Sign in

Information Systems Security

Abuja, FCT, Nigeria
April 07, 2017

Contact this candidate


** ****** ******* ****** **** FCT Abuja Nigeria.

Phone: 080********; 080********.


AKINOSI, Abiola Abiodun (MSc, CISA, CISSP, CEH)

Career Summary

Abiola is a qualified information security, audit and business improvement professional; A Master’s degree holder; Certified Information Systems Auditor, Certified Information Systems Security Professional; and Certified Ethical Hacker. Abiola has conducted numerous IT applications and general controls reviews, she has performed Information security process and standards for logical and physical security implementations. Abiola has a good understanding of the information security control measures as defined in ISO27001 and COBIT 5, performed systems audit reviews in a large, complex and dynamic environment, make recommendations and obtain the buy-in of stakeholders and C-level executives. Abiola has performed security risk management, vulnerability management & security Compliance management. Her hands-on knowledge of systems audit, business process re-engineering, enterprise-wide risk management, fraud prevention, detection and control, comes handy in improving organizations’ operations.

Abiola has assisted organizations on the implementation of a COBIT control framework in conjunction with established industry best practices, in addition she has helped to develop information security policies, processes and procedures using ISO 27001 as benchmark which has resulted to standardization of major IT security activities within the business and has also developed a maturity model regarding information systems governance. She has proffered useful recommendations on how the organization can improve IT security practices and activities to world class standard. Abiola is recognized for the value added she brings on board.

Skills and Proficiencies

Professional Accomplishments

Excellent in data analysis using Computer Assisted Audit Tools such as ACL and IDEA for extensive data re-computation; proficient in writing ACL scripts to perform trend analysis, worked with several ERP software packages such as SAP, Oracle and IFS.

Knowledge of COBIT domains control framework; Knowledge of ISO 27001:2 security control domains; Application Testing and Quality Assurance; fraud prevention, detection and control; Process Improvement Methodologies and Techniques; knowledge and application of COSO domain control framework. In-depth knowledge of security tools such as Qualys, Security Information and Event Management, ArcSight, Kaspersky, Impervia, Charging System Security.

Also skilled in the usage of audit software such as Teammate, eAudit and Enterprise Risk Assessor (ERA).

Single handedly deployed web captive portal in AEDC, the solution was deployed to prevent unauthorized users from having access to AEDC network.

Deployed enterprise-wide hard-disk encryption and USB lock down using Kaspersky Antivirus Security Center, this drastically reduced spread of malware in the organization.

Deployed 2-Factor Authentication solution to enable end-users login to the Active Directory using their usernames, password and One Time Passcode (OTP)

Detected multiple payments of Purchase Orders to vendors, this amounted to the tune of N100million naira. This was due to system deficiency in the approval hierarchy in Oracle application and fraudulent employees were able to exploit this deficiency. A complete Oracle re-configuration was done to resolve this anomaly.

Detected the installation of password cracker (John the Ripper) on the Oracle Financial Server, this password cracker was used to brute-force and maliciously use top executives passwords to approve unauthorized transactions.

Detected a security breach in MTN Nigeria environment, this could have caused the organization serious reputational and image damage if hackers had successfully compromised the breach. Thus recommended various security countermeasures to provide the organization full defense in depth.

Uncovered ''Revenue Leakages'' in a client financials while at KPMG Professional Services. This saved the client over =N=2.4 billion during an audit engagement.

Work Experience

2016 – Date Abuja Electricity Distribution Company (AEDC). 1 Ziguinchor Street, Wuse Zone 4. FCT Abuja Nigeria.

IT Security Specialist

Develop, manage and implement a comprehensive information security program for AEDC Enterprise IT network environment.

Analyze and translate business requirements into control objectives; designing security controls, and implementing them along with a security management cycle (SDLC).

Configure and Implement Firewalls to properly segment (Internal, External and DMZ) AEDC network.

