Cybersecurity & Compliance Expert with DoD Clearance

Fred Eyong

Active DoD Secret Clearance CompTIA Security+

Cybersecurity & Compliance Subject Matter Expert

Celina, TX 75009 469-***-**** **************@*****.*** linkedin.com/in/fred-eyong PROFESSIONAL SUMMARY

Cybersecurity and Compliance Subject Matter Expert with Active DoD Secret Clearance and 8+ years of progressive experience in information assurance, security assessment and authorization (A&A), risk management, third-party risk management

(TPRM), AI security governance, and data privacy compliance across Department of Defense, federal, commercial, and multinational enterprise environments. Deep expertise spanning U.S. frameworks (NIST RMF, FISMA, FedRAMP, SOC 2, CCPA) and European regulatory standards (GDPR, EU AI Act, NIS2 Directive, DORA, UK Cyber Essentials), delivering versatile compliance leadership across global regulatory landscapes. Proven track record leading ATO packages, security authorization programs, SOC 2 readiness assessments, and cross-functional assessment teams while partnering with engineering, IT operations, legal, privacy, and senior government stakeholders to harden control environments and ensure sustained compliance. Currently advancing AI security capabilities including AI/ML system risk assessments, algorithmic security testing, and governance framework development aligned with NIST AI RMF and DoD AI ethics principles. CORE COMPETENCIES

Active DoD Secret Clearance NIST RMF (SP 800-37/53) FISMA & FedRAMP Compliance GDPR EU AI Act NIS2 DORA UK Cyber Essentials UK DPA 2018 CCPA/CPRA Data Privacy Compliance Security Assessment & Authorization (A&A) Authorization to Operate (ATO) SOC 2 Type I & Type II AI Security & Governance AI/ML Risk Assessments NIST AI RMF & DoD AI Ethics Third-Party Risk Management (TPRM) Vulnerability Management Continuous Monitoring (ConMon) Data Protection Impact Assessments (DPIA) Privacy by Design & Cross-Border Data Transfers PCI DSS HIPAA ISO 27701 Security Documentation (SSP, SAR, SAP, POA&M) eMASS CSAM ServiceNow Splunk Nessus Nmap SIEM Tools Enterprise Risk Assessments Incident Response & Threat Analysis Cross-Functional Stakeholder Engagement PROFESSIONAL EXPERIENCE

Information Assurance Specialist

957th QM Army Reserve Unit Denton, TX March 2025 – Present

• Lead cybersecurity compliance and information assurance operations for defense enterprise systems, configuring and monitoring firewalls and network traffic to ensure adherence to DoD security protocols, reducing unauthorized access incidents by 30%.

• Conduct comprehensive vulnerability assessments and inspections of IT infrastructure utilizing Nessus and Nmap, identifying and remediating critical security gaps across classified and unclassified environments.

• Evaluate AI-enabled security tools and automated threat detection systems for control effectiveness, algorithmic accuracy, and compliance with NIST AI Risk Management Framework and DoD Responsible AI guidelines.

• Assess AI/ML-powered network monitoring and anomaly detection systems for governance adequacy, bias risk in threat classification, and alignment with emerging federal AI security standards.

• Execute SOC 2 Trust Services Criteria assessments (security, availability, processing integrity, confidentiality, privacy) for cloud-hosted defense support platforms, supporting Type II audit readiness and continuous compliance monitoring.

• Lead data privacy compliance initiatives ensuring CCPA/CPRA alignment for consumer data protection, access rights, and data deletion obligations across enterprise systems and third-party vendor integrations.

• Utilize GRC tools to identify compliance policy violations, assess organizational impact, and develop remediation strategies aligned with FISMA, NIST SP 800-53 Rev 5, and SOC 2 requirements.

• Analyze system documentation and security data to identify trends and weaknesses, partnering with engineering and operations teams to implement controls addressing vulnerabilities to acceptable risk levels.

