Risk Management It

Kenechukwu Kevin Nwogbo

Email: *********@*****.*** Phone: 214-***-**** Location: McKinney, TX

Professional Summary

Results-driven Governance, Risk, and Compliance (GRC) Analyst with 5+ years of experience supporting enterprise cybersecurity and risk programs in technology and healthcare sectors. Expertise in IT risk assessments, security audits, third-party risk management, and regulatory compliance (NIST, ISO 27001, GDPR, HIPAA, PCI-DSS, SOC 2, etc.). Skilled in developing incident response strategies, identity and access management (IAM), SIEM analysis, and privacy impact assessments (DPIA/PIA). Adept at aligning cybersecurity programs with organizational goals and regulatory requirements.

Core Competencies

• IT Risk Management & Compliance Audits

• Third-Party & Vendor Risk Assessments

• Security Frameworks & Regulatory Compliance

• Threat Intelligence & Asset Management

• IAM, Endpoint & Insider Risk Assessments

• Security Incident Response & SIEM Optimization

Professional Experience

Daikin Comfort Technologies

GRC Analyst March 2020 – Present

• Conducted comprehensive IT risk assessments aligned to NIST CSF and ISO 27001, reducing vulnerabilities by 30%.

• Mapped controls to frameworks including GDPR, FedRAMP, HIPAA, PCI-DSS, CMMC 2.0, ensuring full audit readiness.

• Led security evaluations for over 50 third-party vendors, de-risking supply chain by identifying 15% as high-risk.

• Delivered IAM and endpoint access assessments, reducing privilege misuse and unauthorized access by 25%.

• Authored and tested enterprise Incident Response Plans (IRPs), improving time-to-containment by 40%.

• Conducted DPIA and PIA assessments with legal/privacy stakeholders to meet GDPR and CCPA standards.

• Executed vulnerability scans using HBSS, ACAS, and NESSUS; triaged and mitigated findings efficiently.

LOC HAULERS

IT Risk and Compliance Analyst (Contract) April 2016 – December 2019

• Led IT security assessments, identifying critical gaps in threat intelligence and improving risk posture.

• Performed SIEM assessments, optimizing log monitoring processes to detect threats faster.

• Implemented insider risk assessment strategies, preventing potential data breaches.

• Managed SDLC security assessments, integrating security controls into the software development process.

• Ensured HIPAA, PCI-DSS, and NERC-CIP compliance, passing all regulatory audits without major findings.

Certifications

• CISSP – Certified Information Systems Security Professional

• CISM – Certified Information Security Manager

• CRISC – Certified in Risk and Information Systems Control

• CIPP/US – Certified Information Privacy Professional

• CIPM – Certified Information Privacy Manager

• CCSP – Certified Cloud Security Professional

• CISA – Certified Information Systems Auditor

Education

Bachelor’s Degree in Business Administration & Management

University of Lagos, Nigeria 1984 – 1987

Tools & Technologies

• GRC Platforms: Archer, OneTrust, ServiceNow GRC

• SIEM Solutions: Splunk, IBM QRadar, Microsoft Sentinel

• Cloud Security: Azure Security Center, AWS Security Hub

• Risk & Compliance Frameworks: NIST CSF, ISO 27001, COBIT, FFIEC CAT

• Threat Intelligence Tools: Recorded Future, MISP, CrowdStrike

Contact this candidate