Play consulting role in application development or acquisition projects to assess security requirements and controls, also ensure that security controls are implemented as planned;

Conduct internal Penetration tests on the AEDC’s information systems and make recommendations to critical findings

Provide in-house information security consulting expertise to AEDC

Manage continuous reviewing of technology (e.g. network, systems, etc.) security to ensure compliance and optimal performance

Validate baseline security configurations for operating systems, applications, networking and telecommunications equipment;

Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of existing controls and recommend remedial action;

Ensures AEDC is able to maintain the integrity of data and all business operations/ transactions activities, as the company grows, through the development, implementation and continuous monitoring of the business and information systems risk and internal control framework;

Collaborate on critical IT projects to ensure that security issues are addressed throughout the IT project life cycle;

Participate in security investigations and compliance reviews;

Identify and evaluate significant business risks associated with strategic and operational objectives of the company;

Prepare security reports for management attention on residual risks, vulnerabilities and other security exposures, including misuse of information assets and noncompliance;

Monitor compliance with the laid down policies, processes and procedures;

Reviews systems and procedures across all business areas and recommends improvements to existing processes and procedures, where appropriate;

Conduct IT Security Awareness training for AEDC employees (through internal bulletins, regular training and on-boarding for new hires) and IT vendor personnel

Conducts confidential security investigations on control breaches, as may be necessary from time to time.

2014 – 2015 Oando Plc. 2 Zenon House Ajose Adeogun Victoria Island, Lagos Nigeria.

Systems Audit Supervisor

Work with business application users and IT Head to ensure that key IT internal controls (application controls and IT general controls) needed throughout Oando’s operations are implemented and adhered to.

Assess security measures implemented in the business modules in Oando financial application such as procure-to-pay, order-to-cash, enterprise asset management, hire-to-retire, supplier relationship management etc.

Implement Oando’s internal audit programs and controls, covering business systems, processes, IT general controls and application controls.

Assist in the development and preparation of assigned Internal Audit plan according to the strategic objectives and the associated risks.

Work collaboratively with Systems Audit Manager, IT Head and other business owners to plan, execute and report audit findings covering IT key systems and processes.

Delegation of tasks and responsibilities and supervision of system auditors.

Assist senior management to ensure key systems controls are in place and to facilitate Oando’s establishment and maintenance of system security standards.

Prepare and discuss audit/review findings with appropriate members of management, recommend changes to corporate IT policies and procedures, summarize audit findings as well as prepare draft report.

Participate in the formulation and articulation of Oando’s business and system’s risk profiling, management and emphasizing the company’s risk tolerance levels/stance and threshold points for various elements of risk;

Ensures Oando is able to maintain the integrity of data and all business operations/ transactions activities, as the company grows, through the development, implementation and continuous monitoring of the business and information systems risk and internal control framework;

Ensures shared understanding of, and creates company-wide awareness about, the various risks inherent in Oando IT systems and operations and works with various employee groups to develop and execute effective risk mitigation strategies;

Identify and evaluate significant business risks associated with strategic and operational objectives of the company;

Ensure audit reports are timely, accurate, objective and constructive;

Perform detailed systems review and complex analysis using CAATs tools (ACL and IDEA);

Reviews systems and procedures across all business areas and recommends improvements to existing processes and procedures, where appropriate;

Provide on-the field and on-the-job coaching and mentoring of Audit Officers;

Acts as Manager, Systems / Business Risk & Process Audit during casual vacancies;

Conducts confidential investigations on control breaches, as may be necessary from time to time.

2011 – 2013 MTN Nigeria Communications Limited Falomo Ikoyi, Lagos Nigeria.

Systems Auditor

Evaluation of data controls, integrity checks, and audit trails of information systems in operation.

Preparation of work papers for assigned audits in accordance with the internal audit manual;

Reviews of business operations policies, processes and procedures and provides recommendation for improvement;

Review project management, application controls, technical environment controls, and conversion controls;

Documentation of relevant facts and information to support testing and conclusions so as to facilitate replication of procedure by independent parties;

Develop relationships to ensure business operation data integrity and completeness;

Proactive identification, evaluation and prioritization of product development opportunities and advising the business on its benefits;

Follow up and facilitation of resolution of all audits;

Perform routine and special information systems audits with basic understanding of information systems internal control concepts, and in accordance with professional standards;

Reviews of systems and business operations policies, processes and procedures and provides recommendation for improvement;

Coordinating the execution of the Company’s Controls Self-Assessment Process;

Reviewing business requirement specifications and user requirements for new product launches or system changes to assess the impact on revenue and fraud;

Perform complex analysis using CAATs tools (ACL and IDEA) and MS Excel.

2009 – 2011 KPMG Professional Services, KPMG Towers, Bishop Aboyade Cole Street, Victoria Island. Lagos Nigeria.

Semi-Senior Associate

Planning of audit and non-audit assurance engagement.

Develop audit work programs and procedures

Supervise, coach and manage team members on engagements

Information Technology General Controls review (Systems Audit).

