Information System Security Officer

Nkemchap Yakou Tel: 202-***-**** Email: ************@*****.***

Essential Skills

Risk Management & Compliance

Governance Frameworks (ISO, NIST, RMF,)

Regulatory Compliance (GDPR, HIPAA, SOC 2)

Policy Development & Documentation

Security Awareness Training

Incident Response Planning

Vulnerability & Threat Analysis

Vendor Risk Management

Internal & External Audit Support

Data Protection & Privacy

Plan of Action and Milestone (POA&M)

SUMMARY

Dynamic and detail-oriented GRC Analyst, Information system Security Officer with over 7 years of experience in risk management, compliance frameworks (ISO 27001, RMF, NIST 800-53, GDPR, SOC 2), and policy development. Proven track record in assessing, implementing, and managing information security controls while ensuring adherence to regulatory requirements. Expertise in risk assessments, security audits, and creating comprehensive compliance reports for stakeholders. Passionate about improving security postures by applying strategic governance models and control frameworks that ensures the protection of sensitive information assets.

EXPERIENCE

GRC Analyst- Randstad US, Atlanta, Georgia 03/2024-Present.

Lead the development and implementation of GRC processes aligned with NIST 800-37 to ensure effective risk management and compliance with organizational objectives.

Perform risk assessments for information systems, identifying gaps, evaluating control effectiveness, and providing recommendations for mitigation.

Develop, implement, and maintain security policies and procedures to support ISO 27001, PCI-DSS, and SOC 2 compliance requirements.

Conduct regular security awareness training programs, increasing organizational understanding of compliance obligations and best practices.

Coordinate with internal teams to prepare for regulatory audits and third-party assessments, achieving a 100% reduction in compliance issues year over year.

Implement and monitor third-party risk management processes to evaluate vendor security and compliance posture.

Collaborated with cross-functional teams to perform regular internal audits, mitigating compliance issues and enhancing risk management strategies.

Information System Security Officer – Accenture, Arlington, VA 06/2022- 12/2023.

Develop, update, and maintain System Security Plans (SSPs) for information systems, ensuring alignment with NIST 800-53 controls.

Conduct regular risk assessments and security control assessments (SCAs) to identify and mitigate vulnerabilities, enhancing system security.

Implement continuous monitoring strategies, including automated vulnerability scans and manual review of system logs, to maintain system compliance and security posture.

Serve as the primary liaison between the organization and federal auditors to ensure compliance with FISMA requirements, leading to successful Authority to Operate (ATO) approvals.

Develop and maintain Plan of Action and Milestones (POA&Ms) to track the remediation of identified vulnerabilities and ensure timely closure.

Provide security awareness training to system users, increasing compliance with security protocols and reducing security incidents.

EDUCATION

2023 -2024 Masters in Cybersecurity Technology University of Maryland Global Campus

2009 - 2012: Bachelor of Science: University of Buea, Cameroon.

CERTIFICATION

Certified Information Systems Auditor (CISA) - License # 201308388.

AWS Certified Solutions Architect - Associate License # 9VBP99LB2NEE1BC8.

CompTIA Security+ CE - License # -COMP001021667495

Contact this candidate