Information Security It
Resume:
NAME
Daniel Okoturo
EMAIL ADDRESS
ad2g4y@r.postjobfree.com
Mobile Number
NATIONALITY
United Kingdom Citizen – Access to work in Europe and Africa.
USA – Green Card Holder
SECURITY CLEARANCE
Yes: -SC valid until 10/04/2033
Yes: - BPSS
QUALIFICATION
Information Security Management- Villanova University, 2010 (MSc)
B.Sc. Electronic Engineer
Lead Auditor ISO 27001
Lead Auditor ISO 9001
Trained ISO 27001 Lead Implementer
IRCA Certified
CCNA Certified, CISSP Trained & CISA
Lead Process/Six Sigma, PMP Methodology
SUMMARY
Daniel is a Senior Information Security & Risk Management Consultant with over 20 years' experience in IT Security Consultant/risk assessment/Cyber Security and delivery solutions with a very strong caveat in IT Security. Daniel has been able to gain expert knowledge in both the business and IT and use both to ensure the complete satisfaction of both the stakeholders and project teams involved.
Daniel past fieldwork experience and certifications and training, ISO 27001, NIST 800-53, COBIT & ISO 9001 Lead Auditor also give him a strong competitive edge in his career.
Daniel has been able to use this experience to deliver high-quality projects that require a level of detail in the technical know-how and be able to communicate to both the technical teams (understand its IT jargon) and interpret this to the client or customer understanding.
The IT Security skills I possess have given me a competitive edge to claim an expert skill that enables me to use in almost every project I have delivered. It has given me an edge to provide excellent core competence in planning, cost estimating, risk management, performance management, and quality & delivery assurance. Project management and delivery within insurance, working with data privacy, data protection or data compliance is preferred (i.e., GDPR or DPA).
Responsible for GDPR adherence and implementation and delivery of systems change for the business and work with stakeholders to ensure strategic delivery across the business.
Daniel's strong leadership and communication skills have been used successfully in managing stakeholders, project teams, 3rd parties, contracted suppliers, and experience in large and demanding transformation projects. Daniel has worked as a permanent and independent consultant in capacity over the last 20 years in total. Daniel has assimilated information and acts on it, accordingly, including the ability to motivate self and others in difficult situations.
Daniel has vast experience working with technical and non-technical teams across a broad range of IT disciplines and in-depth knowledge of IT and business process outsourcing.
Depending on the business in-house project methodologies, Daniel implement using best practice standards in project delivery management and governance
Roles as A Senior Level Programmed Manager (PM):
Excellent Stakeholder management from executive to all other levels. _ Strong influence with decision makers
Business and Transformation Strategy and business requirements gathering
Excellent document management, version control, risk assessments, MI, dashboards and other PMO activities affecting Information Security
Provision of project health checks to ensure compliance with regulatory bodies.
Knowledge of several country government regulatory policies and standards
Full PM lifecycle experience using Prince 2 (certified) methodology, project plan, Rational, and RAIDs
Business Process Reengineering BPR/Change Management to maximize success, value, and benefits:
Consultant with a reputation for gaining business value.
Conduct survey feedbacks exercises to customer reaction/satisfaction review.
Customer awareness exercises - Set-up governance groups and other project groups to ensure complete understanding and gain buy-in to ensure added value to changes and communication is clear.
Specialist in the creation and use of pragmatic skills, structures, and techniques for projects to maximize business value and benefits.
Employment History
Company: Leonard Company
Date: Nov 2022- Present (Contract)
Position: Cyber Security Principal Consultant
Primary responsibilities:
Perform risk and impact assessment to identify probability and impact to the business taking into account the understanding of attacker techniques versus the organization’s defense in depth security controls in order to provide containment advise, longer term remediation or strategic needs to bolster the defense in depth strategy countermeasures employed to protect the business. Using TARA model (Threat Analysis, Risk Assessment) and aligning to ISO 27001 regulatory standard, NIST 800-160, NIST 800-53. As a Cyber Security Principal Consultant in our ITS team you will be empowered to:
Develop artefacts and evidence used in the assessment of cyber risk, and considering the implications of changes to equipment design, offering mitigation advice in the process.
