TOMI FAMILONI

Leads global HR solutions platform's compliance functions by executing ITGC testing and driving continuous improvement in a distributed team environment.

• Strengthened SOX, SOC 2, ISO 27001, and PCI DSS compliance by executing ITGC testing on access, change, and backup controls, closing 18 audit findings and improving evidence quality across $20M+ in infrastructure assets.
• Aligned internal controls to NIST and ISO/IEC by refining design and testing scripts, expanding compliance coverage by 22% and reducing policy exceptions across 10 systems.
• Led quarterly User Access Reviews for 1,200+ accounts, reducing unauthorized access 37% and tightening privileged-access governance.
• Improved audit readiness by 25% by standardizing evidence in HighBond and Confluence, cutting prep time by ~40 hours per audit cycle and accelerating remediation across 15+ control owners.
• Integrated compliance requirements into product acceptance criteria, increasing customer audit pass rates by 20% and avoiding ~$100K in potential SLA penalties through stronger control validation.
• Prepared 75+ evidence packages and remediation logs, increasing reporting accuracy 30% and improving control lifecycle visibility.
• Implemented remediation SLAs and control performance metrics, reducing issue closure timelines from 45 to 32 days and driving continuous compliance improvement.

Enhanced control maturity for a fintech provider by executing ITGC testing on SDLC workflows, reducing exceptions and improving audit outcomes.

• Elevated control maturity by executing ITGC testing on change, approval, and deployment workflows, reducing SDLC-related control exceptions by 28% and improving audit evaluation outcomes.
• Automated compliance checks using scripting and tooling to detect configuration drift across 50+ environments, cutting manual validation efforts by ~30 hours per quarter and strengthening continuous monitoring.
• Reduced audit turnaround time by 20% by improving control documentation, testing scripts, and execution workflows in partnership with Engineering and Compliance teams.
• Built and maintained a risk register tracking 40+ control gaps, risk management, accelerating remediation ownership and improving visibility into risk exposure.

Streamlined QA processes and validated CI/CD change-control governance for a Silicon Valley startup providing solar energy solutions to African homes.

• Streamlined vendor and policy workflows through SaaS integrations and infrastructure mapping, reducing third-party review cycles by 25%.
• Enhanced third-party risk and InfoSec oversight across the entire vendor lifecycle, ensuring robust security posture.
• Validated CI/CD change-control governance across 300+ monthly deployments, achieving 100% workflow adherence in collaboration with Engineering and Security.
• Reduced change-related control failures by 15% through diligent validation, aligning processes with continuous monitoring and GRC standards.

Led QA for payment processing APIs and microservices, ensuring high-quality, on-time Agile sprint releases for an integrated digital payments company.

• Led Quality Assurance for payment processing APIs (REST/SOAP) and microservices, developing test plans and executing exploratory testing using TestRail, Jira, and Confluence.
• Reduced defect leakage by 35% and ensured 100% on-time Agile sprint releases through meticulous QA processes and validation.
• Championed Agile Scrum adoption across the team, significantly improving project methodology and delivery.
• Mentored new QA hires, reducing onboarding time by 30% and improving overall sprint delivery efficiency by 20%.

Improved release quality and led UAT/SDLC reviews for an innovative technology platform provider, reducing production defects and accelerating deployments.

• Improved overall release quality by 30% through the execution of comprehensive exploratory and automated tests using Robot Framework, Postman, and Selenium across 10+ applications.
• Reduced production defects and accelerated deployments by 20% by implementing robust testing strategies and quality gates.
• Led User Acceptance Testing (UAT) and Software Development Lifecycle (SDLC) quality reviews for critical platforms, including university portals, smart-city applications, and aviation systems.
• Ensured 95% requirements coverage and delivered 100% defect-free major releases by rigorously upholding quality standards across diverse projects.