Looking for a job

Kwama Tron

@kwamatron

Principal cybersecurity consultant delivering GRC and cloud security that earns audit readiness and measurable risk reduction.

Canada

Message

What I'm looking for

A passionate advocate for all things Cyber Technology, Governance, Risk, Compliance and Audit impacting Business, Cloud Security, and Enterprise Risk. Collaborating with organizational stakeholders to align business goals and security efforts with IT Security Controls to secure critical assets and enhance

I’m a Principal Cybersecurity Consultant and trusted advisor with 16+ years of experience architecting, auditing, and advancing enterprise security programs across finance, healthcare, and retail. I partner with CISOs, CIOs, and executive leadership to translate complex technical risks into clear business strategy and measurable outcomes.

I specialize in building resilient, audit-ready organizations by designing and assessing GRC frameworks such as SOC 2, ISO 27001, NIST 800-53, PCI-DSS, and HIPAA. I map controls to these standards to improve compliance alignment, risk visibility, and operational control maturity.

In cloud environments, I help organizations secure Azure, AWS, and Oracle against evolving threats. I’ve led security advisory work including aligning initiatives to NIST 800-53 and CSA control frameworks, strengthening cloud policies and Security Technical Implementation Guides (STIGs), and supporting secure delivery of applications in regulated environments.

I also drive security culture and continuous improvement through training and operational execution. From chairing incident workflows and “IT Security Champions” programs to spearheading SOC 2 readiness and ISO 27001 consulting, I build practical documentation, incident response planning, and governance that stick—so teams can deliver confidently under audit.

Experience

Work history, roles, and key accomplishments

Current

Principal Cybersecurity Consultant

Current

Better Cyber Career

Sep 2022 - Present (3 years 9 months)

Spearheaded SOC 2 readiness and ISO 27001 consulting, performing gap analyses and control reviews that streamlined audits and accelerated certification. Authored audit-ready security policies and delivered cybersecurity awareness training for 500+ professionals across North America and Africa.

ISO 27001 NIST 800 53 HIPAA compliance PCI DSS GRC Gap Assessments Cybersecurity Training Audit Management

Business Information Security Officer

TD Bank

Oct 2021 - Jul 2022 (9 months)

Served as primary security advisor for Azure cloud initiatives, aligning efforts to NIST 800-53 and CSA control frameworks. Directed Technology Asset Risk Assessments using RSA Archer GRC and strengthened cloud policies and operational control maturity with STIGs.

Azure Cloud Security NIST 800 53 Archer GRC Technology Asset Risk Assessments (TARA)Policy Development Control Maturity

Head of Security Advisory & GRC

LifeLabs

Jan 2020 - Dec 2020 (11 months)

Led the security advisory and assurance division supporting healthcare projects with a combined CAPEX of $32M, advising senior leadership and ministry stakeholders. Managed a team of 10 delivering TRAs across 70+ critical assets handling PHI/PII and built a supply chain security risk program aligned to ISO 27001, NIST 800-161, and CSA CAIQ.

ISO 27001 PHI PII Security CAPEX Security Governance

Senior Cloud Security Advisor

Scotiabank

Sep 2019 - Nov 2019 (2 months)

Advised on public cloud security strategy to enable secure delivery of applications in regulated environments. Conducted cloud risk analyses and due diligence to support M&A activities and integration reviews for new technology adoption.

Cloud Security Due Diligence Regulated Environments Security Governance

Information Security Analyst

Healthcare of Ontario Pension Plan (HOOPP)

Dec 2011 - Apr 2014 (2 years 4 months)

Pioneered the IT Security Incident Management (ITSIM) process, formalizing incident escalation workflows and chairing the IT Security Champions program. Conducted enterprise security assessments and breach investigations and delivered organization-wide awareness training to reduce user-related incidents.

Incident Management Security Assessments IT Security Governance Security Awareness Training Executive Advisory