Post Job Free

Resume

Sign in

Information Security Data Governance

Location:
North Brunswick, NJ
Posted:
January 14, 2024

Contact this candidate

Resume:

ELSIE OBADIARU

North Brunswick, NJ ***** 781-***-**** ad2rx9@r.postjobfree.com https://www.linkedin.com/in/elsie-obadiaru-0a76b5/

SENIOR MANAGER DATA GOVERNANCE

Innovative and result oriented leader with an accomplished record in creating and delivering strategic business values across a broad range of Data, Information Technology, Information Security, Risk Management and Compliance initiatives. A highly driven individual with Big 4 experience who brings advanced knowledge and experience to cross functional areas and optimizes industry best practices for guaranteed excellence.

Industries served include: Telecommunications, Finance, Energy, Technology and Life Sciences.

AREAS OF EXPERTISE

Corporate Policy and Standards Information Security Cross-Functional Leadership

Data Governance Risk Management Telecom Regulations - CPNI, SAC, TCPA

Data Protection Technology Compliance Enterprise Initiative Leadership

Data Privacy - GDPR, CCPA, CPRA Strategic Planning & Execution Incident Management

IT Security - ISO 27001, NIST CSF, PCI Client Relationship Management Product Lifecycle Management

PROFESSIONAL EXPERIENCE

VERIZON 2020 – Present

SENIOR MANAGER DATA GOVERNANCE

Authored and co-authored several Data Governance Guidelines and Standards: Model Management, Data Quality, Data Stewardship, Data Warehouse Security and Access Guidelines, Data Sharing Guidelines, etc., as well as established the framework and methodology for Data Governance Policy, Standards and Guidelines

Verizon Corporate Policy and Standards Working Group; collaborated with other Functional Leads assessing and reviewing Verizon Information Security Policies and Standards by providing a Data Governance perspective.

Data Governance & Architecture Working Group; collaborated with other Functional Leads to periodically review Data Management Controls (Data Access, Data Use, Metadata, Data Quality, Data Catalog, Model Management, etc.).

Established the Data Issues Management Office (DIMO) for the resolution of Internal Audit corrective actions with 100% on-time resolution.

Advanced the vision and scope of DIMO by designing and building out a fully functional and efficient program framework to include a streamlined intake and well managed data lifecycle and mitigation workflow for Data Issues Management and Resolution (supporting Finance, Data Products, etc.).

Led a cross functional team (Marketing, DG&A, and Data Engineering) on the Enterprise-to-Enterprise Marketing Data Health Initiative to ensure appropriate Data Governance controls are engineered and implemented end to end on datasets to improve data quality and reduce cost implications. Defined and maintained monthly Steerco and Leadership updates.

Led and matrix-managed a cross functional team (Legal, Information Security, Data Operations and Business Unit Leads) to define and design the strategy to improve access controls in the Data warehouse and Analytical environment in compliance with Privacy and Offshore compliance regulations (GSAM, CCPA, etc.).

PRINCIPLE SECURITY RISK MANAGEMENT 2018 – 2020

Partnered with Yahoo Small Business to perform a pressure test on Verizon Internal Audit Priority Issues Audit findings and recommended resolutions to identified pain points.

Partnered with Enterprise Application Custodians to ensure compliance with all Verizon Information Security Policies, Standards and requirements (CART/VAST/CCPA).

Partnered with CISO (Information Security), Legal, Privacy, Sourcing, Internal Audit, and the Business to execute Information Security and Data Governance on various Verizon Business Group (VBG) projects and initiatives.

Led and matrix-managed a cross functional team (Legal, Privacy, Risk Management and Business) to classify over 3000 Marketing data elements adhering to Verizon data classification requirements.

Verizon Corporate Policy and Standards Working Group; collaborated with other Functional Leads assessing and reviewing Verizon Information Security Policies and Standards by providing Information Security perspective.

Part of a team to build a Customer Authentication Inventory by identifying entry points, scenarios and authentication parameters for VCM Wireline and implementing the automated Annual Customer Authentication Attestation.

