Post Job Free
Sign in

Management Security

Location:
Toronto, ON, Canada
Posted:
June 08, 2015

Contact this candidate

Resume:

SUMMARY

IT Professional with extensive experience of providing IT Services and Solutions within various sectors- including Insurance, Finance, Banking, Telecoms and Retails. Certified Competent & Lead Assessor providing Governance and Management of IT Security, demonstrating expertise to ensure regulatory security compliance, conducting Security reviews, evaluating risks and developing security policies and processes. Experienced in working with executives, Internal and external Auditor, Contractors and vendors. Thoughtful and diligent self-starter who cares not only on business outcomes but also team development. Dedicated to continuous improvement, benefit realization, optimizing processes and controls, adopting new tools and methodologies, encouraging creativity and sharing knowledge.

CORE SKILLS

IT Audit, Security and Control

• IT Audit Program Management

• IT Security Program Management

• IT Risk Management

• Control Self-Assessment (CSA)

• Penetration Test

• Nessus Vulnerability Scanning

Standards and Frameworks

• ITIL, COBIT, COSO, OCTAVE

• PCI-DSS, SSAE16 / SAS70,SOC1/SOC2

• ISO 27001/2,NIST 800-53,38500,SANS 20

• HIPAA,PIPEDA

• Sarbanes-Oxley Section (SOX)404

• Gramm-Leach-Bliley Act (GLBA)

• ISO27005,NIST Cyber Security Framework

• Resolver GRC Cloud Base

Business Process Management

• Oracle BPM Suits 11g

•Service Oriented Architecture (SOA)

• Requirement Elicitation

•Web Technology Security

• "n" tier IT architecture

•Bonita soft BPM Suit

PROFESSIONAL EXPERIENCE

IT SECURITY / COMPLIANCE CONSULTANT- Indigo Books & Music, Toronto

Maintain an information security strategy in alignment with organizational goals and objectives in support of the ongoing management of the information security program

Provide Management with quarterly report Metrics on Key Goal Indicators, Key performance Indicators and Key Risk Indicators to substantiate the effectiveness of the information security strategy

Develop Vendor Risk Management documentation and Integrate information security requirements into contracts and activities of third parties to maintain the organization’s security baseline.

Identify the gap between current and desired risk levels to manage risk to an acceptable level.

Management & Competent Lead Assessor for Process Capability Assessment Project using COBIT PAM and COBIT PRM.

Management of Information Risk, Testing of ICFR through ITGC for SOX Compliance.

Assessment of Information Security Posture and Review of Information Security Policies.

Development of high level Systems security policies, processes, procedures and baseline using ISO27001/ISO27002 as reference.

Facilitation and development of Security Awareness Programs for employees.

Project Managing the PCI Assessment with the QSA towards the ROC achievement.

Report on non-compliance and other changes in information risk to IT- Senior Management Team to assist in the risk management decision-making process.

Review of SAP ERP Security tables using Transaction Codes on Security Parameters.

Application of Auditing Standards e.g GAAP COSO, COBIT to achieve reasonable assurance of the design and operating effectiveness of ICFR.

Management of COSO 2013 Transitioning Project.

Activity-level of IT Internal controls based upon the COBIT framework.

IT General Control and Business application control as part of inputs for the Management attestation of the effectiveness of ICFR to provide reasonable assurance that Material Misstatement is prevented or detected in a timely manner.

IT INFRASTRUCTURE ANALYST - Vocalink Financial Services (Jan 03, 2012- May 2013)

ACCOMPLISHMENTS

Thorough pre-deployment security checks on internal Web application through the risk assessment of the application, Authentication, authorization and Access Control, Session management, Input Validation, buffer overflows, error handling and logging.

Development of Statement of Applicability (SOA) for the Internal Infrastructure IT and Enterprise Management group environments, following the major risk assessment and treatment plan.

Modified and updated the Acceptable use policies documents for all internet related activities and followed up with the rules sets with network teams.

Ensured continuous compliance with standards adopted by the business where certain elements are complimented by the implementation of ISMS –SAS70, PCI-DSS etc.

Development of Personal Mobile Device Computing Policy (BYOD) in line with Enterprise Security policy using Good for Enterprise Application.

Regular measurement of Security Metrics and Maturity using COBIT and CMMI.

Implementation of class three assessments on the in-house Manage Problem based on CobiT5 PAM (Process Assessment Model) using CobiT5 Process Reference Model (PRM) to identify key issues and for better performance in Unix Live Supports.

SYSTEMS CONSULTANT - AACSL Essex, UK (May 6th 2010 – Dec 11th 2011)

Responsibilities:

Proactively managed information systems items and configuration management Database according to the ITIL best Practice.

Developed and Implemented Business Process Management using Oracle BPM Suite 11g R1 to improve the processes across the organization..

Developed high level Systems security policies, processes, procedures and baseline using ISO27001/ISO27002 as references.

Managed the Systems user access controls by implementing MAC & DAC where necessary.

