Summary
Overview
Work History
Education
Skills
Websites
Certification
Core Expertise
Affiliations
Languages
Timeline
Generic

Constance R. Jamu

Ashburn,VA

Summary

Information Security practitioner with extensive experience in governance, risk, and compliance (GRC) frameworks, adept at leading cross-functional teams to ensure robust cybersecurity postures. Proven track record of developing and implementing cybersecurity controls, driving audit readiness, and achieving compliance accreditations such as PCI-DSS and ISO 27001. Proficient in conducting IT security risk assessments, internal control evaluations, and continuous monitoring to mitigate evolving cyber threats.

Overview

8
8
years of professional experience
1
1
Certification

Work History

LEAD ASSOCIATE

Navy Federal Credit Union
10.2022 - Current
  • Lead the cybersecurity compliance program, guiding business units through the information security exceptions process
  • Partner with Enterprise Risk Management (ERM) to review risk and control self-assessments (RCSAs), ensuring consistency and depth
  • Orchestrates collaboration among internal teams and divisional leadership to ensure swift remediation of identified vulnerabilities, placing emphasis on adherence to Service Level Agreements (SLAs), strengthening the organization's security position
  • Executes thorough reviews of control design and operational effectiveness, unearthing changes that influenced security operations, thereby facilitating continuous control monitoring, and ensuring the organization's resilience against evolving cyber threats
  • Monthly acceptance reporting to senior leadership that correlates type of risk and root causes

SR. SECURITY ENGINEER

Yahoo
08.2020 - 10.2022
  • Oversaw the entire collaboration with application and control owners, assessing 20+ critical apps quarterly, implementing tests to uncover security gaps, and partnering on effective remediation, strengthening security posture
  • Managed the development, maintenance, and delivery of Yahoo's compliance accreditation materials, securing PCI-DSS and ISO 27001 certifications, demonstrating utmost dedication to data security and regulatory standards
  • Spearheaded control testing initiatives, ensuring compliance with PCI-DSS and ISO 27001, resulting in a 40% decrease in audit findings
  • Strengthened cybersecurity resilience, fostering a safer IT ecosystem
  • Led internal control evaluations, ensuring compliance with Yahoo's policies
  • Spearheaded risk assessments for third-party vendors and emerging technologies, preemptively identifying, and addressing security and privacy risks
  • Ensured compliance with laws and regulations by overseeing and resolving security vulnerabilities in a timely manner
  • Conducted Annual reviews for Vendor contracts to ensure compliance with Yahoo security requirements

Cyber Security Analyst

Fannie Mae
07.2018 - 08.2020
  • Devised techniques and formulated test procedures to conduct thorough cyber security risk assessments, evaluating over 200 internal Information Security controls and fortifying the organization's resilience against evolving cyber threats
  • Orchestrated the seamless implementation of operational and governance requirements for pivotal risk control activities, ensuring unwavering adherence to regulatory, legal, corporate, and business unit policies and procedures
  • Managed the coordination of risk remediation milestones with control owners and business units, promptly addressing identified deficiencies from both internal and external assessments to mitigate security risks effectively
  • Designed a centralized control library with 200+ IT security controls aligned with internal policies, standards, and industry best practices (NIST 800-53, ISO 27001, NIST CSF) in commitment to information security governance and compliance

IT Risk Advisor

Verizon
03.2017 - 08.2018
  • Delivered strategic counsel to senior business leaders, offering insights on privacy and compliance matters, and spearheading actionable recommendations to ensure regulatory adherence while fostering a culture of proactive risk management
  • Organized immersive workshop sessions engaging 2000+ employees from diverse business sectors, fostering a comprehensive understanding of process optimization, risk evaluation, insider threat recognition, and mitigation strategies
  • Engaged with multiple business units to meticulously document and evaluate IT controls, ensuring alignment with GDPR mandates while managing projects, covering privacy protocols, data retention policies, and PII access management
  • Administered transparent communication channels, effectively conveying project execution updates, noteworthy achievements, and risk assessments critical to maintaining Verizon's compliance accreditations and certifications

Education

Master Of Engineering - Cybersecurity Policy & Compliance

George Washington University
Washington, DC

MBA - with Honors

Marymount University
Arlington, VA
06.2027

Skills

  • Governance, Risk and Compliance
  • Cybersecurity Governance
  • Stakeholder Engagement
  • Information Security Frameworks
  • Strategic Security Oversight
  • Security Risk & Analysis
  • Identifying and Documenting Risks
  • Continuous Monitoring
  • Audit Readiness
  • IT Security Risk Assessments
  • Compliance Accreditation
  • Control Testing
  • Internal Control Evaluation
  • Drive and Aid Audit Readiness
  • Regulatory Adherence
  • Issue Management
  • Data Retention Policies
  • Project Management Skills
  • Leadership Skills
  • Microsoft Office Suite
  • Jira
  • ServiceNow
  • Project Management

Certification

  • Certified Information Security Manager (CISM)
  • Project Management Professional (PMP)
  • ITIL Foundation Certification
  • SC-900 Microsoft Security Compliance and Identity Fundamentals
  • CRISC Certification, 12/01/24

Core Expertise

  • Governance, Risk, and Compliance (GRC)
  • Cybersecurity Governance
  • Stakeholder Engagement
  • Information Security Frameworks
  • Strategic Security Oversight
  • Security Risk & Analysis
  • Identifying and Documenting Risks
  • Cyber Security Controls Development
  • Continuous Monitoring
  • Audit Readiness
  • IT Security Risk Assessments
  • Compliance Accreditation
  • Control Testing
  • Internal Control Evaluation
  • Drive and Aid Audit Readiness
  • Regulatory Adherence
  • Issue Management
  • Data Retention Policies
  • Project Management Skills
  • Leadership Skills
  • GDPR

Affiliations

  • Women in Cybersecurity

Languages

English
Full Professional

Timeline

LEAD ASSOCIATE

Navy Federal Credit Union
10.2022 - Current

SR. SECURITY ENGINEER

Yahoo
08.2020 - 10.2022

Cyber Security Analyst

Fannie Mae
07.2018 - 08.2020

IT Risk Advisor

Verizon
03.2017 - 08.2018

Master Of Engineering - Cybersecurity Policy & Compliance

George Washington University

MBA - with Honors

Marymount University

Similar Profiles

  • GENEVA CASTANEDA

    GENEVA CASTANEDAGENEVA CASTANEDA

    Member Service Representative III - MLO at Navy Federal Credit UnionMember Service Representative III - MLO at Navy Federal Credit Union

    View Profile
  • David Whitley

    David WhitleyDavid Whitley

    Fraud MSR II at Navy Federal Credit UnionFraud MSR II at Navy Federal Credit Union

    View Profile
  • Leighton Ellsworth

    Leighton EllsworthLeighton Ellsworth

    Collections Consoler at Navy Federal Credit UnionCollections Consoler at Navy Federal Credit Union

    View Profile
Constance R. Jamu