Nini-Fua C. CHOFOR
Rancho Cucamonga,CA
Summary
Results driven Senior Information Security Specialist with 7+ years of experience in Governance, Risk, Compliance, and Data Privacy. Thorough team contributor with strong organizational capabilities. Holds a bachelor's degree in law and a master's degree in business administration. Experience in the interpretation and implementation of industry regulations, frameworks and guidance including but not limited to; NIST 800-53, ISO 27001, PCI-DSS, CCPA, Gramm-Leach-Bliley Act, and FFIEC. Proven ability to align strategic planning with business objectives to enhance operational performance.
Equipped with strong problem-solving abilities, willingness to learn, and excellent communication skills. Poised to contribute to team success and achieve positive results. Ready to tackle new challenges and advance organizational objectives with dedication and enthusiasm.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Vice President - Sr. Specialist- GRC Operations
SUMITOMO MITSUI Banking Corporation MANUBANK
10.2022 - Current
- Continuously drive change through quality-oriented strategies to help operations accomplish ambitious short- and long-term goals.
- Prepare key performance measurement reports (KRIs and KPIs) for Senior Management and board reviews.
- Review Requests for Proposal (RFP) and Requests for Information (RFI) to evaluate vendor services.
- Foster a cybersecurity awareness culture through new hire training and monthly cyber blogs, increasing staff engagement by 80%.
- Prepare detailed reports for senior management on vendor risk status, trends, and mitigation plans
- Work closely with the cyber team to ensure internal and external audits are completed in a timely manner.
- Review open issues from internal and external audits including regulatory exams.
- Leverage the IT audit tracker tool to ensure management action plans and target datelines address identified issues thereby limiting risk to the organization.
- Collaborate with the Enterprise Risk Management team to conduct IT vendor risk assessments, enhancing the vendor onboarding process.
- Collaborate with cross-functional teams to evaluate vendor performance and adherence to Service Level Agreements (SLAs)
- Investigate latest IT security trends and advised senior executives, leading to the adoption of advanced threat detection technologies
- Lead the project for annual policy updates, ensuring alignment with regulatory changes and best practices
- Demonstrate compliance with FFIEC Guidance Section 10 by drafting and publishing approved cyber aware articles on customer facing websites.
- Consistently exceeds goals through effective task prioritization and a strong work ethic, contributing to team success
- Develop and maintain a robust vendor management framework, ensuring compliance with regulatory requirements and internal policies
- Implement a continuous monitoring program to track vendor risks and performance metrics, resulting in a 80% reduction in risk exposure.
Information Security Analyst
Wescom Credit Union
05.2018 - 10.2022
- Championed a culture of continuous improvement through regular evaluations of existing security measures against established benchmarks and metrics.
- Conducted research and facilitated the implementation of information security standards and regulatory frameworks (NIST, ISO/IEC 27001, PCI-DSS) to enhance organizational security posture.
- Collaborated with IT teams to ensure seamless integration of security measures into existing infrastructure.
- Reviewed new information security laws and drafted recommendations for the Information Security Committee, resulting in updated controls and procedures
- Developed data flow diagrams for critical systems to identify interdependencies, sensitive data movement, and user interaction points, improving overall system understanding
- Promoted security awareness through enterprise-wide phishing campaigns and interactive learning sessions, increasing employee engagement in identifying threats.
- Authored monthly security blogs for 2000+ employees, educating staff on threat recognition and incident reporting
- Analyzed vendor risk data and communicated findings to stakeholders, driving informed decision-making and strategic planning
- Assessed vendor security during procurement processes, ensuring compliance with company policies and industry best practices.
- Coordinated tabletop exercises for the Cybersecurity Incident Response Team, enhancing response capabilities
- Analyzed SIEM logs daily to detect potential threats and executed immediate response protocols, reducing incident response time.
- Led the internal cybersecurity auditing program to identify flaws and weaknesses, ensuring compliance with regulatory requirements and industry standards such as FFIEC, PCI DSS,NIST, ISO 27001 and GLBA.
- Monitored and reviewed violations of computer security procedures, developing effective mitigation plans which assisted in the reduction of risk exposure.
- Improved incident response times by creating and maintaining detailed incident response procedures.
- Leveraged Algosec Firewall Analyzer for firewall audits, identifying gaps and collaborating with the Networking team to remediate issues
- Created and maintained spreadsheets in Microsoft Excel for daily, weekly, and monthly reporting on security metrics
- Strengthened network security by conducting regular risk assessments and implementing appropriate countermeasures.
Junior Information Security Analyst
Delta ADT
05.2016 - 04.2018
- Prepared and reviewed documentation for security awareness training, security standards, procedures, System Security Plans, and Incident Response/Training plans
- Coordinated stakeholder meetings for documentation and evidence gathering during internal and external audits, ensuring compliance with regulatory standards
- Utilized data gathering techniques such as questionnaires, interviews, and surveys to assemble Certification & Accreditation (C&A) and Assessment & Authorization (A&A) packages
- Collaborated with stakeholders to develop and track the Plan of Action and Milestones (POA&M) addressing findings from regulatory and compliance assessments
- Delivered continuous support, training, and education to staff to foster a culture of ongoing risk awareness across the organization
- Conducted tailored risk reporting for diverse audiences, including the board of directors, to communicate significant risks effectively
- Utilized security tools such as NESSUS and Nexpose for conducting vulnerability assessments, leading to improved organizational security posture
- Analyzed and prepared remediation reports on vulnerabilities identified during vulnerability scanning exercises
- Held meetings with the Chief Information Security Officer (CISO) and system stakeholders to define the scope of engagement for planned audits.
