Summary
Overview
Work History
Education
Skills
Websites
Certification
Core Expertise
Timeline
Generic

Candice Teague

Dallas

Summary

Cybersecurity expert with extensive experience in AI governance and enterprise risk management at AT&T. Achieved significant improvements in cybersecurity maturity through comprehensive risk assessments. Strong communication and analytical skills drive governance transformations, ensuring compliance and operational excellence across diverse technology platforms.

Overview

21
21
years of professional experience
1
1
Certification

Work History

Founder and Cybersecurity Independent Consultant

CYWM Consulting LLC
Dallas
08.2023 - Current
  • Founded cybersecurity and technology risk advisory business, delivering AI governance, cybersecurity, strategy, and governance, risk, and compliance (GRC) to organizations modernizing technology governance frameworks and security programs.
  • Secured governance and consulting engagements within 3 months of launch, enhancing clients' cybersecurity governance maturity.
  • Provided vCISO and AI risk advisory support services to small and mid-size organizations adopting emerging technologies and cloud environments.

Cybersecurity Technical Expert Lead, Chief Security Office

AT&T
Dallas
01.2023 - 09.2025
  • Enterprise cybersecurity governance leader that supported responsible adoption of AI technologies and emerging digital capabilities across the organization. Performance Connection Award Winner in 2025.
  • Executed 50+ enterprise AI and generative AI security assessments, evaluating model governance, data sourcing risks, access controls, and security implications of large language model (LLM) deployments.
  • Delivered early-stage governance initiatives that integrated AI Secure-by-Design principles into AI, data, and emerging technology deployments, strengthening enterprise security posture and risk management maturity.
  • Partnered with executive leadership across security, legal, privacy, data governance, and cybersecurity functions to implement AI Secure-by-Design risk management frameworks that fostered responsible AI adoption.
  • Led development of cybersecurity risk scorecard for critical systems and applications aligned with NIST Cybersecurity Framework and regulatory security controls.
  • Created AI-integrated risk metrics and governance KPIs, delivering executive-level reporting via Power BI dashboard to track security performance and risk reduction.
  • Enhanced governance controls for over 2,000 enterprise systems and applications, including network mobility and cloud-based platforms.

Director, Risk and Governance Command Center

Capital One
Plano
04.2021 - 12.2023
  • Directed enterprise risk oversight programs in highly regulated financial services, leading teams in technology risk governance, cybersecurity oversight, and internal control effectiveness assessments to enhance organizational resilience.
  • Led a team of cybersecurity leaders to improve divisional cybersecurity maturity from "C" to "B+" within 12 months, strengthening governance standards and operational risk mitigation practices.
  • Led a 6-person governance and risk team, overseeing Financial Services Division risk monitoring, control governance, and regulatory compliance activities.
  • Supported regulatory readiness and internal audit engagement preparation, ensuring compliance with financial industry risk management expectations to strengthen oversight capabilities.

Senior Manager, Cybersecurity Risk Transformation

Ernst & Young LLP
Dallas
02.2016 - 04.2021
  • Led a team with other cybersecurity leaders to enhance divisional cybersecurity maturity from "C" to "B+" within 12 months, strengthening governance standards and operational risk mitigation practices.
  • Led 6-person governance and risk team, overseeing risk monitoring, control governance, and regulatory compliance activities for Financial Services Division to enhance risk management practices.
  • Directed enterprise risk oversight programs in highly regulated financial services environment, leading teams in technology risk governance, cybersecurity oversight, and internal control effectiveness assessments to ensure compliance and manage potential risks.

Senior Consultant, Enterprise Risk Services

Deloitte
Chicago
01.2005 - 07.2016
  • Delivered technology audit and risk assurance services across industries, enhancing internal Information Technology General Controls (ITGC) compliance.
  • Delivered 100+ IT / Sarbanes Oxley 404 (SOX 404) and ISO 27001/2002 audits and security risk assessments, improving technology control environments and regulatory readiness.
  • Provided independent assurance over enterprise technology controls, facilitating internal audit functions and external regulatory examinations.
  • Evaluated control design and operating effectiveness across enterprise systems, identifying weaknesses, and recommended controls for remediation plans and roadmaps.

Vice President, Digital Platforms and Control Governance

JPMorgan Chase
Chicago
07.2012 - 02.2016
  • Led governance initiatives for enterprise digital transformation and data governance on mobile banking platforms, ensuring alignment with strategic objectives.
  • Developed enterprise control frameworks that strengthened data quality and digital platform governance while enhancing operational risk oversight.
  • Partnered with technology and business leadership to implement risk management strategies supporting secure digital innovation.
  • Enhanced regulatory compliance by developing information security policies, standards, and procedures (PSPs) alongside control governance improvements for digital banking platforms.

Education

Master of Business Administration - Cybersecurity

University of Dallas
Irving, Texas
05-2017

Bachelor of Science - Information Systems

Illinois State University
Bloomington-Normal, Illinois
12-2005

Skills

  • Enterprise cyber risk management
  • Cybersecurity governance
  • Cloud security governance
  • Technology risk and internal audit assurance
  • Enterprise risk management
  • Risk management lifecycle
  • Operational risk frameworks
  • Regulatory compliance
  • Regulatory knowledge
  • Market strategy
  • AI governance
  • Analytical thinking
  • Executive risk reporting

Certification

  • Certified Information Systems Auditor (CISA) - ISACA
  • Certified Data Privacy Solutions Engineer (CDPSE) - ISACA
  • Microsoft Generative AI for Business Certificate

Core Expertise

  • Exceptional Communication Skills (Written and Oral)
  • Executive Presence
  • Deeply Analytical
  • Go-to-Market Proposal Development
  • PowerPoint Deck Development
  • AI Governance & Model Risk Oversight
  • Enterprise Cyber Risk Management
  • Technology Risk & Internal Audit Assurance
  • Generative AI Governance
  • Enterprise Risk Management (ERM)
  • Regulatory Compliance & Board Reporting
  • Cybersecurity Governance Transformation
  • Cloud Security Governance (Azure and AWS)
  • Operational Risk & Control Frameworks
  • Executive Risk Reporting
  • Information Technology (IT) Audits
  • Data Governance
  • Risk Management Lifecycle
  • Deep Industry and Regulatory Framework Knowledge (NIST AI RMF, NIST CSF, Sarbanes-Oxley 404 (SOX 404), ISO/IEC 27001/2)

Timeline

Founder and Cybersecurity Independent Consultant

CYWM Consulting LLC
08.2023 - Current

Cybersecurity Technical Expert Lead, Chief Security Office

AT&T
01.2023 - 09.2025

Director, Risk and Governance Command Center

Capital One
04.2021 - 12.2023

Senior Manager, Cybersecurity Risk Transformation

Ernst & Young LLP
02.2016 - 04.2021

Vice President, Digital Platforms and Control Governance

JPMorgan Chase
07.2012 - 02.2016

Senior Consultant, Enterprise Risk Services

Deloitte
01.2005 - 07.2016

Master of Business Administration - Cybersecurity

University of Dallas

Bachelor of Science - Information Systems

Illinois State University
Candice Teague