JOEL FLOOD

CISSP CISA CRISC PMP

San Diego, CA• joel.flood@gmail.com• linkedin.com/in/joelflood

Security professional experienced in leading GRC initiatives that drive measurable business impact. Skilled in analyzing programs and data for security risk, compliance, and maturity.

Security • Governance • Risk • Compliance

Established annual and long-range security/compliance goals; defined security strategy, KPIs, reporting mechanisms; created maturity models and a roadmap for continual improvement.
Owned, designed, and managed ongoing enhancement of GRC programs including strategy, roadmap, and controls to address regulatory requirements.
Developed KPIs demonstrating security program effectiveness (e.g., reduced unauthorized access, CIS Critical Controls gap closure, fewer audit findings, and ROI of GRC initiatives).
Managed development, implementation, and maintenance of an ISMS, including processes, controls, and supporting documentation.
Designed, implemented, and maintained an information security policy library for SOX, GLBA, PCI-DSS, GDPR, NYDFS, and CCRA obligations.
Collaborated across Sales, Legal, Finance, HR, Product, and Engineering to perform gap analysis, identify risk mitigation strategies, and drive timely remediation.
Maintained system, network, and security disaster recovery plans and coordinated testing.
Led security awareness training and phishing programs, achieving an 80% reduction in click rates.
Performed security risk assessments and audits; implemented controls aligned with CIS Critical Security Controls, NIST, and ISO 27001.
Built and operated third-party risk management, including due diligence and onboarding.
Supported SOC 2 audits and client due diligence (CAIQ, SIG questionnaires).
Led initiatives for audit readiness: ISO 27001 certification, Cyber Essentials Plus, PCI compliance, SOX (ITGCs)and SOC 2 Type II audits.
Hands-on working knowledge administrating cloud platforms Microsoft Azure/Entra and AWS.

Management

Leads cross-functional teams across engineering, operations, and compliance.
Translates technical risk into clear business language for executives and stakeholders.
Mentors team members and builds sustainable security & GRC capabilities.

Experience

Senior Information Security & Compliance Manager

Totara Learning Solutions 2024 – Present

Senior Security & Compliance Manager

RegEd 2023 – 2024

IT Director (previously IT Manager / InfoSec Analyst / IT Technician)

Dowling & Yahnke Wealth (Corient) 2015 – 2023

Current Certifications

CISSP CISA CRISC PMP CIPP/US CDPSE GCIH GDSA GCCC GSEC CHFI CEH CCSK

Education & Training

M.S., Cybersecurity & Information Assurance — Western Governors University
B.F.A. — University of the Arts
SANS SEC530, SEC566, SEC504, SEC401
Micro-MBA — UC San Diego Rady School of Management