Faith Ndukwe
Dallas
Summary
Highly motivated and detail-oriented cyber security professional with experience in developing and maintaining auditable procedures to ensure ongoing compliance with regulatory requirements, industry standards, and attestations. Skilled in compiling evidence to facilitate internal control assessments and external audits, managing security and privacy training platforms, and tracking compliance across various security frameworks. Adept at identifying opportunities and supporting efforts to drive organizational information security risk posture and process improvement.
Overview
5
5
years of professional experience
1
1
Certification
Work History
COMPLIANCE ANALYST
PANOPTO
09.2023 - Current
- Assist in creating and updating policies and procedures to ensure compliance with ISO27K, HITRUST, PCI DSS, HIPAA, and NIST 800 53 standards
- Identify, evaluate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
- Assess third-party vendor security risks across multiple domains, including data protection, network security, identity & access management, and incident response.
- Conduct regular reviews and updates of security processes to align with NIST 80053, SOC 2, and other relevant GRC requirements.
- Recommend solutions and alternatives to remediate gaps and/or deficiencies in cybersecurity technical and/or policy/procedure controls.
- Independently lead assessment meetings with clients and third parties to evaluate the implementation of cyber controls.
- Document and maintain records of security-related decisions, actions, and outcomes to support auditing and compliance verification efforts.
- Conduct detailed cybersecurity risk assessments for third-party vendors, including reviewing their information security practices, policies, and controls.
- Organize and deliver security awareness training programs to foster a culture of security mindfulness.
- Liaise with vendors and third parties to ensure security requirements are met and risks are managed.
- Continuously monitor the security landscape to address new and emerging threats.
- Maintain a repository of security program artifacts to demonstrate adherence to SOC 2 preparedness and other GRC objectives
CYBER SECURITY ANALYST
A-TRILOGY SOLUTIONS
02.2022 - 06.2023
- Through third party risk assessment process during initial and ongoing evaluation of vendors, identify risks and inherent and residual risk levels
- Liaise with Legal, Compliance, Credit Administration, Information Security, Business Continuity, Financial Intelligence, and Information Technology as needed on vendor risk assessments
- Engage with business stakeholders, ease the completion of assessments, including coordinating additional reviews (as needed) with stakeholders and cross-functional subject matter experts
- Track, monitor, and escalate aged requests to ensure prompt completion as well as finding opportunities to improve processes, and tools.
- Maintained a thorough understanding of all business requirements to support requirements analysis.
- Performed periodic vendor risk assessments to make sure vendor controls were adequately implemented.
- Oversaw risk management, reviewing policies and guidelines per applicable regulations, including ISO 27001.
- Used communication skills to communicate with team members and major stakeholders on status/project reports.
- Liaised with lines of business on third-party risk management questions and used Security Scorecard, to conduct risk rating and scoring of vendors according to data sensitivity and business criticality.
SECURITY CONTROL ASSESSOR
DTT CONSULTING
03.2020 - 02.2022
- Employing a suite of specialist tools to assess and identify system issues, developing, and enforcing implementation of Information Security System Policies, System Security Plans (SSPs), and Security baselines in accordance with FISMA, NIST SP 800-18, OMB and industry best security practices.
- Leading teams in the development and execution of operational processes and methods and completing required A&A activities on assigned IT systems.
- Supporting and managing systems going through the Assessment and Authorization (A&A) process while maintaining Confidentiality, Integrity and Availability (CIA) of the systems and the data stored in them are following FISMA and NIST Special Publications 800 series.
- Troubleshooting network performance issues, conducting reviews of security documents updated by ISSOs to ensure FISMA compliance, reviews and validate items uploaded into POA&M tracking tool to support the remediated findings.
- Assisting the Preparation of Assessment & Authorization (A&A) packages development and reviews security documents such as FIPS 199 categorization, E-Authentication risk assessment, System Security Plan (SSP), Privacy threshold analysis (PTA), Privacy Impact Assessment (PIA), POA&M and Contingency Plans, for efficacy and compliance with NIST guidance.
- Providing analytical and technical security recommendations to the Security Control Assessment (SCA) team members, populating the Requirements Traceability Matrix (RTM) according to NIST SP 800-53A as part of the Security Assessment and Accreditation (A&A) Continuous Monitoring Testing/Projects.
- Developing and managing various IT programs and supporting the review of all Cloud Service Providers (CSPs) documentation for compliance and work with all Stakeholders until the Cloud System documentation meets FedRAMP requirements.
- Analyzing the risk and impact and performing Vulnerability Scanning as part of the Assessment and Continuous monitoring and provides remediation to System and Application Administrators.
- Reviewing and updating the plan of action and milestones (POA&Ms), security vulnerabilities and mitigation strategies; and develops security A&A artifacts, to include but not limited to, sensitivity assessments, SSP, POA&Ms, and SAR.
Education
Master of Science - Information Technology and Administrative Management (Cybersecurity)
Central WASHINGTON UNIVERSITY
Ellensburg, WA06.2025
BACHELOR'S - INFORMATION TECHNOLOGY AND ADMINISTRATIVE MANAGEMENT (CYBERSECURITY)
CENTRAL WASHINGTON UNIVERSITY
Ellensburg, WA05.2024
Skills
- Compliance management
- Documentation management
- Excellent analytical and problem-solving skill
- Governance, Risk, and Compliance (GRC) activities
- Documentation skills
- Regulatory understanding
- Self Motivation
- Data Security
- Risk assessment
- Effective communication and interpersonal skill
- Information security risk posture improvement
- Attention to detail and the ability to prioritize task in a dynamic environment
- Reporting skills
- Continuous Improvement
- Ethics management
- Documentation Review
- Compliance monitoring
- Due diligence
- Activity monitoring
- Audit documentation
- Risk identification
- Compliance training
- Data entry
Certification
Comptia Security +
Training
Comptia Security
Timeline
COMPLIANCE ANALYST
PANOPTO
09.2023 - Current
CYBER SECURITY ANALYST
A-TRILOGY SOLUTIONS
02.2022 - 06.2023
SECURITY CONTROL ASSESSOR
DTT CONSULTING
03.2020 - 02.2022
Master of Science - Information Technology and Administrative Management (Cybersecurity)
Central WASHINGTON UNIVERSITY
BACHELOR'S - INFORMATION TECHNOLOGY AND ADMINISTRATIVE MANAGEMENT (CYBERSECURITY)
CENTRAL WASHINGTON UNIVERSITY
Similar Profiles
Aisha Madeen KaliaAisha Madeen Kalia
Associate Technical Recruiter at Motive (Formerly KeepTruckin)Associate Technical Recruiter at Motive (Formerly KeepTruckin)
Cameron LeeCameron Lee
Usher/Ticket Taker at Dallas Summer MusicalsUsher/Ticket Taker at Dallas Summer Musicals
Jonas HymanJonas Hyman
Business Development Representative at Goosehead InsuranceBusiness Development Representative at Goosehead Insurance
Julia StrombergJulia Stromberg
Student Serve Team Member at The Heights ChurchStudent Serve Team Member at The Heights Church
Tolulope Deborah OjoTolulope Deborah Ojo
Compliance Analyst at FlutterwaveCompliance Analyst at Flutterwave