Summary
Overview
Work History
Education
Skills
Websites
Certification
Clearance
Regulatory Frameworks
Timeline
Generic

AGWE DENIS

San Antonio,TX

Summary

Experienced IT and cybersecurity professional with 25+ years of experience, including 7 years specializing in cloud security, GRC, and third-party risk management. Expertise in RMF, A&A, and vulnerability and risk management, ensuring compliance with FISMA, NIST 800 series, and FIPS standards for enterprise systems. Successful in security governance, risk management, audit, and compliance, implementing and optimizing security frameworks in Healthcare, Financial Services, SaaS, and Electrical sectors. Conducted 150+ risk assessments, reducing risks by up to 40% and ensuring compliance with regulatory frameworks such as FISMA, FedRAMP, HIPAA, HITRUST, ISO 27001, NIST CSF, PCI DSS, SOC 2, GDPR, and SOX. Skilled in developing and maintaining security documentation (SSP, SAP, SAR, POA&M) and leveraging RMF for system monitoring and security authorization package development. Strategic thinker with strong communication skills who excels in dynamic environments while prioritizing enterprise security.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Cyber Security Analyst / Senior Cloud Engineer

PERATON/MANTECH
07.2022 - Current
  • Conducted over 45 security compliance audits against industry standards (PCI-DSS, NIST, ISO), achieving a 90% compliance rate across systems
  • Supported the RMF process, including system categorization, control selection, and continuous monitoring, reducing authorization delays by 35%
  • Conduct Business Impact Analyses, Risk Assessments, and Disaster Recovery Planning, developing and executing Backup & Recovery strategies, including testing, maintenance, and communication/notification plans
  • Mapped security controls to compliance with requirements for cloud environments, ensuring 100% alignment with FedRAMP and NIST 800-53 standards
  • Ensure security-related changes (software updates, access control modifications, policy revisions) are systematically assessed, approved, and implemented to minimize risks and maintain compliance
  • Oversaw and remediated 100+ POA&Ms, ensuring timely resolution of vulnerabilities and reducing open findings by 40%
  • Conducted and reviewed vulnerability assessments and penetration testing, identifying and remediating 200+ security gaps, improving overall security posture by 35%
  • Led 20+ Business Impact Analyses (BIAs) and risk assessments, identifying critical risks and implementing mitigation strategies that reduced potential downtime by 25%
  • Ensure compliance with security frameworks (CIS Benchmarks, FedRAMP, NIST 800-53) through security assessments and alignment with industry best practices
  • Work with AWS services including Organizations, CloudWatch, Auto Scaling, CloudFormation, Config, CloudTrail, Systems Manager, Trusted Advisor, Control Tower, and AWS License Manager
  • Conduct and review vulnerability assessments and penetration testing to identify and remediate security gaps
  • Develop and implement security policies, procedures, and guidelines in accordance with NIST 800-53 and other federal frameworks
  • Support configuration management by reviewing proposed changes for security impact and recommending risk-reducing alternatives
  • In coordination with NOC, ensure firewalls are properly configured and up to date
  • Attend meetings and provide security expertise for proposed configuration changes
  • Implement threat intelligence strategies leveraging MITRE ATT&CK to identify, analyze, and mitigate cyber threats
  • Work closely with internal teams to address security questionnaires and ensure prompt responses to customer inquiries
  • Acted as the primary Vendor Management liaison, assessing 30+ third-party vendors annually and ensuring compliance with security standards
  • Work with peers to identify cyber gaps and collaborate on solutions
  • Maintain detailed documentation of security assessments, implementations, and changes
  • Identify and generate artifacts for Assessment & Authorization (A&A) activities
  • Automated security monitoring and incident response using AWS GuardDuty and Azure Security Center, reducing incident response time by 15%
  • Configured IAM roles, policies, and least privilege access controls, reducing unauthorized access incidents by 20%
  • Conduct cloud security posture management (CSPM) and vulnerability assessments

Third Party Risk Analyst

Citi
12.2020 - 06.2022
  • Maintained the confidentiality, integrity, and availability (CIA) of customer information and other data through encryption, access control, scalability, and elasticity measures
  • Conducted 72+ third-party security assessments, identifying and mitigating risks that improved vendor compliance by 20%
  • Conduct risk assessments to help identify and describe the operational, reputational, financial, and compliance risks affecting Citi’s businesses
  • Conducted third-party due diligence, onboarding, and offboarding processes
  • Ensure Third Party Risk Management activities conform to Regulatory, Group Policy and Local Procedures
  • Developed and reviewed intake forms and security questionnaires
  • Perform analytics for the TPRM program using the company’s Archer GRC solution and other tools; acquire data from vendor master; support TPRM Manager and TPRM Director with data aggregation from risk assessment tools, such as Archer; input risks and related remediation into risk register in Archer; update and manage business owner communications forums
  • Analyzed SOC 2, ISO 27001, and other certifications for 50+ vendors, ensuring alignment with Citi’s security policies and reducing high-risk vendor exposure by 15%
  • Ensured timely remediation of issues identified in the risk register according to company policy
  • Developed and implemented risk mitigation plans for high-risk vendors, reducing operational risks by 30%
  • Maintained up-to-date SOC 2 evidence, ensured SOC 2 compliance, and collaborated with auditors to retain SOC 2 certification
  • Assessed third-party cloud security configurations in AWS, Azure, and GCP, identifying and remediating 45+ misconfigurations, reducing cloud security risks by 30%
  • Built and maintained a Business Continuity/Disaster Recovery Program, conducting 8+ tabletop and live exercises, improving recovery time objectives (RTO) by 25%
  • Collaborated with procurement and legal teams to ensure secure vendor contracts
  • Maintained a risk register and provided executive reporting on third-party risk trends, enabling informed decision-making and reducing audit findings by 15%
  • Perform risk quantification and scoring of third-party vendors using industry frameworks such as FAIR (Factor Analysis of Information Risk) and GRC tools like Archer, ServiceNow, and MetricStream

