JOEL FLOOD
CISSP CISA CRISC PMPSecurity professional leading global GRC, risk, privacy, and cloud governance initiatives that deliver measurable business impact and audit readiness. Skilled in maturing programs through data-driven risk analysis and control effectiveness.
Security • Governance • Risk • Compliance
- Established annual and long-range security/compliance goals; defined security strategy, KPIs, reporting mechanisms; created maturity models and a roadmap for continual improvement.
- Built and maintained a full ISO 27001:2022–aligned ISMS, including policies, risk register, control mappings, BIAs, treatment plans, KPIs/KRIs, and audit evidence.
- Developed KPIs demonstrating security program effectiveness (e.g., reduced unauthorized access, CIS Critical Controls gap closure, fewer audit findings, and ROI of GRC initiatives).
- Managed development, implementation, and maintenance of an ISMS, including processes, controls, and supporting documentation.
- Authored a full suite of consolidated security, privacy, and ISMS policies aligned to ISO 27001, SOC 2, NIST CSF, and GDPR requirements.
- Collaborated across Sales, Legal, Finance, HR, Product, and Engineering to perform gap analysis, identify risk mitigation strategies, and drive timely remediation.
- Defined AI governance principles and controls for responsible use, privacy, data handling, and model risk across a global stakeholder group.
- Maintained system, network, and security disaster recovery plans and coordinated testing.
- Delivered targeted security awareness training, reducing phishing susceptibility by 80% and improving employee engagement.
- Performed security risk assessments and audits; implemented controls aligned with CIS Critical Security Controls, NIST, and ISO 27001.
- Built and operated third-party risk management, including due diligence and onboarding.
- Supported SOC 2 audits and client due diligence (CAIQ, SIG questionnaires).
- Led initiatives for audit readiness: ISO 27001 certification, Cyber Essentials, PCI compliance, SOX (ITGCs)and SOC 2 Type II audits.
- Hands-on working knowledge administrating cloud platforms Microsoft Azure/Entra and AWS.
Management
- Leads cross-functional teams across engineering, operations, and compliance.
- Translates technical risk into clear business language for executives and stakeholders.
- Mentors team members and builds sustainable security & GRC capabilities.
Experience
Senior Security & Compliance Manager
IT Director (previously IT Manager / InfoSec Analyst / IT Technician)
Current Certifications
CISSP CISA CRISC PMP CIPP/US CDPSE GCIH GDSA GCCC GSEC CHFI CEH CCSK SC-300
Education & Training
- M.S., Cybersecurity & Information Assurance — Western Governors University
- B.F.A. — University of the Arts
- SANS SEC530, SEC566, SEC504, SEC401
- Micro-MBA — UC San Diego Rady School of Management