- Reply rate:
- -
- Availability:
- Full-time (40 hrs/wk)
- Location:
- Cypress, Texas, United States
- Experience:
- 10 years
Linda Ekpe- |-| LinkedIn: linkedin.com/in/lindaekpe
PROFESSIONAL SUMMARY
Results-driven IT Audit and Information Security professional with extensive experience in risk
assessment, compliance, governance, and regulatory audits. Expertise in identifying security
vulnerabilities, implementing mitigation strategies, and ensuring compliance with industry standards,
including NIST, ISO 27001, PCI DSS, SOC 2, and HIPAA. Adept at managing cross-functional teams, driving
cybersecurity initiatives, and conducting in-depth risk assessments to enhance organizational security
posture. Strong analytical, communication, and leadership skills with a proven track record of delivering
high-impact audit projects.
PROFESSIONAL EXPERIENCE
SOFI – Sr. Information Security Risk Auditor
March 2021 – Present
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Led IT audit engagements focusing on cybersecurity, third-party risk management, and regulatory
compliance across multiple business units.
Developed and implemented audit frameworks aligning with NIST 800-53, ISO 27001, and SOC 2
to enhance enterprise security postures.
Conducted risk assessments, identifying high-risk security gaps and recommending controls to
mitigate threats.
Performed penetration testing and vulnerability assessments, reducing system vulnerabilities by
40%.
Conducted IT General Controls (ITGC) audits covering change management, logical access, and
data protection policies.
Automated risk reporting dashboards using Power BI, enhancing executive decision-making with
real-time insights.
Spearheaded a security awareness training program that increased employee compliance with
security policies by 35%.
Reviewed vendor security controls, ensuring third-party risk management compliance with GDPR
and HIPAA.
Identified and remediated over 500 security misconfigurations, reducing audit deficiencies by
60%.
Collaborated with DevOps and security engineers to integrate security controls into CI/CD
pipelines, improving DevSecOps practices.
Improved IAM policies by implementing role-based access controls (RBAC) and multi-factor
authentication (MFA).
Conducted forensic investigations on security incidents, reducing mean-time-to-detect (MTTD) by
50%.
Assisted in the successful completion of external audits, including SOC 2 Type II and ISO 27001
certifications.
Implemented automated compliance tracking, reducing manual reporting efforts by 70%.
Provided executive briefings on security posture, risk trends, and mitigation strategies.
•
•
•
•
Designed business continuity and disaster recovery strategies, improving resilience against cyber
threats.
Managed a team of IT auditors, overseeing risk assessments, security audits, and policy
implementations.
Conducted phishing simulations that improved employee security awareness scores by 45%.
Collaborated with legal and compliance teams to address data privacy and regulatory
requirements effectively.
PWC – Sr IT Auditor
January 2017 – Febuary 2021
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Managed IT audit and cybersecurity risk projects for Fortune 500 clients, ensuring compliance
with industry standards.
Conducted risk-based internal audits, identifying control weaknesses and recommending
remediation plans.
Developed enterprise-wide risk management frameworks to enhance regulatory compliance and
operational security.
Led cloud security assessments, ensuring secure deployment of applications in AWS and Azure
environments.
Conducted third-party vendor assessments to mitigate supply chain cybersecurity risks.
Automated IT audit workflows, increasing efficiency and reducing audit completion times by 30%.
Provided audit training to junior team members, enhancing overall department expertise.
Implemented secure coding standards for application development teams, reducing security
vulnerabilities by 50%.
Assisted in the development of IT policies and procedures aligned with COBIT, ISO 27001, and
NIST.
Conducted network security audits, identifying firewall misconfigurations and reducing attack
surfaces.
Collaborated with cybersecurity teams to enhance intrusion detection and incident response
capabilities.
Managed IT compliance reviews for SOX and SOC 1/2 audits, ensuring adherence to internal
controls.
Provided recommendations on data encryption and data loss prevention strategies.
Oversaw the implementation of GRC tools, streamlining risk management and compliance
monitoring.
Enhanced cybersecurity governance through policy development and executive reporting.
Conducted gap analysis on regulatory compliance, bridging deficiencies through remediation
planning.
Led post-incident reviews, analyzing root causes and implementing preventive security measures.
Developed audit test plans, ensuring comprehensive security assessments and control
evaluations.
Established secure remote work policies, improving data security and remote access controls.
Collaborated with IT leadership to align security initiatives with business objectives.
K&S SOLICITORS – LEGAL COUNSEL & COMPLIANCE
April 2014 – December 2016
•
•
•
•
•
•
•
•
•
•
Provided legal counsel on data privacy laws, GDPR compliance, and cybersecurity regulations.
Drafted IT security policies and procedures, ensuring compliance with industry standards.
Conducted contract reviews, identifying security and privacy risks in vendor agreements.
Assisted in regulatory filings and compliance audits, supporting enterprise risk management
initiatives.
Advised clients on IT governance best practices, risk management, and security frameworks.
Led privacy impact assessments, ensuring data protection compliance.
Provided training on legal aspects of cybersecurity and data privacy to internal teams.
Negotiated cybersecurity clauses in vendor contracts, reducing third-party risks.
Conducted legal research on cybersecurity laws and emerging regulatory requirements.
Assisted in responding to data breaches, ensuring regulatory notification compliance.
CERTIFICATIONS & TECHNICAL SKILLS
•
•
•
•
Certifications: CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems
Security Professional), CRISC (Certified in Risk and Information Systems Control), ISO 27001 Lead
Auditor, ITIL v4
Technical Skills: Risk Assessment & Management, ITGC Audits, Cybersecurity Frameworks, SOX
Compliance, SOC 1/2 Audits, Cloud Security, Vulnerability Management, Incident Response, Data
Privacy & Protection, Penetration Testing, GRC Tools (RSA Archer, ServiceNow, OneTrust), SIEM
Tools (Splunk, QRadar), Identity & Access Management (IAM), Network Security, Firewall &
Intrusion Detection Systems
Regulatory Frameworks: NIST 800-53, ISO 27001, COBIT, HIPAA, PCI DSS, GDPR, FedRAMP
Programming & Tools: Python, SQL, Power BI, Tableau, Microsoft Excel (Advanced), JIRA,
Confluence, AWS Security
EDUCATION
•
•
Master of Arts, Queen Mary University of London – Conferred 12/2016
Bachelor of Arts, University of Bedfordshire – Conferred 07/2014
PROFESSIONAL AFFILIATIONS
•
•
•
ISACA (Information Systems Audit and Control Association)
ISC2 (International Information System Security Certification Consortium)
IAPP (International Association of Privacy Professionals)
