Bianca Van As

Governance, Risk & Compliance Analyst
Travelopia | March 2024 – Present
•Currently leading the migration and optimization of the InfoSec risk register from Excel to OneTrust, focusing on inputting quality data for the reporting and outputs to be more concise, enhancing risk visibility across senior stakeholders and for the team to view risks centrally.
•Managed annual PCI DSS re-attestations across 8 brands and multiple business units, ensuring timely compliance for Face-to-Face (F2F), MOTO, and e-commerce payment channels. Responsibilities included stakeholder engagement, training and staying current with updates and changes from the PCI SSC.
•Continuously improving and developing the third-party risk assessment life cycle and management processes within the GRC framework, focusing on identification and tracking of IT risks while ensuring clear risk communication across multiple stakeholder groups from technical teams to executive leadership regarding business impact and risk exposure.
•Collaborated with Group DPOs to ensure compliance with evolving data privacy frameworks and emerging legislation, while effectively articulating the business importance of proper data handling and disposal practices to drive organizational commitment to data protection across all business units.
•Coordinated external penetration testing engagements and vulnerability assessments, managing remediation timelines and tracking closure of critical and high findings while articulating technical results into risk-prioritized action plans for both technical and non-technical audiences.
•Conducted annual policy reviews and development aligning with information security frameworks.

LLB

LLM 

Isc2 Certified in cybersecurity