Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Mihaela Chioveanu

Barcelona

Summary

As a security compliance practitioner, I streamline security and privacy processes to protecting an organization's data and systems while meeting its legal and regulatory obligations. Demonstrated 6 years of professional experience working in a highly regulated space to achieve certifications of ISO 27001, SOC2, PCI DSS, and implementing privacy regulations of HIPAA, GDPR, CCPA.

This means overseeing Security and Privacy Compliance in providing internal control testing, auditing and monitoring, risk management and mitigation, collaborating with cross-functional teams to integrate compliance practices into systems, applications, data and business operations.

I stay up to date with evolving data protection laws and frameworks, ensuring that organization systems meet global and regional requirements. Additionally, I lead efforts to educate stakeholders on security best practices, fostering a culture of data privacy awareness across the organization.

Overview

7
7
years of professional experience
1
1
Certification

Work History

Lead, HR Security and Compliance Analyst

Schneider Electric Spain
04.2024 - 04.2025

Tasks:

HR Application Security Lifecycle.

HR Data Security.

Digital certification for global, critical, HR apps.

Crown Jewel Security Compliance.


Solutions:

Security:

Drive digital certification initiatives for global, high-impact criticality of HR applications, manage extensive big data processes, overseeing digital certification in line with ISO 27001 and ISO 27701, NIS2 Directive requirements, successfully certifying 209 out of 360 HR applications.

Privacy:

Conducting data auditing, managing and recording consent, implementing data security safeguards: access, use, disclosure to keeping the data collection and use of personal data to the minimum, and maintaining transparency with internal customers: the right to control who gets to see PII, cookie policy, privacy notice, data retention schedule.

Compliance:

  • HR applications compliance with various regulations, such as GDPR, CCPA.
  • Implement and maintain Crown Jewel Security Compliance, safeguarding high-value HR assets and systems: data risk, data protection, data privacy and system security.
  • Served as a subject matter expert on compliance matters, providing guidance and support to colleagues across various departments.

Security Compliance Analyst

Healthcare Industry (confidential Contract)
09.2022 - 02.2024


Employment contracts covering multiple projects within the digital healthcare industry, including confidential assignments, where I can name a few.

Tasks:

Cloud and Edge healthcare digital solutions.
Data security, data privacy and data risk following GDPR, CCPA, HIPPA Compliance.

Roche Diagnostics Spain

Solutions:

Security:

  • Supported Cloud and Edge digital healthcare business solutions within the navify project, assisting engineering teams in implementing a "secure by design" approach for digital healthcare platforms.

Privacy:

  • Conducted comprehensive analysis of internal systems, processes, and products to ensure alignment with information security standards (ISO/IEC 27001, 27017, 27018, GDPR, HIPAA, CSA CCM), establishing a standardized control framework.
  • Contributed to security and privacy risk management governance, including Data Privacy Impact Assessments and Transfer Impact Assessments within the Product Development Process lifecycle.

Compliance:

  • Assisted in the preparation of reports for senior management, outlining findings from investigations into suspected non-compliant activities.
  • Improved company''s risk management strategy by identifying, assessing, and mitigating potential risks related to noncompliance.
  • Developed improvement and corrective action plans to bring operations in line with requirements.


Clarivate Analytic Spain:

Enhanced project management expertise while overseeing multiple initiatives to meet objectives and deadlines for the ISO/IEC 27001:2013 recertification process at Clarivate, covering three business segments:

  • Academia & Government
  • Life Sciences & Healthcare
  • Intellectual Property Management Systems

Scope included 14 products successfully audited.

Governance, Risk and Compliance Engineer

SCRM - Lidl International Hub
10.2021 - 08.2022

Task:

GRC for Lidl Plus mobile app.

Solutions:

  • Governance: Maintain and enhance cybersecurity & privacy policies and procedures to ensure compliance with all relevant certifications, laws and regulations.
  • Security Risk Management:

Oversee scheduled Security Audits (penetration tests), managing the process from initial request to remediation of identified vulnerabilities or reassignment to appropriate teams.

