Fabrice Wouafeu
Washington,DC-Baltimore Area
Summary
Experienced Information Security Analyst with over 6 years of expertise in Governance, Risk, and Compliance (GRC), specializing in regulatory frameworks such as NIST 800-53, ISO 27001, SOC 2, HIPAA, and GDPR. Proven track record in conducting security risk assessments, developing policies, and supporting audit readiness across government, healthcare, SaaS, and financial sectors. Strong background in Business Continuity and Disaster Recovery planning, continuous monitoring, and third-party risk management using tools like Splunk, Tenable, and ServiceNow GRC. Skilled in enhancing cloud security (AWS, Azure) and supporting privacy initiatives including DPIAs and data mapping. Effective communicator adept at translating technical risks for executive audiences and fostering cross-functional collaboration to improve cybersecurity posture.
Overview
6
6
years of professional experience
Work History
Information systems security officer (ISSO)
MediaLab
Washington DC
06.2023 - Current
- Conduct regular risk assessments and implement mitigation strategies.
- Maintain and update the System Security Plan (SSP).
- Ensure systems comply with applicable security regulations, and standards such as NIST, FISMA, RMF, HIPAA, and ISO 27001.
- Oversee and maintain the security posture of information systems, ensuring compliance with organizational, state, and federal regulations.
- Respond to, investigate, and help remediate security incidents and vulnerabilities.
- Report on the effectiveness of security controls and the organization’s risk posture to senior management.
- Coordinate with stakeholders, including technical staff, auditors, and executive management, to ensure security requirements are met.
- Facilitate audits and ensure timely remediation of findings.
- Promote security awareness and best practices within the organization.
- Conducted security audits to identify vulnerabilities.
- Developed plans to safeguard computer files against modification, destruction, or disclosure.
- Analyzed network traffic and system logs to detect malicious activities.
- Performed risk analyses to identify appropriate security countermeasures.
- Recommend improvements in security systems and procedures.
- Generated reports detailing findings and recommendations.
Information Security Analyst
KR Contracting Inc
05.2020 - 06.2023
- Performed vendor risk and Third-Party assessments with my team from beginning to end, raising executive summary for management approval for contact proceedings.
- Participate in third-party Vendor contracts reviews to reduce inherent risk to residual risk.
- Issue Inherent Risk Questionnaires (IRQ) to business owners, review artifacts to tier vendors into high, medium, and low risk levels to kick off the assessment process.
- Review collected evidence on security assurance documentations like: SOC1, SOC 2 type 2 reports, penetration test reports, Inherent Risk Questionnaires and Security Questionnaires.
- Experience working knowledge in identifying fraudulent content and potential phishing attacks through the utilization of secure email gateways and intrusion prevention software by continuously monitoring networks for malicious activities.
- Regularly review security contracts, Service Level Agreements along with Legal and Supply Chain or procurement unit for vendor contract proceedings as well managing the companies risk register using Service Now, Audit Board and SharePoint.
- With the help of my team, I do participate in security contract assessments to ensure contract provisions are appropriate and align with the organization's policy.
- Perform periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure the trusted service principles of security, confidentiality, integrity, availability, and privacy throughout the contract are maintained and risk reduced.
- Acted as liaison collaborating with both internal and external auditors for organizations SOC 2 audits session.
- Regularly perform other duties as instructed by the higher manager.
Third Party (Vendor) Risk Analyst
Leidos
Washington DC , MARYLAND
05.2019 - 05.2020
- Knowledgeable in reviewing and implementing risk management methodologies to achieve the security objectives of Confidentiality, Integrity, and availability.
- I perform due diligence on new vendors to ensure they align with our risk tolerance and compliance standards by collecting valid evidence regarding assessing company’s vendors.
- Regularly prepared and presented reports to senior management and regulatory authorities on vendor risk and compliance status.
- Regularly update policies and procedures to reflect changes in regulations and industry best practices.
- We participated in vendor contract negotiations to include necessary compliance clauses and requirements.
- We provide compliance advice on industry compliance frameworks including but not limited to: ISO 27001, HIPAA, GDPR and HITRUST based on scope of industry.
- I Coordinate and work with other controls advising on sufficient design and implementation of IT General Controls to satisfy PCI-DSS and SOX.
- Regularly perform other duties as instructed by the higher manager.
Education
Master In Cybersecurity Management And policy -
University of Maryland Global Campus (UMGC)
05.2025
Master’s degree - Monetary, Mathematical and Financial Economics
university of Yaoundé 2
Cameroon01.2013
Bachelor of Science - Economics and Management
University of Yaoundé 2
Cameroon01.2011
Skills
- Nessus
- Tenableio
- Splunk
- CrowdStrike
- Carbon Black
- RMF
- NIST CSF
- NIST 800-53
- CMMC
- DISA STIGs
- Windows Server
- Linux
- Active Directory
- AWS GovCloud
- Firewalls
- IDS/IPS
- VPNs
- Network Architecture
- FISMA
- DFARS
- FedRAMP
- HIPAA
Education Certifications
- Master In Cybersecurity Management And Policy, University of Maryland Global Campus (UMGC), in progress
- Master’s degree, Monetary, Mathematical and Financial Economics, University of Yaoundé 2 (Cameroon), 2013
- Bachelor of Science in Economics and Management, University of Yaoundé 2 (Cameroon), 2011
- CompTIA Security +
- Google Cybersecurity Professional Certification
- Introduction to the Risk Management Framework (DCSA)
- CISSP, In Progress
Timeline
Information systems security officer (ISSO)
MediaLab
06.2023 - Current
Information Security Analyst
KR Contracting Inc
05.2020 - 06.2023
Third Party (Vendor) Risk Analyst
Leidos
05.2019 - 05.2020
Master In Cybersecurity Management And policy -
University of Maryland Global Campus (UMGC)
Master’s degree - Monetary, Mathematical and Financial Economics
university of Yaoundé 2
Bachelor of Science - Economics and Management
University of Yaoundé 2
Similar Profiles
Stephen LangStephen Lang
Video Editor at MediaLab, Inc.Video Editor at MediaLab, Inc.
Ryan GendreauRyan Gendreau
Social Media Manager at Wildlives MedialabSocial Media Manager at Wildlives Medialab
Ryan GendreauRyan Gendreau
Social Media Manager at Wildlives MedialabSocial Media Manager at Wildlives Medialab
RENJINI PRASANTHRENJINI PRASANTH
Lead Business/Data Analyst at Molina Healthcare, CA Vendor: InfosysLead Business/Data Analyst at Molina Healthcare, CA Vendor: Infosys
Kanwar SinghKanwar Singh
Director - Data Operations at OptumDirector - Data Operations at Optum