Content sourced fromGoogle Docs·content generated and chat powered byClaude Opusstreaming live·Reach out if you want to build a site like this!

GRC Leader

Gabriel
Chavez

Senior Manager, GRC

Transforming scattered compliance into enterprise-wide strategic GRC programs.

View ExperienceGet in Touch
SCROLL

About

Enterprise GRC Leader Driving Compliance at Scale

After a career pivot to earn a BS in Accountancy from San Diego State, Gabriel launched into technology risk consulting at EY, building deep audit and controls expertise across nine industries before transitioning to corporate GRC leadership.

At Procore, he scaled from individual contributor to Senior Manager, architecting the unified control framework, leading five acquisition integrations, and building a high-performing GRC team owning 350+ controls across multiple regulatory frameworks.

9+

Years in GRC & IT Audit

10

Direct Reports Managed

6+

Regulatory Frameworks Led

5

Acquisition Integrations

Experience

2021 — Present

Procore Technologies, Inc.

Senior Manager, GRC

  • Architected the Procore Control Framework unifying SOC 1/2, ISO 27001, and SOX into one control taxonomy.
  • Consolidated siloed audits into a single integrated audit, reducing redundancy and cross-functional audit fatigue.
  • Led compliance integration for five acquisitions, scoping SOC 2, ISO, and SOX coverage for each entity.
  • Built and led a 10-person GRC team spanning audit, risk, compliance operations, and platform engineering.
  • Drove three GRC platform transitions, culminating in an automation-first architecture reducing manual evidence collection.

2018 — 2022

Ernst & Young, LLP — Risk Advisory

Technology Risk Consultant — Senior

  • Led enterprise IAM and firewall audits for a major media conglomerate with 200,000+ employees.
  • Managed onshore and offshore teams executing SOX, ITGC, and information security audits across nine industries.
  • Built an information security risk register in Jira and automated executive KRI/KPI reporting via Power BI.
  • Reviewed GDPR and CCPA privacy governance frameworks and assessed compliance readiness for clients.
  • Supervised pilot program leveraging offshore teams for end-to-end SAP ITGC audit delivery.

2016 — 2018

Ernst & Young, LLP — Risk Advisory

Technology Risk Consultant — Staff

  • Executed ITGC, application, and entity-level control testing for external SOX audit engagements.
  • Performed SDLC control testing covering requirements approval, UAT, integration testing, and defect management.
  • Created onboarding documentation establishing best practices and workflows for all IT audit phases.
  • Supervised offshore pilot program for end-to-end SAP ITGC audit using automated workplan templates.

2010 — 2013

Macy's, Inc.

Administrative Support Team Associate

  • Led region-wide CRM analytics initiative evaluating customer satisfaction data, earning a customer service award.
  • Managed HR data in PeopleSoft and supported recruiting through Taleo screening workflows.
  • Served as inventory controller for end-of-year and interim inventory cycles.

2007 — 2010

Muscular Dystrophy Association

Administrative Assistant

  • Established Microsoft Access and Excel as core reporting tools, delivering a region-wide training presentation.
  • Supervised fundraising events managing thousands of dollars in cash, check, and coin transactions.
  • Built donor relationships through periodic outreach and large-scale event coordination.

Skills

skills — details

Select a face on the crystal to explore a skill domain.

Projects & Initiatives

Procore Control Framework

Designed a unified control framework mapping SOC 1/2, ISO 27001, SOX, and FedRAMP into a single source of truth governing 350+ controls.

#control-framework#regulatory-mapping#compliance-automation

Integrated Audit Program

Consolidated ISO 27001, SOC 1, and SOC 2 into one audit cycle, eliminating redundant evidence requests and embedding compliance into engineering sprints.

#audit-strategy#operational-efficiency#cross-functional-leadership

M&A Compliance Integration

Led compliance onboarding for five acquisitions, scoping SOC 2, ISO, and SOX requirements and designing plugin architectures to isolate acquired entity data.

#m&a-integration#soc-2#risk-management#scalability

Examples of Work Products

No examples uploaded yet.

Files will appear here once added.

Contact

Let's connect.

Open to speaking engagements, consulting, advisory roles, and connecting with other GRC professionals.

Send an EmailLinkedIn

© 2026 Gabriel Chavez

nomoreresume