Open to opportunities

Solange Nnoko

@solangennoko

Message

Cybersecurity analyst specializing in GRC, risk management, SOC operations, and vulnerability remediation.

United States

Message

What I'm looking for

I seek a role focusing on GRC, risk management, and SOC collaboration where I can drive compliance, reduce risk, and mature vulnerability and vendor programs.

I am a Cybersecurity Analyst with 6+ years of experience across healthcare, financial services, and consulting, focused on GRC, SOC operations, risk management, vulnerability management, and third-party vendor security.

I have led enterprise GRC initiatives mapping controls to NIST RMF, ISO 27001, HIPAA, PCI DSS, and SOC 2, driven vulnerability remediation using Qualys/Nessus, reduced MTTR through SOC collaboration, and automated audit evidence collection to cut manual prep time.

I deliver executive dashboards and risk reports, support SOX and HIPAA audit readiness, run security awareness training and phishing simulations, and partner with IAM and development teams to enforce least-privilege and improve application security posture.

Experience

Work history, roles, and key accomplishments

Current

Cybersecurity GRC & Risk Analyst

Current

CareSource

Feb 2025 - Present (8 months)

Led enterprise GRC initiatives mapping controls to NIST RMF, HIPAA, PCI DSS, and SOC 2, conducted risk assessments and vendor reviews, and collaborated with SOC to reduce MTTR by 25% while improving audit readiness for SOX and HIPAA.

GRC Risk Assessment Vendor Risk Management Splunk QRadar Qualys SOX HIPAA)

Vulnerability & SOC Analyst

CVS Health

Aug 2024 - Jan 2025 (5 months)

Managed enterprise vulnerability lifecycle for 20,000+ assets using Qualys and Nessus, coordinated emergency remediation (including Log4j) to meet SLAs, and tuned Splunk to reduce false positives for SOC operations.

Vulnerability Management Qualys Nessus Splunk Patch Governance Incident Response CVSS

Cybersecurity Analyst

SoFi

Jan 2023 - Jan 2024 (1 year)

Executed third-party vendor security reviews and control mapping to PCI DSS, NIST RMF, and ISO 27001, automated audit evidence collection to cut prep time by 25%, and supported SOC incident monitoring via AWS GuardDuty and Splunk.

Vendor Risk Management RSA Archer Splunk IAM SOC 2)Control Mappings Automation Audits

Information Security Risk Analyst

Grant Thornton LLP

Jun 2021 - Jan 2023 (1 year 7 months)

Led ITGC testing and SOX audit preparation for financial and healthcare clients with zero audit deficiencies, conducted vendor risk assessments, and delivered executive dashboards mapping risks to major frameworks.

SOX ITGC Vendor Assessment Splunk HIPAA)PCI DSS

Cybersecurity & GRC Intern

Grant Thornton LLP

Jan 2021 - May 2021 (4 months)

Assisted ITGC testing and audit evidence collection for SOX and PCI DSS engagements, conducted preliminary vendor risk reviews, and supported Splunk-based SOC monitoring and GRC control mapping.

ITGC SOC Splunk RSA Archer Control Mappings Audit Support

Education

Degrees, certifications, and relevant coursework

University of Maryland Global Campus

Master of Science, Cybersecurity Management & Policy

Pursuing a Master of Science in Cybersecurity Management & Policy with expected completion in December 2024, focusing on cybersecurity governance and policy alignment.