Valerian E. Agbaw-Ebai

Tel: 857-***-**** (M) 857-***-**** (H)

E-mail: ad3d2h@r.postjobfree.com

PROFILE: A passionate cybersecurity analyst with extensive risk management experience as a security controls assessor, and auditor with proven success improving security and resilience of IT systems and networks, to protect organizations and their data. Subject matter expertise in Governance, Risk management and Compliance (GRC) frameworks, including client-facing experience with 3rd-party vendors and supply chain risk management. Passionate about digital transformation - leveraging data analytics, AI and ML into predictive risk analysis and threat intelligence. A team player with excellent oral & written communication skills in English and French; proficient in communicating complex technical issues in plain, simple language. I also possess senior leadership experience in cyber security consulting, from working with clients in the public and private sectors; delivering strategic hand-holding services. I hold a Public Trust security clearance with the United States Department of Justice (DOJ) CORE COMPETENCIES

• Security Controls Frameworks - NIST RMF, CSF, CIS Top 20 critical SCs, etc.

• Security Audit & Quantitative Risk and GAP Analysis

• Access Control & Security and Privacy Risk Management & Assessments

• Incidence Response, Penetration testing & Vulnerability management

• Encryption & Network Communication, Ransomware & Malware Analysis

• Vendor, Third Party & Supply Chain Risk Management (SCRM)

• AWS, Azure, Google Cloud Security Infrastructure & FedRAMP processes

• SSPs, SARs, POAM & ATO documentation management

• Identity & Access Management (IAM); Security Training & Awareness

• PCI DSS – ISO/IEC 27000 series audit & certification; IRS Pub-1075

• Information Security Governance, Risk & Compliance (GRC)

• Data security & privacy regulations – FISMA, HIPAA, COBIT, SOC, GDPR

• Artificial Intelligence & Machine Learning, Threat Intelligence

• Practical understanding of Python & R Studio, Data Robot, Tableau

• Data Governance & Business and Data Analytics

PROFESSIONAL EXPERIENCE

Company: 24M Technologies LLC October 2022-November 2023 Job Title: Consultant, Information Security Specialist

• SME for TISAX and ISO-27001 compliance documentation – Policies, Standards, Procedures SSPP, SAR & POAM for remediation of identified risks and show-stoppers in risk register

• Conducted risk assessment and tested security controls policies, procedures and standards for compliance with NIST RMF SP 800-53A methodology and best practices

• Configure multi-factor IAM policies with access restrictions for 3rd-party vendors that reduced help desk ticket incidents by 25% in 3 months

• Designed third-party risk management program to instruct senior management, vendor owners of business lines, and other stakeholders on how to implement the TPRM policy. Client: Client: US Department of Justice (DOJ-JMD-OCIO) Dec. 2021 – August 2022 Company: LEAPS Consulting

Job Title: Consultant/ Security Controls Assessor/Auditor Valerian E Agbaw-Ebai Page 2/4

Lead internal auditor for DOJ-OCIO Processes; provided guidance on evidence capture and compliance with ISO standards and controls; secured ISO 20000-1 and ISO 27001 3-year re- certifications [2023-2026] without a single finding.

Coordinate response to external audit findings of OCIO Processes and serve as a Subject Matter Expert (SME) for compliance with external audits – FISMA, FISCAM, IRS Pub-1075.

Review monthly and quarterly metrics of five (5) OCIO CSS Processes for continuous operational effectiveness and relevance to DOJ’s strategic objectives

Integrated Project Team (IPT) member responsible for facilitating root cause analysis to remediate internal audit findings & Corrective Action Requests and report CSS-related ISO 27001 issues and program status updates to Senior Leadership at weekly review meetings

Updated DOJ-OCIO Internal Audit Checklists and Statement of Applicability (SoA), mapping all Controls to the new ISO 27001:2022 & NIST 800-53 rev (5) standards to ensure compliance and operational effectiveness of OCIO business processes

Integrate risk management and information security best practices into ISSO operational processes to enhance compliance with ATO deliverables - SSPP, SPAR and POAM management Client: US Department of Revenue (IRS) June. 2021 – Nov. 2021 Agency: Massachusetts Department of Revenue (DOR)

Job Title: Information Security Analyst

Work with auditors to remediate findings from Office of Safeguards and ensure security control implementation and remediation per IRS Pub-1075 guidelines and NIST best practices.

Perform GAP analysis and develop metrics to validate DOR’s “need and use” of FTI conforms with governing provisions allowing disclosure of FTI between DOR and IRS.

Conduct security and privacy awareness training for 3rd-party vendors to ensure security by default in every RFP and SLA aligns to DOR’s overall risk management strategy SECURITY CONTROLS ASSESSOR June 2017 – May 2021

Tar Technologies LLC, Washington, DC

• Executed, examine, interview, and test, security controls policies, procedures and standards for compliance with NIST SP 800-53A (5) & NIST 800-53 (5) and developed ATO documentation

• Established Key performance indicators (KPIs) to evaluate GRC program maturity using best practices; transitioned five (5) clients to GRC automation, and reduced operational costs by 25%.

