Post Job Free
Sign in

Cyber Security Information

Location:
Basildon, Essex, United Kingdom
Posted:
March 08, 2024

Contact this candidate

Resume:

Olanre Omikunle

M- 079********

******.********@*****.***

C- British & EU

Active Security Clearance

CRISC & CISA Certified

Cyber Security & Information Security

An Expertise with years of proven experience in Cybersecurity & Information Governance Compliance. Efficient and competent with proactive mind in achieving both company and client expectations, whilst acknowledging discretion and flexibility during crucial decision making. A self-starter who enjoys working in a stimulating and challenging environment with ability to meet deadlines using effective communication, time, and relationship management skills effectively. Excellent working Knowledge of DART, CBEST, CSIR, DRP, BCP, CIRP, BIA, Cloud, EU GDPR, CCPA, HIPPA, UK-DPA2018, e-Privacy, PCI DSS, PERC including Global Cookies Law with Compliance Regulations, SOC focused.

SKILLS

Technologies and Module Competencies

•Third Parties relationship management experience in development of policies, process and supporting documentation in meeting both business and regulatory standards.

•Good experience of Information Security Governance and best Practices – GRC, Network Security Controls, Cloud Security Controls/Frameworks, Devices monitoring and control SOC/SIEM.

•Working Knowledge of NCSC, ISOs Standards, MOD DART, JSP 440, NIST, CSIR, DRP & BCP, CIRP, BIA, PCI DSS, Strong Customer Authentication Regulatory Technical Standard (SCA RTS –PSD2) Security Assessments Questionnaire (SAQ) & AOC – Cyber Security essentials.

•Experienced and in use of ISO27001/27005/NIST Security Framework

•Good knowledge of security solution i.e., Firewall. IDS/IPS, VPN &DLP/Endpoint including Auditing PCI-DSS Checklist/Assessments

•Experience of working within an agile environment.

•Able to respond to aspects of cyber security queries & working knowledge of DevOps Tools in Circa environments.

•SOC analyst Experienced in identifying potential threats and ensuring security of networks within Organizations and Suppliers/Vendor Management and identifies issues and problems with a security system and conducts repairs and optimize for efficient usage - advises across EIT/EAT, Monitoring and Auditing, Logging, and Patching Strategy, Version controls and updates, Cloud Policies and Procedures (S3, Containers et al)

•Strong knowledge of system, network security, log analysis and intrusion detection technologies, end

•Data Loss Prevention, Retention, Minimisation, Deletion and Storage– GDPR/NCSC/GRC

•Threats control- HBIS- Host Based Intrusion Systems, DIS- Detection Intrusion Systems, PIS- Prevention Intrusion Systems- SOPHOS, Virus Total, Dark Trace, FireEye, Wireshark Network Analyser, Network Security Controls

•APT- Advance Persistent Threat-Use canning tool, and Early detection.

•AWS/AZURE/GCP, IBM – Architecture

•RITS

•VirusScan / Virus Total

•Microsoft Exchange Admin, Azure/IAM/PAM/ Email Quarantine, Email Rules.

Working Knowledge of Controls in 10 Priority Cyber Attacks Area for protection and prevention

•Multifactor Authentication - 0365

•Virtual Private Network (especially for home working staff working from home)

•Remote Desktop

•Endpoint Detection and Response

•Incident Response Planning

•Infrastructure and Segmentation

•Backups

•Access Control

•Security Control Training

•Email Hygiene

SECURITY ASSESSMENTS FRAMEWORKS & DevOps Tools

•Good Knowledge of Security Risk Assessments Methodology (RAM) Security Risk Assessments (SRA), Maturity Assessment, Opens AMM Assessment Toolbox, NIST, ISOs, PCI DSS, (DevOps (Tools) Security Risks Assessments Review/ IAM &User Access Audit/Reviews/Endpoint Protection Audit/BCP/BIA/DPIA) Dark Trace/ Sophos, Exchange Admin Centre, Microsoft Azure/Quarantine

•Expertise in conducting Third Parties information security management.

•Experienced in conducting internal (insider) and external vulnerability assessments.

•Experienced in conducting web application security assessments.

