Information Security Cyber
Resume:
Jedli Ndifor
Email: *********@*****.***
Phone: 915-***-****
PROFESSIONAL SUMMARY
Detail-oriented GRC Analyst with 6+ years of experience in information security, risk assessment, and regulatory compliance across Finance, Tech, Healthcare and Manufacturing sectors. Proven track record of developing risk mitigation strategies, conducting audits, and implementing policies aligned with ISO 27001, NIST, GDPR and PCI DSS standards. Skilled in evaluating vendor security posture, conducting due diligence, and aligning governance frameworks with SOC 2. Proven ability to implement and manage vendor risk management processes, collaborate across cross-functional teams, and ensure adherence to regulatory standards using GRC platforms such as ServiceNow, Archer, and One Trust, Audit Board with a strong focus on continuous improvement and minimizing organizational risk exposure.
PROFESSIONAL EXPERIENCE
Third Party, Vendor Risk Analyst Feb 2022 - Feb 2025
Navy Federal Credit Union
Responsible for reviewing Triaging Vendor questionnaires to determine their Tier level i.e., Tier 1, Tier 2 Tier 3
Onboarded 3-5 Vendors Monthly by actively taking part in vendor contract reviews
Drafted final Vendor Security report documenting what artifacts collected and reviewed. Also documented all findings identified and their recommendations, escalate issues when necessary
Conducted Pro-active and Reactive Vendor Risk assessments to determine risk level at document in risk register
Created information security documentation and workflows to assist with incident response, audits, and vendor requirements.
Performed documentation review including but not limited to SOC Reports, ISO 27001, Pentest, Cyber Liability insurance, Policies and Procedures, Architecture diagrams
Held meetings with vendors when necessary for clarification of the vendors scope
Followed up with Vendors for any outstanding findings identified while conducting security assessments
Part of the Internal Audit team and assisted in several audits including ISO 27001, PCI, SOC 2 Type audit and client audit
Created, reviewed, implementation and maintenance of policies, procedures, standards and guidelines in accordance with applicable regulations including ISO 27001, NIST 800-CSF Framework Controls, SOX, COBIT and PCI DSS
Cyber Security Analyst GRC Analyst Jan 2018 - Dec 2022
State Of Texas (Texas State Securities Board-TXSSB)
Performed an intermediary role between the state of Texas securities board and the TX department of Information Resources and DPS representing the state securities board security needs
Performed an intermediary role between the state of Texas securities board and AT&T (Government contracted MSSP)
Perform vulnerability scans of state IT equipment and resources using Nessus to generate reports, analyze them and communicate results with agency commissioner (CISO) and plan for remediation with risk owners.
Created, Reviewed and updated TXSSB cyber security policies standards and procedures yearly in accordance with the TX-Ramp and NIST CSF framework.
Also Work with TX DPS (Department of Public Safety) to create prohibited device and software policies on TikTok, Byte Dance and many more in accordance with the governor’s approval.
Partnered with Proofpoint, a third-party vendor to implement, access and track cyber security awareness trainings for the entire agency.
Used Splunk, Devos, MS Defender and Sentinel One SIEMs to collect, analyze and display logs charts for further analysis and mitigation of security alerts
0365 Admin creating email security policies, phishing simulations, blocking banned Ips and Domains, MDM implementation and general 0365 admin work.
Performed Internal Audits/Assessments and later partnered with AT&T to conduct TXCSF (Texas cyber security framework) Control assessment, Risk assessments every two years and provided recommendations and areas of improvement using the NIST 800-53 controls catalog
Conducted mock security audits based on ISO 27001 and NIST frameworks to identify potential compliance gaps.
•Assisted the agency in developing security policies aligned with industry best practices and government regulations.
•Evaluated third-party vendors' security controls, ensuring compliance with NIST, GDPR and SOC2 requirements.
•Created and presented risk reports to stakeholders, translating technical risks into business impacts.
SKILLS – TOOLS - TECHNOLOGIES
Core Skills: Risk assessments (qualitative and quantitative), Policy and Controls development, Internal and external audit support, Compliance monitoring and reporting, Control testing and evidence collection, Risk Register management
Third Party Vendor: Vendor due diligence and onboarding, Security questionnaires (SIG, CAIQ,) SLA &Contract Review
GRC Platforms: Audit Board, ServiceNow, Archer, One Trust
Frameworks: ISO27001, NIST CSF 800-53/30/37, SOC2, SOX GDPR, PCI-DSS
Operations: MS 0365, Advance Excel, Jira, DevOps
Vulnerability Management & Risk: Tenable, Qualys
SIEM: Splunk Enterprise
EDUCATION - CERTIFICATIONS
Master of Science in Cyber Security and Information Assurance - WGU
Bachelor of Science in Cyber Security and Information Assurance - WGU
Certified in Risk and Information Systems Control (CRISC)
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Third Party Risk Professional (CTPRP)
CompTIA Security+ CE
CompTIA Cybersecurity Analyst (CySA)+ CE
Contact this candidate