Build strong working relationships across all areas of the business, including interfacing with authorities like the National Cyber Security Centre (NCSC)
Engage with internal and external stakeholders, to gain an understanding of their requirements and translate these into an agreed set of deliverables and outputs.
Implement and effectively develop cyber security guidance, policy, and tools.
Convert business objectives into tangible outputs and support the mitigation of the strategic cyber risk.
Perform reviews of platforms and services to assess cyber risks around security risks such as data leakage and unauthorized access, and design controls to mitigate those risks.
Design and develop security policies, standards, and procedures.
Independently lead teams and projects of varying sizes
Understanding of the MOD accreditation process, including knowledge of Secure by Design (SbD)
Knowledge of tools such as DART, ARM,
Risk Assessment methodologies
NIST 800 - This is the basis for the security controls under SbD.
Familiar with JSP's, specifically JSP 440, JSP 604.
Understanding of Supply Chain Security - DEFCON's 658/659A/660 and DEFSTAN 05-138.
Develop high-quality content such as security automation tools, reference security architectures, and white papers to help our consultants, partners, and customers build on the work you deliver.
Cyber resilience studies for Future Combat Air System (FCAS):
o Contributed to the application of Leonardo’s cyber resilience method within the FCAS programme.
Cyber Security Audit and Assessment (CSAA):
o Performing cybersecurity audit – NIST framework.
o Delivering cyber maturity audits for MOD Top Level Budget using the MOD Cyber Compliance Framework (CCF)
Employment History
Company: Jaguar Land Rover
Date: Nov 2021- Sept 2022
Position: Risk Lead Consultant
Primary responsibilities:
Responsible for the successful execution of JLR’s cyber security strategy and leading multiple security functions such as the SOC, Engineering & Consultancy teams across the organization. Facilitate sprint planning and retrospective meetings and manage product backlogs.
Support Security Operations Centre (SOC) risk and impact assessments from near time cyber security concerns such as vulnerability disclosures or threat intelligence data describing weaknesses and targets of interest for threat actors. Oversee the SOC security program.
Ensuring defensive security (SOC) of JLR client's systems and will involve Red/Blue Team testing - with the aim to recognize, analysis and fix gaps within the client's security. Support Red/Blue Team testing, identify gaps/weaknesses in monitoring capabilities and recommend/implement changes.
Develop policies and procedures within their subject area and are aligned with industry standards e.g., ISO27001, ISO21434, SOC2 and TISAX Certification, Automotive Software Performance Improvement and Capability determination- (ASPICE) for Cyber Security.
Perform analysis, including root cause and resolution of all threat/vulnerability assessment, also using Qualys Guard Vulnerability assessment, also using Wiz, Qualys Guard Vulnerability to produce PDF and CSV reports for remediation and resolution.
Deliver strategy, process, procedures for the operational business unit function and help to transition the service into business as usual taking into account people’s needs such as training and capacity requirements.
Consistent review of cyber risk posture in JLR to enable the near time response to brand protection alerts, threat intelligence alerts, vulnerability weakness investigations and SOC providing security alerts. Take pre-triaged investigations from the analyst team and perform risk determination to support business decision and action.
Company: Government Actuary’s Department
Date: Jan 2021- Oct 2021
Position: IT Security Officer (ITSO)/ Lead Auditor
Primary responsibilities:
To ensure that GAD is compliant with the Cabinet Office Cyber Security standard. Ensure that GAD 's systems and processes have the necessary controls and protections in place. Work with GAD colleagues and IT service provider, GLD (Government Legal Department) to understand systems (existing & proposed) and risk in order to carry out an IT Security Risk assessment, to design and implement mitigation and appropriate corrective action as well as working closely with security colleagues within HM Treasury. And I managed 5-6 teams in the ICT department working on different IT projects. Assist GAD in achieving ISO 27001 certification and retaining Cabinet Office Cyber Security standard.