•Cyber Security Incident Response, Business Continuity Plan, and Disaster Recovery Plan, Business Impact Analysis

•Experienced in analysing potential threats and attack attempts, Threat Model

•Experienced in development of metric based on requirement of DevOps Matrix controls.

•Experience in Security Device management policy i.e., BYOD & Technical and Policy advisory

•Standard Operating Procedures (SOP) Safe Management, Physical Security Control

•Threat Modelling/Ranking, Response Trees (Policy & Procedure)

•Working Knowledge of SOC – (incl., Event management, Intrusion detection, Log and Monitoring)

Employment History

Home Office.

Security Operations & Assurance Manager – Active Security Clearance.

Dec 2022 – Till date

Summary – Cyber Security & Assurance

Conducting Security Assurance and Risk Assessments of both known and unknown vulnerabilities (Tenable threat Scanning), likewise risks in different environments. Verifying the confidentiality, integrity, and availability of data and end points devices, technology/software through assessments and control frameworks and standards. Report any control violation findings through organization risk management framework /model. Updating progress on Security Action Trackers via Risk Treatment Plan RTP- ISO27001, Risk Register Iso27005. Attending Stakeholders CAB, Periodic Security Audit meeting, validating DART Assurance Risk Tool.

Advising development teams on strengthening authentication, access controls, and data protection, and monitoring applications to detect intrusions and Malicious Attacks.

Providing technical guidance and work associated with the implementation, evolution, and operations of the multi-layer authentication infrastructure to include authentication systems for a new application or in change systems.

Working as a partner with system, infrastructure, application, and cybersecurity teams to determine/create integration strategies/patterns that allow secure access across programs and applications.

Define and document security requirements for new application, while identifying the appropriate configurations.

Identifying and documenting application threats, vulnerabilities, and risks, and advising development teams how to protect against such.

Ensuring the security of the system lifecycle through code reviews and testing.

Document, update, track and manage all application security documentation to include NCSC required security documents (System Security Plan, Incident Response Plan, Security Assessment Reports, Security SOPs, ISAs, MOUs) required for the application's Authority to Operate (ATO). Shepard all plans/documents through the Government process to ensure reviews and approvals are completed as planned.

Keeping in close coordination with Government and contractors to ensure timeliness of plan/documentation reviews and approvals.

Working with stakeholders to ensure authentication controls are understood from a security perspective, and working with the development team to plan, develop and implement solution.

Works with the development team to resolve findings from security scans, reviews, or penetration tests.

Helping incident response teams respond to detected intrusions/Vulnerability.

Conducts protection needs assessment.

Identifies security requirements to include those inherited by the client infrastructure, and those to be implemented within the application. Work with stakeholders to elicit and formally document security requirements using ISO27005 – Risk Assessment Methodology

Developed the application's security architecture in collaboration with the Architectural and development team.

Performing and documenting threat assessment.

Assessing the security posture associated with networking, security technologies, hardware, and software development, through testing and evaluation.

Providing supports on vulnerability assessment, penetration testing, and supply chain risk management activities.

Working with teams performing code reviews and conducts testing to ensure security is built in as planned during secure by design.

Evaluated and managed project compliance with NIST 800-53 controls and performed annual reviews to update the inventory of controls.

Worked with the development team to ensure the remediation of identified vulnerabilities and Plan of Action and Milestones (POA&Ms) are analysed, understood, and resolved based on priority levels defined.

Created Risk Management process and Procedure with use of HMG and MoD Policies, SPF, JSP440, JSP 604, and TEMPEST.

Updating and documenting third parties Risk Assessment using ISO standards, as required for projects up to delivery and implantation while advising accordingly on mitigating inherent risks, using developed Security Risk Assessments, Risk Treatment plans, Risk Assessments Methodology, and Risk Register Documents, discovery risks where applicable in recording Vulnerabilities and Significant risks.

Designing and facilitating Policies Asset Register, Policy updating, creating and developments.

Producing Security Case document using NIST and NCSC recommendation Model.

Validating Assurance Risk Tool based on NCSC standard.

Verify the confidentiality, integrity, and availability of data and technology through assessments and control frameworks.

