Tikva Alayo

I’m an Information Security Governance, Risk and Compliance Officer with 4+ years of experience in cyber risk, regulatory compliance, risk assessments, audits, vendor risk management, and security governance in financial and regulated environments. I help organizations turn complex regulatory requirements into practical controls, evidence, and measurable improvements.

I’ve supported regulatory examinations and audit readiness end-to-end, including Federal Reserve FFIEC examination testing. By developing security policies, performing risk assessments, and improving security and compliance posture, I achieved 25% risk reduction and 35% compliance process improvement, with successful audit and regulatory examination results in 3 months.

At Sabadell Bank, I created and maintained information security policies and procedures that increased secure workflow across departments within 3 months. I also collaborated with legal to strengthen third-party vendor security questionnaires and SOC 2 review processes during onboarding, improving supply chain risk management by 20% in 2 months, and conducted cybersecurity risk assessments aligned with NIST CSF 2.0, GLBA, and GDPR.

Previously at Maverc Technologies, I implemented NIST SP 800-171 controls to support CMMC compliance and enabled successful CMMC Level 2 certification within 6 months. I managed compliance platform improvements through NIST RMF gap analysis and exception handling, increasing CUI confidentiality protection by 25%, while also building incident response and monitoring capabilities using SIEM tools and cloud security practices.