JOHN O. ESAN
Fulshear
Summary
Experienced Cybersecurity and Governance, Risk, and Compliance (GRC) Analyst with over ten years of expertise in strengthening organizational security and navigating complex regulatory environments. Skilled in optimizing systems and aligning technical solutions with business objectives to enhance efficiency and compliance. Proven track record of successfully leading projects from start to finish, consistently contributing to organizational growth and resilience against evolving threats. Dedicated to using extensive industry knowledge to improve security frameworks and promote a culture of compliance throughout the organization.
Overview
22
22
years of professional experience
1
1
Certification
Work History
Senior Risk & GRC Analyst
Apex Systems (Chevron)
06.2022 - 11.2025
- Spearheaded annual enterprise risk assessments across 4 global business units; identified $15M+ in residual risk and drove mitigation plans that reduced high-risk findings by 28% year over year.
- Led end-to-end SOX and SOC 2 Type II readiness across 40+ critical applications, improving first-pass audit outcomes to 98% and reducing audit preparation effort by 120+ hours through workflow automation.
- Overhauled vendor tiering and assessment workflows for 150+ suppliers, reducing average assessment cycle time from 45 days to 18 days while maintaining 100% adherence to internal standards.
- Authored and implemented updated Information Security Policy aligned to NIST CSF and ISO 27001, improving governance adoption and raising compliance posture by 35% across decentralized IT teams.
- Partnered with engineering and operations to prioritize remediation for 1,200+ critical vulnerabilities; focused on High-Value Assets and reduced MTTR by 40% through risk-based sequencing and reporting.
- Built executive dashboards and risk reporting in Power BI to communicate control gaps, remediation progress, and decision points to leadership and audit stakeholders.
Information Security Analyst
Allied Universal
05.2011 - 06.2022
- Managed incident response lifecycle for a distributed environment supporting 200k+ endpoints; reduced mean time to detection (MTTD) by 55% by implementing centralized SIEM monitoring (Splunk/LogRhythm) and response playbooks.
- Led enterprise IAM audit and access cleanup, decommissioning 4,500+ orphaned accounts and enforcing least privilege to improve auditability and reduce unauthorized access exposure.
- Designed and launched phishing simulations and security awareness program for 50,000+ employees; decreased click rates by 70% and increased proactive threat reporting by 4x.
- Coordinated deployment of NGFW and EDR solutions across 15+ regional hubs during a major merger, maintaining 99.9% security infrastructure uptime and minimizing operational disruption.
- Directed weekly vulnerability scans and patch governance with IT Operations, reducing the critical vulnerability backlog by 85% within 18 months.
- Served as technical lead for annual PCI-DSS and HIPAA assessments, sustaining 100% certification status for 10 consecutive years through rigorous control validation and evidence collection.
Systems Administrator
Deril Computer
02.2004 - 05.2010
- Managed Windows Server 2003/2008 infrastructure supporting 500+ users; sustained 99.9% uptime across a multi-site environment.
- Modernized Active Directory and implemented Group Policy controls, reducing unauthorized software installations by 60%.
- Engineered backup and disaster recovery strategy (RAID, off-site rotations), reducing MTTR by 45% and preventing data loss during hardware failures.
- Implemented enterprise firewall and antivirus controls, neutralizing 200+ monthly external threats and improving LAN security.
- Led server virtualization initiative (VMware), consolidating 15 physical servers into 3 hosts and lowering power/hardware overhead by 30%.
- Provided Tier 3 support for complex network issues, resolving 95% of escalations within a 4-hour SLA.
Education
Bachelors of Computer Science -
Lehman College
Bronx, NY01.2004
Skills
- Trend forecasting
- BI dashboards
- KPI analysis
- Process enhancement
- Data research and validation
- Workflow Analysis
- Team collaboration and leadership
- Compliance analysis
- Security solutions
- Time management
- SQL and databases
- Risk analysis
- Regulatory compliance
- Trend analysis
- Audit support
Certification
Certified in Risk and Information Systems Control (CRISC), 2025
Certified Information Systems Auditor (CISA), 2025
CompTIA SecurityX , 2025
CompTIA Secuirty+, 2023
Certified Information Systems Security Professional (CISSP) (in progress)
Timeline
Senior Risk & GRC Analyst
Apex Systems (Chevron)
06.2022 - 11.2025
Information Security Analyst
Allied Universal
05.2011 - 06.2022
Systems Administrator
Deril Computer
02.2004 - 05.2010
Bachelors of Computer Science -
Lehman College