Paschal Akpua
San Antonio,USA
Summary
As an experienced GRC Consultant, I specialize in designing and implementing comprehensive Governance, Risk, and Compliance frameworks that align with industry standards and regulatory requirements. With a strong background in developing tailored policies and procedures, conducting thorough risk assessments, and facilitating cross-functional collaboration, I ensure robust security and compliance across organizations. My expertise includes aligning security architectures with NIST CSF, PCIDSS, and HIPAA, as well as performing gap analyses and audits to enhance internal controls and risk management practices.
Committed to fostering a culture of continuous improvement, I deliver strategic GRC solutions that safeguard sensitive information, bolster customer trust, and drive operational resilience. With a proven 11-year history of consistent advancement and success, I am proficient in ISO 27001, PCIDSS, NIST CSF, NIST SP 800-53, NIST SP 800-61, NIST SP 800-30, GDPR, and HIPAA. I am currently seeking roles in cybersecurity consultancy or specialized positions.
My comprehensive skill set encompasses Cyber Security GRC, Security Architecture, Security Engineering, Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, Certification and Accreditation, Risk Management, Change Management, Configuration Management, Security Maintenance, Contingency Plan Policies and Procedures, Implementation, Incident Handling, and Intrusion Detection.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Cyber Security Specialist
FireShot USA
Maryland, USA
06.2021 - Current
- Strategically integrated the NIST Cybersecurity Framework (CSF) by conducting in-depth assessments, aligning organizational practices with CSF guidelines, and implementing tailored controls, thereby fortifying the company's cybersecurity posture, and ensuring alignment with industry best practices alongside ISO27001
- Spearheaded the alignment of existing security measures with ISO27001 standards by conducting a comprehensive review, collaborating cross-functionally to address identified gaps, and implementing policies and procedures to fortify the company's information security management system
- Orchestrated successful ISO27001 certification audits through meticulous risk assessments, employee education initiatives, regular internal audits, and proactive stakeholder engagement, fostering a culture of continual improvement and ingraining compliance within the organizational fabric for sustained resilience against evolving cyber threats
- Championed a culture of security awareness by delivering impactful Cyber Security training to staff, fostering adherence to best practices across the organization.
- Maintained up-to-date knowledge of emerging threats, providing proactive solutions for potential vulnerabilities.
- Contributed to the development of company-wide policies on information security, privacy, and acceptable use of technology resources.
- Collaborated with IT teams to ensure secure implementation of new software applications and systems.
Cyber Security GRC Consultant
Purple fox-Technologies
Maryland, USA
04.2017 - 06.2021
- Supported the design and implementation of a comprehensive Governance, Risk, and Compliance (GRC) framework for the organization.
- Developed and implemented policies, procedures, and protocols that align with industry standards and regulations.
- Championed compliance and security integrity by conducting risk assessments and security architecture reviews to ensure alignment with NIST CSF, PCIDSS, HIPAA, and other regional regulations governing data protection and financial transactions.
- Instituted robust monitoring systems, vendor compliance checks, and stringent security protocols, creating an ecosystem that not only met regulatory demands but also bolstered customer trust by safeguarding sensitive financial information and transactions.
- Supported security policy alignment and harmonization post-merger with Credit Suisse, ensuring seamless integration and enhanced cyber resilience.
- Utilized expertise in cybersecurity governance, risk, and compliance to ensure effective management of cyber threats and adherence to industry best practices.
- Successfully executed business continuity plans during crisis scenarios, thereby safeguarding ongoing operations from disruption.
- Conducted thorough audits and identified areas for improvement, leading to enhanced internal controls and risk management practices.
- Conducted gap analysis exercises for clients, identifying areas requiring attention to achieve complete adherence to requisite standards.
- Facilitated cross-functional collaboration for the development and implementation of comprehensive GRC programs.
- Developed tailored GRC solutions for client organizations, resulting in increased security and reduced exposure to risks.
- Championed a culture of continuous learning through regular training sessions, workshops, and knowledge-sharing initiatives aimed at enhancing staff competencies within the GRC domain.
Cyber–Security Analyst
Salesforce
Washington DC
09.2013 - 08.2017
- Performed Information Assurance function including preparation of system Security Plans (SSPs), security briefings, security audits and inventory
- Provided information assurance support for the development and implementation of security architectures to meet new and evolving security requirements
- Performed Vulnerability assessment and Risk Analysis for various applications also implemented security controls to mitigate the high risk
- Maintained security posture/awareness by applying information assurance policies, compliance, and security best practices to deter and mitigate vulnerabilities and cyber-threats
- Generated security documentation, including security assessment reports; system security plans; contingency plans; and disaster recovery plans
- Reviewed, documented, analysed, and evaluated the business system of Authorization and Accreditation (A&A) and Plans of Action and Milestones (POA&Ms) in accordance with FedRAMP
- Provided security support and evaluation to development teams to integrate information assurance/security throughout the System Life Cycle Development of major and minor application releases
- Provided security engineering support and consulting services to the Designated Approval Authority (DAA) regarding current and future security infrastructure implementations and changes
- Provides input and tracking matrixes for IAVA management and other Information Assurance and Vulnerability reports.
- Collaborated with IT teams to integrate security measures into the development and deployment of new applications.
- Analyzed security incidents post-resolution, identifying areas for improvement in both technical controls and incident response processes.
- Performed regular reviews of user access rights, minimizing the risk posed by insider threats or compromised accounts.
- Streamlined communication during incidents by establishing clear protocols for reporting potential threats or breaches in a timely manner.
- Assisted in the design and implementation of secure cloud environments, ensuring proper controls were in place to protect sensitive data from unauthorized access.
- Optimized security monitoring processes by implementing automated tools for real-time threat detection and analysis.
Education
Associate of cyber security -
Prince Georges community college
BSc Cyber Security -
University of Maryland Global campus
Skills
- HIPAA Compliance
- Enterprise risk management
- Operational Risk
- Incident Management
- IT Governance
- Security Architecture
- PCI DSS Compliance
- Information Security
- Risk Mitigation
- Cybersecurity best practices
- Governance Frameworks
- Agile Metrics Tracking
- Product Owner Collaboration
- Agile Coaching
- Servant Leadership
- Backlog Grooming
- Scrum Framework Expertise
- User Story Creation
- Sprint Planning
- Risk Identification
Certification
- CompTIA Advanced Security Practitioner Study (CASP)
- Certified Information Security Auditor (CISM)
- Amazon Web Service Security)
- Certified Ethical Hacker (CEH)
References
Available Upon Request
Timeline
Cyber Security Specialist
FireShot USA
06.2021 - Current
Cyber Security GRC Consultant
Purple fox-Technologies
04.2017 - 06.2021
Cyber–Security Analyst
Salesforce
09.2013 - 08.2017
Associate of cyber security -
Prince Georges community college
BSc Cyber Security -
University of Maryland Global campus