Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Celestin Ntemngwa

Katy,Texas

Summary

Results-oriented information security professional with over 12 years of comprehensive cyber/information security engineering, analysis, and enterprise security risk management experience. Expert at implementing information security management systems end-to-end, customizing and implementing controls to meet business needs, and managing cost-effective, high-performance information technology security programs that balance enterprise risk with legislative and regulatory compliance in support of key business objectives. Skilled in all aspects of the project, detect, respond, cyber security triad, and applying the proven tenets of "defense-in-depth."

Overview

15
15
years of professional experience
11
11
Certification

Work History

Senior Information Security Risk Analyst

Service Corporation International, SCI
Houston, TX
06.2021 - Current


  • Develop, implement, review and streamline the process for identifying and assessing IT Security Risks and continuous control monitoring and automated security testing functions to ensure the overall effectiveness of risk and compliance management programs.
  • Support business leaders to establish automated and continuous means for monitoring and testing controls using data and analytics.
  • Manage Security Awareness Program -develop program plan , policy, standards and procedures. people, technology and processes and analytics.
  • Assist other departments such as Operations, Legal, Compliance, and Procurement in addressing IT risk related issues.
  • Develop and maintain information security policies, standards, and control procedures to enable compliance with applicable regulations and industry standards, including PCI, SOX, CCPA, SOC2, ISO27001, NIST
  • Perform monthly, quarterly, and annual compliance controls and report findings/metrics to Security Governance Committee.
  • Perform third-party risk assessments and make recommendations for security controls to reduce identified risks.
  • Develop and implement company-wide SOX program, including scoping review, process documentation, and identification and evaluation of the effectiveness of critical internal controls.
  • Recommend improvements in security systems and procedures.
  • Provide guidance to responsible parties on options to mitigate security risks.

Information Security Consultant -Technical Lead

Tiro Security LLC
El Segundo, CA
01.2021 - 01.2022


  • Provided strategic cybersecurity advisory, due diligence, and consulting services for enterprise clients, ranging from policy definition to implementation, adoption, and enforcement.
  • Consulted with internal, technical and business teams to provide security guidance and/or solutions to minimize security risks and guide internal customers in the development and implementation of security controls for their environments.
  • Performed assessments and audits, identified risks, highlighted vulnerabilities, and determined the client’s ability to protect against attacks, detect active threats, and respond/recover from incidents.
  • Served as a technical lead in security operations and provided work direction to other technical and contract staff.
  • Performed end to end AWS security risk assessment and audit assessment of client's AWS services.
  • Prepared and performed security risk assessment of client's AWS resources and services (built a comprehensive service/resource inventory from scratch with collaboration of engineering and software development team, identified threat actors and their intent, mechanisms of attacks, potential technical and business consequences)
  • Assessed current controls, identified gaps and recommended controls to reduce residua risks.
  • Assess AWS cloud configurations to ensure that configurations follow best practices and comply with security requirements.
  • Performed security risk assessment of client's applications including identity and access management
  • Provided deliverables to client: Fully completed Asset Inventory, Critical Data Mapping & Controls Matrix, Application Based Risk Assessment, New Prioritized Application Based Risk Register, Identity & Access Management Assessment & Audit .
  • Collaborated with client's Development and Engineering team members to identify critical assets and applications and assessed inherent and enhanced controls to determine risk.
  • Assessed average of 70 applications, 50 different AWS resources and services and generated Incident response plan per client.

