Akandu U

Principal Consultant

Gensys Technology • Self-employed

May 2018 - Present • 8 yrs

In my role as Principal Consultant, I proactively identified process and control deficiencies to enhance process improvements and ensure compliance with regulations such as SOX, CCPA, and GDPR. I led and coordinated internal audits, managed documentation, and provided expertise for quality assurance programs. Successfully led ISO 27001, SOX, HIPAA, and SOC 2 audits, resulting in certifications for various business divisions. I have also developed and updated information security policies and collaborated with engineering and security teams to enhance the Vulnerability Management process, creating metrics for senior staff. My team also established a Vendor Assessment and Third Party Risk Management Program using OneTrust, developing questionnaires and a scoring system to evaluate vendor risks. I ensured timely completion of vendor questionnaires and regulatory exams, managed remediation plans for audit findings, and created monthly security reports for senior management.

IT Compliance Analyst

Telesign • Self-employed

Sep 2021 - May 2024 • 2 yrs 8 mos

Served as an embedded Information Security and Compliance Consultant supporting Telesign in maintaining a secure, regulatory-compliant technology environment. Proactively identified process and control deficiencies, translating findings into actionable process improvement initiatives that reduced risk exposure across multiple business units. Led and successfully completed ISO 27001, SOX, HIPAA, and SOC 2 audit activities, resulting in certification across various client business divisions and services. Coordinated internal compliance audits and risk assessments end-to-end, managing all documentation, artifact submissions, process flows, and control testing activities. Provided subject matter expertise for quality assurance programs, including attestation processes, vendor questionnaire design, and executive management reporting. Developed and maintained information security policies, standards, and procedures in alignment with evolving regulatory requirements. Collaborated with System Engineering and Security Teams to mature the Vulnerability Management program, establishing scope definitions, vulnerability categorization, and remediation timelines, while developing weekly VM metrics presented to senior information security leadership. Designed and implemented a comprehensive Vendor Assessment and Third Party Risk Management program using OneTrust to identify high-risk vendors, perform due diligence, and ensure alignment with client security standards prior to onboarding. Built vendor security questionnaires within OneTrust, incorporating labels, tags, and a custom risk scoring system to flag critical responses and evaluate overall vendor risk levels. Ensured timely completion of vendor questionnaires and regulatory exams, including direct engagement with external examiners. Developed remediation plans and coordinated cross-functional teams to close all audit-related control deficiencies. Produced monthly security metrics and reports presented at Senior Managers.

Information Security Policy & Privacy Team Lead

Centers for Medicare and Medicaid Services • Full-time

Mar 2020 - Dec 2023 • 3 yrs 9 mos

Served as the Information Security Policy and Privacy Team Lead for the Centers for Medicare and Medicaid Services, supporting one of the largest federal healthcare agencies in the country. Participated in and led agency-wide policy development activities, functioning as the primary subject matter expert on cybersecurity policy across a multi-function team responsible for developing and enhancing client deliverables. Developed cybersecurity policies, memoranda, standards, and guidance documents covering a broad range of disciplines including cybersecurity program governance, IT security and privacy operations, continuous monitoring, and risk management. Developed Plan of Actions and Milestones (POA&Ms) to evaluate, track, and drive resolution of discovered security weaknesses across the enterprise. Researched, evaluated, and recommended new security tools, techniques, and technologies, introducing them into the enterprise in alignment with the agency's IT security strategy. Participated in collaborative and integrative projects with policy planning committees, cross-functional policy and procedures development teams, and policy review bodies. Served as a quality assurance and quality control point of contact for the cybersecurity program, providing technical review of deliverables to ensure accuracy and compliance with federal standards. Performed comprehensive reviews and gap analyses of existing security policies, identifying dependencies and proposing draft policy updates to address them. Led the agency's full transition from NIST 800-53 Rev 4 to NIST 800-53 Rev 5, a complex, enterprise-wide initiative that included updating all security policies and procedures, briefing ISSOs on upcoming control changes, and realigning agency compliance initiatives to satisfy new requirements. Assessed and enhanced enterprise security policies and procedures in direct response to regulatory requirements associated with federal and international standards.