Michelle Osiyah

Cybersecurity Risk & Regulatory Experienced Associate @ PWC | COMPTIA Security + | COMPTIA CySA+ | SAS | SQL| Python | Syracuse University Alumni

Houston, Texas, United States

About

I work with diverse clients to assess, improve, and implement cybersecurity controls aligned with industry standards and regulatory frameworks. My focus includes cloud security, risk assessments, control testing, and supporting compliance readiness efforts. I enjoy working in environments that promote critical thinking, research-backed approaches, and mentorship. I thrive when exploring emerging tech risks, streamlining controls, and building resilient digital ecosystems. In my downtime, I’m a beach enthusiast who can’t swim (yet), mildly obsessed with sweet mangoes, and firmly anti-pickles.

Experience

  • Cybersecurity Risk & Regulatory Experienced Associate at PwC
    Aug 2023 - Present · 3 yrs

    - Facilitate workshops and individual interviews to identify and document client risk profiles, risk appetite, and key cybersecurity, data privacy, and regulatory requirements. - Plan and execute formal risk assessments using COBIT and PwC assessment frameworks; delivered clear, actionable reports to leadership. • Conduct enterprise threat modeling exercises to identify and assess vulnerabilities across systems and processes. • Collaborate with client sponsors to engage cross-functional stakeholders, including IT, Security, Legal & Compliance, HR, and business units, ensuring alignment and buy-in. • Assess client security organizations, operating structures, and third-party relationships to identify gaps and improvement opportunities. • Review IT and security architectures, design patterns, and technical documentation to evaluate security posture. • Evaluate environments against leading cybersecurity and privacy frameworks such as NIST 800-53, ISO 27001/27002, PCI DSS, HIPAA, FFIEC, NYDFS, GDPR, CCPA, and GLBA. • Leverage analytical tools to produce insights on cyber threats, risks, and vulnerabilities. • Develope enterprise change management plans and communication roadmaps to support future-state security programs and organizational transitions.

  • Syracuse University (3 yrs 7 mos)
    • Student Manager
      Jan 2022 - May 2023 · 1 yr 5 mos

      1. Manage student staffing schedule 7 days/ week, followed by weekly and daily schedule updates. 2. Provide sufficient and effective communication support among student employee staff and commercial employee teams. 3. Efficiently mediate conflicts that arise in the workplace among student employees or between student employees and commercial staff. 4. Responsible for new student employee or supervisor application screening, interviews and hiring. 5. Lead student training and orientation efforts in safe food preparation practices, fire, burns, gas leaks and other emergency protocols. 6. Revise protocols and policies in place, making necessary adjustments and changes with guidance from the senior commercial manager. 7. Responsible for technical troubleshooting, relating to but not limited to cash registers, internal computer systems and programs, vending machines and beverage equipments. 8. Collaborate and delegate responsibilities to supervisors for smooth shift running. 9. Review and approve daily and weekly student timesheets, for weekly payroll services.

    • Marketing Research Intern
      Jan 2021 - May 2023 · 2 yrs 5 mos

    • SEM 100/ FYS 101 Peer Facilitator
      Aug 2020 - Sep 2022 · 2 yrs 2 mos

  • Non-Profit Consulting Extern with PWC at Paragon One
    Sep 2022 - Oct 2022 · 2 mos

    Familiarized with the vision, mission, and work of The Education Trust - Midwest. Learned basic concepts in the nonprofit sector and current corporate giving trends, with a focus on similar organizations. Review and consider the profiles of funders, evaluate criteria for potential donors, and created ideal personas of ideal institutional and individual donors that are aligned with the mission and goals of the organization. Created a concise presentation that highlighted insights and trends from research into the fundraising landscape and their recommendations on the best funder personas to pursue.

  • Cybersecurity, Privacy and Forensics - Cyber, Risk & Regulatory Compliance Intern at PwC
    Jun 2022 - Aug 2022 · 3 mos

    Benchmarked clients’ cybersecurity capabilities against NIST industry standards, peers and leading practices to identify key initiatives that can improve the effectiveness of clients’ cybersecurity programs. Assist in developing tailored cybersecurity strategies, governance models, and transformation programs informed by the risks, threats, and trends driving clients’ industry, and aligned with the strategic objectives and culture of clients’ organization. Assist clients’ in building sustainable capabilities to manage cybersecurity risks throughout the risk lifecycle. Review the existing clients’ control protocols and make recommendations to clients on how to take control of their regulatory compliance management activities using technology and automation to meet industry standards, regulatory requirements and provide key insights for operational excellence.

  • Launch Summer Intern EY at Ernst & Young Global Consulting Services
    Jun 2021 - Aug 2021 · 3 mos

    1. Support the client’s Technology organization through various project management activities including reviewing and enhancing client project plans/roadmap that were created in response to regulatory feedback through observations and recommend enhancements based on the team’s understanding of client program plans. 2. Support day-to-day program management of the client’s program execution including status reporting, RAID log maintenance, meeting agenda, and minutes. 3. Worked with action plans in Excel, performing analyses, tracking, and updating content and created presentations to summarize progress and provide status on deliverables. 4. Assisted with preparing Gannt charts to show the client’s project milestones and activities, specifically for the Compliance work stream. 5. Collaborate with team members and stakeholders to understand or identify defined work problems and program goals, obtain prioritized deliverables, and discuss program impact.