- Specialized in Vendor Risk Assessments, conducting gap analyses to identify deficiencies within Vendor Management programs, and presenting findings with recommendations for optimization.
- Performed continuous Vendor Risk Assessments for over 40 prospective and current vendors to ensure control effectiveness and compliance with industry standards.
- Conducted risk analyses to determine appropriate security countermeasures tailored to specific organizational needs.
- Created data flow diagrams for critical systems to identify interdependencies, movement of sensitive data, user interaction points, and authorization boundaries.
Project Management Assistant/Risk Assessor
JETPLAY Consulting
09.2014 - 02.2016
- Coordinated cross-functional teams to ensure smooth collaboration and successful project execution.
- Ensured the effective implementation of company activities in compliance with internal regulations and standards
- Assisted in the development of critical plans, including Contingency Plans, Disaster Recovery Plans, Incident Response Plans, and Configuration Management Plans
- Developed and maintained a comprehensive Plan of Action and Milestones (PO&M) for all accepted risks post-risk assessment, ensuring proactive risk management
- Conducted training and awareness programs as part of the project management team, enhancing organizational understanding of security protocols
- Supported the project manager in implementing policies related to change management, specifically in partnerships with external organizations and best value reports
- Provided comprehensive administrative support across departments, including IT, HR, procurement, production, commercial, and finance
- Supervised administrative support teams, prioritizing workloads and ensuring high-quality output and achievement of deadlines
- Scheduled meetings and set appointments for the project manager, managing confidential documentation with discretion
- Composed routine correspondence and maintained organized filing systems, records, and databases for efficient information retrieval
- Facilitated communication and collaboration on major projects across business units, fostering teamwork and effective project execution
- Aided in the development of detailed scopes of work that clearly defined expectations for successful outcomes.
Education
MBA - International Business
University of Gloucestershire
United Kingdom08.2013
Bachelor of Law - Common Law
University of Yaoundé II SOA
Cameroon08.2010
Skills
- Technical Proficiency
- Risk management
- Cross-functional team leadership
- Documentation and reporting
- Corporate communications
- Industry best practices
- Policy and procedure development
- Team leadership
- Relationship building
- Decision-making
- Critical thinking
- Strategic planning
Accomplishments
- Collaborated with Cybersecurity and Info Security team in the development of internal procedures. Successfully leveraged Jira to complete annual reviews, revision and tracking of existing procedures.
- Used shared assessments Vendor Risk Management's Maturity (VRMM) program to evaluate the organizations risk management program for effectiveness by measuring against a baseline to achieve the desired state of the Vendor Risk Management program
- Streamlined the approach undertaken by the organization to maintain compliance with the GLBA Safeguard Rule 501(B) section 314.4. This involved cross collaboration with relevant departments to ensure internal processes aligned with the 9 elements defined under the Safeguard Rule.
- Achieved the adoption of Information Security Policies and Standards through effectively helping the subject matter experts with centralizing document reviews,updates and approvals.
- Created internal team procedures and reduced reliance on verbal instructions minimizing misunderstandings and operational risk.
Certification
- CompTIA Security+ SY0-401
- Certified Banking Vendor Management Specialist (CBVM)
- Certified in Risk and Information System's Control (CRISC)
Membership
Active member of the International professional association focused on IT governance
Languages
French
Native or Bilingual
English
Native or Bilingual
Timeline
Vice President - Sr. Specialist- GRC Operations
SUMITOMO MITSUI Banking Corporation MANUBANK
10.2022 - Current
Information Security Analyst
Wescom Credit Union
05.2018 - 10.2022
Junior Information Security Analyst
Delta ADT
05.2016 - 04.2018
Project Management Assistant/Risk Assessor
JETPLAY Consulting
09.2014 - 02.2016
MBA - International Business
University of Gloucestershire
Bachelor of Law - Common Law
University of Yaoundé II SOA
Similar Profiles
MANABU SAKUDAMANABU SAKUDA
Regional Sales Manager at Transaction Banking Solutions Department, Sumitomo Mitsui Banking Corporation Singapore BranchRegional Sales Manager at Transaction Banking Solutions Department, Sumitomo Mitsui Banking Corporation Singapore Branch
Maureen Wee Choo HongMaureen Wee Choo Hong
Senior Vice President, Credit Department Asia Pacific at Sumitomo Mitsui Banking CorporationSenior Vice President, Credit Department Asia Pacific at Sumitomo Mitsui Banking Corporation
BELINDA MORAESBELINDA MORAES
Financial Crime Compliance - AVP at Sumitomo Mitsui Banking CorporationFinancial Crime Compliance - AVP at Sumitomo Mitsui Banking Corporation