Led the initiative on a Multi Factor Authentication for VCM platforms and applications to improve efficiency of customer facing authentication.

Partnered with the Business on the deployment of a voice biometrics solution for enhanced customer authentication options.

Part of a team to remove Account Number as an authenticator in the Customer Validation Screen (CVS) and other VCM channels to align with industry best practices.

Part of a team to implement a Security Posture review on VCM Non-IT application partnering with KPMG and Business Custodians to assess, identify gaps and create risk remediation and mitigation action plans.

CITIGROUP 2015 – 2018

INFORMATION SECURITY PROGRAM MANAGER

Championed sector compliance for the Global Information Security Key Management (KM) and Privileged Identity Management (PIM) Programs by driving the remediation of all reported non-compliant items to maintain the security of Enterprise networks and systems.

Provided sector representation at Information Security (IS) Program Working Group meetings. Defined reliable measurement metrics, KPIs and KRIs (Key Performance indicators and Key Risk Indicators) to provide accurate program visibility and reporting to senior management.

Part of a global team to sunset the global use of Entrust eDigital Certificate Service and migrate to Microsoft Public Key Infrastructure (MSPKI).

Part of a global team to implement strategic Key Management improvement projects; SHA1 to SHA2 certificate migrations; inventory consolidation for Symmetric keys and Asymmetric keys; Deployment of IONIC as a Symmetric Key solution for compliance, High Availability (HA) and enhanced security.

Part of a global team to implement the deployment of CyberArk as the Password Management Solution for privileged accounts.

Led an effort to create and maintain a Controls Catalog repository that contained retrievable questionnaire responses to regulatory audits based on Enterprise and Operations owned Controls.

JOHNSON & JOHNSON (Contract) 2014 – 2015

SUPPLY CHAIN INFORMATION SECURITY OFFICER

Responsible for ensuring overall compliance with the J&J Information Asset Protection Policies (IAPPs) for enterprise-wide Supply Chain Projects and ensuring information security measures are planned for and implemented throughout the SDLC project lifecycle.

Managed the Supply Chain Security Awareness Program to 100% employee completion and compliance.

Monitored, documented and reported on Supply Chain IT Training and Risks metrics to senior management.

Coordinated with Supply Chain Risk Management and Supply Chain Information Technology to create and incorporate a Cybersecurity Table Top Exercise into their existing Risk Assessment portfolio.

Conducted Business Partner Risk Assessments to review the vendor’s security posture as it relates to the J&J Information Security Policy (IAPP) for Advanced Planning Solution vendors providing a cloud-based service.

Part of a team to implement a multi-year XP Remediation effort for Supply Chain IT.

Part of the roll out team for the annual Supply Chain HCC and Business Integrity training and concluded with 100% organization employee completion and compliance rate.

CITIGROUP 2012 – 2014

SENIOR MANAGER INFOSEC CONTINUITY OF BUSINESS

Responsible for establishing and directing all activities associated with the compliance of End User Computing (EUC) standards as North America Regional Lead across all Lines of Business (LOB).

Managed relationships with EUC Stakeholders (Business Owners and Information Security Officers) across all Lines of Business in North America to ensure and maintain Security Standards compliance.

Developed, assessed and continually improved IT security and compliance, including compliance review programs, standards and all related policies and procedures for Citi Information Security Standards (CISS).

Monitored the compliance to the CISS within all business units and ensured appropriate reporting as well as maintained an up-to-date IT security plan.

Managed the partnership with business heads to inform and influence them on Regulatory and Information Security related topics and to get input and feedback.

Part of the pilot team that implemented the Regulatory Change Management framework for EUCs and achieved approximately 80% compliance increase across all LOBs in 10 months.

Responsible for coordinating EUC related audit readiness with Business owners in the NA region and provided guidance on the Corrective Action Plan (CAP) to ensure auditor requirements were met.

