Open to opportunities

Hannah Balogun

@hannahbalogun

Message

Cybersecurity risk and compliance leader specializing in GRC and AI governance.

United States

Message

What I'm looking for

I seek roles where I can lead GRC and AI governance programs, drive compliance automation, improve risk posture, and collaborate with technical and executive teams in regulated environments.

I am a dynamic and detail-oriented Cybersecurity and GRC professional with over eight years of experience designing, implementing, and governing enterprise security programs. I have a proven track record in risk management, policy development, compliance assessment, and control testing across regulated environments including FedRAMP, HIPAA, and ISO 27001.

I lead cross-functional initiatives to strengthen security posture and optimize compliance processes, from ATO achievement and OSCAL automation to AI governance mapping against the NIST AI RMF. I am recognized for improving audit readiness, streamlining vulnerability management, and fostering collaboration between technical teams and executives.

Experience

Work history, roles, and key accomplishments

Current

Cyber Risk & Compliance Manager

Current

Top Group Technologies, LLC

Apr 2022 - Present (3 years 7 months)

Formulated and executed enterprise-wide cybersecurity and compliance initiatives, streamlining incident response and vulnerability management and aligning policies to HIPAA, FedRAMP, and ISO 27001 standards. Mapped AI governance to NIST AI RMF and led training to improve governance and accountability.

GRC Incident Response Vulnerability Management NIST CSF HIPAA FedRAMP AI Governance

RMF Compliance Manager

RAINN / DoD Safe Helpline

Jan 2021 - Mar 2022 (1 year 2 months)

Directed RMF compliance and privacy programs for federal contracts, created policies aligned with NIST/FedRAMP/HIPAA, and automated eMASS and JIRA workflows to reduce audit preparation time by 35%. Coordinated audit readiness and third-party assessments.

FedRAMP HIPAA E MASS Jira Policy Development

Senior Information Security Analyst

Volpe Information Technology Group, Inc

Feb 2019 - Jan 2021 (1 year 11 months)

Led system security assessments achieving ATO under NIST SP 800-37 Rev.2 and developed OSCAL-based toolkits to automate control testing and continuous monitoring across environments. Collaborated with owners to align authorization packages with RMF objectives.

NIST 800 37 Monitoring Controls Testing

Information Systems Security Officer

Wise Comprehensive Solutions, LLC

Jan 2016 - Jan 2020 (4 years)

Performed comprehensive Security Control Assessments per NIST SP 800-53A, authored SAPs/SARs/SSPs/POA&Ms, and developed policies and incident/contingency plans to support ATO efforts and continuous monitoring. Executed monthly vulnerability scans and coordinated remediation.

Security Control Assessment SSP SAP Incident Response Policy Development

Education

Degrees, certifications, and relevant coursework

University of Maryland Global Campus

Master of Science, Cybersecurity Management and Policy

Pursuing a Master of Science in Cybersecurity Management and Policy with expected completion in 2026; program focuses on cybersecurity strategy, policy, and governance.