Maintaining relevant documentation related to information security through Cyber Assurance Risk Assessment Methodology, conducting security control analyses and Risks Assessments Reports.

documenting Criticality discovered, recommending Security Requirements Controls as highlighted through the frameworks via Security Gap analysis.

Updating progress on Security Action Trackers via Risk Treatment Plan RTP- ISO27001, Risk Register Iso27005.

Attends Stakeholders CAB (Change Advisory Board meeting) and other Periodic Security Audit meetings to ensure remediation and mitigations leverage.

Norfolk & Norwich University Hospital – (NNUH) Norwich

Cyber Security Engr (SOC/SIEM) & Information Security Risk Manager – SOC/SIEM.

June 2022 – Dec 2022

Summary - GRC/SIEM

Managing Threat and Vulnerabilities (Microsoft Defender/ATP/MDP/Source Manager) Enabling security risk assessments and management of deliverables by providing remediation for improvement on identified known and unknown Vulnerabilities/Threat. Managing Teams in risk Assessment Methodology, conducting security control analyses and Risks Assessments Reports, documenting Criticality Assessment, Security Requirements Controls, Security Gap analysis, Cloud Pre-Production, Test assessments, and updating Remediation plan via Risk Treatment Plan RTP- ISO27001, Risk Register Iso27005. Process and Legislation - Produced Cyber Security Policies i.e. Systems Hardening Policy, Password Policy and AUP.

Monitoring Threats, and quarantine threats, and spam/phishing through use of Microsoft Defenders/ Mail flow.

Privileged access management – SOPHOS

Third parties certification process, records asset management.

Risk Assessments Methodology, and Risk Register Documents, discovery risks where applicable in recording Vulnerabilities and Significant risks.

Facilitated Microsoft alerting rules and monitoring and alerting of email threats through Quarantine, Microsoft Exchange Admin Centre, Azure Portal, Assess CVE impacts and providing documentation on action plan for mitigation/remediation.

SOC/SIEM through use of Darktrace, Sophos, ATP, and device scanning, Audit Logs, Firewalls, Ips et al for Network, web/applications monitoring, email rules trace.

Providing security risk assessments on a wide variety of identified vulnerabilities and Threats including assurances of configuration accuracy in network systems.

Facilitating a team to function within both Process and Legislation, and Risk & Governance for the implementation of risk framework for a better solution for attaining ISOs regulatory compliance throughout all workstreams of the business as well as third party governance forums.

Responsible for and Developed Cyber Security Policies including Systems Hardening Policy, Password Policy, Acceptable Use Policy.

Responsible for assessments of security issues and part of decisions on operational matters – with coms to wider staff during intrusion detection - Cyber Alert.

Providing guidance and recommendations for third parties on principles of security architecture in Cloud, access control and end device management while Deputising for the CISO as required, such as responding to audits, legal and compliance requirements, or project sign-off.

Documenting Incident response on identified vulnerabilities as well as active security incidents.

Identifying and researching future security initiatives to protect clients & customers.

Communicating of security issues, describing technical and non-technical findings to Stakeholders, and representing role of an authority and SME on all aspects of Cyber Security notifications.

Accountable for the maintenance and further development of security monitoring of infrastructure and data systems.

Conducting risk assessments across the business by managing security incidents and assisting in their resolution.

Conducting vulnerability assessments on aspects of the infrastructure, including O365.

Working with the CISO in maintaining ISO27001, setting security strategy and policy also on various initiatives to promote a positive security culture with all staff and key stakeholders.

Providing advice and insight on broader cyber security issues affecting wider business area.

Fujitsu – London.

Cyber Security & Information Security Risk Consultant /GRC SME – USED SC Cleared

July 2021 – May 2022

Summary: - CISO SME:

Third Party Security Control Assessments Management, CBEST Remediation highlighting risk assessments, documenting, and recording vulnerabilities associated with different clients; Monitoring and updating vulnerabilities records, implementing cyber security controls as essentials, reviewing, and providing remediation for improvement on identified known and unknown Vulnerabilities in ensuring mitigation meets control standard as established for business continuity. Managing Teams in risk Assessment Methodology, conducting security control analyses using 5Ws1H, reviewing and providing remediation for improvement on identified known risks – SOC, SIEM.

