Richard Chungong

Solution-Focused and dedicated GRC Policy Analyst | Cybersecurity Analyst with years of experience in developing and implementing effective security policies, procedures, and controls to protect organizations from cyber threats. Proven ability to work collaboratively with cross-functional teams to ensure compliance with various security frameworks such as HIPAA, PCI-DSS, TPRM, ISO 27001, SOX, SOC. Skilled in conducting security assessments, risk analyses, and audits to identify vulnerabilities and recommend appropriate controls using National Institutes of Standards and Technology (NIST) Special Publications 800-53, 800-53A, 800-60, 800-30, 800-37, 800-171, FIPS 199, FIPS 200.

GRC Analyst - Third Party Security Risk Analyst - Top Group Technologies, LLC - Largo, MD

(2023-01)

• Develop and maintain incident response protocols to mitigate damage and liability during security breaches.
• Conduct internal risk, vulnerability, and compliance assessments to identify risks, vulnerabilities, and compliance shortcomings; and recommend/develop security measures, policies, and controls for risk/vulnerability mitigation and remediation of compliance findings
• Facilitate the Information Risk Management process including the reporting/oversight of treatment efforts to remediate negative findings
• Understand business needs and has a commitment to delivering high-quality, prompt and efficient service to the business
• Understand organizational mission, values, and goals and consistently apply this knowledge
• Strong knowledge of common vulnerabilities and exploitation techniques
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• Extensive Knowledge of information security frameworks such as ISO 27001, PCI-DSS, TPRM and HIPAA.
• Ability to identify problems, analyze data and present conclusions
• Develop and publish Security Policies and Standards; provide consulting to technical resources on security mitigation of identified security gaps/risks and compliance to Global Security Policies
• Define the Vulnerability Management process including the identification of vulnerabilities, provide consulting to business/technical resources to remediate vulnerabilities, and align vulnerability remediation processes with existing Infrastructure programs
• Review policies, procedures, standards and guidelines per applicable regulations including ISO 27001, PCI-DSS, HIPAA, TPRM
• Ensure compliance of information Technology Security Policies and utilize vulnerability tools
• Develop and enhance an information security framework based on NIST Cybersecurity Framework (CSF) and International Organization for Standardization (ISO 27001)
• Coordinate with IT and business units to ensure security best practices.
• Conduct internal risk and compliance assessments and coordinate with IT and business units to ensure security best practices

Information Security Officer - Tradex Oil Corporation - Akwa, Douala Cameroon

(2020-12 - 2022-12)

• Created and updated the following Security Assessment and Authorization (SA&A) artefacts; FIPS 199, Security Test and Evaluations (ST&Es), Risk Assessments (RAs), Privacy Threshold Analysis (PTA), Privacy Impact Analysis (PIA), E-Authentication, Contingency Plan, Plan of Action, and Milestones (POAMs)
• Lead a team of cybersecurity professionals responsible for assessing systems and networks within a secure
• Provide mentorship, guidance, and professional development opportunities for managers
• Prepared Security Assessment and Authorization (SA&A) packages to ascertain that management, operational and technical security controls adhere to NIST SP 800-53 standards
• Performed vulnerability assessment, making sure risks are assessed and proper, actions taken to mitigate them
• Conducted IT controls risk assessments including reviewing organizational policies, standards and procedures and providing advice on their adequacy, accuracy, and compliance with industry standards
• Identify skills needed and provide training to meet requirements.
• Conducted the IT Risk Assessment and documented key controls
• Developed, reviewed, and evaluated Security Plans based on NIST Special Publications 800-18
• Investigated possible security breaches identified through review of audit reports and follows up accordingly with departments/management
• Prepared and reviewed A&A package for Information Systems.
• Monitor, detect and respond to cybersecurity threats in real-time
• Assist in Security awareness training and metrics reporting
• Prepare and maintain incident response plans, POA&Ms, and audit documentation

Sr. Oracle DBA/ SAP Basis - Accenture - Mauritius

(2018-04 - 2020-11)

• Administered Oracle and SQL Server enterprise environments supporting secure global operations
• Managed database security, disaster recovery, and enterprise access controls
• Implemented backup, recovery, and disaster recovery strategies using RMAN and SAP tools to ensure business continuity
• Performed proactive monitoring, vulnerability mitigation, and performance optimization for production systems
• Supported cross-functional enterprise deployments and SAP integrations
• Implemented Oracle RAC and Data Guard high-availability solutions to improve resilience and disaster recovery readiness
• Performed database tuning, replication management, and infrastructure support
• Managed user access controls, replication environments, and enterprise database security operations

Sr. SAP Basis Administrator - Tradex Corporation

(2016-02 - 2018-03)

• Administered Oracle RAC and SAP enterprise environments supporting high availability
• Performed systems monitoring and performance tuning
• Performed System Installation and Configuration
• Performed system upgrades patches management
• Performed troubleshooting and incidents resolution
• Implemented disaster recovery strategies using RMAN and Data Guard
• Led migration efforts from legacy Oracle systems to SAP S/4HANA
• Users Administration and Security Management

Sr. SAP Basis / Oracle DBA - Shulam IT Consulting Ltd

(2009-01 - 2016-01)

• Administered enterprise SAP and Oracle database environments supporting secure application operations
• Configured Oracle Data Guard and Golden Gate replication solutions to strengthen continuity and data integrity
• Managed upgrades, patching, and database security operations across enterprise systems
• Collaborated with cross-functional teams to support infrastructure enhancements and enterprise application delivery
• Performed proactive system monitoring, troubleshooting, and performance optimization

Sr. Oracle DBA - Cerner Corporation

(2005-04 - 2009-12)

• Supported secure Oracle and SAP database operations within large-scale healthcare enterprise environments
• Implemented backup, recovery, and high-availability solutions supporting mission-critical applications
• Conducted database performance tuning and troubleshooting to improve system reliability
• Delivered technical support and end-user assistance for enterprise application environments

Bachelor of Business Administration - Accounting - University of the District of Columbia (2024-05)