Managed the CEPG Incident Management Team. Mitigating all Archer (EUC Inventory) and Prodiance related issues, maintaining support documentation, and tracking and reporting on Incidents to senior management.

Coordinated with Business owners to complete Compliance Fraud assessment though the Citi MCA (Managers Control Assessment) process as it relates to EUCs.

Orchestrated strategic planning and development to refine incident response processes and procedures for Archer and Prodiance related incidents.

Lead the integration of Level I and Level II incidents response processes with other firm wide incident response processes.

Monitored, documented and reported on North America Region EUC KRIs and KPIs (including the Citi

EUC Inventory (CEI) Weekly Roadmap and CEI Integrity Reports) to senior management.

Part of a team to conduct EUC Risk Analysis and Risk Assessments for Citi Critical EUCs.

Coordinated and collaborated closely with business owners providing support and partnership on the training and onboarding for Advanced EUC Services in Prodiance.

SENIOR SECURITY ENGINEER DATA PROTECTION 2007 – 2012

Managed relationship between the vendor and client for all technically related activities, such as development efforts, version upgrades, product certification and release to production operational status and issues, weekly meetings, etc.

Liaison with Ops, Information Security Officer, Host & Application Security Application and Global ID Administration groups to develop application standards.

Implemented a process to review contracts with third party companies to ensure adequate security compliance reviews are conducted for all Data Protection applications.

Managed relationships with external service providers and conducted annual reviews of all Service Level Agreements (SLA) to ensure compliance with Citi requirements.

Directed the implementation of security controls for encryption tools as requested by business units, managers, systems groups, and vendors. Provided, design specifications and flows for program, object, or data security controls.

Developed the Citi Global Standards for SecureZip with emphasis on Authentication, Authorization and Accountability (Audit). Engaged with business users to ensure user compliance with the standards.

Developed and maintained engineering standards documentation, User Guides, Business Requirement Documents (BRDs) and other procedural documentation.

Effectively and efficiently managed production issues of client systems and processes.

Initiated and matrix managed the DLP Project Working Group. Part of a team to implement PKI infrastructure to support email and certificate based DLP solutions using Symantec Vontu, Securezip, Secure Email and Microsoft PKI.

Initiated and managed the Data Obfuscation Proof of Concept using Voltage Data Masking Solutions.

Conducted Vulnerability and Security Assessments for Data Protection tools using enterprise standard framework to optimize maximum efficiency.

Decommissioned a NetApp software based key management solution and migrated to a network-based NetApp appliance solution.

Managed the testing; (UAT and Production), certification and Release to Production of WinZip, SecureZip and NetApp-Decru versions using SDLC and TDLC.

DELOITTE CONSULTING 2004 – 2007

CONSULTANT, TECHNOLOGY INTEGRATION

Set up a testing environment using a Data Protection solution (Decru) for Tape, NAS and SAN environments proposed to prevent loss or theft of corporate data for a Global Financial Service company.

Prepared and documented Test plans used.

Deployed the Decru storage encryption solution for UNIX and Windows environments in data centers and COB locations.

Assisted business unit leads within the Global Financial Service Company with compliance directives associated with Decru storage encryption solution.

Set up a testing environment using a Data Protection solution (Decru) for Tape, NAS and SAN environments proposed to prevent loss or theft of corporate data for a Global Financial Service company.

Prepared and documented Test plans used.

Deployed the Decru storage encryption solution for UNIX and Windows environments in data centers and COB locations.

Assisted business unit leads within the Global Financial Service Company with compliance directives associated with Decru storage encryption solution.

EDUCATION

M.S., Telecommunication • Boston University

B.S., Computer Science with Economics • University of Ife (OAU)

CERTIFICATIONS & DEVELOPMENT

EDM Council

Data Management Capability Assessment Model (DCAM) Certification

Cornell University

Financial Management

ITIL

ITIL v3

Harvard University

Project Management

Boston University

Computer Networks

ISACA

CISM (In Progress)



Contact this candidate