Chuba Ezema

• Review the Office of the Management (OMB) guidance, and ensure OIG’s mission of preventing, auditing, inspecting, reviewing, and regulatory compliance is maintained at all times
• Develop and tracking of Plan of Action and Milestones (POA&M) for effective management of security control failures
• Collaborate with internal and external stakeholders to ensure alignment of IT processes with agency’s security posture
• Participate in execution of IT audits, including planning, fieldwork, and reporting phases adhering to GAGAS and GAO
• Conduct comprehensive IT Audits for federal agencies, evaluating the effectiveness of information security controls and compliance with NIST, OMB, and FISMA requirements
• Lead IT security audit on various applications, systems within USDA environments including Mission Areas, (MA) using NIST 800 series, FISMA requirements, Cyber Security Frameworks (CSF), and other industry regulations
• Review internal controls and their effectiveness in government systems and applications
• Evaluate FISMA requirements, and effectiveness of controls within USDA’s Information Technology security program to achieve a managed and measurable risk management! Lead cross-functional teams in FISMA audits and FedRAMP requirements, fostering a culture of accountability and continuous improvement to ensure consistence with FISMA requirements/metrics
• Develop financial statement of Accuracy to ensure the accuracy and compliance of financial statements and budgets within government agencies, including drafting of (NFC) report for SOC 1 type 2 for federal systems
• Lead a team of eight (8) members to perform information assurance, and information security audits
• Optimize risk management processes by leveraging GRC tools to streamline compliance reporting, leading to a 25% reduction in compliance errors and enhanced overall operational efficiency.

• Coordinated with cross-functional teams to design, implement, and monitor security controls alignment with NIST 800 series, Cyber Security Framework (CSF) ISO 27001, PCI, SOC 2 & SOX
• Led cross-functional team of Product Owners to execute Asset Cybersecurity Rating (ACR) for 27 new applications, resulting in enhanced controls and 100% compliance tracking of existing applications, increased overall cybersecurity rating by 20%
• Streamlined task completion of Chevron's Data Centers' security controls, ensuring compliance with industry standards, minimized indicator task activations by 50% through expert guidance to MSPs and Support group
• Led annual reviews, planning, execution, and management of compliance, risk management, and risk assessment to ensure consistency with control implementation adheres to the security best practices
• Introduced quarterly review-feedback on policies, procedures, and operational processes of the organization’s policy statements and control objectives with the regulatory standards and compliance requirements
• Performed comprehensive due diligence on new vendors and existing vendors risk, risk to ensure vendor’s financial stability, operational practices, information security measures, and regulatory compliance
• Managed vendor audits and risk assessments to ensure compliance with contractual obligations, security standard regulatory requirements, and maintain periodic communication with responsible partners as needed
• Tested SOX controls and provided value added feedback, including testing compliance to ensure it aligns with applicable laws, and regulatory compliance
• Drove meeting with various stakeholders to communicate risk management plan, and risk assessment and made actionable recommendation to mitigate risks
• Conducted ITGC and application testing and walkthrough to understand the audit current processes
• Developed and delivered GRC training and awareness programs for employees to enhance security and compliance culture.

Performed Identity and Access Management (IAM) processes to ensure users and organization’s resources aligns with applicable laws, standards, and compliance requirements for granting of access and permissions

• Developed and delivered training programs to enhance awareness of compliance requirements and security best practices
• Implemented a robust Governance, Risk, and Compliance (GRC) program, resulting in a 20% reduction in regulatory compliance violations
• Managed security logs, network, IDS/IP, and report from Security information and Event Management (SIEM)
• Reviewed, developed, updated policies, and procedures of the organization to ensure alignment with industry standards, compliance, and regulation
• Participated and reviewed the five COSO components to ensure adequate implementation, enhance the organization’s governance, risk management, and internal control processes
• Coordinated with cross-functional teams to design, implement, and monitor security controls alignment with NIST 800 series, Cybersecurity Framework and ISO 27001, PCI, HIPAA, HITRUST, SOC 2 & SOX
• Optimized risk assessment, and compliance assessments against all relevant industry standards and regulations
• Provided stakeholders and business units for artifact’s naming convention, and submission during internal audit readiness assessment, including addressing communication and validation of the control implementations
• Collaborated and provided guidance to the Support Group to perform policy exception, issue management, indicator tasks and attestation to ensure applicable controls are in place
• Prepared and monitored key risk indicators (KRIs) and key performance indicators (KPIs) relevant to business objectives
• Conducted internal control reviews to ensure compliance with relevant healthcare regulations, organizational policies, and recommended actionable reports to the stakeholders/management.

• Developed and maintained a vendor performance scorecard, analyzing key performance indicators (KPIs)
• Collaborated with cross-functional teams to identify vendor needs, evaluate potential vendors, and select optimal partners based on financial, reputation, and performance metrics
• Led the Third-Party Risk Management team in assessing and managing risks associated with over 100 vendors
• Managed the third-party onboarding processes for new vendor’s assessment and engagement questionnaires
• Introduced quarterly review-feedback on policies, procedures, and operational processes of the organization’s policy statements and control objectives with the regulatory standards and compliance requirements
• Performed a comprehensive vendor risk management program to evaluate, monitor third-party security practices, and ensure third-party vendors comply with the organization's security and compliance requirements
• Performed comprehensive due diligence on new vendors and existing vendors risk, risk to ensure vendor’s financial stability, operational practices, information security measures, and regulatory compliance
• Managed vendor audits and risk assessments to ensure compliance with contractual obligations, security standard regulatory requirements, and maintain periodic communication with responsible partners as needed
• Conducted and monitored vendor performance metrics and adherence to contractual obligations, service level agreements, (SLAs), industry standards, and compliance on an ongoing basis
• Monitored regulatory changes and updated risk management practices to ensure compliance with new regulations.

• Performed Risk Management framework (RMF), using NIST 800-37 applying all related NIST 800-Series and FIPS 199 to categorize systems within the organization
• Partnered with the ISSO and system owner to develop (A&A) packages, ensured all required documents are included such as the System Security Plan (SSP), Security Assessment Report (SAR), POA&M, Contingency Plan (CP), for the Authorizing Officer (AO)
• Conducted comprehensive security assessment and gap analysis, for systems seeking FedRAMP Authorization
• Collaborated with stakeholders, System owners and application owners to ensure compliance with FISMA and FedRAMP requirements
• Worked closely with Assessors from the JAB agencies during the security assessment phase
• Led the planning, execution, and management of compliance, risk management and information security
• Led the FedRAMP authorization process for cloud services, resulting in successful ATO (Authorization to Operate) for multiple systems
• Provide expert guidance on the interpretation and implementation of security controls as required by FedRAMP
• Work closely with the CSP to ensure controls are implemented effectively
• Documented and updated System Security Plan (SSP), using NIST 800-18, Security Assessment Report (SAR) security Plan of Action and Milestone (POA&M)
• Coordinated meetings, analyzed authorization documentation, associated with artifacts to align with authorization requirements to identify gaps and remediation requirements
• Develop and maintain reporting mechanisms to track compliance metrics and communicate status to relevant stakeholders
• Ensure documentation meets contract requirements and is readily accessible for audits and reviews.