Senior IT GRC and Cybersecurity Professional

1-443-***-**** *************@*****.***

Ebba Ochuba Udeagha CISM CISA CompTia Security +

1-443-***-**** *************@*****.*** Woodbine, Maryland, United State of America. Dynamic and results-driven Senior IT/Cybersecurity Governance, Risk and Compliance Analyst with a solid background and proven track record of success in leading various IT GRC initiatives and engagements across multiple industries. He is hands-on at implementing effective controls, and ensuring compliance with industry standards in line with frameworks such as SOX, COBIT, COSO, ISO 27001, NIST CSF,NIST 800-53, CIS, PCI DSS,. He is also constantly seeking new ways to reimagine the possible as well as challenging opportunities that leverage his expertise in IT control frameworks and assurance methodologies to contribute to a more resilient and mature control environment which ultimately enhances and sustains organization success. Skills

● Strong understanding of IT control frameworks such as SOX, COBIT, COSO, ISO 27001, NIST, PCI DSS, ITIL.

● Proficient in assessing IT General Controls (ITGCs), SDLC controls, Cybersecurity controls, Cloud Security Assessments and other IT infrastructures testing

● Knowledgeable in audit methodology and risk assessment techniques

● Proficient user of Microsoft 365, G Suit and SharePoint in achieving excellent time and project deliverable management

● Strategic and analytical thinker with excellent interpersonal and communication skills proven during clients, peers and management interactions and presentations.

● Proficiency in GRC tools such as EMS, Aura, APT, Archer e-GRC, and TeamMate, ACL.

● Experience with complex ERP systems such as SAP, PeopleSoft, Hyperion, Cogsdale, Great plains etc

● With a strong background in innovation and strategic planning, I excel at identifying opportunities for process improvement and implementing creative solutions to enhance efficiency. My proficiency in Microsoft Office supports my ability to develop comprehensive reports, presentations, and data-driven insights.

● With a strong foundation in data analysis and analytical skills, I excel at identifying trends, deriving insights, and making data-driven decisions that enhance business performance. My problem-solving abilities enable me to address challenges effectively, ensuring operational efficiency and continuous improvement.

● I have experience in budgeting and planning, which allows me to allocate resources efficiently while maintaining cost-effectiveness. As a team player, I collaborate seamlessly with colleagues to achieve shared goals while fostering a positive and productive work environment.

● My creativity and decision-making skills empower me to develop innovative solutions and strategic approaches to complex problems. I also specialize in conflict resolution, helping to maintain harmony in team dynamics and workplace relationships.

● Adaptability and being self-motivated are key traits that allow me to thrive in dynamic environments. I am comfortable managing multiple tasks simultaneously, demonstrating strong multitasking capabilities while maintaining a high level of detail-oriented precision.

● With excellent communication skills, I effectively convey ideas and insights to diverse stakeholders. Additionally, my empathy allows me to build meaningful relationships and foster a supportive, inclusive work culture.

Experience

Senior IT Auditor/GRC Compliance officer

Eretmis Inc May 2022 – Date

● Spearhead IT and cybersecurity compliance assessment and advisory initiatives, ensuring compliance with regulatory requirements and industry best practices such as SOC 1/2, ISO 27001, PCI DSS and NIST 800-53.

1-443-***-**** *************@*****.***

● Drive initiative in collaboration with broad spectrum of stakeholder across IT and the business to ensure IT and Security policies are in place, reviewed and updated as at when due

● Facilitate the conversation and collaboration with external auditors and the business in the performance of the Corporate IT general controls (ITGCs), IT application control audits, and other IT/IS assessments.

● Evaluated the design and effectiveness of IT controls and security measures, including identity and access controls, change management, disaster recovery, and incident management.

● Collaborate with cross-functional teams to implement robust controls and provide recommendations for continuous improvement.

● Lead second and third lines of defense initiatives, promoting a robust risk management culture within the organization.

● Provide guidance and support to Internal stakeholders on IT governance, risk management, and control-related matters

● Recommend and assist in implementing improvements to IT processes, controls and security measures to enhance overall risk management

Accomplishments

● Reduced project deliverable timeline by 35% through leveraging on key client relationships.

● Increased team member job satisfaction through effective leadership built on trust and empathy. Senior Associate, Digital Risk & Cyber Security Specialist Eretmis Inc Oct 2018 – April 2022

● Led and performed information system advisory and/or audit of IT processes to meet regulatory and/or compliance requirements.

● Evaluated the effectiveness of IT controls and security measures, including access controls, change management, data back-ups and restores, disaster recovery, system configurations, SDLC controls.

● Identified key information technology and information security risks and controls, control optimization opportunities, including the configuration of controls to support key business processes.

● Applied experience and knowledge over established frameworks and tools to support the assessment of IT general controls, segregation of duty requirements, and automated controls.

● Conduct comprehensive IT audits, with a focus on SDLC controls and change management controls testing, to ensure the integrity and security of information systems.

