a
aiukoha1

Akandu U

@aiukoha1

Vetted Pro

Cybersecurity Consultant, vCISO I GRC I SOC 2 I NIST I ISO 27001

Estados Unidos
Inglês
Algumas informações são exibidas no idioma inglês.
Verificado pelo Fiverr Pro

Akandu U foi selecionado pela equipe do Fiverr Pro considerando sua experiência.

Verificado para

  • Segurança Cibernética

Sobre mim
Struggling with SOC 2, ISO 27001, CMMC, or NIST compliance? I help organizations navigate audits, manage vendor risk, and build GRC frameworks that drive real business value. With 10+ years supporting organizations of all sizes including US government organizations, financial services firms and startups, I bring enterprise and federal-grade expertise to your project. I am also Certified CISM, CISA, and CRISC. I don't just check boxes. I build programs that reduce risk, satisfy auditors, and help your business grow securely. Send me a message. Let's get started.... Saiba mais

Habilidades

a
aiukoha1
Akandu U
US$ 65/hora
offline • 
Tempo médio de resposta: 1 hora

Conheça meus serviços

Serviços de Conformidade
I will deliver soc 2, hipaa, or iso 27001 compliance gap assessment
A partir deUS$ 300 /projetoMais detalhes
Gerenciamento de Cybersecurity
I will be your fractional vciso for compliance driven organizations
A partir deUS$ 1.000 /projetoMais detalhes

Quer trabalhar com remuneração por hora?

Diga a Akandu U o que você precisa.

US$ 65

/

hora

Portfólio

Experiência profissional

Principal Consultant

Gensys Technology • Autônomo

May 2018 - Present8 yrs

In my role as Principal Consultant, I proactively identified process and control deficiencies to enhance process improvements and ensure compliance with regulations such as SOX, CCPA, and GDPR. I led and coordinated internal audits, managed documentation, and provided expertise for quality assurance programs. Successfully led ISO 27001, SOX, HIPAA, and SOC 2 audits, resulting in certifications for various business divisions. I have also developed and updated information security policies and collaborated with engineering and security teams to enhance the Vulnerability Management process, creating metrics for senior staff. My team also established a Vendor Assessment and Third Party Risk Management Program using OneTrust, developing questionnaires and a scoring system to evaluate vendor risks. I ensured timely completion of vendor questionnaires and regulatory exams, managed remediation plans for audit findings, and created monthly security reports for senior management.

IT Compliance Analyst

Telesign • Autônomo

Sep 2021 - May 20242 yrs 8 mos

Served as an embedded Information Security and Compliance Consultant supporting Telesign in maintaining a secure, regulatory-compliant technology environment. Proactively identified process and control deficiencies, translating findings into actionable process improvement initiatives that reduced risk exposure across multiple business units. Led and successfully completed ISO 27001, SOX, HIPAA, and SOC 2 audit activities, resulting in certification across various client business divisions and services. Coordinated internal compliance audits and risk assessments end-to-end, managing all documentation, artifact submissions, process flows, and control testing activities. Provided subject matter expertise for quality assurance programs, including attestation processes, vendor questionnaire design, and executive management reporting. Developed and maintained information security policies, standards, and procedures in alignment with evolving regulatory requirements. Collaborated with System Engineering and Security Teams to mature the Vulnerability Management program, establishing scope definitions, vulnerability categorization, and remediation timelines, while developing weekly VM metrics presented to senior information security leadership. Designed and implemented a comprehensive Vendor Assessment and Third Party Risk Management program using OneTrust to identify high-risk vendors, perform due diligence, and ensure alignment with client security standards prior to onboarding. Built vendor security questionnaires within OneTrust, incorporating labels, tags, and a custom risk scoring system to flag critical responses and evaluate overall vendor risk levels. Ensured timely completion of vendor questionnaires and regulatory exams, including direct engagement with external examiners. Developed remediation plans and coordinated cross-functional teams to close all audit-related control deficiencies. Produced monthly security metrics and reports presented at Senior Managers.

Information Security Policy & Privacy Team Lead

Centers for Medicare and Medicaid Services • Período integral

Mar 2020 - Dec 20233 yrs 9 mos

Served as the Information Security Policy and Privacy Team Lead for the Centers for Medicare and Medicaid Services, supporting one of the largest federal healthcare agencies in the country. Participated in and led agency-wide policy development activities, functioning as the primary subject matter expert on cybersecurity policy across a multi-function team responsible for developing and enhancing client deliverables. Developed cybersecurity policies, memoranda, standards, and guidance documents covering a broad range of disciplines including cybersecurity program governance, IT security and privacy operations, continuous monitoring, and risk management. Developed Plan of Actions and Milestones (POA&Ms) to evaluate, track, and drive resolution of discovered security weaknesses across the enterprise. Researched, evaluated, and recommended new security tools, techniques, and technologies, introducing them into the enterprise in alignment with the agency's IT security strategy. Participated in collaborative and integrative projects with policy planning committees, cross-functional policy and procedures development teams, and policy review bodies. Served as a quality assurance and quality control point of contact for the cybersecurity program, providing technical review of deliverables to ensure accuracy and compliance with federal standards. Performed comprehensive reviews and gap analyses of existing security policies, identifying dependencies and proposing draft policy updates to address them. Led the agency's full transition from NIST 800-53 Rev 4 to NIST 800-53 Rev 5, a complex, enterprise-wide initiative that included updating all security policies and procedures, briefing ISSOs on upcoming control changes, and realigning agency compliance initiatives to satisfy new requirements. Assessed and enhanced enterprise security policies and procedures in direct response to regulatory requirements associated with federal and international standards.