Open to opportunities

Agnes Kuteyi

@agneskuteyi

Message

Seasoned GRC professional with expertise in cybersecurity governance.

United States

Message

What I'm looking for

I am seeking a role that fosters collaboration, emphasizes compliance, and offers opportunities for professional growth.

I am a seasoned Governance, Risk, and Compliance (GRC) professional with extensive experience in regulatory compliance, contractual risk analysis, and cybersecurity governance, particularly within healthcare environments. My career has been marked by a commitment to enhancing organizational resilience through effective risk management strategies and compliance frameworks. I have successfully delivered over 150 RFPs, audits, and due diligence responses, ensuring alignment with critical standards such as NIST 800-53, HITRUST CSF, ISO 27001, PCI DSS, and HIPAA.

In my current role as a Senior IT Risk Analyst at the Center for Social Change, I lead comprehensive cybersecurity risk assessments and facilitate executive-level reporting. My ability to translate complex risk data into actionable insights has influenced strategic decision-making and resource allocation. I am passionate about fostering a culture of risk awareness through cross-departmental workshops and training sessions, which have significantly improved risk identification and remediation across IT and business units.

Throughout my career, I have implemented automated tracking and reporting systems that enhance visibility for senior leadership, reducing manual risk assessment time by 40%. My dedication to continuous improvement and regulatory adherence has been instrumental in supporting numerous audits and compliance reviews, ultimately contributing to the overall security posture of the organizations I have served.

Experience

Work history, roles, and key accomplishments

Current

Senior IT Risk Analyst

Current

Center for Social Change

Jul 2023 - Present (2 years)

Led comprehensive cybersecurity risk assessments leveraging NIST 800-53 and ISO 27001 frameworks to strengthen compliance and reduce organizational vulnerabilities. Facilitated executive-level reporting by translating complex risk data into actionable insights, influencing strategic decision-making and resource allocation.

NIST 800 53 ISO 27001 Risk Assessment Incident Response Contract Review HIPAA)SOX

Security Controls Assessor

Center for Social Change

Mar 2021 - Present (4 years 4 months)

Implemented security control assessments aligned with NIST and ISO frameworks, identifying gaps and recommending remediation to enhance operational resilience. Managed responses to over 150 security questionnaires and RFPs, ensuring alignment with PCI DSS and healthcare compliance standards.

NIST ISO Archer GRC PCI DSS Security Awareness OneTrust

Third-Party Risk Analyst

Microsoft

Feb 2018 - Present (7 years 5 months)

Spearheaded third-party risk management initiatives, integrating ServiceNow GRC tools to automate vendor risk assessments and reporting workflows. Partnered with legal and business units to negotiate contract terms, ensuring alignment with cybersecurity risk policies and regulatory mandates.

PCI DSS HITRUST RSA Archer Vendor Risk Management Contract Negotiation

Education

Degrees, certifications, and relevant coursework

Hood College

Master of Science, Cyber Security

Completed a Master of Science in Cyber Security, focusing on advanced topics in cybersecurity and risk management. Gained expertise in securing complex systems and data.

University of Maryland, Baltimore County

Bachelor of Science, Business Technology Administration

Obtained a Bachelor of Science in Business Technology Administration. Developed a strong foundation in business principles combined with technological applications.