Kayla Kurt
State College
Summary
I'm a GRC Analyst with about 3 years of experience in cybersecurity, risk management, and compliance. I've worked on building security policies, supporting audits, and helping teams stay aligned with regulations like HIPAA and GDPR. I’ve also supported projects involving AI tools in healthcare, and I’m comfortable working with tools like Archer and ServiceNow. I enjoy working with both technical and non-technical teams to solve problems, reduce risk, and make sure things run smoothly and securely.
Overview
3
3
years of professional experience
Work History
GRC Analyst
Skycep
09.2022 - Current
- Supported the development and implementation of cybersecurity governance frameworks using ISO 27001, NIST CSF, and CIS Controls to improve security posture.
- Conducted cybersecurity risk assessments, and helped identify and address critical vulnerabilities across systems and processes.
- Contributed to HIPAA, GDPR, CCPA, and HITRUST compliance initiatives, especially for AI-driven clinical tools and healthcare data environments.
- Maintained risk registers and performed preliminary risk assessments to support the development of AI/ML models.
- Collaborated with engineering, product, and business teams to provide cybersecurity input for internal proposals and client-facing projects.
- Helped draft and maintain documentation, internal policies, and procedures to support audit readiness, and improve transparency.
- Managed third-party risk activities, including onboarding, due diligence, and ensuring alignment with SLA, and security expectations.
- Utilized GRC tools like Archer, ServiceNow, and MetricStream to automate compliance workflows and monitor risk.
- Organized phishing simulations and cybersecurity awareness sessions to strengthen the internal security culture.
- Built and shared reports and dashboards with leadership to highlight risk trends, audit outcomes, and compliance status.
- Worked closely with incident response teams to enhance playbooks and support the effective handling of security events.
Education
Bachelor of Science - Information Technology
Penn State University
State College, PASkills
- GRC Platforms: Archer, ServiceNow GRC, MetricStream
- Risk Assessment & Management
- Policy & Procedure Development
- Third-Party Risk Management
- Compliance Frameworks: ISO 27001, NIST CSF, CIS Controls
- Regulatory Compliance: HIPAA, HITRUST, GDPR, CCPA
- Risk Registers & Dashboards
- Audit Preparation & Readiness
- AI/ML Risk & Governance Support
- Phishing Simulation & Security Awareness
- Security Incident Response Support
- SLA & Vendor Compliance
- Documentation & Reporting
Languages
Turkish
Native/ Bilingual
English
Native/ Bilingual
References
References available upon request.
Timeline
GRC Analyst
Skycep
09.2022 - Current
Bachelor of Science - Information Technology
Penn State University
Similar Profiles
Belma KeskinBelma Keskin
Cyber Security Analyst at SkycepCyber Security Analyst at Skycep
Daisy TaylorDaisy Taylor
Cyber Security Analyst at SkycepCyber Security Analyst at Skycep
Kaitlin ShearerKaitlin Shearer
Barista at StarbucksBarista at Starbucks
Ryan BoucherRyan Boucher
Dining Services Worker at Pennsylvania College of TechnologyDining Services Worker at Pennsylvania College of Technology
Jenny WangJenny Wang
Training Associate at Dale Carnegie TrainingTraining Associate at Dale Carnegie Training