JOEL FLOOD

CISSP CISA CRISC PMP

San Diego, CA• joel.flood@gmail.com• linkedin.com/in/joelflood

Security professional leading global GRC, risk, privacy, and cloud governance initiatives that deliver measurable business impact and audit readiness. Skilled in maturing programs through data-driven risk analysis and control effectiveness.

Security • Governance • Risk • Compliance

Established annual and long-range security/compliance goals; defined security strategy, KPIs, reporting mechanisms; created maturity models and a roadmap for continual improvement.
Built and maintained a full ISO 27001:2022–aligned ISMS, including policies, risk register, control mappings, BIAs, treatment plans, KPIs/KRIs, and audit evidence.
Developed KPIs demonstrating security program effectiveness (e.g., reduced unauthorized access, CIS Critical Controls gap closure, fewer audit findings, and ROI of GRC initiatives).
Managed development, implementation, and maintenance of an ISMS, including processes, controls, and supporting documentation.
Authored a full suite of consolidated security, privacy, and ISMS policies aligned to ISO 27001, SOC 2, NIST CSF, and GDPR requirements.
Collaborated across Sales, Legal, Finance, HR, Product, and Engineering to perform gap analysis, identify risk mitigation strategies, and drive timely remediation.
Defined AI governance principles and controls for responsible use, privacy, data handling, and model risk across a global stakeholder group.
Maintained system, network, and security disaster recovery plans and coordinated testing.
Delivered targeted security awareness training, reducing phishing susceptibility by 80% and improving employee engagement.
Performed security risk assessments and audits; implemented controls aligned with CIS Critical Security Controls, NIST, and ISO 27001.
Built and operated third-party risk management, including due diligence and onboarding.
Supported SOC 2 audits and client due diligence (CAIQ, SIG questionnaires).
Led initiatives for audit readiness: ISO 27001 certification, Cyber Essentials, PCI compliance, SOX (ITGCs)and SOC 2 Type II audits.
Hands-on working knowledge administrating cloud platforms Microsoft Azure/Entra and AWS.

Management

Leads cross-functional teams across engineering, operations, and compliance.
Translates technical risk into clear business language for executives and stakeholders.
Mentors team members and builds sustainable security & GRC capabilities.

Experience

Senior Information Security & Compliance Manager

Totara Learning Solutions 2024 – Present

Senior Security & Compliance Manager

RegEd 2023 – 2024

IT Director (previously IT Manager / InfoSec Analyst / IT Technician)

Dowling & Yahnke Wealth (Corient) 2015 – 2023

Current Certifications

CISSP CISA CRISC PMP CIPP/US CDPSE GCIH GDSA GCCC GSEC CHFI CEH CCSK SC-300

Education & Training

M.S., Cybersecurity & Information Assurance — Western Governors University
B.F.A. — University of the Arts
SANS SEC530, SEC566, SEC504, SEC401
Micro-MBA — UC San Diego Rady School of Management