Other Responsibilities:
- Monitor the Projects from a security point of view
- Engagement with the clients nominated suppliers regarding IT Health Check (ITHC)
- Engage with the client with regards to the PO for ITHC
- Coordination and Logistics for Pen testing Suppliers (including Change requests to Cloud Providers)
- Track remediation activity as required from ITHC per wave
- Produce the Weekly Security Status reports
- Attend weekly Security meetings
- Align GAD departments on business continuity requirements
Company: CACI
Date: Jul 2019- September 2020
Position: Information Security Officer/Lead Auditor
Primary responsibilities:
Responsible for the leadership of security governance, assurance and technical matters associated with the respective work stream.
Client: Network Rail
Responsibilities:
The service is to scope, size, estimate and define the delivery approach for the Security Assurance areas of focus to support the production of the investment case(s).
SeMS (Security Management System)– The development of the NRT policy and procedures with the defined NR Framework
Tooling for Governance, Risk and Assurance Activities
Conduct gap Analysis and put together a SeMS Networkrail Framework
Ensure compliance with various regulatory and internal Group policies and standards and produce monthly dashboards showing compliance and remediation plans, KPI and activities where compliance cannot be evidenced.
Runing workshop via Agile and waterfall methodology.
Deliver security objectives to a service framework, ISO 27001 and National Institute of Standards and Technology (NIST 800-53) standards.
Align standards, frameworks and security with overall business and technology strategy.
Refine security operations procedures to ensure compliance with cyber resilience requirements
Client: MBNL
Responsibilities:
To use experience to develop the requirements and concepts of a security management system.
Prepare a technical and architecture plan to achieve the stated goal and adjust the plans according to progress and interdependencies.
Use previous experience working with security management systems, security architecture and resilience.
Alignment of delivery objectives to a service framework, CAS(T), ISO 27001
Use experience assessing the approach to security management systems, applications and application architecture and deliver technical and process-based plans.
Leverage previous knowledge working from within the Telco industry
responsible for the leadership of security governance, assurance and technical matters associated with the respective work stream.
Lead on security hardening activities and the project to deliver centralised authentication in the RAN.
Prepare and assist with internal and external ISO27001, NCSC Cyber Assessment, and ISO 22301 audits.
Working Knowledge of RAN and Transmission access networks - GSM, UMTS, LTE and 5G NR, Transmission Networks
Understanding of securing & hardening processes/principles and their application in the telecoms access context
ISO27001/ISMS and ISO 22301 - audit preparation, internal audit, risk management - Practical knowledge of risk assessment processes & methodologies to make risk-based recommendations, and/or requirements to adopt and deploy compensating controls for effective mitigating measures.
Management of risk remediation and mitigation/risk appetite in a telco environment, driving risk owners to close outstanding issues, managing risk acceptance.
Support network management and operating systems from compliance view.
Company: Cobalt Telephone Technologies
Date: March 2019- June 2019
Position: Information Security Officer/Lead Auditor
Primary responsibilities:
Ensure that our security and compliance accreditations GDPR/DPA, PCI DSS, ISO 9001 and ISO 27001, ISO 22301, NIST 800-53 accreditations & ISEA3402 are achieved and maintained.
Identify the associated compliance control gaps and oversee the documentation, implementation, and testing of the entire compliance control portfolio.
Develop and implement compliance control monitoring programs to ensure compliance-related risks are managed to the appropriate level of acceptable residual risk.
Responsible for coordinating ISO27001 and ISO 22301 certification audits and ongoing compliance with a comprehensive understanding of security threats, cloud technologies (including Microsoft Azure, Microsoft 365) legislative and regulatory standards, industry frameworks and best practices.
Support the business with their BCM and BAU activities.
Evaluate compliance, gaps, remediation assessments against the Payment Card Industry Data Security Standard (PCI DSS)
Be responsible when assigned ownership of Security Operations related audit findings and provide effective/timely resolution.