• Designed metrics to evaluate 3rd-party vendor risk profiles; standardized risk and vulnerability management compliance throughout the supply chain lifecycle for four (4) clients

• Integrated 3rd-party supply chain risk mapping into client GRC systems to create executive level visibility across functional and business lines, with a holistic risk management strategy

• Designed robust continuous monitoring program to successfully transitioned three clients from static 3-year ATO to Ongoing Security Authorization (OSA) within 18 months. SECURITY CONTROLS ASSESSOR June 2015 - May 2017

Acethia LLC, Bethesda, MD

• Subject matter expert and team lead on A&A process related to ATO acquisition and cyber security governance, and risk management practices for all clients

• Configured multi-factor IAM policies with access restrictions that improve data protection and reduced help desk ticket incidents on client systems by 50%

• Conducted security and privacy awareness training for 3rd-party vendors to ensure security by default in every RFP and SLAs align to clients’ overall risk management strategy Valerian E Agbaw-Ebai Page 3/4

• Designed “One strike and you’re out” policies with respect to defective vendor products to enhance risk mitigation and reduce attack vectors for 3PAO clients by 50%

• Customized risk assessment and continuous monitoring protocols to track and remediate critical vulnerabilities for two (2) government security software contractors. ASSOCIATE SECURITY CONTROLS ASSESSOR Jan 2013 - March 2015 AlphaHill Technologies, Washington DC

• Conducted security controls assessments and monitored three (3) client systems to ensure FISMA compliance with no major breach in two years.

• Created troubleshooting interface platform that improved operational readiness and monitored changes to network security and their environments of operation for three (3) clients.

• Work with assessors to categorize client systems and ensure effective security control implementation following NIST 800-53 guidelines and best practices. EXECUTIVE ASSISTANT TO THE PRESIDENT Oct 2008 - Oct 2012 African Union Economic Social and Cultural Council (AU-ECOSOCC) ECOSOCC is an advisory body of the African Union designed to give civil society organizations a voice within AU institutions and decision-making processes. As executive assistant, it was my responsibility to

• Draft press releases, edit ECOSOCC publications and interface with the media

• Participate in AU Heads of State summits, and events related to ECOSOCC’s outreach areas.

• Represent ECOSOCC President in meetings with internal and external stakeholders.

• Exercise supervisory authority over staff to ensure appropriate implementation of policies.

• Served as information security lead in President’s office, ensuring cybersecurity was prioritized. ADMINISTRATIVE COORDINATOR August 2006 - Sept 2008 Clarendon Hills Towers Tenants Association (CHTTA)

• Drafted press releases; ensured social media footprint and managed all communications

• Interface between BODs and Management Company; monitor compliance with City, State and Federal Government Housing regulations.

• Led negotiations with private investors to secure a $10 million re-financing loan. PROFESSIONAL CERTIFICATIONS & TRAINING

• (ISC) - Certified in Governance Risk and Compliance (CGRC)

• BSI Exemplar Global – ISO 27001:2022 Lead Auditor & Implementer (TPECS)

• Informatica – Data Privacy and Governance

• DCSA – RMF for DoD Security Programs & Controlled Unclassified Information (CUI) Training

• Proofpoint – Certified AI/ML and Ransomware Specialist

• (ISC) - CISSP Certification (in progress)

• (Amazon) – AWS Certified Cloud Practitioner (in progress) EDUCATION & PROFESSIONAL TRAINING

Harvard Business School: Graduate Diploma in Business & Data Analytics – (HBAP) Massachusetts Institute of Technology (MIT) Professional Education Digital Transformation: From AI and IoT to Cloud, Blockchain and Cybersecurity Harvard John F. Kennedy School of Government

Master in Public Administration {MPA}

Harvard John F. Kennedy School of Government

Diploma in Public Policy & Strategic Management - (Mason Fellow} Valerian E Agbaw-Ebai Page 4/4

University of Yaoundé 1, Yaoundé, Cameroon

Bachelor of Arts B.A. (Hons) English Modern Letters HONORS & DISTINCTIONS

HBAP – Winner, Digital Strategy & Innovation Platform Competition HBAP – Winner, Operations & Supply Chain Management Competition Harvard Kennedy School – 2005 William Starr Innovations Fellow HOBBIES: Reading, movies, soccer, travelling and cooking PROFESSIONAL AFFILIATIONS

Member, International Information System Security Certification Consortium, (ISC) Member, (ISC) Eastern Massachusetts Chapter

Member, 451 Global IT & Business Think Tank Alliance Member, Black Professional in Tech Network (BPTN)

Vice-Chair/COO, LM Nanje Foundation, Atlanta, Georgia President Emeritus, MECA-USA New England Chapter

Member, Harvard Business Analytics Program (HBAP) Alumni Association Member, Harvard Kennedy School Alumni Association, New England Member, Harvard Club of Boston

REFERENCES

Available upon request

Contact this candidate