•Assessed security and vulnerabilities presence and potential during and post system decommission, IPS/IDS – using standard methodology requirements/SIEM.

•Managing Threat and Vulnerabilities (Microsoft Defender/ATP/MDP/Source Manager) Enabling security risk assessments and management of deliverables by providing remediation for improvement on identified known and unknown Vulnerabilities/Threat.

•Facilitated and provided robust technical security architectural framework surrounding infrastructure to reduce exposure of business information, limiting opportunities for unauthorised access and frequency impact of targeted cyber-attacks via Host Based intrusion detection Systems (HIDS) and Network based Intrusion Detection Systems (NIDS)

•Processed Security Risks Assessment on Auto mining process and Task mining (Soroco Scout and UiPath) with developed Matrix while engaging stakeholders on Remediation / Mitigation controls as applicable on Security controls - SOC/SIEM - AWS

•Facilitated a team to function within both Process and Legislation, and Risk & Governance for the implementation of risk framework for a better solution for attaining ISO SAE 21434/UNR155 regulatory compliance throughout all workstreams of the business as well as third party governance forums.

•Updated Policies and procedures affecting third parties Risk Assessment using ISO standards, as required for projects up to delivery and implantation/advised accordingly on mitigating inherent risks, using developed Security Risk Assessments, Risk Treatment plans, Risk Assessments Methodology, and Risk Register Documents, discovery risks where applicable in recording Vulnerabilities and Significant risks/SIEM.

•Participates in cybersecurity incident response scenarios by collecting, analysing, and preserving identified risks, threats for review to ensure management policies meets GRC/regulations and statement of applicability.

•Engaged in risk management and audit tools and providing ad hoc support/consultancy.

•Performing on-site and remote third-party security assessment of critical suppliers across business units that transmit, process, or store sensitive data on Cloud migration program.

•Work with existing and new suppliers to confirm exit strategy, data retention and data return measures.

•Supporting and guiding the industrialisation of "Secure by Design" of the business with Third parties on Cloud migration program

•Managing security risk at a Portfolio level for as a BAU and undertaking application and platform development using Secure by Design principles; including running risk and impact assessments

•Reviewed and Implemented Data Security Policies / Procedures for Business Continuity, Disaster Recovery Plan. Ensures operations aligns with compliance, regulations i.e., GDPR, PCI DSS, NIST, NCSC amongst other global compliance and privacy laws.

•Facilitated and integrated data and developed solutions in helping client’s third parties with Splunk Cloud Services.

•Reviewed and developed third Parties agreements policies including GDPR, CCPA on topics i.e., Data Sharing Agreement and Data Processing Agreement and ensured agreements updates, and Security Controls requirements/responsibilities (NCSC/NIST)

HMRC – London & Southend.

SC Cleared USED. Cyber Security & Information Security Risk Consultant (Assessor) - GRC SME

March 2020 – June 2021

Summary: - Security Assessments Management by embedding Security at the Design stage, and implementation of security control as part of the process; Engaged Security Architect, development Teams in risk Assessment Management, conducting security control measures, reviewed and provides remediation for improvement on identified known and unknown Vulnerabilities to ensure established mitigation meets control standard for business continuity. Participates in cybersecurity incident response scenarios by collecting, analysing, and preserving digital evidence; Security Architect for review and configuration of management policies meets GRC/regulations and statement of applicability. Engaged in risk management and audit tools and provided ad hoc support/consultancy.

•Facilitated Risk Assessment Documents required for projects up to delivery and implantation/advised accordingly on mitigating inherent risks, using developed Security Risk Assessments, Risk Treatment plans, Risk Assessments Methodology, and Risk Register Documents, discovery risks where applicable on Cloud migration program.

•Completed DevOps Security Risks Assessment & Tools Matrix and engaged stakeholders on Remediation / Mitigation plan on required Security controls – AWS & Azure

•Rationalized complex information and simplified for teams to work with, specifically NCSC advisers and HMRC Assurors.