Knowledge of other GRC platforms and their strengths and weaknesses e.g., ServiceNow, Metricstream, Archer, OneTrust, Riskonnect
Complete Reports on Compliance (ROC) for clients against the PCI DSS
Support clients in evaluating alignment with PCI DSS Self-Assessment Questionnaires (SAQs)
Map and evaluate payment card data flows in support of PCI DSS scoping assessments.
Identify/deploy security solutions and processes in support of PCI DSS compliance (e.g., vulnerability management, patching, SIEM)
Conduct infrastructure security assessments (network devices/servers/databases) against industry accepted hardening standards (NIST 800-53)
Recommend and design technical solutions to security issues.
Implement business continuity-recovery seat for CCT and align to ISO 27001 requirement.
Perform security alert detection and analysis activities across multiple technologies to ensure that security incidents are identified in a timely manner (e.g., SIEM)
Review business impact of security tools-GRC, technologies and policies
Company: Virgin Media
Date: April 2018- December 2018
Position: Information Security Assurance Lead/Auditor
Primary responsibilities:
Protect the confidentiality, integrity, and availability of all information assets and systems. Effectively delivers through the understanding and provision of guidance and monitoring, related to regulation, legislation, international standards, and industry best practice for information security.
Responsible for undertaking the Vulnerabilities with VMB platform and working across VMB. Lead remediation of critical and high risk and put together a remediation plan in place and a tracker to monitor progress.
Development of reporting vulnerabilities with the system owners and engage with Information security to ensure standards and processes are maintained.
Provide advice on the standards for projects that have a requirement for the product to be CAS(T) and/or ISO27001 certified.
Provide subject matter expertise to the technology division and supports business projects across all divisions to ensure information security is embedded appropriately.
Promoting Information Security across the VM. Working to embed security best practice in all areas of business. Planning and Implementation of any strategic change initiatives required for the company to physically meet these policies and working with other IT teams to ensure that IT Security standards-ISO 27001, NIST, COBIT, policies, and procedures are implemented and well-maintained using Archer tool.
Implementation of security standards (ISO or CAS(T) and provide advice on VMB customer-impacting projects for ISO 27001, NIST 800-53, ISO9001 and ISO22301, BCM, in addition to carrying out internal audits on changes where necessary.
Identifies security technologies and approaches; evaluate their value; make appropriate recommendations to the business to help them make informed strategic decisions.
The undertaking of security tests (PEN etc.) and managing outsourcing service partner.
Company: Barclays
Date: September 2017- Feb 2018
Position: Senior Information Technology Assurance
Primary responsibilities:
Responsible for undertaking the Vulnerability SME on the GTIS BICEP Program Governance assignment to support GTIS in reviewing critical infrastructure vulnerabilities which will include the following:
Review all Audit deliverables due in 2017 and ensure they are owned and have a realistic deliverable plan.
Carry out an extensive review of all critical infrastructure that potentially could put the Bank at risk through any failure or vulnerability exposure.
Carry out risk assessment and vulnerability management/remediation plan.
Co-ordination of the engagement, investigation, and collation of response across each GTIS Technology Tower
Development of reporting vulnerabilities with the system owners and engage with Information security to ensure standards and processes are maintained.
Challenge the technology teams to ensure vulnerability issues aren't overlooked.
Generate regular weekly progress status reports.
Responsible for working in a 24x7 Security Operation Center (SOC) environment.
Support the identification of business processes and systems that relate to personal data and are deemed in-scope for GDPR.
Information Security experience across multiple areas e.g., vulnerability management, penetration testing, identity access management, Data Loss Protection, SIEM, risk, endpoint (Tenable Nessus, McAfee, Splunk, SIEM RSA)
Develop, manage, and maintain the supplier performance through vendor rating and key performance indicator (KPI) management to drive change within the supply base.
Consult on and improve current policy and standards framework (NIST 800-53 and NIS)
Collaborate with relevant stakeholders to ensure that information security within vitality is relevant, cost-effective and is delivered in accordance with the Group Information Security Strategy
Implement information security strategy, policies, shared security services and action plans, as required to deliver the security strategy.
