Cyber Security Risk Management

David Ndeme

GRC Analyst (Secret Clearance)

757-***-**** ************@*****.*** VIRGINIA

PROFILE SUMMARY

Results-driven Governance, Risk, and compliance (GRC) Analyst with 11+ years of experience in cyber security, environmental policy and Service in the Military (Navy). Skilled in managing compliance programs across ISO 27001, PCI-DSS, HIPAA and SOX. Expertise in risk assessments, security policy enhancement, and QRadar for incident management and compliance tracking. Collaborates with cross-functional teams to strengthen risk frameworks, reducing incident response times by 30% and improving compliance by 15%

SKILLS

PROFESSIONAL SKILLS Cross-Cultural Data Visualization Critical Thinking Presentation Skills Team Leadership Excellent Communication Public Speaking Decision Making Strategic Planning Process Improvement Microsoft Suite Office 365 SharePoint OneDrive Exchange Online Microsoft Teams Slack Zoom

TECHNICAL SKILLS Jira Frameworks and Compliance standards NIST AL RMF ISO/IEC 24029 PCI-DSS ISO 27001 GDPR HIPAA SOX FEdAMP HITRUST SOC 1 SOC II TPRM WORK EXPERIENCE

Governance, Risk and Compliance (GRC) Analyst United States Department of Navy Virginia Beach 11/2022- 05/2025

● Update at least 10 cybersecurity policies, standards, and procedures annually, ensuring 100% alignment with industry best practices and regulatory requirements

● Perform quarterly gap analyses, closing identified noncompliance issues within 30 days to maintain compliance

● Oversee compliance with relevant regulations (GDPR, HIPAA, PCI DSS) and industry standards to safeguard organizational data

● Conduct security risk assessments for 10+ new vendors annually, ensuring adherence to security policies and reducing vulnerabilities

● Strengthen risk management frameworks by 25%, aligning with NIST Special Publication 800-series and ISO standards

● Monitor vendor performance, achieving 95% adherence to security KPIs, KRIs, and SLAs, improving security posture

● Leverage GRC tools like RSA Archer and ServiceNow to track and manage security incidents, reducing incident response time by 30%

● Lead comprehensive risk assessments and audits to ensure compliance with industry standards and enhance security posture by 15%

● Identify control deficiencies during SOX audits, collaborating with stakeholders to develop corrective actions and improve control frameworks

● Evaluate assessment artifacts to verify compliance with NIST SP 800-53 rev 4 control requirements

● Review the effectiveness of existing controls by examining security questionnaires, independent audit reports (SOC 2, HITRUST, ISO), and artifacts, ensuring vendor compliance

● Streamline SOX compliance projects, improving reporting processes and reducing the financial close cycle by 15%

● Assess firewalls, and IDS/IPS configurations to guarantee network security and adherence to organizational policies.

● Execute regular PCI DSS compliance assessments, ensuring systems handling cardholder data meet the 12 core PCI DSS requirements, including secure network architecture and encryption. Compliance Analyst United States department Navy Virginia Beach 01/2020 - 09/2022

● Worked closely with cross-functional teams to foster a culture of compliance and ensure that governance policies were effectively implemented across the organization

● Led SOC II audit process and achieved an approximately 80% compliance rate with no major findings

● Collaborated with the cybersecurity team to leverage Splunk's threat intelligence capabilities, aiding in the improvement of vendor risk management processes and incident investigation efficiency

● Designed and implemented risk management frameworks, aligning with regulatory requirements (SOX, GDPR, PCI-DSS) to strengthen organizational security posture

● Spearheaded the enhancement of compliance monitoring processes, leading to a 15% increase in regulatory adherence across different departments

● Contribute to the development and upkeep of Governance, Risk, and Compliance (GRC) frameworks, aimed at strengthening governance and risk management practices

● Collaborated with cross-functional teams to establish and enforce security policies and procedures, ensuring alignment with industry standards (NIST, ISO 27001) and organizational goals

● Supported HIPAA compliance program implementation and maintenance, ensuring adherence to regulatory

● requirements across the organization.

Financial Career Counselor United States of Navy Norfolk, VA 08/2016 - 12/2019

● Analyze Military personnel qualifying for entitlements, as well as the initiation and termination of pay, in accordance with policies and procedure

● Conduct comprehensive reviews of HR records and discuss pay-related solutions with HR counterparts

● Provide detailed analytic reports on daily production using Microsoft Excel.

● Execute an audit review case-supporting documents submitted in salesforce for separation and retirement. Then advice command pay and administrators regarding any inaccuracies detected.

● Collaborate with cross functional teams to implement systems upgrades and enhancements. Culinary Specialist United States Navy Nas Oceana, VA 08/2012- 12/2016

● Managed Daily Operations of Galley, ensuring efficient preparation and Service of Meals

● led a team of CS in preparation, cooking and presentation, keeping lofty standards of quality and sanitation

● Implemented cost efficient measures that reduced kitchen waste by 40% resulting in significant savings in cost.

● Coordinated with supply personnel to ensure prompt receipt of food supplies and equipment, supporting adequate inventory levels for seamless operations

● Trained and mentored Junior CS in various techniques, safety protocols and Navy Regulations 757-***-**** ************@*****.*** Virginia ACHIEVEMENTS & AWARDS

• Global War on Terrorism Expeditionary Medal

• Good Conduct Medal (3)

• Global War on Terrorism Service Medal

• Navy and Marine Corps Achievement Medal (2)

• Letter of Commendation Flag

• Navy Commendation Medal for outstanding performance in IT support operations

• Navy Achievement Medal for excellence in legal advisory roles PROJECTS

Network Security and Forensics

Implemented and managed security protocols for a simulated corporate network. Conducted forensic analysis of network breaches and developed incident response plans.

Ethical Hacking and Penetration Testing

Executed penetration tests on various systems and applications to identify vulnerabilities. Developed comprehensive reports detailing findings and remediation strategies.

Cyber Risk Management

Designed and implemented cryptographic solutions for secure data transmission. Conducted analysis of cryptographic algorithms and their effectiveness.

EDUCATION

M.Sc in Cybersecurity Grand Canyon University, Arizona Masters in Business Law University of Yaoundé, SOA Cameroon Bachelor of law: English Common Law University of Yaoundé II, SOA Cameroon PROFESSIONAL CERTIFICATION

CompTIA Security+2024

757-***-**** ************@*****.*** Virginia

Contact this candidate