Frank Tetteh

Technology audit/assurance, risk, compliance, and governance leader with over 15 years of global experience strengthening enterprise IT risk management, regulatory compliance, and cybersecurity governance programs across North America, Europe, and Africa. Well-versed in supporting organizations in strengthening policies and processes that improve control effectiveness, support regulatory readiness, and enhance enterprise risk management. Recognized for partnering with executive leadership, technology organizations, and internal audit functions to align technology risk management initiatives with control objectives and regulatory expectations.

Skilled in assessing complex IT environments, advancing internal control frameworks, and advising organizations navigating cloud adoption, digital transformation, and evolving regulatory landscapes. Accomplished in cultivating strong cross-functional partnerships, promoting enterprise governance maturity, and delivering structured risk reporting that supports informed decision-making among senior leadership stakeholders.

Consultant - Evergreen Information Security & Technology LLC - Raleigh, North Carolina

(2026-01)

NIST, ISO 27001, ISO 22301, PCI-DSS, and CIS gap assessments and providing implementation support for corporations, merchants, and service providers (organizational context, scoping, gap analyses, readiness reviews, SAQ support, ROCs, policy definition, and roles and responsibilities). Artificial Intelligence governance implementation support.

Manager, Digital Assurance & Transparency - PricewaterhouseCoopers (PwC) US - Raleigh, North Carolina

(2024-01 - 2026-01)

Oversaw enterprise IT risk and compliance engagements for multinational organizations across healthcare, construction, financial services, and technology sectors. Led the design and implementation of IT risk management programs. Assessed enterprise IT control environments, supporting Internal Audit, ICFR and SOX compliance while advising stakeholders on strengthening internal control frameworks and governance practices. Partnered with finance leaders, technology teams, and internal audit to design and implement application controls, infrastructure security controls, and cloud environments.

Managed

DevOps pipelines, security operations, and digital transformation initiatives to improve regulatory readiness and risk transparency, while leveraging analytics and automation to enhance testing efficiency and control monitoring visibility.

• Driving risk-based SOX 404 IT control structures supporting enterprise system transformation initiatives.
• Elevated enterprise control governance across hybrid environments integrating cloud platforms and legacy enterprise systems.
• Performed SOC 1 control evaluations supporting compliance oversight for enterprise service organizations.

Manager, Technology Risk Services - Ernst & Young (EY) UK - United Kingdom & Ireland

(2023-01 - 2024-01)

Coordinated technology risk and cybersecurity governance design and assessments, artificial intelligence governance programs, business continuity planning and IT compliance assessments for various industries across the UK and Ireland, including building and reviewing IT risk. Assessed enterprise control frameworks aligned with European regulatory requirements including GDPR and the NIS2 Directive. Facilitated enterprise risk identification workshops and structured risk registers to strengthen visibility into cybersecurity and technology risk exposure.

Partnered with technology leaders, privacy officers, and legal stakeholders to evaluate governance practices supporting digital platforms and cloud environments. Enabled organizations to adapt to evolving regulatory requirements while improving compliance monitoring processes and operational resilience strategies.

• Spearheaded governance and compliance assessment for a global technology services provider designated as a Gatekeeper under the EU Digital Markets Act.
• Established standardized control testing methodologies aligned with ISO 27001 and NIST 800-53 to strengthen regulatory readiness for Irish public-sector agencies.
• Instituted enterprise cybersecurity risk registers improving leadership oversight of technology risk exposure.
• Designed a business continuity and cyber resilience framework based on ISO 22301 for a national healthcare authority.

Manager, Risk Assurance Services - PricewaterhouseCoopers (PwC) Africa - Ghana, Nigeria, Liberia, Mali, Sierra Leone

(2019-01 - 2023-01)

Administered multi-country technology risk, cybersecurity, and compliance engagements across government, financial services, healthcare, mining, and telecommunications sectors. Reviewed enterprise governance frameworks and IT control environments aligned with international standards including ISO 27001, COBIT, and NIST. Advised organizations undergoing large-scale technology modernization initiatives by evaluating cybersecurity posture, vendor risk exposure, and operational resilience practices.

Guided leadership teams in formalizing governance structures supporting digital transformation initiatives and enterprise risk oversight. Strengthened consulting team capability through mentorship programs and structured training in audit methodology, control design, and regulatory compliance practices. Performing PCI-DSS assessments.

GDPR / Ghana Data Privacy Act compliance gap assessment and implementation.

• Orchestrated Multi-country Internal Audit, Non-SOX and SOX ITGC and application control audits for two US gold mining subsidiaries operating across Africa.
• Facilitated ISO 27001 implementation and readiness assessments enabling two organizations to achieve successful certification.
• Facilitated data privacy governance and controls initiatives in support of national digital transformation initiatives.
• Formalized enterprise cybersecurity and IT risk registers supporting digital transformation initiatives.
• Engineered vulnerability remediation dashboards improving executive visibility into application security risks.
• Trained and mentored 50+ professionals on technology audit methodology, control design, and compliance assessment practices.

Technology Audit, Systems Implementation & Consulting Roles - Various Organizations

• Progressed through multiple roles supporting enterprise technology initiatives including IT audit activities, systems implementation projects, and technology consulting engagements.
• Contributed to governance reviews, control evaluations, and enterprise system deployments while assisting organizations in strengthening technology risk management and operational control environments.

Master of Science (MSc) - Management Information Systems - Coventry University

Bachelor of Science (BSc) - Computer Science - University of Ghana (Catholic University College)

Executive Nanodegree - Artificial Intelligence for Business Leaders - Udacity