Onyedikachi Nwosu

Data-Driven Cybersecurity & GRC Professional with 5+ years of experience bridging technical threat detection, product management and strategic risk management. Expert at translating complex incident data into actionable executive reports, leading to measurable improvements in risk posture. Proven success in maintaining 100% compliance for SOX 404 and ITGC across enterprise systems while navigating NIST, ISO 27001, COBIT, and HIPAA frameworks.

Adept at streamlining Third-Party Risk Management (TPRM) and SOC 2 reporting to reduce vendor-related vulnerabilities by up to 25%.

Governance, Risk, and Compliance (GRC) Analyst at Sophus IT Solutions (2026-01 – Present)

Lead compliance reviews and gap analysis for ISO 27001, SOC 2, GDPR, and IAFT 16949 frameworks. Managing control validation and compliance monitoring using ServiceNow and AWS tools.

• Lead compliance reviews and gap analysis for ISO 27001, SOC 2, GDPR, and IAFT 16949 frameworks.
• Managing control validation and compliance monitoring using ServiceNow and AWS tools.
• Facilitating Vendor compliance assessment for 25 + suppliers, increasing third-party due diligence coverage by 35%.
• Developing and delivering data privacy and compliance training to 30+ staff, elevating organization awareness metrics by 50%.
• Implementing process enhancement that has reduced compliance review cycle time by 60%.
• Providing guidance on data privacy and compliance best practices to business and technical teams.
• Designed and refined processes to integrate compliance into day-to-day operations.

SOC Analyst at KPMG (Klynveld Peat Marwick Goerdeler) (2023-07 – 2025-12)

Managed real-time threat monitoring and log analysis using Splunk and QRadar, resulting in a 35% reduction in false positives through correlation rule tuning. Authored and maintained critical ATO documentation in alignment with NIST RMF and FISMA requirements.

• Managed real-time threat monitoring and log analysis using Splunk and QRadar, resulting in a 35% reduction in false positives through correlation rule tuning.
• Authored and maintained critical ATO documentation (SSPs, POA&Ms, and SARs) in strict alignment with NIST RMF and FISMA requirements.
• Executed daily anomaly detection and root cause analysis (RCA) for Tier 1 and Tier 2 incidents, coordinating cross-functionally to ensure rapid remediation.
• Facilitated cyber incident simulations and tabletop exercises to validate the effectiveness of business continuity and incident response plans.
• Executed third-party risk assessments and vendor reviews to verify compliance with internal security standards and federal regulations.
• Collaborated with DevOps teams to integrate Security-by-Design principles early in the System Development Lifecycle (SDLC).
• Configured hardened security baselines within AWS and Azure environments to support continuous monitoring under NIST SP 800-137.

IT Auditor and Risk Analyst at Fidelity Investment (2020-07 – 2023-06)

Led SOX 404 IT control testing and risk assessments for a $430M Business Unit, ensuring the integrity of financial reporting system. Consistently achieved a 90%+ ITGC pass rate by maintaining rigorous audit documentation and evidence collection standards.

• Led SOX 404 IT control testing and risk assessments for a $430M Business Unit, ensuring the integrity of financial reporting system.
• Consistently achieved a 90%+ ITGC pass rate by maintaining rigorous audit documentation and evidence collection standards.
• Developed and executed targeted remediation plans that closed high-risk control gaps 50% faster than the established corporate timeframe.
• Optimized audit workflows by building custom dashboards in Audit Board, significantly increasing executive visibility into risk trends.
• Mentored and trained a team of 5 junior auditors on SOX methodologies and control walkthroughs, reducing their onboarding time by 50%.
• Performed post-audit reviews to refine root cause analysis processes, leading to more effective and sustainable corrective actions.
• Developed audit dashboards in Audit board, improving executive visibility into risk trends and control health.

IT Audit, Risk & Compliance Analyst at Carnival Corporation & Plc (2018-11 – 2020-06)

Led internal audits across HR systems and cloud platforms, identifying Segregation of Duties (SoD) conflicts affecting 900+ users and coordinating cross-functional remediation. Executed comprehensive IT audits and risk assessments to ensure robust internal controls.

• Led internal audits across HR systems and cloud platforms, identifying Segregation of Duties (SoD) conflicts affecting 900+ users and coordinating cross-functional remediation.
• Executed comprehensive IT audits and risk assessments to ensure robust internal controls and strict adherence to SOX, GDPR, and ISO 27001 standards.
• Presented quarterly risk reports to senior leadership, providing the data-driven insights necessary to influence strategic investments in IAM and data protection initiatives.
• Accelerated compliance attainment by developing custom risk prioritization models, enabling businesses to address high-impact vulnerabilities first.
• Enhanced audit engagement by leading stakeholder walkthroughs, translating complex control weaknesses into actionable business insights.
• Performed walkthrough with key stakeholders to assess risks in business processes and IT controls, ensuring effective design and identifying vulnerabilities.
• Monitored evolving technology risks and industry trends to refine audit practices, directly strengthening the organization's overall security posture.

Junior SOC Analyst at Kraft & Kennedy, Inc. (2017-01 – 2018-10)

Monitored SIEM alerts, firewall logs, and IDS/IPS events in a 24/7 SOC environment, reducing false positives, and improving response times by 20%. Conducted threat analysis and investigation of security incidents.

• Monitored SIEM alerts, firewall logs, and IDS/IPS events in a 24/7 SOC environment, reducing false positives, and improving response times by 20%.
• Conducted threat analysis and investigation of security incidents, identifying and mitigating phishing attacks, malware infections, and brute-force attempts.
• Performed digital forensics on compromised endpoints and network intrusions, collecting evidence, and supporting incident containment efforts.
• Tuned and optimized SIEM correlation rules, enhancing detection capabilities, and minimizing alert fatigue.
• Engaged with threat intelligence feeds, analyzing Indicators of Compromise (IoCs), and integrating MITRE ATT&CK techniques into SOC workflows.
• Assisted in incident triage, classification, and escalation, collaborating with cybersecurity engineers to remediate critical threats.
• Created and maintained incident response playbooks and standard operating procedures (SOPs) to improve SOC efficiency.
• Conducted vulnerability assessments and risk analysis, strengthening the organization's overall security posture

Bachelor of Science in Computer Science – Enugu State University of Science and Technology