Cyril Omorogbe.

732-***-**** acrjl3@r.postjobfree.com

Commitment Leadership Integrity

“Roll up the Sleeves” Collaborative Leadership

Highly Effective in Galvanizing Teams for Improved Performance

Accomplished Information Security, Compliance, and Governance leader with a solid track record of success in leading business transformation and cultivating cultures of excellence. Provides 20+years’ Leadership/Managerial/Consulting experience in Business, IT, Security Architecture, IT Governance Risk & Compliance (GRC), and Operations supporting Fortune 500 companies, overseeing teams of up to 62 associates and budgets ranging $2-6M annually. Deeply experienced working with regulatory requirements (SOX, HIPAA, Banking Regulations, GLBA, FFIEC Audit Handbook and industry-related security standards, PCI-DSS, NIST 800 series) and frameworks such as ISO27001/27002/27005, COBIT, COSO, and conducting audit preparation for FDIC & OCC audit examinations. Experienced and effective in working within a matrix environment with diverse team members.

Leadership Profile

Patient and committed mentor in developing teams, successfully infusing cultures of excellence.

Experienced in turning chaos into order and quickly turning around underperforming organizations.

Excels in driving engagement and adoption across the enterprise leveraging a highly collaborative approach.

“Roll up the sleeves” style of leadership that partners with executive leaders, business units, and IT teams to understand nuances and tailor working solutions that deliver immediate, positive impact.

Cultivates fair, pay-for-performance working environments that deepen retention and engagement of IT/IS teams.

Identifies gaps and develops plans to reduce deficiencies.

Leverages FFIEC, NIST and other best practice and process frameworks to drive continual process improvement.

Broad information security project experience: policy development, internal/external audits, corporate IT governance, compliance testing and operational risk (GRC), vendor management, security metrics reporting, awareness and training, incident response, and physical security.

Audits: SSAE 16, Type 1 and 2; AT Section 101, SOC1, SOC2 and PCI-DSS Assessment.

Conversant with a wide range of security protocols and Controls: data loss detection/prevention, Identity Access Management (IAM), disaster recovery and business continuity plans, security information/event management, host-based integrity checking, end-point security, firewalls, etc.

Architecting and deploying Identity Management, LDAP Directories, Single/Reduced Sign-On (SSO), Provisioning and Provisioning/Identity Workflows, Access Management, RBAC (Role-Based Access Control), Compliance and Auditing Technologies, Federated Identity/Federation, Enterprise System Architecture, Security Infrastructure Design, and Authentication and Authorization technologies.

Full proficiency with vulnerability assessment and management tools (Fortify, Nessus, Web Inspect, Metasploit, Archer, etc.)

Demonstrated broad-based strengths and accomplishments in:

oStrategic & Tactical Planning

oRegulatory Compliance

oAwareness Training, & Building Security Programs

oBusiness Impact Analysis

oProject Management

oBudgeting and Cost Control

oOperations Management

oPrivacy & Compliance

oVendor Assessment/Mgmt.,

oE- Commerce Strategy & Development

oIT Governance, Risk & Compliance (GRC)

oVulnerability Assessment & Penetration testing

oInformation Security & IT Architecture & Integration

oFramework, Policy & Procedure Development

ISO/IEC 27001, 27002, 22301, BSIMM, HIPAA-HITECH, FFIEC, Fed RAMP, PCI-DSS, OWASP, SOX, COBIT, COSO, SSAE 16, GLBA, NIST, OpenSAMM, SCADA, Privacy.

PROFESSIONAL EXPERIENCE

Explorys (IBM) April 2015- Present Cleveland, OH

InfoSec/GRC Consultant

Evaluated and reviewed the security architecture standards, security software and hardware components

Coordinated and participated in internal security risk assessments.

Developed and maintained positive relationships with Auditors, IT professionals and business clients.

Interpreted and complied with HIPAA, SOX, SOC 2 and PCI requirements, as applicable

Identified the gaps or deficiencies relating to ISO 27001 and SOC 2 controls.

Developed and implemented ISMS (Information Security Management Systems) and prepared the company for ISO 27001 and SOC 2 certifications.

