Open to opportunities

agyekum User

@agyekumuser

Message

GRC and Compliance analyst protecting information systems through risk-based controls and audit expertise.

United States

Message

What I'm looking for

I seek a hands-on GRC or compliance role where I can lead risk assessments, strengthen controls, improve TPRM processes, and collaborate across teams to reduce enterprise risk.

I am a results-driven GRC and Compliance analyst with over five years of experience in information security, governance, and risk management, skilled in NIST SP 800, HITRUST CSF, HIPAA, ISO 27001, PCI DSS, SOX and related frameworks.

I have supported SOX/ITGC, PCI, SSAE 18, and HITRUST compliance activities, led third-party risk management and vendor security reviews, and performed audit testing and corrective action planning to reduce risk and improve controls.

I collaborate with control owners and cross-functional teams to implement governance frameworks, optimize TPRM processes, and deliver practical, value-added solutions that strengthen confidentiality, integrity, and availability across the enterprise.

Experience

Work history, roles, and key accomplishments

Current

Senior GRC Analyst

Current

Lockheed Martin

Jun 2022 - Present (3 years 4 months)

Supported internal controls reviews and SOX/ITGC/PCI compliance, leading remediation of findings and improving control evidence and testing processes across cyber governance programs. Coordinated cross-functional stakeholders and contributed to HITRUST and NIST-aligned security testing, reducing compliance gaps.

GRC PCI DSS HITRUST

Third Party Compliance Analyst

Accenture

Feb 2019 - Apr 2022 (3 years 2 months)

Performed third-party risk assessments, vendor evidence analysis (SOC, pen tests, vulnerability scans) and lifecycle TPRM activities, producing risk treatment plans and automating assessments to reduce vendor control gaps. Escalated and managed remediation to ensure contractual and regulatory compliance.

Third Party Risk Management Vendor Assessment SOC Vulnerability Assessment GRC Tooling Due Diligence

GRC Analyst

Tech Hub 360

Jul 2017 - Jan 2019 (1 year 6 months)

Developed IT security procedures and conducted risk assessments and audits for internal systems and cloud solutions (AWS, Azure), improving controls and aligning operations with NIST, HIPAA, PCI and SOX requirements. Provided remediation recommendations and represented security on cross-functional projects.

Risk Assessment AWS Azure HIPAA PCI ITGC Auditing Policy Development

IT Auditor

Johnson and Johnson

Mar 2016 - Jun 2017 (1 year 3 months)

Performed ITGC and application controls testing (FISCAM, NIST 800-53), supported SOX and SOC audits, and developed corrective action plans to strengthen access and change management controls. Reported findings and recommendations to leadership to improve IT control effectiveness.

ITGC SOX SOC NIST 800 53 FISCAM Access Control Change Management Audit Reporting CAP Development

Education

Degrees, certifications, and relevant coursework

Kwame Nkrumah University of Science and Technology

Science and Technology

Completed undergraduate studies at Kwame Nkrumah University of Science and Technology with focus on technical and/or scientific coursework supporting a career in information security and governance.