Risk Management Information Security

AIFUWA OSAZE

ad10zv@r.postjobfree.com 281-***-****

Linkedin https://www.linkedin.com/in/aifuwaosaze/•

With over 15 years of experience in GRC and cybersecurity, I excel in roles requiring expert regulatory compliance management, risk assessment, and security enhancement. A proven track record in reducing gaps, streamlining processes, and driving successful audits. Seeking opportunities to leverage my expertise in strategic security initiatives and compliance strengthening.

Cybersecurity Assurance

Utilized a practical understanding of the cybersecurity analysis lifecycle to ensure regulatory compliance with current/future requirements.

Participate in information security, cyber security risk management, risk mitigation, compliance, and security forensics.

IT Risk Management

Demonstrated expertise in gathering, and analyzing relevant data, suggesting improvements in tools and techniques to help scale the team and mitigate future risk.

Skilled in communicating risk mitigation strategies to senior management by utilizing business risk analysis, threat assessment, and vulnerability management.

PCI Security & Compliance

Knowledgeable of the technical and operational requirements that organizations adhere to while securing credit card data.

Skilled in implementing programs to achieve PCI compliance and developing a comprehensive compliance program for the business.

Key Strengths

Creative problem-solver and critical thinker with strong leadership skills; keenly focused on remaining at the forefront of the rapidly changing landscape of technology, threats, and vulnerabilities.

Process excellent communication, leadership, and high-level organizational skills to ensure smooth business operations.

AREA OF EXPERTISE

Payment Card Industry Data Security Standard Compliance (PCI DSS) Vulnerability Management Information Security Policy Application Security Risk Management PCI Segmentation Risk Management Security/Compliance Framework Cybersecurity Defense & Countermeasures Risk/Vulnerability Analysis & Assessments SIEM Solutions Endpoint Protection File Integrity Monitoring VMware Microsoft Hyper-V Audit & Assurance IT Governance Information Security Communication & Stakeholder Management Project Management

PROFESSIONAL EXPERIENCE

Company Confidential 2023 – Present

Security Analyst

●Conducted comprehensive reviews of system configuration standards, meticulously assessing both Windows and Linux configurations to ensure strict alignment with the rigorous standards stipulated by the Payment Card Industry Data Security Standard (PCI DSS).

●Analyzed and validated the efficacy of compensating controls, ensuring their suitability in addressing specific PCI DSS requirements when traditional solutions were not feasible.

●Devised innovative compensating control strategies for scenarios where organizations faced challenges in meeting particular PCI DSS mandates, thereby ensuring their continued compliance without compromising security.

●Thoroughly evaluated intricate business narratives alongside intricate system architectures, diligently scrutinizing payment processing channels and determining the relevant controls applicable to them to reinforce the organization's data security framework.

●Significantly streamlined a company's PCI DSS scope, resulting in notable time and cost savings by meticulously identifying and implementing compensating controls that aligned with the organization's specific requirements.

●Pioneered the identification of applicable controls, meticulously categorizing their existing implementation status and identifying gaps that necessitated immediate attention, thereby fostering a more robust security posture.

●Employed a strategic prioritization approach to conduct comprehensive gap analyses, systematically identifying critical areas of concern and establishing actionable strategies for efficient and effective risk mitigation.

●Achieved a 25% reduction in the overall PCI DSS scope for a client, resulting in a corresponding 15% decrease in associated compliance costs.

●Implemented compensating controls for 85% of non-compliant areas, bolstering the organization's overall compliance posture and mitigating potential security risks.

AYA Healthcare 4/2022 - Present

Risk Management Specialist

Conducted comprehensive assessments to ensure that access controls for protected health information (PHI) were meticulously aligned with the principle of least privilege, granting access only to authorized employees for their designated job responsibilities.

Scrutinized account login configurations in-depth, verifying their adherence to widely accepted security standards and best practices, thus establishing a robust authentication framework for safeguarding sensitive healthcare data.

Collaborated in the formulation and subsequent implementation of robust security and privacy policies and procedures, fostering a culture of compliance and data protection throughout the organization.

Spearheaded the design and implementation of meticulously defined breach notification policies and procedures, ensuring that all necessary stakeholders are promptly and efficiently notified in the event of a data breach, thereby minimizing potential impact.

Played a pivotal role in addressing administrative assessment deficiencies by formulating and implementing comprehensive remediation strategies, enabling the organization to enhance its overall compliance posture.

Proactively identified and engaged with the designated Health Insurance Portability and Accountability Act (HIPAA) compliance officer, facilitating valuable insights and enabling informed decision-making within the compliance framework.