  • Compliance: ISO 27001, PCI - DSS
  • Maintained and reviewed Risk Management processes, tracking vulnerabilities and security findings within the internal GRC tool, ensuring compliance with frameworks such as PCI-DSS, ISO 27001, and Privacy regulations.
  • Defined security plans and contributed to the development of information security management systems (ISMS), ensuring alignment with secure software development lifecycle (S-SDLC) policies.

Security Compliance Engineer

Typeform
07.2020 - 09.2021

Task:

Security Compliance for start-up IPO and achieving certifications required by the industry.


Solutions:

  • Security: Vulnerability Assessment, Threat Modelling, Risk Management, Security Software Development Lifecycle (S-SDLC)
  • Privacy: GDPR, HIPAA.
  • Played a key role in implementing privacy compliance requirements across the organization, ensuring data collection processes within Typeform online surveys adhered to regulatory standards: Records of Processing Activities, Data Protection Impact Assessment, Data Privacy Addendum, cookie policy.
  • Compliance:
  • Lead and participated in internal and external audits, successfully achieving certifications for ISO 27001, SOC 2, and HIPAA.
  • Conducted remote security assessments for clients, applying in-depth knowledge of information security and data protection standards, including ISO 27000 series, NIST CSF, GDPR, and PCI DSS.

IT Security Analyst

Home Credit International
05.2018 - 04.2019
  • Played a key role in Vulnerability Management and Incident Response, conducting open-source intelligence investigations to assess potential security incidents, vulnerabilities, and threats, with a focus on OWASP Top 10 risks.
  • Managed firewall configurations to maintain optimal levels of network protection while allowing for necessary business operations.
  • Conducted thorough risk assessments for proposed projects or changes in technology infrastructure, highlighting potential vulnerabilities before implementation could begin.
  • Established a robust patch management process that ensured timely updates to software and hardware components across the organization.

Education

Master of Science - Cybersecurity Management

Universitat Politècnica De Catalunya
Barcelona
09-2020

Skills

  • Compliance monitoring
  • Corrective action plans
  • Reporting skills
  • Project management
  • Compliance protocols
  • Risk mitigation
  • Data presentation skills
  • Auditing experience
  • Data analysis
  • Audit coordination
  • Policy development
  • Risk identification
  • Data security

Certification

  • ISO 27001:2022-Compliant Cybersecurity: The Annex A Controls

https://www.linkedin.com/learning/certificates/7408a35bc358ad24a51146334b2435cde2472319a22825fdda66a29a9592546b

  • Implementing a Privacy, Risk, and Assurance Program

https://www.linkedin.com/learning/certificates/91af233664beb11ac4cff282f62f523bb7ace966d269f543f9a9be049f3036cf

  • Scaling Your Cybersecurity and Privacy Program

https://www.linkedin.com/learning/certificates/3939191b6f6e6ad870047dad1316e8fe3fd7935ef59efee8c6f50bf4

62c0a0ba

  • Privacy, Governance, and Compliance: Data Sharing

https://www.linkedin.com/learning/certificates/bca9c175c3f9093fcd60472d75af99c37f51b722a96f1d8bfcc261bcf6e76d4b

  • AWS for DevOps: Security, Governance, and Validation

https://www.linkedin.com/learning/certificates/ce06b2f104cdee1a7201082f6d569c175f3e51c19e45d0be1e237d93f2542ca0

  • Understanding and Prioritizing Data Privacy

https://www.linkedin.com/learning/certificates/8780748b144806a74df9e4bf684431ad26d416d8e3018b6fd756cf69ac288845




Timeline

Lead, HR Security and Compliance Analyst

Schneider Electric Spain
04.2024 - 04.2025

Security Compliance Analyst

Healthcare Industry (confidential Contract)
09.2022 - 02.2024

Governance, Risk and Compliance Engineer

SCRM - Lidl International Hub
10.2021 - 08.2022

Security Compliance Engineer

Typeform
07.2020 - 09.2021

IT Security Analyst

Home Credit International
05.2018 - 04.2019

Master of Science - Cybersecurity Management

Universitat Politècnica De Catalunya

Similar Profiles

CREATE PROFILE
Mihaela Chioveanu