• Create and maintain quarterly compliance folders on all audit findings and responses, producing comprehensive reports and incident logs supporting operational accountability and audit trail integrity. Information System Security Officer (ISSO)

United States Army, Fort Cavazos Fort Cavazos, TX August 2022 – February 2025

• Led security assessment teams from planning through execution and finalization, conducting Assessment and Authorization (A&A) packages per the RMF process outlined in NIST SP 800-37 for 10+ mission-critical information systems.

• Developed Security Assessment Plans (SAP) and Security Assessment Reports (SAR), assessing security control selections across various impact level systems to ensure compliance with NIST SP 800-53 Rev 4/5.

• Drove Authorization to Operate (ATO) packages through completion, coordinating control validation, artifact gathering, and stakeholder interview meetings using assessment methods of interview, examination, and testing.

• Conducted SOC 2 readiness evaluations for cloud-hosted mission support systems, assessing trust services criteria and identifying control gaps requiring remediation prior to external audit cycles.

• Managed access controls including user permissions, role-based access, and multi-factor authentication systems safeguarding classified and sensitive PII/PHI data across DoD enterprise environments.

• Reviewed A&A package items for FISMA compliance including FIPS 199/200 Categorization, Privacy Threshold Analysis

(PTA), Privacy Impact Assessment (PIA), Contingency Plans (CP/CPT), and System Security Plans (SSP).

• Ensured data privacy compliance for defense systems handling personally identifiable information, conducting privacy impact assessments and validating controls aligned with DoD privacy directives and NIST SP 800-122.

• Utilized eMASS to automate end-to-end cybersecurity program management, streamlining assessment workflows and authorization tracking across assigned systems.

• Deployed Splunk Continuous Monitoring (ConMon) to track functionality, performance, and CCI visibility scores of servers, applications, and devices, ensuring sustained security posture.

• Conducted regular vulnerability scans using Nessus Tenable, identifying threats and driving risk remediation across enterprise IT infrastructure in coordination with engineering and system administration teams. Information Assurance Specialist

Amazon United States January 2022 – August 2022

• Managed and delivered IT and business process audits ensuring enterprise risks were identified and mitigated across Amazon’s cloud and corporate infrastructure before adversely impacting operations.

• Conducted comprehensive compliance reviews including scoping, sampling, control testing, root cause analysis, and final report preparation supporting SOC 2 and internal audit readiness.

• Assessed IT control elements to mitigate risks regarding confidentiality, integrity, and availability of business information across distributed cloud-scale enterprise environments.

• Evaluated data privacy controls for CCPA/CPRA compliance including consumer access rights, data deletion workflows, and opt-out mechanisms across customer-facing platforms and backend systems.

• Reviewed third-party vendor SOC 2 reports and data processing agreements for adequacy of security controls, privacy commitments, and service-level compliance across critical cloud service providers.

• Performed walkthroughs, formulated test plans, documented gaps, tested results and exceptions, and developed remediation plans for each area of security and compliance testing.

• Collected data and performed trend analysis to preemptively address potential state and federal regulatory compliance deficiencies, identifying systemic risk patterns across technology operations.

• I identified trends and root causes of system failures and vulnerabilities using Nessus and Nmap, scanning ports, weak configurations, and missing patches across production and staging environments.

• Collaborated with cross-functional engineering, privacy, and security teams to address security incidents, investigate breaches, and develop incident response plans aligned with breach notification requirements.

• Worked with senior management to create updated risk assessment models based on current threat intelligence, communicating identified risks to key stakeholders to drive remediation priorities. Information Security Analyst

Navixus Manchester, United Kingdom January 2019 – June 2021

• Utilized Cyber Security Assessment and Management (CSAM) to automate assessment and authorization processes, providing comprehensive evaluation and continuous monitoring services across UK and EU-regulated environments.

• Led Authorization to Operate (ATO) efforts, making independent recommendations to government stakeholders during NIST Risk Management Framework (RMF) processes while ensuring parallel alignment with GDPR and UK Data Protection Act 2018 requirements.

