Information Security Control
Resume:
CHINEDU ONYEABOR
Houston, TX 770-***-**** *.**********@*****.***
https://www.linkedin.com/in/conyeabor/
QUALIFICATIONS SUMMARY
Technology Compliance & Security Control Expert with IT Audit Background
A highly experienced Information Security and Compliance professional seeking a Technology Audit and Compliance Analyst role, leveraging 8+ years of experience in IT General Controls (ITGC), Quality Management Systems, and Incident Management. Proven track record in managing SOX, SSAE16 SOC2, ISO27001, and HITRUST compliance programs while implementing service request management and translation services security controls. Expertise in vulnerability assessments, security policy development, cyber security, and maintaining strong stakeholder relationships across Information Services functions.
MILESTONES/ACCOMPLISHMENTS
Compliance & Audit Excellence:
Led successful implementation of multiple compliance frameworks including GDPR, HIPAA, ISO 27001, PCI DSS, SOC 1, and SOC Type 2.
Established comprehensive security control assessment programs integrating NIST, RMF, and FISMA requirements.
Developed and implemented enterprise-wide security awareness training programs enhancing organizational security posture.
Technical & Security Expertise:
Established a comprehensive AWS cloud security program implementing zero-trust architecture across multiple environments.
Executed vulnerability assessments using industry-standard tools like Nessus to identify and prioritize security weaknesses.
Implemented risk management frameworks aligned with federal compliance requirements.
Maintained successful audit outcomes across multiple regulatory frameworks including SOX, SSAE16 SOC2, and ISO270.
WORK EXPERIENCE
KLDISCOVERY, Houston, TX
INFORMATION SECURITY ANALYST/ IT AUDITOR 05/2016 - Present
Leading comprehensive security control assessments and compliance initiatives while managing internal and external audit engagements. Served as Technology SME for external technology audits and assessments, providing expert guidance on compliance requirements. Developing and implementing security policies while ensuring alignment with multiple regulatory frameworks.
AWS Cloud Security Experience:
Identity & Access: Architected zero-trust security using IAM policies and role-based access controls, while implementing KMS encryption and S3 security policies for comprehensive data protection.
Security Operations: Orchestrated threat monitoring using Security Hub, GuardDuty, and CloudTrail, enabling rapid incident response and automated vulnerability management through Lambda and CloudFormation.
Network Security: Designed defense-in-depth strategies implementing VPCs, Security Groups, and WAF to protect critical cloud infrastructure and applications.
Compliance Management: Led security audits using AWS Config and native tools to maintain NIST, ISO 27001, and SOC 2 certifications, ensuring continuous regulatory compliance.
Audit Leadership & Planning:
Methodology Development: Contribute to audit planning by providing insights on approach, leveraging audit work papers, flowcharts, industry control frameworks, and prior reports.
Stakeholder Engagement: Conduct interviews with process and business owners to gather information, identify key risks, and assess internal controls.
Process Analysis: Analyze business processes, policies, and controls to identify risks and gaps, collaborating with partners to develop corrective actions.
Documentation Excellence: Prepare comprehensive audit findings and test results adhering to internal standards, ensuring timely delivery of recommendations.
Technical Implementation:
Control Assessment: Execute predesigned audit tests independently, performing thorough analysis with professional skepticism.
Standards Compliance: Collaborate with external auditors, internal employees, and regulatory bodies to ensure adherence to industry standards.
Security Policy Management: Maintain and update internal security policies, procedures, and conduct periodic security reviews.
Knowledge Development: Conduct independent research and participate in industry training to stay current with IT security trends.
Program Management
Meeting Leadership: Lead audit meetings, effectively communicating security practices and providing necessary documentation.
Findings Presentation: Present and confirm audit findings with process owners across organizational levels.
Quality Assurance: Complete departmental tasks ensuring compliance with professional standards, including work self-review and file close-out.
Regulatory Alignment: Ensure all assessments and documentation meet the requirements of multiple compliance frameworks.
TECHEDGE, Atlanta, GA
SECURITY CONTROL ASSESSOR 08/2014 – 05/2016
Managed comprehensive security control assessments and compliance initiatives while implementing risk management programs for federal and commercial clients. Led audit engagements and security awareness training across multiple regulatory frameworks.
Compliance Implementation:
Risk Assessment Excellence: Conducted audits and advisory reviews to evaluate Information Technology Operations, Security, and Compliance controls, ensuring alignment with regulatory requirements.
Framework Adoption: Led successful implementation of multiple compliance frameworks including GDPR, HIPAA, ISO 27001, PCI DSS, SOC 1, and SOC Type 2.
Vendor Management: Ensured compliance with privacy regulations for vendors, suppliers, and data processors, maintaining comprehensive third-party security posture assessments.
Technical Security:
Vulnerability Management: Conducted security assessments using Nessus, identifying and prioritizing weaknesses to enhance system and network security posture.
Risk Mitigation: Performed Gap Analysis to identify improvement areas and implemented remediation strategies to address security risks.
Federal Compliance: Implemented risk management programs utilizing NIST, RMF, and FISMA frameworks for federal clients.
Program Leadership:
Security Training: Developed and led security awareness training programs focusing on modern security techniques and best practices
Audit Execution: Conducted regular compliance audits to identify potential weaknesses and noncompliance situations
Remediation Planning: Analyzed security scan results to provide actionable recommendations, enhancing organizational security posture.
EDUCATION
BTech in Industrial Chemistry, Federal University of Technology, Owerri, Nigeria 2006
CERTIFICATIONS/TRAINING
Actively working on CISSP ONGOING
Certified in Cybersecurity (CC), International Information System Security Certification Consortium 01/2025
Certified Information Systems Auditor (CISA), Information Systems Audits and Control Association (ISACA) 10/2024
SKILLS
Security Compliance & Audit Management: Sarbanes-Oxley Act (SOX) Compliance, SOX Implementation, SSAE16 SOC2 Testing, ISO27001 Framework Alignment, HITRUST Controls Assessment, Information Services Controls, Quality Management System Implementation, Incident Management, Incident Response
Technical Infrastructure & Controls: Active Directory Administration, Information Technology General Controls (ITGC), System Development Life Cycle (SDLC), Service Request Management, Translation Services Support, Computer Operations, Remote Access Security, Automation Implementation
Stakeholder & Program Management: Cross-functional Team Leadership, Security Awareness Training, Quality Management, Process Improvement Implementation, Artificial Intelligence Risk Management, Management System Oversight, Change Management
Technical/Software:
Compliance Frameworks: NIST, SOC2 Type II, CMMC, StateRAMP, FedRAMP, HIPAA/HITECH
Security Tools: CrowdStrike (EDR), Fortra, Qualys, Kroll, Nessus
Technology Infrastructure: Active Directory, Windows Server, Linux, Computer Operations, Data Center/Physical Security
Audit Specialties: ITGC, Information Services Controls, Quality Management Systems, Translation Services Security
Security Operations: Incident Management, Vulnerability Assessment, Penetration Testing
Management Focus: Service Request Handling, Emerging Technologies, Customer Satisfaction Metrics
Contact this candidate