AI GovernanceComing soon
Building an AI Acceptable Use Policy That Teams Actually Follow
Subscribe to be notified when published.
Available for Executive & Advisory Engagements
Thomas Wesley
Anokye
Senior GRC Leader/Security Compliance Expert/AI Governance Professional
Helping organizations strengthen security, reduce risk, achieve compliance, and govern emerging technologies responsibly — across HITRUST, PCI DSS, HIPAA, NIST, ISO 27001, and enterprise AI programs.
10+
Years in InfoSec & GRC
5
Fortune-class programs led
3
ISACA certifications
Principal Analyst
Medtronic · Remote
Melissa, TX
USA
USA
HITRUST · PCI · HIPAA
AI Governance
Third-Party Risk
About
A trusted advisor at the
intersection of security, risk & AI.
With a Bachelor's in Information Systems & Cyber Security and a decade of hands-on leadership in Information Security, Privacy, and Governance, I partner with executive teams to translate complex regulatory and technological risk into clear, actionable strategy.
I hold CISM, CRISC, and CISA certifications and have led GRC and Third-Party Risk programs across healthcare, finance, telecommunications, and architecture — building HITRUST, PCI DSS, HIPAA, NIST, and ISO 27001 programs that stand up to executive and auditor scrutiny.
Today, I focus on the next frontier: designing enterprise AI Governance frameworks that allow organizations to adopt artificial intelligence responsibly, securely, and in alignment with emerging regulation.
10+ years in InfoSec & GRC
Enterprise compliance programs
HITRUST certification leadership
Responsible AI governance
Certifications
Credentials that anchor every engagement.
CISM
CertifiedCertified Information Security Manager
ISACA2021
CRISC
CertifiedCertified in Risk & Information Systems Control
ISACA2021
CISA
CertifiedCertified Information Systems Auditor
ISACA2021
CISSP
In ProgressCertified Information Systems Security Professional
(ISC)²
CGEIT
In ProgressCertified in Governance of Enterprise IT
ISACA
Core Expertise
A full-spectrum GRC & security toolkit.
Frameworks, controls, and disciplines applied across regulated, enterprise environments.
Governance, Risk & ComplianceAI GovernanceThird-Party Risk ManagementSecurity ComplianceHITRUSTPCI DSSHIPAASOC 2ISO 27001NIST FrameworksVendor Risk AssessmentsEnterprise Risk ManagementSecurity AuditsPolicy DevelopmentSecurity Awareness Programs
Experience
A career building
enterprise-grade security programs.
From healthcare to telecommunications and architecture — leading compliance, third-party risk, and AI governance at scale.
Education
Academic foundation in cybersecurity & systems.
Bachelor of Science: Information Systems and Cyber Security (ISC)
ITT Technical Institute
Richardson, TX2012 — 2014
Associate Degree: Information Technology & Computer Network Systems (CNS)
ITT Technical Institute
Richardson, TX2010 — 2012
AI Governance
Building responsible AI programs.
From acceptable use policy to vendor due diligence and model accountability — a complete operating system for AI in the enterprise.
AI Governance Lifecycle
1Intake & Use-Case Review
2Risk & Privacy Assessment
3Control & Policy Mapping
4Approval & Deployment
5Continuous Monitoring
AI Governance Frameworks
Operating models, decision rights, and oversight structures for enterprise AI.
AI Risk Assessments
Cybersecurity, privacy, operational, and reputational risk analysis for AI adoption.
AI Policy Development
Acceptable use, data protection, human oversight, and model accountability.
Responsible AI Practices
Ethical principles applied to model selection, deployment, and ongoing monitoring.
AI Compliance
Alignment with emerging AI regulation, sector requirements, and audit readiness.
AI Security Controls
Control design for AI pipelines, data, prompts, and model outputs.
AI Vendor Assessments
Due diligence for third-party AI tools and AI-enabled platforms.
AI Acceptable Use Programs
Awareness, training, and enablement so teams use AI responsibly.
Key Achievements
Outcomes that scale across the enterprise.
Led HITRUST certification initiatives across regulated healthcare environments.
Developed enterprise AI Governance policies, standards, and procedures from the ground up.
Designed and operationalized third-party cybersecurity risk programs at Fortune-class scale.
Built enterprise risk registers, taxonomy, and scoring models in RSA Archer, LogicGate, and OneTrust.
Implemented HITRUST, PCI DSS, HIPAA, NIST, and ISO 27001 compliance frameworks.
Reduced organizational risk exposure through structured remediation and continuous monitoring.
Delivered executive-level risk reporting, heat maps, and dashboards for strategic decision-making.
Consulting Services
Engagements built around measurable risk reduction.
Selective consulting work for organizations that need senior-level GRC, AI governance, or security compliance leadership.
01
Security Compliance Consulting
HITRUST, PCI DSS, HIPAA, SOC 2, ISO 27001, and NIST advisory across program lifecycle.
02
Third-Party Risk Assessments
Vendor due diligence, control evaluation, and remediation tracking at enterprise scale.
03
AI Governance Program Development
Policy, framework, lifecycle, and oversight structures for responsible enterprise AI.
04
Enterprise Risk Assessments
Risk register design, taxonomy, scoring methodology, and executive reporting.
05
Compliance Readiness Reviews
Gap analysis and remediation roadmaps to prepare for certification or audit.
06
Security Policy Development
Policies, standards, procedures, and operational documentation aligned to frameworks.
07
GRC Advisory Services
Trusted advisor support to executive leadership, security, and risk teams.
Thought Leadership
Field notes on GRC, AI governance, and cybersecurity.
Third-Party RiskComing soon
From Questionnaire Fatigue to Continuous Vendor Assurance
Subscribe to be notified when published.
ComplianceComing soon
HITRUST Readiness: A Practical 90-Day Path
Subscribe to be notified when published.
GRC CareersComing soon
From Analyst to Principal: Building a GRC Career With Conviction
Subscribe to be notified when published.
Contact Information
Let's discuss your next opportunity.
Open to executive leadership roles, full-time positions, contract engagements, advisory work, and speaking opportunities.