Governance Risk

and Compliance
Interview Prep
Session 1
 Role 1: Cybersecurity Risk Assessment Snr Analyst role-Shola

Key • The role is part of the Information Security Cyber Assessment Team, with the goal of assessing cyber
Responsibility threats and risks for the bank.
• The Information Security Program Cyber Assessment Analyst conducts cybersecurity program
assessments for new and existing processes and technology within the Information Security
Department.
• These assessments help identify cybersecurity threats and risks and contribute to improving the bank's
cybersecurity program.
• Responsibilities include conducting multiple annual cybersecurity assessments against regulatory and
federal/state guidelines.
• The role evaluates cybersecurity capabilities using various frameworks and collaborates with
stakeholders to assess cyber risk and control effectiveness.
• The Analyst documents and reports assessment findings to technical staff, senior managers, and
executives.
• Additionally, they provide Subject Matter Expert guidance, escalate issues, support other audit and
risk assessments, and stay updated on regulatory requirements and cybersecurity standards.
 Tell me about your self?
I am an Information Security Program Cyber Assessment Analyst with a strong background in cybersecurity. My primary
role involves conducting cybersecurity program assessments for processes and technology within the Information Security
Department. I collaborate with stakeholders to assess cyber risk and control effectiveness, and I'm passionate about
helping organizations enhance their cybersecurity posture.
"As a member of the Information Security Cyber Assessment Team, I focus on evaluating cyber threats and risks for our
bank. My responsibilities include performing annual cybersecurity assessments against regulatory guidelines and
frameworks. I pride myself on providing Subject Matter Expert guidance and presenting assessment findings to technical
teams and senior management.
• One of the projects I worked on involved assessing our cybersecurity capabilities using industry-standard frameworks
like NIST and ISO. By conducting in-depth analyses and collaborating with various departments, we were able to
identify gaps in our cybersecurity posture. As a result, we recommended and implemented targeted security
enhancements, leading to improved overall cybersecurity maturity.

• In another project, we focused on assessing the effectiveness of our cybersecurity controls within a specific line of
business. Through rigorous evaluation and data collection, we identified vulnerabilities and areas for improvement.
After implementing the recommended changes, we observed a significant reduction in security incidents by 8%, which
not only enhanced our security but also resulted in cost savings due to fewer security breaches.
 Do you have any questions for me?

• Could you provide insights into the top cybersecurity priorities

and challenges the organization is currently facing, and how does
this role contribute to addressing them?
• In this role, what are the key performance indicators or metrics
used to measure the effectiveness of cybersecurity assessments,
and how do these assessments influence decision-making within
the organization?
Your Show
Total Point:
Welcome to the Den

Roar

You
made it
You got
this
 Role 2: Corporate Compliance Officer-Essence
Key • Responsible for administering the corporate compliance and risk program under the Chief Legal
Responsibi
lity Officer's guidance.
• Familiarity with state and federal healthcare regulatory compliance, including HIPAA, HITECH, and
state privacy laws.
• Stay updated on regulatory changes and educate management on these developments.
• Implement the Company's Corporate Compliance program and oversee medical records production
activities.
• Maintain and update compliance policies, processes, and training content.
• Conduct routine employee compliance training and develop compliance/risk indicators.
• Prepare and update annual compliance plans, perform audits, and facilitate committee meetings
to achieve program goals.
 Tell me about your self?
I have a Bachelor's Degree in Risk Management, and I've been working in the compliance field for over three years. As
someone who is analytical, detail-oriented, and dedicated to meeting deadlines, I've been responsible for the day-to-
day administration of corporate compliance and risk programs under the guidance of the Chief Legal Officer.“

My expertise includes a deep understanding of state and federal healthcare regulatory compliance, including HIPAA,
HITECH, and state privacy laws. I stay current with regulatory developments and educate management to ensure our
organization remains compliant. Additionally, I've played a crucial role in implementing and maintaining the Company's
Corporate Compliance program

• I led a project focused on updating and enhancing our compliance policies, processes, and training content to align
them with industry best practices. This qualitative improvement not only reduced our liability but also increased
employee awareness of compliance issues, fostering a culture of compliance throughout the organization.“

• In another project, I conducted routine audits of high-risk department processes, including coding and billing audits.
Through these audits and the implementation of corrective action plans, we achieved a quantitative impact by
significantly reducing compliance incidents and associated risks, resulting in cost savings and enhanced compliance
performance."
 Do you have any questions for me?

• Could you provide insights into the top compliance and risk
priorities and challenges the organization is currently facing, and
how does this role contribute to addressing them?

• In this role, what key performance indicators or metrics are used

to measure the effectiveness of the compliance and risk
programs, and how do these programs impact the organization's
overall performance and goals?
Your Show
Total Point:
Welcome to the Den

Roar

You
made it
You got
this
 Role 3: Security Compliance Expert -Rebecca
Key • Role: Security Compliance Expert in the Sovereign Cloud Delivery & Operations team.
Responsibi
lity
• Founding member of the Technology and Engineering team, responsible for non-production security
infrastructure.
• Collaborates with infrastructure and product experts to build a globally distributed team.
• Drives innovation and standardized security processes while addressing capability gaps.
• Coordinates with global Sovereign Cloud operations teams and hyperscaler provider partners.
• Requires governmental security clearance process and EU, NATO, or FIVE EYES country member nationality or
residency.
• Qualifications include relevant degree, ability to manage ambiguity, strong communication skills, and
experience with cybersecurity frameworks and industry standards.
 Tell me about your self?
I am an experienced Security Compliance Expert with over four years of expertise in security-related topics. I have
worked extensively in the field of cybersecurity frameworks like NIST, ISO, and ISM. I am passionate about building and
maintaining secure infrastructure and have a proven track record of driving innovation and standardizing security
processes.

As a Security Compliance Expert, I've been instrumental in building and leading a globally distributed team responsible
for the secure deployment and management of non-production security infrastructure in the Sovereign Cloud Delivery
& Operations team. I thrive in managing through ambiguity, and my ability to translate security requirements into clear
solutions has been a key asset in my career.

• One project I led involved implementing cybersecurity frameworks and standards like ISO 27002:2022 and NIST SP
800-53. By doing so, we significantly reduced security incidents and improved our compliance posture, leading to a
measurable 9% reduction in security breaches and related costs."

• In another project, I focused on enhancing our security documentation and processes. Through meticulous
documentation and procedural improvements, we were able to streamline security audits and response processes.
This qualitative improvement not only saved time but also enhanced our overall security readiness and response
effectiveness.
 Do you have any questions for me?

• Could you provide insights into the key priorities and challenges
the organization is currently facing regarding security
compliance, and how does this role contribute to addressing
them?
• In this role, what key performance indicators or metrics are used
to measure the effectiveness of security compliance efforts, and
how do these efforts impact the organization's security posture
and objectives?
Your Show
Total Point:
Welcome to the Den

Roar

You
made it
You got
this
Thank you

17
18
19