Company: Computer Center
Date: June 2017- August 2017
Position: Information Security Assurance/Lead Auditor
Primary responsibilities:
Responsible for ensuring Governance and Contractual Compliance for all security deliverable as well as making sure that the organizations Information Security Management System are maintained.
Schedule and document all Security Governance Meetings; coordinate the production of all relevant reports and statistical analysis required for ISMS Management Review; coordinate the production of all relevant monthly reports and statistical analysis for services, SLA's & KPI's; maintain and update content of ISMS Action Logs (e.g. Security incident Log, Security CA/PA Log, Documentation Reviews) as well as maintaining the Information Risk Assessment, or monitoring the results / remediation activities for vulnerability scans
Identify and implement coordinated responses to information security audit and compliance issues.
Manage the information security budget for purchasing, staffing, and operations.
Supporting all audits (internal, external & customer initiated), acting as a liaison officer between Audit Bodies and stakeholders, assessing adequacy of Operational Security Procedures to undertaking annual risk assessments within scope of the ISMS based on the documented risk methodology; Identifying and agreeing mitigation with teams of stakeholders within the scope of ISMS as a result of risks identifies; identifying, documenting and agreeing acceptance of risk where appropriate with the risk owner as well as identifying; documenting and agreeing transfer or avoidance of risk where appropriate and ensuring transfer of mitigation of Action Log and progress actions in an appropriate time frame
Client: FCA
Responsibilities:
Assess and document the solution and security impact.
Organize an IT Health Check for new infrastructure.
Confirm customer requirements and advice on security concerns.
Reviewing projects to ensure that Information Security policies and controls are applied, new risks are addressed, and security architecture is appropriate.
Ensuring that appropriate testing is undertaken to validate the effectiveness of Information security controls.
Work with the private network and office to ensure BAU processes meet GDPR requirements, including embedding Privacy by Design
Working with network security technologies, such as IDS, IPS, SIEM, Firewall, AV, etc.
Deliver supply chain assurance and information security risk assessment and management.
Provide Incident Response (IR) support when analysis confirms the actionable incident.
Managing delivery of Security Improvement Projects so that expected outcomes are delivered.
Contributing to the effective management of and resolution of Information Security incidents or data breaches
Client: Leman Brothers
Responsibilities:
Attending security workshop and other customer meetings as necessary.
Confirm customer requirements and advice on security concerns.
Review of operating procedures and advice on security aspects of delivery.
IT Compliance Check
Shape information security yfr00/project solutions to ensure compliance with outputs, PCI-DSS, GDPR and ISF guidelines.
Produce a Business Requirements Document for each system, detailing exactly what is required as per GDPR requirements.
Ownership of Compliance and Risk Management function for new product development
Management of Operational Compliance and Risk controls
Support Risk team and other Heads of to facilitate the Risk framework.
Company: British Arab Commercial Bank
Date: August 2016- Oct 2016
Position: Information Security Officer
Primary responsibilities:
Liaising with and advising the stakeholders regarding the setting and refining of IT security policies.
Delivery of stakeholder engagements to a high quality, typically as part of a team, or managing small to medium size engagements
Planning and Implementation of any strategic change initiatives required for the company to physically meet these policies and working with other IT teams to ensure that IT Security standards-ISO 27001, NIST, COBIT, policies, and procedures are implemented and well-maintained using Archer tool.
Where it is agreed that IT security risks cannot be mitigated economically or effectively ensuring that these exceptions are processed through the companies’ risk register with periodic reviews of the items outstanding on the risk register
Performing Security Risk Assessments before major technical infrastructure changes occur - including new technology or a major upgrade for existing technology components and periodic assessment of current technology platforms.
Managing PCI DSS compliance and overseen several program and projects
Conduct a GDPR gap analysis to identify specific areas of non-compliance.
Data Governance/Data Privacy/GDPR- To strengthen and unify data protection for individuals within the European
Advisory experience around GDPR - carrying out Risk Assessments/Gap Analysis
Designing information security awareness programmes
Managing external vendors in assisting in the provision of effective IT security for Firewall administration, Proxy servers, DNS administration and penetration tests. (Cybersecurity)
Organizing security awareness campaigns for staff to enhance the security culture and develop a general understanding of their responsibilities.
