Esther E. U.

Experience

• 

  Zenith Bank Plc

  Jul 2006 - Jan 2019

  Oversaw certification and compliance for payment card operations, conducting internet analyses, monitoring alerts within business SLAs, and driving vulnerability assessments to enhance security protocols. Strengthened collaboration by providing tailored training on updated vulnerability management processes while efficiently managing security-related helpdesk requests and approvals. Reduced payment card fraud by 26% across the region by crafting and implementing corporate privacy policies aligned with PCI DSS regulations, using targeted risk analysis to fortify financial security and mitigate threats effectively. Earned repeated accolades for exemplary leadership, recognized as "Inspirational Team Lead of the Month" for empowering teams to excel—cultivating a positive, high-performing environment that consistently boosted morale and productivity. Spearheaded creation and enforcement of privacy policies to facilitate full GDPR and CCPA compliance, performing regular audits and assessments to identify vulnerabilities and elevate data security practices across all operational levels. Partnered with information security and legal teams to manage third-party supplier relationships, fostering strict adherence to privacy standards, leading swift breach investigations, and implementing preventive measures to protect critical information assets.Notable Achievements: Integral driving force behind a 3% increase in rate of mitigation of guarantee failures through accurate briefs, reports, projections, and analysis to the Privacy Director and GM of Internal Control and Audits. Conceptualized, developed, and implemented corporate privacy policies and procedures governed by PCI DSS regulations training, facilitating a 6% reduction in payment card fraud regionally. Recognized on multiple occasions for notable excellence in team leadership and development by being named as the Inspirational Team Lead of The Month. Exibir menos

  • Privacy Analyst

    Jul 2006 - Jan 2019

  • Operations

    Jul 2006 - Jul 2006
• 

  CNS

  Jan 2020 - Jan 2022

  Third Party Risk Analyst

  Performed comprehensive risk and control assessments for medium to high-risk third-party providers, uncovering security vulnerabilities and working closely with stakeholders to implement precise mitigation strategies aligned with vendor risk profiles. Leveraged Vanta GRC technology to streamline compliance monitoring and management, increasing efficiency and precision across the vendor risk management lifecycle. Reviewed and analyzed third-party security documents like SOC reports, penetration tests, and disaster recovery plans, uncovering risks and enforcing compliance with industry standards to protect against potential operational threats. Partnered with stakeholders to identify risks tied to new products, services, and regulations, creating detailed assessments that streamlined risk management processes and bolstered operational readiness. Delivered precise, actionable recommendations by dissecting vendor-submitted evidence during audit findings and compliance evaluations, fostering measurable improvements in security postures and compliance across platforms. Transformed organizational understanding of third-party risks with impactful educational initiatives, empowering employees at all levels to adopt strategic vendor risk management practices and strengthen the city’s defenses. Administered an end-to-end vendor risk management program, leading risk assessments, questionnaires, and audits to address critical findings—aligning practices with broader compliance goals and promoting secure operations. Exibir menos

• 

  Amazon

  Jan 2020 - Jan 2020

  Security Assessor

  Coordinated and defined audit scope for key systems by leading initial stakeholder meetings to clarify and align assessment objectives, ensuring strategic focus and comprehensive understanding that guided the auditing process to successful completion. Elevated the city’s security framework by conducting detailed security assessments for information systems per NIST SP 800-53 standards to cultivate strict compliance while protecting sensitive data and critical infrastructure from evolving threats. Strengthened system integrity by steering execution of remediation plans through close collaboration with system owners, reinforcing essential security controls to reduce vulnerabilities and amplify overall resilience against potential breaches Exibir menos

• 

  System Soft Technologies (City of Arlington)

  Jan 2022 - now

  Infosec Governance, Risk & Compliance GRC Consultant

  Conduct in-depth risk assessments while collaborating with stakeholders to optimize security policies for systems, networks, and cloud environments, driving alignment with industry best practices, GRC frameworks, and regulatory mandates. Coordinate with cross-functional teams, including incident response and disaster recovery, to identify/mitigate security risks, enhancing the city’s defenses against cyber threats and bolstering overall security resilience. Elevated governance, risk, and compliance (GRC) standards by mastering Vanta and LeanIX, driving increased compliance tracking, audit readiness, and security inventory management efficiency through the SBITA project, securing the city’s readiness for external audits. Uncovered and resolved control weaknesses by conducting cybersecurity and compliance assessments against NIST CSF, ISO 27001, PCI DSS, HIPAA, HITRUST, and SOC 2, ensuring unbroken regulatory compliance and certification continuity for municipal operations. Slashed City’s phish-prone rate from 84% to under 15% within two years by spearheading transformative phishing simulation campaigns with Knowbe4, igniting employee awareness and reducing human-based security risks. Secured high-risk systems with multi-factor authentication policies and rigorous weekly user access reviews, neutralizing unauthorized access incidents and mitigating risks, including impact of critical vulnerabilities like Ivanti. Fortified resilience to cyber threats through well-coordinated ransomware readiness reviews and tabletop exercises, empowering the city and water department with actionable response strategies for swift containment during security breaches. Exibir menos