Risk Management Continuous Improvement
Resume:
Ayobami Elizabeth, Ebhojie
Centreville, VA 571-***-**** ad5dtr@r.postjobfree.com
Experienced Cybersecurity Professional with 7+ years of demonstrated success in GRC compliance, risk management, continuous monitoring, and IT auditing. Proven track record in safeguarding CIA principles by crafting robust security policies, procedures, and controls. Skilled in assessing IT controls, driving compliance with industry frameworks, and conducting internal audits to proactively identify and mitigate IT risks. Adept at driving continuous improvement in organizational security posture.
SKILLS
Assessments & Compliance: SOC 2 - Type 1 & 2 Reports, PCI-DSS, GRC,CAIQ, SSAE 18, SIG, HITRUST, HIPAA, ISO 27001/2, NIST 800 series, FedRAMP, ITGC, Vendor/Supplier Security Audit, FIPS 199, ITCG, FISMA, ITIL
IT Program Directorship & Management: Cybersecurity Technical Writing (Policies, Standards, and Procedures), Third-Party Risk Management, Business Continuity & Disaster Recovery (BC/DR),SDLC Security Controls, Policies and Procedures, Implementation, Incident Response, Supplier management, Risk Assessment and Risk Mitigation Analysis, Access Control Management, Contingency Plan, Policy Review, Continuous Monitoring, Artifacts gathering, Remediation,SSP, SCRM,SAR, SAP, CMP.
IT Security Tools: RSA Archer, Vanta, OneTrust, Knowbe4, Privacera, NContracts, Quantivate, Riskonnect.
Productivity Tools: Microsoft 365, ServiceNow, Jira /Confluence, Sharepoint, Slack,Teams, Google Docs, MS Teams, BOX.
Soft Skills: Teamwork,Problem Solving, Interpersonal Communication, Conflict resolution.
CERTIFICATIONS
Certified Information Security Auditor (CISA)
AWS Certified Solution Architect
PROFESSIONAL EXPERIENCE
Molina Healthcare July 2021 - Present
GRC Analyst Contractor
Initiate and lead planning meetings with system owners to define assessment scopes, system boundaries, and classifications, ensuring alignment with security requirements.
Assess internal controls against security and privacy frameworks (HIPAA, PCI-DSS, HITRUST, SOC2) to ensure comprehensive compliance.
Conduct risk assessments targeting the protection of client information, identifying and mitigating vulnerabilities.
Leverage OneTrust to streamline risk assessments, control testing, and compliance reporting for operational efficiency.
Scrutinize audit findings to pinpoint root causes of compliance issues and design effective corrective measures.
Communicate complex compliance matters with clarity and conciseness to diverse audiences, fostering understanding.
Utilize KnowBe4 to promote mandatory security training resources and reinforce security consciousness.
Facilitate the setup of the company's Trust Portal by gathering essential documentation (e.g., CAIQ, SIG).
Oversee the Third-Party Security Vendor Risk program, conducting assessments and leveraging OneTrust for inquiries.
Perform detailed assessments aligned with industry standards and best practices.
Use OneTrust to collect, analyze, and report findings, including the administration of questionnaires.
Conduct direct security evaluations with clients to ensure robust security posture.
Review third-party documentation to verify the proper implementation of security controls.
Analyze data to pinpoint security weaknesses and compliance gaps.
Meticulously document assessments, pinpointing risks, and associated threats.
Effectively communicate identified risks and remediation strategies to stakeholders.
Coordinate evidence requests in Jira to streamline communication and review processes.
Establish and enforce policies aligned with industry benchmarks (SOC 2, ISO 27001, HIPAA and PCI DSS) for data security and compliance.
Generate regular reports for senior management on security status, compliance updates, and potential non-compliance areas.
Conduct security assessments for recently onboarded applications.
Wells Fargo January 2019 - June 2021
Third-Party Risk Analyst Contractor
Conducted in-depth vendor risk assessments, spanning security, financial stability, operational practices, regulatory compliance, and ethical standards.
Analyzed third-party security assessments (SOC 2, penetration tests, vulnerability scans, etc.), pinpointing critical risks and recommending mitigation strategies.
Managed the entire third-party lifecycle, ensuring robust risk management from planning and due diligence through contracting, monitoring, and exit.
Evaluated third-party risk by comprehensively reviewing security reports (SOC 2, penetration tests, vulnerability scans), business continuity plans, and incident response plans.
Identified control weaknesses through assessments, mitigating potential vulnerabilities in vendor security measures.
Escalated critical risks to ensure timely mitigation and maintain third-party compliance.
Collaborated with procurement, legal, cybersecurity, and business teams to unify risk management strategies and address vendor risks holistically.
Tracked vendor performance against contractual obligations, SLAs, and industry standards, ensuring ongoing compliance.
Leveraged SIG and IRQ questionnaires to gather extensive vendor information, enabling accurate risk posture assessment.
Provided clear recommendations to vendors, facilitating security improvements and adherence to risk management guidelines.
Implemented KnowBe4 phishing simulations, identifying vulnerabilities and providing targeted training to enhance employee awareness.
MoneyGram July 2016 - December 2018
IT Auditor Contractor
Identified and assessed key risks and controls, developing effective test plans for engagements as assigned.
Conducted rigorous risk assessments to identify critical control weaknesses, developing and executing targeted audit test plans.
Led audit planning, walkthroughs, and control testing, meticulously evaluating the internal control environment for compliance and effectiveness.
Executed comprehensive Tests of Design (TOD) and Tests of Effectiveness (TOE) to ensure the integrity and operational efficiency of key controls.
Assessed cloud environments (AWS, Azure, GCP), pinpointing security risks, compliance gaps, and vulnerabilities to safeguard sensitive financial data.
Collaborated with cloud teams to implement robust security controls and best practices, aligning cloud infrastructure with organization's risk tolerance.
Managed and tracked Internal Risk Control Self-Assessments (RCSA), ensuring adherence to policies, timely remediation of gaps, and escalation of critical issues.
Maintained detailed SOX documentation, guaranteeing accurate representation of scope, testing methodologies, and remediation activities.
Proactively identified and addressed control deficiencies, partnering with stakeholders to mitigate risks and maintain a strong security posture.
Produced comprehensive reports on audit findings, risk assessments, and recommended actions, facilitating informed decision-making.
Participated in key security projects, driving the secure implementation of new technologies and ensuring ongoing compliance with regulations.
Audited IT general controls in support of Sarbanes-Oxley 404 and SOC compliance initiatives, protecting the integrity of financial reporting.
Optimized audit department efficiency by successfully managing multiple projects simultaneously, delivering high-quality results within established timelines.
EDUCATION
UNILAG
Bachelor of Science in Public Administration
Full Sail University
Associate in Information Technology
Contact this candidate