•Liaised with Business Owners in identifying impacts associated with information assets to update Security Aspects Document (SAD) and Business Impact Assessment (BIA) and Statement of Applicability SoA.

•Attends and contributes to each project’s Agile Sprints, containing high priority developments (HLD&LLD)

•Attended and participated in daily security stand-up meetings on critical priorities to monitor developments.

•Chase up implementation of remediation plans through identified prioritized risks for mitigation risks & closure.

•Facilitated and completed GDPR Records of Processing Activities (ROPA) on all systems/components across all Delivery Groups.

•Responsible for DPIA/BIA periodic updates.

•Facilitated the implementation of SIEM policies relevance with 5 Use Cases.

•Documented Data Security incident response, including offshoring filling, Open-Source document review and update, built Tooling Matrix for SRA, facilitated, and completed Scope doc for Pen testing et al.

•Policy and documentation update on EIT/EAT, Monitoring and Auditing, Logging, and Patching Strategy, Version controls and updates, Cloud Policies and Procedures (S3, Containers et al)

•Worked Closely with security architect, Functional architecture teams, and development teams to identify and document key information and security risks that need to be mitigated as part of solution design and suggest required controls - Provided 2nd line expertise and guidance on operational risk.

•Contributed to peer-reviews of HLD, LLD and other project documentation on controls per journeys & Credentials within Cloud.

•Facilitated gap analysis on Payment Card Industry Data Security Standard (PCI DSS assessments) by conduction controls checks, and assessment review.

•Understanding of Endpoints and produce a Security Risk Assessments on Industry’s Standard and Regulations requirements – CIS/NCSC required.

•Analyse and reviewed all components affecting production environments to detect security updates as required and produced SRAs (Security Risks Assessments), RTP, RAM, onwards Risks Register update.

•Working knowledge of SOC in identifying potential threats and ensuring security of networks within Organizations and Suppliers/Vendor Management and identifies issues and problems with a security system and conducts repairs and optimize for efficient use – produced log review/assessment.

Airbus UK/EU/Row

GRC, Information & Cyber Security Specialist SME- SC Cleared USED

Feb 2019 – March 2020

Summary: - Third Party Security Assessments Management and Record of Processing managements; Engaged Third Party (vendors/Suppliers) in risk Assessment Management, reviewed and developed DSA/DPA, Retention and deletion policy, conducted security control measures, reviewed, and provides remediation for improvement to ensure established standard meets business continuity with GRC related. Participated in cybersecurity incident response scenarios by collecting, analysing, and preserving digital evidence, Security Architect for review and configuration management policies.

•Reviewed and Implemented Data Security Policies / Procedures for Business Continuity, Disaster Recovery Plan. Ensures operations aligns with compliance, regulations i.e., GDPR, PCI DSS, NIST, NCSC amongst other global compliance and privacy laws.

•Reviewed and developed third Parties agreements policies including Data Sharing Agreement and Data Processing Agreement and ensured agreements updates, and Security Controls requirements/responsibilities.

•SOC analyst Experienced in identifying potential threat through 5 use cases, disaster recovery plans, collation and incident reports to Business on Staff or internal breach (HR) and tracking post incident for closure and design training as future prevention – GCP/Azure

•Reviewed and updated Risk Management and Compliance Risk frameworks including DPIA, Business Impact Assessments (BIA) Risk Managements and Accreditation Documents Sets

•Security risks guidance, ensured remediation recommendation applied following business continuity, using PCI DSS Security Assessments Questionnaire (SAQ) amongst other framework such as Cobit5, NIST, RAC1 Inc., Organisation Risk Management Framework, Security Architect reviews.

•Delivered Security and Compliance awareness with training initiative framework across core staff.

•Facilitated and Generated Project Assessment document as produced by the organisation’s standard/SOP.

•Produced incident report updates and progress reports monthly for improvement and prevention.

•On-boarding the new operational procedures, and Policies updates

•Research – External Focus, create/ initial draft of Assessment, in line with project scope, an outcome from engagement with third Party and delivery for review.

•Managed and provided Information Security Incidents & records events in Incident Response logbooks.

•Identifying potential external resources cyber incident related.

•Third Parties security remediation and Implementation follow up.

