Information Security Regulatory Compliance
Resume:
Kwabena Apomah
Sanford, NC
**332
The Human Resources Manager
To Whom It May Concern,
With extensive experience in cybersecurity strategy, risk management, and regulatory compliance, I am eager to leverage my expertise to strengthen your organization’s security posture and drive operational resilience.
In my current role as an Information Security Consultant – Cyber Regulatory at MetLife, I have successfully implemented cybersecurity frameworks aligned with regulations such as the EU AI Act, Colorado AI Act, HIPAA, PCI DSS, and NY DFS Cyber Regulation. I have led security governance initiatives, conducted risk assessments, and managed regulatory responses to ensure compliance while minimizing risks. My ability to bridge the gap between technical teams and executive leadership has been instrumental in fostering a security-first culture.
Additionally, my experience as a Cyber Communications Officer in the Canadian Armed Forces Reserves has honed my skills in tactical cyber defense, operational security, and incident response. This background has provided me with a unique perspective on cyber resilience and strategic security planning in high-stakes environments.
I am particularly drawn to this opportunity and confident that my leadership, regulatory expertise, and ability to develop forward-thinking security strategies will make me a valuable asset to your team.
I welcome the opportunity to further discuss how my skills and experience align with your needs. Please feel free to contact me at your earliest convenience to schedule a conversation. Thank you for your time and consideration.
I look forward to the possibility of contributing to your organization’s cybersecurity initiatives.
Respectfully
Kwabena Apomah, BCom, CISA
Objective:
Results-driven cybersecurity professional with extensive experience in security strategy, risk management, and regulatory compliance. Adept at aligning cybersecurity initiatives with business objectives and regulatory frameworks, including the EU AI Act, Colorado AI Act, HIPAA, PCI DSS and NY DFS Cyber Regulation. Proven ability to lead cross-functional teams, enhance security postures, and implement robust cyber governance frameworks. Passionate about leveraging expertise to safeguard critical assets and drive organizational resilience in an evolving threat landscape.
Education:
The Kings University: Bachelor of Commerce, BCom
Management Major, Edmonton, AB.
Grand Canyon University: Master’s in Cyber Security, (MSc Cybersecurity)
Phoenix, AZ (July 2025 Graduation)
Champlain College: Master’s in Business Administration, MBA
Burlington, VT
ISACA: Certified Information Systems Auditor, CISA
Information Systems Audit and Control Association, Raliegh, NC
Experience
Sep 2022 – Present Senior Information Security Consultant – Cyber Regulatory
MetLife, Cary, NC
Proven expertise in navigating and implementing complex AI governance frameworks and cyber regulatory standards within the financial services sector. Skilled in aligning enterprise AI practices with global regulations such as the EU AI Act, Colorado AI Act, HIPAA, PCI DSS and New York DFS Cyber Regulation to ensure operational compliance and ethical AI use. Adept at designing and executing risk assessment methodologies, providing strategic guidance on regulatory requirements, and fostering a culture of compliance through policy development and training initiatives.
Extensive experience in developing and maintaining robust cybersecurity programs aligned with industry frameworks such as NIST Cybersecurity Framework (CSF) and ISO 27001. Demonstrated success in managing regulatory responses and audits, collaborating with cross-functional teams to remediate risks, and enhancing organizational resilience through proactive policy enforcement. Proficient in leveraging advanced analytical tools to monitor compliance and ensure continuous improvement of cybersecurity postures across enterprise systems.
Assessing current security posture, developing a roadmap to improve security posture and resiliency. Overseeing the ongoing execution of the security function.
Responsible for developing and implementing the security architecture, developing and guide security roadmap/risk remediation plan to support the client’s business strategy.
Manage security operations to ensure security services are available and maintained, establish and lead security governance and compliance efforts on behalf of the company.
Update senior leadership and Board members on current security posture and activities to reduce vulnerability footprint.
Oversee multiple security assessments to evaluate the processes, procedures, and tools used to review and test information system controls and security across multiple business systems and third-party supplier IT systems, including hybrid cloud solutions.
Identify, analyze, and document IT-related risks across the enterprise and convey these risks to executive leadership and the board of directors.
Conducts IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy, accuracy, and compliance with the Payment Card Industry Data Security Standard
Identifies internal controls and issues within our clients' IT environment and develop gap analyses. Develops understanding of core IT processes and look for opportunities to help IT management in gaining process efficiencies and control optimization.
Identifies internal controls and issues within our clients' IT environment and develop gap analyses. Examined policies and procedures, interviewed personnel on tested controls and conducted. Conducted Business Impact Analysis (BIA) to analyze mission-critical business functions, and
Managed Security Control Assessment schedules for the client’s systems to ensure system compliance. Provide audit briefings to the agency and Information Systems Security Officer. Coordinated with system owners and ISSOs across the organization to ensure timely compliance.
Coordinate with key Global Third-Party Risk Management stakeholders to initiate, scope, and plan cyber security risk controls assessments of new and existing high-risk suppliers.
Nov 2016 - Sep 2022 Corporate Consultant
City of Calgary
Project planning, project management and project team leadership skills in a dynamic environment with the ability to prepare and present complex reports and presentations.
Guide department managers with instituting (or updating) the work processes necessary to ensure that, throughout the organization, we attain a consistent level of quality and performance that enables us to achieve our vision.
This is accomplished by facilitating team meetings for improvement of work processes, assisting with the preparation of policies, procedures, best practices, and other management system documents while ensuring compliance, collecting, and analyzing data on company performance in areas such as quality, delivery, cost, customer perception, training, etc.
Working collaboratively with team members to develop and deliver aspects of the service planning process, with a focus on integration of processes and information from multiple stakeholder groups both internal and external to The City.
Coordinate and deliver program deliverables such reports and presentations for Council and senior executive committees.
Apr 2017 – Dec 2024 Communications and Cyber Electronics Officer,
Part-Time, Armed Forces Reserves, Canada
As a Signals Officer, I deliver telecommunications services to the Canadian Armed Forces (CAF), especially the Army and command units.
Lead the development and implementation of cybersecurity protocols to protect critical military networks and classified information from cyber threats.
Oversee cyber defense operations, including proactive threat detection, vulnerability assessments, and incident response coordination.
Manage and maintain the Army’s Cyber Capabilities, Voice, Data, and Information Systems, ensuring secure and reliable communications.
Conduct risk assessments and penetration testing to identify and mitigate security vulnerabilities in mission-critical systems.
Develop cyber warfare strategies and coordinate with intelligence, operations, and IT teams to enhance military cyber defense posture.
Provide cybersecurity training to military personnel, ensuring readiness in responding to cyber incidents and maintaining operational security (OPSEC).
Implement security policies and frameworks in compliance with national defense and international cybersecurity regulations.
Utilize advanced encryption, intrusion detection, and network monitoring tools to safeguard classified data and prevent unauthorized access.
Collaborate with allied forces and government agencies to share threat intelligence and develop joint cybersecurity initiatives.
Lead cyber awareness campaigns to enhance personnel understanding of cyber risks and security best practices in military operations.
Contact this candidate