Worked as an advisor for giving practical recommendations to comply with ISO 27001 and SOC 2 compliance requirements.

Santander Consumer January 2015- April 2015 Dallas, TX

Manager, IT Governance & Strategic Oversight.

Manages the review, development, implementation, and improvement of IT policies, procedures, processes, programs, and practices to guide the organization toward continuous compliance with industry laws, regulations, and frameworks.

Essential Functions:

Identifies gaps and develops plans to reduce deficiencies

Drives the optimization of existing IT procedures and knowledge of IT programs and environment to achieve consistency, efficiency, and accountability

Develops, manages, and measures timely and appropriate reporting, summaries, analytics, process logs, metrics, and scorecards, and other control records

Manages key strategic initiatives and management stakeholders to prioritize, review, resolve, etc. to ensure timely success

Leverages FFIEC and other best practice and process frameworks to drive continual process improvement

Designs and architects eGRC tool as an integral enterprise GRC solution

Functions as a subject matter expert in SOX, SSAE16/SOC1, SOC2, PCI, FFIEC, etc.

CICAYDA, LLC July 2013- Dec.2014 Nashville, TN

Chief Information Security Officer (CISO) and Chief Privacy Officer

Partner with the CEO, CIO and other senior leadership positions to establish and communicate a clear and compelling technology vision and roadmap.

Demonstrated experience implementing an information security program end to end, from concept into business services and from architecture through to operations.

Managing the risk, controls, privacy, security and other related compliance activities for all of the organization’s information assets, products and services.

Experience in the evaluation and implementation of industry-standard enterprise-wide information security technologies and concepts, including Data Loss Prevention, Security Event Management, GRC Tools, Threat and Vulnerability Management, Identity and Access Management, Application Security, Computer Forensics.

Provided technical architecture leadership to the company's Public Key Infrastructure (PKI) program utilizing Java and C++ based certificate authorities, directory services, transaction processing systems, and smart card applets.

Responsible for the effective execution of all Compliance Framework elements.

Serve as key contact for all compliance matters and coordinate support across multiple compliance resources.

Manage assessment and implementation of regulatory change, implement training and policies, conduct compliance monitoring and testing for key regulatory requirements, and drive timely identification and remediation of issues as necessary.

Support activities with appropriate reporting and communication to key stakeholders, including regulatory agencies as appropriate.

Achievement highlights:

Design/ implementation of organization’s effort towards attaining HIPAA- HITECH, Safe Harbor compliance, ISO 27001, SSAE 16 (Soc. 2) and FedRAMP certification and accreditation

Hands on leadership in mentoring, recruitment, retention, professional development and conduct regular performance appraisals.

Architecting, Integrating with organizational process and monitoring risk management processes

Leverage a wide range of security technologies including, but not limited to: SEIM, IDS/IPS, HIDS, malware analysis and protection, content filtering, logical access controls, identity and access management, BYOD, data loss prevention, and content filtering technologies.

Impacts:

Research various threats to company and client security. Conduct investigations of security incidents.

Advised business units of information security threats and mitigations.

Evaluated frameworks to determine the best approach including COBIT, COSO and ISO27001

Review and answered vendor and client security questionnaires.

Wal-Mart February 2011- July 2013. Bentonville, AR

Senior IS Security Engineer

Leading efforts to identify, develop, implement and maintain processes across the organization to reduce information and information technology (IT) risks.

Oversees risk management and information-related governance, in alignment with the policies and procedures.

Developing holistic architecture and security solution such as complete controls designed to protect the business while mapping key services to needed information systems

Consistently recognized for meeting goals and expanded efficiency and security awareness.

Perform vendor security assessment

Identify potential risk, consult on mitigating or reducing risk

Demonstrates Compliance influence and ensures accountability for Compliance elements of the Risk Framework, maintaining independent compliance oversight of business and vendor performance.

Promotes the culture of Compliance and ensures the identification, escalation and timely mitigation of compliance risks.

Achievement highlights:

Developed the Company’s first Security Awareness Program, including the initial enterprise-wide Security Awareness Training.

