Chisom Nwoke

Helped maintain and update more than a dozen company security policies, ensuring they matched ISO 27001, NIST CSF and HIPAA standards and cutting down on policy exceptions by 35% over a year.

• Partnered with multiple business units on quarterly policy reviews to keep governance documents current and relevant.

• Performed risk assessments on 50+ internal applications and third-party vendors, flagging and remediating over 200 medium-to-high risks, which reduced overall exposure by nearly 30%.

• Rolled out a risk scoring framework that gave leadership a clear picture of the organization’s top risks and allowed them to focus on the 10 most critical issues.

• Supported SOC 2, SOX, and PCI DSS audits with zero major findings while reducing audit prep time by 40% through better evidence collection and organization.

• Tracked more than 150 security and compliance controls using Archer/ServiceNow GRC, keeping effectiveness above 90% across the portfolio.

• Built executive dashboards that made compliance posture easy to monitor, improving audit readiness scores by 20%.

• Led monthly GRC awareness sessions for 200+ employees, which drove down policy violations by 45% and boosted phishing test pass rates from 68% to 90% within nine months.

• Conducted due diligence on 30+ vendors each year, ensuring 95% met security requirements before contract signing and cutting review turnaround time by 25%.

• Developed proof-of-concept for migrating from physical infrastructure to AWS, analyzing both computing and cost risks.
• Configured AWS resources (EC2, DynamoDB, Route 53, CloudWatch) and tested cloud security groups and load balancing.

• Managed operations, compliance documentation, and workforce scheduling while maintaining regulatory standards.
• Conducted risk and compliance reviews of IT workflows, ensuring alignment with internal controls and regulatory requirements.
• Collaborated with cross-functional teams to identify, test, and remediate control gaps in access management processes.
• Supported IT audit requests and delivered documentation on application security and system compliance.
• Partnered with leadership to update Acceptable Use and Privacy Policies, strengthening the governance framework.
• Applied analytical problem-solving to identify compliance risks within operational reporting and workforce systems.