Texas ENT Specialists 4/2021 – 4/2022

Audit Manager

Successfully evaluated security vulnerabilities by effectively implementing the Health Insurance Portability and Accountability Act (HIPAA), shielding the organization from potential legal actions and substantial fines, significantly mitigated security risks, bolstered patient trust, and elevated the organization's reputation within the healthcare sector.

Conducted daily audits of patient vials, meticulously tracking expiration dates and reorder quantities, ensured a consistent supply of viable vials for patients; increased revenue generation by 25%

Spearheaded rigorous quality control measures for vial production, ensuring rigorous alignment with company standards. Reduced the production of invalid vials by 30% through rigorous quality control measures, optimizing operational efficiency.

Methodically reviewed account configurations, meticulously aligning them with the stringent standards stipulated by the Health Insurance Portability and Accountability Act (HIPAA). This approach fortified the organization's cybersecurity posture and compliance adherence.

Enforced stringent physical access controls, meticulously limiting entry to credentialed personnel only. This proactive measure ensured that sensitive healthcare environments were safeguarded against unauthorized access, bolstering data integrity and patient confidentiality.

Walmart Supercenter 4/2020 – 6/2021

IT Security Analyst

Managed cybersecurity assets, guaranteeing the availability of critical components to prevent operational interruptions, resulting in a 60% reduction in system downtime incidents.

Enforced strict adherence to established cybersecurity procedures and policies in daily workflows to maintain a robust security posture, leading to a 45% decrease in policy violations and security breaches.

Prioritized and categorized cybersecurity assets based on their criticality to effectively allocate resources and address potential vulnerabilities, contributing to a 72% improvement in vulnerability response time.

University of Benin Liaison Office 8/2010 – 11/2019

GRC (Governance, Risk, and Compliance) Manager

Facilitated effective communication and collaboration between the University of Benin and Education Regulatory Authorities, ensuring alignment with regulatory standards and fostering a streamlined accreditation process.

Ensured meticulous documentation and organized filing of Ministry of Education and Head of Service Office requirements, reducing administrative bottlenecks by 25%.

Successfully closed regulatory gaps between the University and the National Universities Commission, achieving full compliance with accreditation standards and eliminating potential fines, resulting in significant cost savings.

Conducted thorough assessments of the university's assets within the scope of accreditation, validating compliance with regulatory criteria and enhancing the institution's readiness for accreditation.

Orchestrated engaging interactions with stakeholders to review and refine policies and procedures, promoting a culture of continuous improvement and adherence to industry best practices.

Evaluated payment procedures and channels in collaboration with stakeholders and clients, ensuring adherence to confidentiality protocols and industry standards, and achieving a 15% reduction in payment processing errors.

Greenwich Trust Limited 3/2007 – 11/2009

Data Protection Officer

●Spearheaded strategic business development initiatives, resulting in a 20% increase in new client acquisitions and a 15% growth in revenue within the fiscal year.

●Successfully managed regulatory requirements and secured timely license renewals for Greenwich Trust Limited, contributing to a 100% compliance rate and avoiding potential penalties.

●Conducted comprehensive scoping of company processes, resulting in a 25% reduction in compliance gaps and enhanced alignment with industry standards.

●Strengthened physical access controls, leading to a 30% decrease in unauthorized access incidents and bolstering overall security.

●Improved purchase order controls through daily reviews, reducing processing errors by 40% and increasing procurement efficiency.

●Achieved a 95% accuracy rate in client account controls audit, ensuring data integrity and maintaining client trust.

●Enhanced internal control audits for user accounts and software configurations, reducing vulnerabilities by 50% and fortifying cybersecurity.

●Maintained a 98% compliance rate with service level agreements, ensuring the timely execution of transactions and building strong client relationships.

Securities and Exchange Commission 2/2006 – 2/2007

Cybersecurity Specialist

●Efficiently managed the end-to-end registration process for new capital market operators, reducing registration turnaround time by 30% and ensuring swift market entry.

●Conducted thorough reviews and generated comprehensive reports on physical and digital assets of capital market operators, resulting in a 95% compliance rate with SEC regulations.

●Demonstrated expertise in accessing critical system components of capital market operators, facilitating smoother audits and enabling swift compliance verification.

●Spearheaded comprehensive compliance checks for new companies entering the Nigerian capital market, achieving a 100% adherence to registration requirements and regulatory standards.

●Played a pivotal role in minimizing the SEC's risk exposure by implementing stringent Investment and Securities Act regulations, safeguarding investors from potential capital loss and enhancing market integrity.

EDUCATION

Bachelor of Science in Business Administration

Igbinedion University, 2005

Certificate in Technology Management

National Centre for Technology Management, 2014

Contact this candidate