● Collaborate with cross-functional teams to assess risks and develop mitigation strategies.

● Provide expert guidance on IT control frameworks and regulatory compliance.

● Generate detailed audit reports and work with management to implement recommended improvements.

● Collaborated with clients to enhance IT governance and control frameworks.

● Identified vulnerabilities and proposed effective risk mitigation strategies.

● Designed and implemented Incident Response, Business Continuity, and Disaster Recovery plans, ensuring proper team selection, policy governance, and structured rehearsal exercises.

● Conducted incident response drills and table-top exercises to enhance organizational preparedness.

● Implemented security automation tools across preventive, detective, recovery, vulnerability scanning, and governance risk compliance (GRC) categories to streamline security operations.

● Conducted employee security awareness training, including simulated phishing attacks and interactive cybersecurity workshops, to build a culture of security mindfulness Cybersecurity Audits & Compliance:/Internship/Workshop DiaspoCare Jan 2017 - August 2018

1-443-***-**** *************@*****.***

● Assisted senior auditors in planning and executing IT audits of Private clients in retail, oil and gas and construction.

● Actively involved in the planning and execution of statutory audit and other assurance engagements for private clients across various industries.

● Conduct comprehensive IT audits, with a focus on SDLC controls and change management controls testing, to ensure the integrity and security of information systems.

● Assisted in the preparation of audit workpapers and reports

● Led cybersecurity audits, third-party risk assessments, and compliance evaluations against industry and regulatory standards.

● Facilitated cross-team audits to assess the effectiveness of security controls and program implementations.

● Conducted sessions on core security concepts, including CIA triad, risk management, vulnerabilities, and threats across people, technology, and processes.

● Provided in-depth training on the NIST Cybersecurity Framework (CSF) and CIS Critical Security Controls to enhance organizational security postures.

● Assessed client security environments using frameworks such as OWASP Top 10, MITRE ATT&CK, and CIS Framework to identify vulnerabilities and compliance gaps.

● Executed key security tasks, including NIST CSF ID.AM-1 to ID.AM-5 and CIS Safeguard 1.1 to 3.11 and 10.1 to 10.17 to improve asset management and security controls.

● Developed and implemented security policies, standards, SOPs, and guidelines in compliance with NIST 800-53 and other best practices.

● Assisted organizations in aligning security governance with business strategies and regulatory requirements.

● Guided organizations in selecting and implementing security frameworks such as NIST CSF, ISO 27001, and NIST 800-53 for robust security management.

● Led risk management strategies, including risk assessments, threat modeling (OWASP Top 10, MITRE ATT&CK), and compliance validation to mitigate potential threats.

● Designed and implemented Incident Response, Business Continuity, and Disaster Recovery plans, ensuring proper team selection, policy governance, and structured rehearsal exercises.

● Conducted incident response drills and table-top exercises to enhance organizational preparedness.

● Implemented security automation tools across preventive, detective, recovery, vulnerability scanning, and governance risk compliance (GRC) categories to streamline security operations.

● Conducted employee security awareness training, including simulated phishing attacks and interactive cybersecurity workshops, to build a culture of security mindfulness Accomplishments

● Assisted with the development of amortized cost model for investment securities, staff loans and borrowings using spreadsheet.

● Managed program completion, final assessments, and certification issuance, ensuring organizations met security objectives and compliance goals.

With a structured approach to cybersecurity, I have helped organizations establish strong security governance, risk management strategies, compliance adherence, and incident response capabilities while fostering a security-conscious culture.

●

Certifications / Education

● Certified Information Systems Manager (CISM)2024

● CompTIA Security+ 2023

● CompTIA Cloud+ 2023

● Certified Information Systems Auditor (CISA)2024

● CompTIA Network+ 2023

1-443-***-**** *************@*****.***

● Google Cloud Certified Professional Cloud Security Engineer 2023

● AWS Solution Architect 2023

● CISSP on Progress

University of Calabar 1999

● B. Sc. Mathematics/Statistics/Computer science

Second class honours C.G.P.A. 3.75 out of 5

Trainings

● Archer e-GRC, TeamMate, Idea

● Power BI

● Alteryx and ACL

● Microsoft Excel

Security analysis, Intrusion detection, Incident response, Vulnerability assessment, Cybersecurity, Threat intelligence, Security operations, Network security, Penetration testing, SIEM, Security policies, Security audits, Risk management, Security tools, Forensics analysis, Security certifications, Security compliance, Firewall management, Data encryption, Endpoint protection, Security monitoring, Information security, Cybersecurity, Risk assessment, Vulnerability management, Incident response, Security monitoring, Network security, Firewalls, Intrusion detection, Penetration testing, Security policies, Compliance, Security certifications, Data protection, Threat intelligence, Security audits, Forensics analysis, Security awareness training, Security frameworks, Encryption, Security tools,

Contact this candidate