Established a tracking and monitoring system to ensure deployment and completion of training across the organization; achieved 98% completion within an ambitious 2.5-month timeline.

Accelerated business user learning and new practice engagement and adoption by crafting highly relevant training materials, simplifying the steps needed to become and remain compliant.

Tapped to aid in development of the Company’s first standardized enterprise governance program, taking on a compliance consulting analyst role to ensure full compliance across organization

oDeveloped the Company’s first Compliance Testing Program in collaboration with PWC and Deloitte.

oParticipated on teams as the security expert for governance interaction with a third-party IT vendor, testing of disaster-recovery corporate plans, and the creation of an information security risk mitigation plan.

oParticipated in the Company’s Sarbanes-Oxley (SOX) 404 IT compliance and attestation efforts, by planning and performing control’s testing, and reporting of SOX IT audit findings to all key stakeholders.

Hand-picked by the Chief Information Security Officer (CISO) to develop Company’s first standardized Enterprise Information Security Policy and Awareness Programs. Collaborated with CISO and key stakeholders (Technical, Legal, and Human Resources) to create and maintain the policy, procedures, standards and security baseline’s requirements.

Partnered closely with the President of each Line of Business (LoB), CISO and Legal to create IT Security Policy and directives for adoption by the ADS Board for their approval.

Conducted IT Compliance Controls Testing, reported findings and worked with key stakeholders to resolved issues to ensure compliance.

Worked closely with each LoB Information Security Officer (ISO) to create Baseline Requirements for 3 distinctly different LoBs (Retail, Pharmacy and .com) and their business function groups.

Infused a highly collaborative approach working with each LoB to better understand unique requirements.

American Intercontinental University May 2011- July 2013 Schaumburg, IL

Adjunct Instructor (InfoSec, IT)

BNP PARIBAS BANK September 2009 – January 2011 Jersey City, NJ

Application Security Consultant (Contract)

Evaluate information security products and provide guidance as to their strengths and weaknesses as security tool candidates

Performed security risk assessment and recommend measures to deal with identified risks across many differing aspects of IT systems.

Partner with other architecture disciplines: data management, application development etc. to develop reference architectures and best practices

Seek ways to apply new technology to, and reuse existing technology for, business processes; research and provide information on technical trends and competitors' practices relevant to assigned domain

Led the team that redesigned the security work activities with GUI applications, resulting in better performance.

Lead the development of the target enterprise architecture (business, data, application, technology) for varied process and technology domain

Facilitate the evaluation and selection of software products

Security Bank of North Metro May 2006 – August 2009 Woodstock, GA

Chief Information Security Officer (CISO)

Initiated, facilitated, and promoted activities to create information security awareness within the organization.

Maintains the IT Security, Policy, and Compliance Team’s policies, and procedures and the annual updates.

Balancing business strategy with appropriate controls. Works with the Compliance senior leadership to develop, implement and communicate Corporate Compliance's mission, goals and strategies.

Understand changing business needs of the organization, recommend viable strategies for the future organization and provide actionable recommendations for business and technology teams

Provide architecture consulting to project solution architects (internal or external) to ensure alignment with target architecture

Lead development of conceptual and architectural solution blueprint for assigned projects to meet business requirements while ensuring compliance with established architectural principles, standards, and processes

Develop road maps describing the evolution of all enterprise solution portfolios from current state to future state.

Responsible for strategic and tactical planning of Security, Compliance and Regulatory Reporting dedicated to PCI, SOX, FDIC, GLBA, NIST and FFEIC requirements.

Achievement highlights:

Galvanized team’s efforts, working 24 x 7 to meet aggressive delivery goals; successfully developed new security program and securing full corporate board approval within eight months.

Ensured adherence to policies and standards to legal and regulatory requirements (SOX, HIPAA, GLBA, Banking Regulations, and industry-related standards, PCI DSS) by conducting extensive research utilizing (FFIEC – IT Information Security Handbook, National Institute of Standards and Technology (NIST), SANS, ISC2, ISACA) resources. Efficiently re-engineered strategic planning and servicing operations to enhance performance and improve customer satisfaction by 30%.