Director & Sr. Cyber Security and Risk Consultant

USGEBS LLC
Houston, TX
05.2015 - 03.2021
  • Worked with customers/clients on their security programs and assisted them in improving their security posture for the organization.
  • Led the development of enterprise security strategy aligned with NIST CSF1.1 with focus on People, Processes, and Technology
  • Security Toolkit Engineering: Content creation, tuning, and engineering across defensive platforms, including SIEM, Firewalls, IDS/IPS, Nessus, EDR, SOAR, , Zero Trust, DLP, cloud security (AWS, Azure), network detection and prevention, as well as firewalls and isolation.
  • Governance - Worked with clients to deliver comprehensive IT Governance, Risk, and Compliance programs. This includes designing and implementing information risk and control frameworks, vendor risk assessment processes and tools, information security policies and standards, cybersecurity awareness, security metrics, key performance indicators, reporting, governance, and oversight processes. Execution of information security internal audit, external audit, and regulatory reviews
  • Assisted CISO and CIO in preparing briefings and executive-level reports(e.g., Board, Audit, and Risk Committees) through planning sessions
  • Security Services - Provided security services such as identity and access management design, testing and assessment, log aggregation, and monitoring. Running vulnerability and security scans, reviewing vulnerability assessment reports, selecting and reviewing security controls and plans. Perform security assessment of infrastructure/applications to identify key risk areas and ensure company project teams meet required security control objectives.
  • Technology Assessments and Deployments - Identity & Access management/Privilege Account management systems (CyberArk Enterprise) implementation. Infrastructure security ( firewalls, NAC, IDS/IPS}. Vulnerability management/scanning (using Nessus, Core Impact Pro, Qualys, Rapid7). Web Application security implementation. Data Loss Prevention (DLP), DDoS Mitigation, security, SIEM ( Splunk), cloud security implementation, and assessment.
  • Strategy Projects: Conducted assessments of client environments using technical frameworks such as MITRE ATT&CK and industry frameworks such as NIST, ISO, and PCI. Analyzed data security controls to identify weaknesses and design strategies to address gaps and non-compliance for multiple projects. Leveraged NIST SP 800, PCI DSS, ISO 27001, 27002 & 17799 standards and techniques as a basis for risk management assessment.

Cyber Security Independent Contractor

KPMG LLP
03.2020 - 02.2022
  • Technology Assessments and Deployments - Areas of focus include Application Security, Vulnerability Assessment, Patch/Vulnerability management, and Privileged Access management, Cyber Maturity assessment, vendor security risk management, Incident response

Adjunct Professor

University Of Houston-Downtown
Houston, TX
08.2015 - 04.2018
  • Developed curriculum standards, lesson plans, and syllabus in physical sciences and science education[1]
  • Served in committee that created a partnership between the university and NASA
  • Taught physical science and math courses, providing instruction to up to 500 undergraduate and graduate students-

Independent IT & Cyber Risk Audit &Assessment -

Independent Contractor
Atlanta, GA
02.2012 - 04.2015
  • Supported the audit and compliance assessments across various industries including Oil and Gas, Healthcare, Food and Beverage
  • Assessed the effectiveness of security controls.
  • Assessed all the configuration management (change configuration/release management) processes.
  • Identified and prioritized critical business functions in collaboration with organizational stakeholders.
  • Managed the remediation efforts throughout client organizations
  • Conducted IT control risk assessments that include reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy and compliance with the Payment Card Industry Data Security Standard (PCI DSS)
  • Planned and performed independent comprehensive assessments of the management, operational, and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37)
  • Performed assessment on the suitability of the design and operating effectiveness of the controls for SOC2 readiness
  • Documented effective analysis of gathered data and accurate generation of reports that identified project variances or trends

Operation Mgmt (IT Support, Network Admin & Secur)

Georgia Institute Of Technology
Atlanta, GA
03.2007 - 03.2011
  • Managed various operation activities including computer and audio visual networking and analysis
  • Installed, configured, tested, operated, maintained, and managed 5 department's networks and firewalls, including hardware (e.g., hubs, bridges, switches, routers, cables, and proxy servers)
  • Planned, implemented, and operated network services/systems, to include hardware and virtual environments.

