Summary
Overview
Work History
Education
Skills
Certification
Timeline
background-images

MUSTAPHA HUSSEINI

Chesapeake,VA

Summary

Experienced and purposeful cybersecurity professional with over eight years of expertise in application security and governance, risk, and compliance (GRC). Skilled in aligning security initiatives with regulatory frameworks including NIST, NAIC, HIPAA, and SOX. Proven ability to assess and implement effective security controls, manage risk, and drive compliance across complex environments. Known for effective communication and collaboration skills, with a record of partnering across departments to strengthen organizational security posture and ensure regulatory readiness.

Qualified in Cybersecurity with solid background in analysis and problem-solving. Proven track record of identifying inefficiencies and implementing solutions that improve operational performance. Demonstrated ability to leverage data analytics and strong communication skills to drive strategic initiatives.

Overview

11
11
years of professional experience
1
1
Certification

Work History

IT Governance Analyst

Quontic Bank
01.2021 - Current
  • Developed, implemented, and maintained IT governance policies and control frameworks aligned with NIST SP 800-53, ISO 27001, and SOX.
  • Collaborated with IT, security, and compliance teams to evaluate and strengthen internal controls, ensuring alignment with regulatory and audit requirements.
  • Conducted risk assessments and control evaluations across applications and infrastructure, identifying gaps and recommending risk mitigation strategies.
  • Supported internal and external audits by gathering evidence, preparing documentation, and addressing findings to ensure timely remediation and compliance.
  • Testing and documenting SOX General IT Controls and IT Application Controls.
  • Review and assess NIST self-assessment findings to produce detailed reports with clear recommendations for risk mitigation.
  • Provide recommendations for managing third-party vendor compliance and mitigating supply chain risks.
  • Evaluate the effectiveness of existing security controls and recommend improvements aligned with frameworks such as NIST CSF 2.0, NIST 800-53, ISO 27001, and CIS Controls.
  • Performing risk assessments to develop and refine the annual IT audit plan.
  • Conduct detailed cybersecurity risk assessments for third-party vendors, including reviewing their information security practices, policies, and controls.
  • Monitored compliance metrics and key risk indicators (KRIs), delivering regular reports to senior leadership to inform risk-based decision making.
  • Worked cross-functionally to ensure policy adherence, facilitate risk discussions, and integrate governance into day-to-day IT operations.
  • Reviewed and updated IT policies and standards to reflect evolving regulatory landscapes and industry best practices.
  • Contributed to continuous improvement initiatives in IT governance and compliance through automation and process optimization.

Cybersecurity Risk Analyst, GRC

Movement Mortgage
03.2015 - 12.2020
  • Managed implementing and maintaining governance, risk, and compliance programs.
  • Conducted risk assessments and audits to evaluate compliance with industry regulations and standards.
  • Developed and updated risk management frameworks, policies, and procedures.
  • Collaborated with internal stakeholders to identify and address compliance gaps.
  • Prepared reports and presentations for senior management, highlighting key risk areas and mitigation strategies.
  • Reviewed and provided recommendations for establishing new or revised policies, procedures, objectives, and organizational design for the staff, as necessary.
  • Utilized ServiceNow to open and manage security tickets for remediation of security tasks.
  • Ensured proper system categorization using NIST 800-60 and FIPS 199; implemented appropriate security controls for an information system based on NIST SP 800-53 rev 4 and FIPS 200.
  • Conducted security impact analyses of security controls based on proposed system changes.
  • Participates in security audits and makes policy recommendations.
  • Assisted in implementing and monitoring security measures to protect computer systems, networks, and information.

Education

Bachelor of Science - Information Systems

Southern New Hampshire University
01.2017

Skills

  • Governance, Risk & Compliance: NIST, HIPAA, NAIC, ISO 27001, SOX, COBIT, FISMA
  • Security Tools: SIEM (Splunk), Nessus, Qualys, EDR solutions
  • Compliance Frameworks: NIST SP 800-53, RMF, A&A packages
  • Risk Management & Reporting: Risk assessments, vulnerability management, control implementation
  • Security Operations: Incident response, threat modeling (MITRE ATT&CK, Cyber Kill Chain)
  • Identity & Access Management: Azure AD, MFA, conditional access policies
  • Cloud Security: AWS Security Hub, GuardDuty, governance policies
  • Effective Communication & Collaboration: Cross-functional team coordination, documentation, reporting
  • Governance, Risk & Compliance (GRC)
  • Regulatory Compliance (NIST, HIPAA, NAIC, SOX)
  • Cross-Functional Collaboration & Communication
  • Risk Assessment & Mitigation Strategies
  • Security Control Implementation & Documentation
  • Incident Response & Threat Modeling
  • Vulnerability Management & Remediation Planning

Certification

  • CompTIA Security+
  • Certified Information Systems Auditor (CISA)

Timeline

IT Governance Analyst

Quontic Bank
01.2021 - Current

Cybersecurity Risk Analyst, GRC

Movement Mortgage
03.2015 - 12.2020

Bachelor of Science - Information Systems

Southern New Hampshire University

Similar Profiles

CREATE PROFILE
MUSTAPHA HUSSEINI