Business process reviews.

Network security review.

Operating systems review (Windows and Unix Platforms).

Database review (Microsoft SQL Server, Sybase, Oracle 9i/10g)

Applications review (i.e. Access rights and segregation of duties review, application automated control testing, etc.) Provide strong supervision to ensure quality management in IT business processes and documentation;

Provide Revenue Assurance (eg unearned voice revenue, voice revenue, unearned data revenue and data revenue) for Telecommunication Clients;

Identify gaps in the design and operating effectiveness of controls, and identify opportunities for more efficient and effective controls;

2007 – 2009 CityScape International Plc. Plot 1228 Bishop Oluwole Victoria Island, Lagos Nigeria.

Network & System Administrator (NYSC; Retained afterwards)

Main point of contact for local user in area of responsibility/Departments for implementation and support of computer and telecoms equipment;

Checking of the Wide Area Network including monitoring and heterogeneous network of multi-vendor networking devices such as Cisco routers/switches;

Installing, monitoring & tuning the hardware, operating system and telecoms tools to meet the agreed service levels & allow implementation of Microsoft projects

Operation of the entire IT resources which comprises control, and uptime of staffs’ network.

Professional Certifications

Checkpoint Certified Security Administrator: CCSA (CCSA CERT ID: #CP0000093300)

Certified Information Systems Auditor: CISA (CISA CERT. ID : #12105173)

Certified Information Systems Security Professional: CISSP (CISSP ID. #413674)

Certified Ethical Hacker: CEH(CEH CERT. ID. #ECC02824148716)

Certified Internal Auditor: CIA (CIA CRT. ID. 140311)

Certification in Risk Management Assurance: CRMA (CRMA CERT. ID: #8090)

Project Management Professional: PMP (PMP CERT. ID : #1560604)

Information Technology Infrastructure Library Foundation: ITIL (ITIL ID #00168136)

Cisco Certified Network Professional: CCNP (Cisco ID # CSC011470718)

Oracle Certified Professional: OCP (Oracle ID # SR5620324)

Microsoft Certified IT Professional: MCITP (Microsoft Server 2008 Administrator) (Microsoft ID #7590509)


2013 - 2015 University of Lagos, Akoka, Lagos-State. Nigeria

M.Sc. Information Technology

2001-2007 Obafemi Awolowo University, Ile-Ife, Osun State. Nigeria

B.Sc. Computer Engineering (Second Class Upper Division)

1993-1999 Oriwu Model College, Ikorodu, Lagos State. Nigeria

Senior Secondary Certificate Examination (SSCE)

Seminars & Workshop

June 2016, Advanced Checkpoint Administration Expert, New Horizon Lagos; Nigeria

September 2015, Cisco ASA 5500 Security Implementation, South Africa

July 2016, Checkpoint Security Administration Training, Data Group Nigeria

April 2015, Basics Of Continuous Auditing & Data Analytics, IIA South Africa;

April 2014, Auditing Outsourced Functions, IIA South Africa;

July 2013, Certified Ethical Hacking and Countermeasure New Horizon, Lagos Nigeria;

October 2012, Project Management Professional (PMP), Digital Jewels Limited, Ikoyi, Lagos; June 2012, Basics of Six Sigma Projects and Teams; MTN Nigeria;

September 2011, Auditing Telecoms Companies: Understanding the unique risks within Telcos, facilitated by MIS Training Institute, London;

May 2011, Risk Assessment and Root Cause Analysis, KPMG Nigeria;

April 2011, KPMG Basic Intermediary Accounting Course, KPMG Nigeria;

November 2010, Business Continuity Management Course, KPMG Nigeria;

September 2009, Certificate in Risk Based IT Auditing Facilitated by Rhytex Consulting.

Personal Details

Date of Birth: 01 January, 1983

Gender: Female

State of Origin: Ekiti

Marital Status: Seperated


Ufuoma Eze

Senior Systems Auditor

MTN Communications Nig. Ltd,

Falomo, Ikoyi, Lagos.

Tel: 080********


Mr. Olajide Martins,

Manager, IT Advisory,

KPMG Professional Services,

KPMG Towers, Bishop Aboyade Cole V.I, Lagos.

Tel: 080********


Dr. Oladipupo Sennaike,

Department of Computer Sciences

Faculty of Sciences

University of Lagos, Akoka Lagos.

Tel: 080********.


Contact this candidate