Education

Master of Science - Cyber Security

Wilmington University
New Castle, DE
2020

Ph.D. - Physics(Education)

University of Georgia
Athens, GA
2015

MBA - Management

Brenau University
Gainesville, GA
2015

Master of Science - Science(Physics) Education

Mercer University
Macon, GA

Bachelor of Science - Physics

University of Yaounde
Yaounde

Skills

  • Experience with the design and end-to-end implementation of ISMS following ISO27001 requirements, including the audit of ISMS for ISO 27001 Certification
  • Experience with web application penetration testing using tools such as Burp Suite Pro, OWASP ZAP, GitHub Actions, etc
  • AWS Security assessment and implementation of security controls
  • Threat modeling and vulnerability management
  • Experience with SOX implementation and execution in a publicly-traded company
  • Experience performing Third-party risk management/Vendor risk assessment
  • Experience with tools such as Splunk(SIEM), Qualys(Vulnerability assessment), OneTrust(Third-party risk management), Wrike (Project management), Kenna Security, Netwrix, etc
  • Experience implementing security awareness and training for companies with an average of 30 000 employees- used tools such as ProofPoint, Cofense, etc
  • Solid business managerial (strategic planning, budget, negotiation, project and process management) skills
  • DevSecOps - SAST, DAST, container security
  • Network security solutions-Firewall, WAF, NACL, IPS, IDS, NAT, Gateways, VPN setup
  • Python, bash scripting, PowerShell
  • Frameworks used : NIST frameworks-SP 800-53, 37, 39, CSF) ISO 27001/2, MITRE ATTA&CK, CIS,
  • Regulatory Compliance experience: PCI DSS, SOX, HIPAA, CIS compliance
  • Application, Containers, and microservices security and monitoring- Kubernetes, Prometheus, istio
  • SQL database security
  • Understanding of Identity and access management- including tools such as OKTA, CyberArk, AWS IAM

Certification

●ISACA Certified Information Security Manager, CISM (2020- 2024)

● ISACA Certified Information Systems Auditor, CISA (2019-2022 )

● CompTIA Certified Security Analytics Professional-CSAP (2019-2024)

● CompTIA CYSA+ Certified Cybersecurity Analyst (2019-2024)

● CompTIA Security+

● ITILv3 Foundation (2018-)

● Certified CyberArk Trustee (2019- )

● Scrum Alliance-Certifies Scrum master (CSM)-

● Professional Scrum master PSM1

● AWS CCP-2021-2024

  • Certified DevOps Information Security Engineer-Intl DevOps Cert Academy

Timeline

Senior Information Security Risk Analyst

Service Corporation International, SCI
06.2021 - Current

Information Security Consultant -Technical Lead

Tiro Security LLC
01.2021 - 01.2022

Cyber Security Independent Contractor

KPMG LLP
03.2020 - 02.2022

Adjunct Professor

University Of Houston-Downtown
08.2015 - 04.2018

Director & Sr. Cyber Security and Risk Consultant

USGEBS LLC
05.2015 - 03.2021

Independent IT & Cyber Risk Audit &Assessment -

Independent Contractor
02.2012 - 04.2015

Operation Mgmt (IT Support, Network Admin & Secur)

Georgia Institute Of Technology
03.2007 - 03.2011

Master of Science - Cyber Security

Wilmington University

Ph.D. - Physics(Education)

University of Georgia

MBA - Management

Brenau University

Master of Science - Science(Physics) Education

Mercer University

Bachelor of Science - Physics

University of Yaounde

Similar Profiles

  • GeRod Singleton

    GeRod SingletonGeRod Singleton

    Manager Combo Locations & Office Manager at Service Corporation International (SCI)Manager Combo Locations & Office Manager at Service Corporation International (SCI)

  • Tracy Sutton

    Tracy SuttonTracy Sutton

    Sale Manager II at Service Corporation International (SCI)Sale Manager II at Service Corporation International (SCI)

  • Greg Hubbard

    Greg HubbardGreg Hubbard

    Business Analyst at Service Corporation International (SCI)Business Analyst at Service Corporation International (SCI)

  • Joseph Kim

    Joseph KimJoseph Kim

    Sales Representative at Abercrombie & FitchSales Representative at Abercrombie & Fitch

  • Brady Johnson

    Brady JohnsonBrady Johnson

    Lifeguard at Bluewater Recreational ServicesLifeguard at Bluewater Recreational Services

CREATE PROFILE
Celestin Ntemngwa