Deliver supply chain assurance and information security risk assessment and management.
Company: Royal Holloway, University of London- Deloitte
Date: April 2016- July 2016
Position: Senior Information Security Officer/Lead Auditor
Primary responsibilities:
Responsible for managing the Information Security Assurance and Compliance process with a focus on large-scale clients and regular audits.
Manage relationships with stakeholders, support change and promote information security as a business enabler.
Maintain the RHUL's Cyber Security Strategy
Enhancing and improving the current IS/IT Security Risk framework and methodology.
Identify, evaluate, and resolve security risks affecting new and existing solutions, explaining to risk owners and stakeholders the causes, likelihood, and impact of information security risks.
Management, response to supplier audit issues, and customer complaints
Data Governance/Data Management/Data Privacy
Contribute to the development of information security strategies, roadmaps, business cases and remediation plans.
Carry out periodic Vulnerability Assessment and Penetration Testing
Coordinating vendors to Perform technical vulnerability assessments and Penetration testing (Cybersecurity)
Support the Information Security Management System (ISMS)
Implementing and embedding ISO27001, NIST (End to End)
Process (as-is and to-be) & Gap Analysis review.
Maintaining a portfolio of security awareness material and supporting e-learning programme
Responsible for defining areas of activity, either as a manager, specialist, or consultant
Risk assessment and security policies standards, procedures
Assist with the creation and maintenance of process and data flow mapping in relation to the key personal data input and data transformation processes-GDPR.
Company: Barclays
Date: September 2015- March 2016
Position: Program Audit Assurance - Risk Lead
Primary responsibilities:
Responsible for providing a consistent approach to implementation of the IRM policy across. O & T Centre of Excellence (CoE) and Global Functions. Support compliance with mandatory legislative, regulatory, and contractual requirements. Helping to reduce potential risk related to the management of information and records. Provide guidance on how to appropriately manage the risk related to Barclays information and records.
Responsible for managing and undertaking closure assurance of the Program’s key milestones for a complex, confidential, and high-profile remediation issue.
Manage and where necessary complete descriptions of the Program key milestones.
Engage with senior stakeholders on Cyber Security matters.
Identify, launch, measure and refine opportunities that will be executed globally.
Framework and satisfy the expectations of the Bank's internal audit function.
Manage, securely store, and protect all evidence to support the future closure of the Program.
Ensure progress status is reported to the Program and where necessary, wider stakeholder groups in a timely manner. Proactively support the Program’s Management reporting requirements through the implementation of status reporting
Monitors marketplace trends and experiences on PCI DSS requirements, audit, and control issues.
Document data security policies in line with PCI standards
Identify, evaluate, and resolve security risks affecting new and existing solutions, explaining to risk owners and stakeholders the causes, likelihood, and impact of information security risks.
Maintaining Information Security Awareness by building an internal brand of the company’s Information
Influence stakeholders to obtain project buy-in
Manage and maintain the Information Security Framework Compliance ISO27001, BCM and COBIT standards.
Company: ATOS
Date: March 2014- August 2015
Position: Executive Information Security Consultant
Primary responsibilities:
Responsible for delivering projects and demonstrating effective communication, both orally and writing with subordinates, colleagues, clients, and customers including producing major reports, preparing, organizing, and delivering a presentation and using appropriate tools and techniques and taking a leading role in meetings and discussions. Leading a team of technical security specialists and information governance professionals to deliver the security requirements for the MPS Digital Policing SIAM. Enable the full integration and supervision of all functions, which are usually diverse in nature and decisive in achieving the overall objectives of the company or business operation. Provide security leadership, advice & consultancy to change projects across the business.
Clients: BBC
Responsibilities:
Facilitate all meetings between the BBC SME's and Atos SME's and BAU Operations Data Manager discussing all Data requests.
Manage to completion any actions that derive from the meetings relating to Information requests.
Provide weekly updates to the Atos Program Manager (via Execview)
Working on projects to deliver SIAM
Contact this candidate