• Conducted Data Protection Impact Assessments (DPIAs) for high-risk processing activities in compliance with GDPR Articles 35-36, advising stakeholders on privacy-by-design principles for new system implementations.

• Assessed security and privacy controls for cross-border data transfers between UK/EU and international entities, evaluating Standard Contractual Clauses (SCCs), adequacy decisions, and transfer impact assessments.

• Evaluated organizational compliance with NIS Directive (Network and Information Security) requirements for critical infrastructure systems, assessing incident reporting obligations and security baseline controls.

• Created and reviewed POA&Ms, System Security Plans (SSP), Configuration Management Plans (CMP), and Contingency Plans (CP), ensuring documentation met both NIST and European regulatory compliance standards.

• Established security baselines addressing confidentiality, integrity, and availability aligned with ISO 27001, UK Cyber Essentials, and GDPR Article 32 security of processing requirements.

• Translated IT security scan results on complex information systems into actionable risk and vulnerability assessments, coordinating remediation with engineering teams across multi-jurisdictional environments.

• Developed and leveraged baseline and custom guardrails, centralized policy enforcement, and tagging policies within well-architected multi-account cloud environments ensuring GDPR data residency and sovereignty compliance. Third-Party Risk Analyst

NCC Group Manchester, United Kingdom January 2018 – July 2019

• Conducted comprehensive risk assessments of third-party vendors identifying security, compliance, and data privacy risks across UK and EU client portfolios, reporting findings to senior management and stakeholders.

• Evaluated third-party data processors for GDPR compliance including Data Processing Agreements (DPAs), lawful basis assessments, data subject rights fulfillment, and breach notification readiness under 72-hour reporting requirements.

• Reviewed third-party security risk assessments, SOC 2 reports, and ISO 27001 certifications to identify vulnerabilities and ensure regulatory adherence across vendor ecosystems spanning from the UK, EU, and international jurisdictions.

• Assessed vendor compliance with UK Data Protection Act 2018, GDPR cross-border transfer mechanisms, and Privacy Shield/EU-US data privacy frameworks, recommending contractual and technical safeguards.

• Oversaw execution of IT and business process audits aligned with UK Cyber Essentials, ISO 27001/27002, and European regulatory standards, proactively managing risks to safeguard organizations from adverse impacts.

• Conducted vulnerability assessments, security control testing, and intrusion detection configurations strengthening cybersecurity defenses across enterprise and third-party environments.

• Performed comprehensive walkthroughs, devised test strategies, recorded discrepancies, and crafted remediation strategies for each testing segment across multi-regulatory compliance programs.

• Developed information security and data privacy policies, procedures, and standards ensuring GDPR and UK DPA compliance while securing organizational assets and third-party integration points. Helpdesk Specialist / SOC Analyst

Golden Helpdesk Manchester, United Kingdom May 2016 – January 2018

• Monitored network traffic and security alerts using SIEM tools, identifying and responding to potential security incidents in real time while analyzing IDS/IPS/DLP events, packet captures, and firewall logs.

• Continuously monitored information security alerts, performed security event triage, intrusion analysis, threat trend identification, malware analysis, and anomalous behavior detection across UK-hosted infrastructure.

• Used McAfee DLP Manager to protect intellectual property and ensure compliance with UK Data Protection Act and organizational data handling policies, supporting loss prevention investigations.

• Supported organizational compliance with UK Cyber Essentials framework, assisting in baseline security control assessments covering firewalls, secure configuration, access control, malware protection, and patch management.

• Blocked malicious domains and IPs following standard operating procedures, maintaining up-to-date knowledge of cyber threats and acting as technical incident responder during major cybersecurity incidents.

• Delivered technical support resolving customer issues with timely ticket resolution, utilizing ServiceNow for third-party support coordination and SOC issue escalation.

EDUCATION

University of Maryland Global Campus Master of Science in Cybersecurity 2025 University of Central Lancashire Master of Science in Applied Data Science 2022 SECURITY CLEARANCE & CERTIFICATIONS

Active DoD Secret Clearance

CompTIA Security+ 2023

Contact this candidate