Engaged in Systems audits and control, Security Information and Event management (SIEM)

Technical subject matter expert, evaluating, selecting and integrating all information security related projects.

Delivered Security technical briefings to Program and Project management group

Engaged in the Security requirement elicitation using Stakeholders needs perspective to understand business enterprise security needs.

Engaged in Systems audits and control, Security Information and Event management (SIEM).

Presenting projects, utilizing exceptional presenting skills and communicative abilities, successfully transferring knowledge to new team members.

IT SYSTEMS ANALYST - ORACLE CORPORATION (June 2007 – May 2010)

Citigroup Financial Services-CTI EMEA Data Centre Operations

ACCOMPLISHEMENTS:

Regular Risk assessment, utilizing FRAP methodology and reporting.

Ensured the Security Policy is followed during solution designs and project engagement

Provided strategic guidance on security Architectures for every IT related project.

Provided regular Risk quantification according to the prescribed methodology

Regularly engaged with the internal control exercise to comply with PCI-DSS standard.

Regular development of Risk treatment for every identified risk.

Regular ownership of the systems with HSM for usual crypto-process of Keys

Provisioning of Users’ account through the Single-Sign On technologies

Participated in appropriate client proactive service management.

Ensured the data at rest is encrypted where necessary and according to the approved encryption standard

IT INFRASTURCTURE ANALYST - SITA UK INC. (July 2006 - May 2007)

ACCOMPLISHMENTS:

Management of IT infrastructure internal controls – Preventive, Detective and Reactive

Ensured the access control are provisioned based on the Company Security Policy

Quarterly development of Audit plan to cover the Control Self-Assessment exercise

Report generation for every findings and recommendations

Regular analysis and review of systems audit logs

Management of Access Control Unix users account provisioning through the LDAP technologies

Quality of Service Improvement management

Reviewed and evaluated the procedure for UNIX and Linux user accounts.

Regular comparison of Oracle database version against the supported version by the vendor

Regularly ensured the network encryption is implemented

Providing Day to Day management of Unix Servers and configurations base on Security baseline

Support of VERITAS Cluster, with SAN and Disk Management Using VERITAS Volume Manager, VERITAS File System

Management of SUN SVM, Configurations of Solaris Containers, Disk Zoning, Fair share scheduling etc. in Solaris 10.

SYS / NETWORK SEC. ENGR - COMPUTER WAREHOUSE LTD (Jan 1999 - June 2006)

Responsibilities:

On-site engineer in Data Center of Networkgroup (NWG) In-prepaid, Value Added Services (VAS), Network Management Center (NMC), Data Communication Network (DCN), Transmission System Services (TSS), Operation Services Systems (OSS), Billing Gateway (BGW) also running on other Database applications like Oracle 8i,9i and 10g,SQL .

EDUCATION

Master of Science in IT & Strategic Innovation with Management (MSc.)

Kingston University, London. United Kingdom. Jan .2012

Bachelor of Science (Hons.) in Physics (BSc.)

University of Ibadan Nigeria Jan. 1998

PROFESSIONAL MEMBERSHIP

Professional Member, British Computer Society (MBCS # 990162327)

Member, Association for Computer Machinery (MACM ID # 9138615)

Professional Member Info. Sys. Audit & Control Ass. (ISACA ID # 665402)

International. Info. System Security Certification Consortium (ISC2 ID # 356830)

Member,Sarbanes-Oxley Compliance professional Association (SOXCPA)

PROFESSIONAL CERTIFICATIONS

Certified Information Security Manager (ISACA CISM)

Certified Information Systems Security Professional (ISC2 CISSP)

Certified Information System Auditor (ISACA CISA)

Certified ISMS ISO27001 Lead Auditor (ISO27001 LA)

Certified in Risk and Information Systems Control (ISACA CRISC)

Certified COBIT 5 Competent Assessor (ISACA COBIT5 Certified Assessor)

Certified COBIT 5 Foundation (ISACA COBIT5 Framework)

Certified Sarbanes-Oxley Expert (SOXCPA CSOE)

Certified ISEB Business Analyst Foundation (ISEB-BA)

Certified ITIL Problem Management Practitioner (ITIL PMP)

Certified ITIL Foundation in Service Management (ITIL)

Certified SUN System Administrator for Solaris Operating System 8,9 & 10 (SCSA)

Certified SUN Solaris 10 Security Administrator (SCSECA)

Certified SUN Solaris 10 Network Administrator (SCNA)

Certified SUN Cluster 3.2 Administrator(SCCA)

Certified Sun Workgroup Systems Engineer (SCWE)

Certified Sun Enterprise Systems Engineer (SCEE)

Certificate In Project Management (CPM)

Certified Sun Accounts Management (SAMC)

Certified Sun Proactive Management (SPMC)

Certified Symantec Professional (VERITAS Storage Foundation 5.0)

Certified Symantec Professional (VERITAS Clusters Server 5.0 for Unix)

REFEREES

Available Upon Request.



Contact this candidate