GRC ANALYST

Xoriant
01.2017 - 11.2020
  • Developed, reviewed, and implemented security policies and procedures to ensure compliance with ISO 27001, CCPA, HIPAA, SOC 2, and GDPR standards
  • Managed governance, risk, and compliance (GRC) programs, ensuring adherence to NIST 800-53, ISO 27001, SOX, HIPAA, PCI DSS, and GDPR frameworks
  • Partnered with SOC teams to analyze and remediate 45+ security incidents, reducing incident resolution time by 23%
  • Led the IT department’s Business Continuity Planning and Disaster Recovery Program, reducing downtime during incidents by 30%
  • Partnered with SOC teams to analyze and remediate security incidents, utilizing SIEM tools (Splunk, QRadar) to detect compliance violations
  • Apply the concepts of Enterprise Risk Management to help identify, assess, mitigate and proactively consider emerging risks
  • Assess and document compliance risks in alignment with NIST, ISO 27001, SOC 2, HIPAA, and PCI DSS
  • Collaborated with IT, legal, and executive leadership to align security strategies with business objectives
  • Performed vendor risk assessments for 55+ third-party vendors, mitigating supply chain risks and ensuring compliance with NIST and PCI DSS frameworks
  • Conducted 60+ risk assessments and security control evaluations, identifying compliance gaps and mitigating risks, achieving a 85% compliance rate with ISO 27001, SOC 2, and GDPR
  • Developed and maintained security policies, procedures, and documentation, including SSPs, POA&Ms, and SARs
  • Deployed automated risk assessments via AWS Config Rules and Azure Policy, ensuring 100% compliance with cloud security baselines

Education

Postgraduate - Cybersecurity

The University of Texas At Austin
San Antonio, TX
12.2022

Cybersecurity Degree - Cybersecurity

University of Texas San Antonio
San Antonio, TX
12.2022

Associate of Applied Science (AA) - Computer Information Technology

Delgado Community College
New Orleans, LA
12.2016

Certificate in Computer Maintenance & Networking -

Trustech Institute of Technology
Buea
12.2008

Skills

  • Governance, Risk, and Compliance (GRC)
  • Cloud Security (AWS, Azure)
  • Risk Management Framework (RMF)
  • Vendor/Third-Party Risk Management
  • Vulnerability Management & Penetration Testing
  • Security Controls Assessment
  • Privacy Impact Analysis
  • Disaster Recovery & Business Continuity Planning
  • Change Management
  • Application Security
  • Endpoint Security
  • Information Security
  • Information Assurance
  • Risk Management
  • IT Risk Management and Compliance
  • Security Incident Management
  • Infrastructure and Cloud Security
  • Regulatory Compliance
  • FedRAMP Compliance
  • System hardening
  • Endpoint protection
  • Patch management
  • Data Encryption

Websites

Certification

  • Associate Certified Chief Information Security Officer, 2024
  • CompTIA Security+, 2024
  • AWS Security Specialty, 2022
  • AWS Certified Solutions Architect – Professional, 2020
  • AWS Cloud Engineer/DevOps Certificate, 2020
  • IOS Certified, Apple, 2016

Clearance

Public Trust

Regulatory Frameworks

  • FISMA
  • FedRAMP
  • HIPAA
  • GDPR
  • SOC 2
  • NIST 800 Series
  • CSF/RMF
  • FedRAMP ATO
  • ISO/IEC 27000
  • COBIT
  • SOX
  • PCI DSS

Timeline

Cyber Security Analyst / Senior Cloud Engineer

PERATON/MANTECH
07.2022 - Current

Third Party Risk Analyst

Citi
12.2020 - 06.2022

GRC ANALYST

Xoriant
01.2017 - 11.2020

Associate of Applied Science (AA) - Computer Information Technology

Delgado Community College

Postgraduate - Cybersecurity

The University of Texas At Austin

Cybersecurity Degree - Cybersecurity

University of Texas San Antonio

Certificate in Computer Maintenance & Networking -

Trustech Institute of Technology

Similar Profiles

  • Stewart StrothersStewart Strothers

    CVN Readiness and Modernization Coordinator at ManTech/Commander, Naval Air Force Atlantic (CNAL)CVN Readiness and Modernization Coordinator at ManTech/Commander, Naval Air Force Atlantic (CNAL)

  • Brit FofanaBrit Fofana

    Executive Assistant to the CIO/CTO and CISO at ManTechExecutive Assistant to the CIO/CTO and CISO at ManTech

  • Rodney KaroRodney Karo

    Senior Project Management Analyst at ManTech International CorporationSenior Project Management Analyst at ManTech International Corporation

  • CAROLYN KIKOMEKOCAROLYN KIKOMEKO

    Home Health Nurse at Team SelectHome Health Nurse at Team Select

  • Christopher ZunigaChristopher Zuniga

    Collections QA & QC Specialist at PenFed Credit UnionCollections QA & QC Specialist at PenFed Credit Union

CREATE PROFILE
AGWE DENIS