Created company policies and procedures governing corporate security, email and Internet usage, access control, Identity Management (Oracle Identity Management), LDAP and incident response.

Developed IAM (Identity and Access Management) solution strategies, implementation plans and architecture.

Maintain full Identity Management systems

Integration of all PeopleSoft systems, Active Directory, OID, and Exchange

Developed 5 environments on both physical and virtual hardware.

Responsible for all development and implementation of OIM, OAM, OVD, OID, and some Oracle databases

Worked with project team members to create role based security for company employees. This established greater security over sensitive client data (IDM, LDAP using Oracle internet directory).

Successfully completed SAS/70 type 2 audits on time, without any findings or management comments required

Introduced change management policies and procedures for infrastructure changes reducing the number of unscheduled or unplanned outages by 75%

Successfully turned around an underperforming division that had been struggling with growing pains and unable to meet SLA performance requirements for 3+ years.

Transformed chaos into an order by establishing much-needed structure, policy, and repeatable processes.

Improved SLA down times by 25% while increasing efficiencies by 35%. Efficiencies were gained as the operational staff absorbed a third more work without increasing headcount or overtime.

Listened to the floor to better understand each functional group needs gaps and nuances. Carefully tailored and developed effective policies and procedures that are still in use today, 10+ years later.

Built trust with teams, instilling a partnership approach. This approach proved to be invaluable in fostering true engagement and commitment to organization’s goals and mission.

Cultivated fair pay-for-performance cultures. Attained payroll budget efficiencies in as little as 18 months and provided ten employees with 20%+ increases without impacting the pay or merit increases for other team members.

Optionsxpress Holding Inc. July 2005 – April 2006 Chicago, IL

Senior Business Analyst

Developed project plans, gathered system and data requirements, determined specifications and identified, documented and validated business requirements.

Architect for and the implementation of Sun Identity Manager and Sun Role Manager.

Integrated all systems with multiple back-end database systems.

Cut project scope and duration down by over 30% with discovery and project analysis

Developed testing plans and lead the testing process for system enhancements and UAT.

Acted as Advisor to management on process systems and redundancy elimination.

STATE OF NJ - Greystone Hospital January 2002 – July 2005

Senior Management Assistant

Assisted in the administration of hospital-wide quality management and performance improvement initiatives in the areas of Utilization Review; Risk and Quality Management; and Performance Improvement.

Consistently reduced or eliminated cost or schedule overruns, ensuring projects were completed to specifications while achieving significant savings.

Coordinated the execution and validation of Business Unit requirements, Quality Assurance, Compliance- HIPPA, and JCAHO.

Alpha Laser Products January 1992 – December 2001 North Bergen, NJ

Principal

Planned IT network infrastructure with clients to ensure that the systems are tailored and comply with their requirements and needs.

Administered servers and server clusters – managed system back-up, database and restored protocols.

Performed network QA test executed system analysis and troubleshooting in order to resolve problems with servers, workstations, and other network devices.

Managed data security for a 14-state region spanning 30 Multiple Virtual Systems (MVS - currently known as zOS) environments, including the provisioning of UserIDs for 36,000 users and the management of system (SETROPs) settings and dataset profiles for 15 separate RACF databases.

AFFILIATIONS

ISACA

ISC2

COMPTIA

IAPP

CERTIFICATIONS

CompTIA Advanced Security Practitioner (CASP) Certification

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

Certified Information Privacy Manager (CIPM)

Information Technology Infrastructure Library (ITIL Foundations)

Tenable Certified Nessus Auditor (TCNA)

Certificate- Computer Networking; Union County College; Cranford, NJ

CompTIA Information Security SME 2014

Business Systems Analysis Certificate (BSAC)

EDUCATION

Capella University

Doctor of Philosophy in Information Technology (Ph.D.)

South University

Master of Science in Information Systems Technology- InfoSec (MSIST)

Thomas Edison State College of NJ

Master of Science in Management (MSM)

University of Wisconsin-Whitewater

Bachelor of Science in Economics (BS)

Contact this candidate