stakeholders to develop strategies for continuous improvement in risk assessment practices
• Conducted comprehensive risk assessments using NIST frameworks (NIST CSF and NIST 800-53), resulting in the identification and mitigation of critical security risks

IT Governance Analyst | World Vision                                                                 01/2022 - 03/2022

Toronto, Canada | Internship

• Proactively monitored and analyzed emerging cyber threats and vulnerabilities, keeping the Information Security team up to date with best practices, resulting in a 40% reduction in potential security incidents
• Managed gap analysis of current risk assessment practices, identifying areas for improvement and implementing remediation strategies that resulted in a 25% increase in risk assessment effectiveness
• Analyzed project risks and controls, identifying potential vulnerabilities and implementing risk mitigation strategies
• Assisted in the development and execution of business continuity and disaster recovery plans

IT Project Manager | Al Safi Danone Co. Ltd                                                      09/2016 - 01/2021

Riyadh, Saudi Arabia | Full-time

• Applied agile and waterfall methodologies to plan, execute, and control multiple, large-scale initiatives on time and within budget for a diverse roster of clients
• Successfully assessed and led the implementation of new GRC tools, resulting in a revamped risk assessment practice for the Information Security group accomplishing a 40% improvement in efficiency
• Led a team of eight members to successfully implement a cyber defence strategy that reduced breaches by 85% through ongoing threat analyses and risk assessments of the organization’s IT systems
• Conducted ongoing technical evaluations of multiple vendor proposals and contributed to final vendor selection to help the organization achieve a cost savings of 20% per year

GRC Analyst | The Centennial Fund                                                                 04/2015 - 08/2016

Riyadh, Saudi Arabia | Full-time

• Conducted comprehensive assessment of new GRC tools, analysing their capabilities and aligning them with the needs of the Information Security group, resulting in bringing a 30% improvement in risk assessment practices
• Developed and maintained comprehensive documentation of risk assessment processes, ensuring audit readiness and achieving a 30% improvement in regulatory compliance
• Coordinated negotiations with dozens of vendors to secure contracts for remote access systems that satisfied key requirements at optimal prices to save the organization approximately $0.7 million per year
• Shepherded security awareness training sessions for employees, promoting a culture of security best practices

EDUCATION & TRAINING

Accelerated Cybersecurity Program (Certificate) | University of Toronto                                       01/2023

Specialization: Governance, Risk and Compliance I Network Security I Offensive & Defensive Security 

AWS re/Start Graduate Program (Certificate) | Amazon Web Services                                             05/2022 

Specialization: Analytics & Databases I Cloud Computing I Enterprise Applications 

Data Analytics for Business Decision Making (Graduate Certificate) | Durham College                            08/2021

Specialization: Data Management I Statistical & Predictive Modelling I Ethical Leadership

Workplace Communication for IT Professionals (Certificate) | Toronto Metropolitan University                          01/2022

Specialization: Stakeholder Management I Ethical Leadership I Conflict Resolution 

Bachelor of Commerce (B.Comm.) | University of Agriculture                                                   08/2004

Specialization: Business Management I Banking & Finance I Report Writing