TOMI FAMILONI

Strengthened SOX, SOC 2, ISO 27001, and PCI DSS compliance by executing ITGC testing on access, change, and backup controls, closing 18 audit findings and improving evidence quality across $20M+ in infrastructure assets.

Aligned internal controls to NIST and ISO/IEC by refining design and testing scripts, expanding compliance coverage by 22% and reducing policy exceptions across 10 systems.

Led quarterly User Access Reviews for 1,200+ accounts, reducing unauthorized access 37% and tightening privileged-access governance.

Improved audit readiness by 25% by standardizing evidence in HighBond and Confluence, cutting prep time by ~40 hours per audit cycle and accelerating remediation across 15+ control owners.

Integrated compliance requirements into product acceptance criteria, increasing customer audit pass rates by 20% and avoiding ~$100K in potential SLA penalties through stronger control validation.

Prepared 75+ evidence packages and remediation logs, increasing reporting accuracy 30% and improving control lifecycle visibility.

Implemented remediation SLAs and control performance metrics, reducing issue closure timelines from 45 to 32 days and driving continuous compliance improvement.

Elevated control maturity by executing ITGC testing on change, approval, and deployment workflows, reducing SDLC-related control exceptions by 28% and improving audit evaluation outcomes.

Automated compliance checks using scripting and tooling to detect configuration drift across 50+ environments, cutting manual validation efforts by ~30 hours per quarter and strengthening continuous monitoring.

Reduced audit turnaround time by 20% by improving control documentation, testing scripts, and execution workflows in partnership with Engineering and Compliance teams.

Built and maintained a risk register tracking 40+ control gaps, risk management, accelerating remediation ownership and improving visibility into risk exposure.

Streamlined vendor and policy workflows through SaaS integrations and infrastructure mapping, reducing third-party review cycles by 25%.

Enhanced third-party risk and InfoSec oversight across the entire vendor lifecycle, ensuring robust security posture.

Validated CI/CD change-control governance across 300+ monthly deployments, achieving 100% workflow adherence in collaboration with Engineering and Security.

Reduced change-related control failures by 15% through diligent validation, aligning processes with continuous monitoring and GRC standards.

Led Quality Assurance for payment processing APIs (REST/SOAP) and microservices, developing test plans and executing exploratory testing using TestRail, Jira, and Confluence.

Reduced defect leakage by 35% and ensured 100% on-time Agile sprint releases through meticulous QA processes and validation.

Championed Agile Scrum adoption across the team, significantly improving project methodology and delivery.

Mentored new QA hires, reducing onboarding time by 30% and improving overall sprint delivery efficiency by 20%.

Improved overall release quality by 30% through the execution of comprehensive exploratory and automated tests using Robot Framework, Postman, and Selenium across 10+ applications.

Reduced production defects and accelerated deployments by 20% by implementing robust testing strategies and quality gates.

Led User Acceptance Testing (UAT) and Software Development Lifecycle (SDLC) quality reviews for critical platforms, including university portals, smart-city applications, and aviation systems.

Ensured 95% requirements coverage and delivered 100% defect-free major releases by rigorously upholding quality standards across diverse projects.