•Provided project security guidance, design input and design Assessment including risk assessment framework; Vulnerability management, and Privilege Assess Management, Data Loss Prevention, Endpoint protection, BOYD and COPE protection and policy across all divisions.

•Providing basic Cyber Security training in risk mitigation and avoidance, and Facilitates Response Calling Tree

•Excellent working knowledge of Identity and Access Management, Control measures, and DLP

•Developed and maintaining close working relationships within relevant business contacts to ensure early visibility of technology change to enhance high visibility of security responsibilities.

•Reviewed end to end connectivity within the organisation for SIRO’s validation.

Newham Health Collaborative (NHS) – London

May 2018- Feb 2019

Information Governance Manager/Privacy SME (GDPR) –NHS Data Security & Protection Toolkit - GRC

Summary

Acted as interim Information Governance Manager for the commission in meeting NHS set standard for data security and protection toolkit also known as IG-toolkit. Provided Training, developed/created Deliverable for Processes, Procedures, and compliance Frameworks. Designed Training Needs Analysis Matrix and established routine data security procedure including Breach Management approach (processes and procedures) FOI.

Key Responsibilities

•Facilitated the registration and management of the Data Security & Protection Toolkit (DS&P/IG-toolkit) to meet NHS standard. –IG/GDPR/FOI Mandatory Requirement.

•Updated all compliance Records, including registration and certification (ICO & NHS-IG).

•Developed and coordinated Risk Assessment framework on Caldicott Guardian - IG & GDPR requirement.

•Carried out GDPR compliance training with reviewable amendment amongst staff.

•Designed and developed Training Needs Analysis Matrix (Matrix) plus other Compliance toolkit.

•Designed and completed suitable ROPA for NHC- GDPR, FOI.

•Produced Data Privacy Impact Assessment policies template, including Legitimate Impact Assessment

•Developed robust External Privacy Policy.

•Providing GDPR Training to key members of Various Business Units across the organisation.

•Facilitated Data Subject Assess Request Policy Template with workflow.

•Produced Third party sharing agreement templates.

•Created Information Asset Register, provided training for business continuity.

•Designed and Produced Data Breach Management Policy and Procedure.

•Produced an IG Audit Spot Check and carried out comprehensive Spot treatment.

•Facilitated and produced Pseudonymisation Policy for stake holder approval.

•Liaised with stakeholder and encouraged Business Units on Privacy Compliance and Data Security Continuity.

GSK - London

Information Security Consultant/Analyst (GDPR) -

Oct 2017 – May 2018

Summary: - Subject matter expert, provided client with independent, jargon-free advice, and advanced technical capabilities to manage security risk. Delivered IT security assurance and advisory services to clients including cyber maturity management (CMA) using OpenSAMM to Identify Data Leakage, Identity and Access Management (IDAM), Privilege Assess Management (PAM), networks and industrial control systems (ICS), Security Awareness, incident Response Procedures, Vulnerability Management and Third Parties Risk Assessment Management.

•Participated in cybersecurity incident response scenarios by collecting, analysing, and preserving digital evidence; ensured that cybersecurity incidents are recorded and documented according to procedures using established framework including near miss.

•Assisted Business Units in understanding technical requirements and facilitated consultancy engagements in cybersecurity awareness. Also conducting Risk Management and Governance Compliance Risk.

•Provided cyber incident management workshop training to Systems Users across Business Units and facilitated and developed BYOD and COPE Case requirements.

•Contributed to the ongoing development of information security systems, policies and procedures through implementation, continuous review and identification of gaps or non-compliance among core systems owners and users.

•Conducted third party security assessments of new vendors and suppliers involved in the digital supply chain in relation to GDPR i.e., Sharing Agreement. Also helped managed and maintained relationships with personnel both within the company and 3rd party partners to ensure vulnerabilities are remediated within agreed timescales and cost effectiveness considered. Data Mapping (Records of Processing Activities, GDPR Art 30)

Capital One –

Cyber Security Consultant, GDPR -

April 2017 – Oct 2017

Summary: Performed incident analysis, determined root cause and proper mitigation of cyber security events, carried out Risk Assessments / Management and offered remediation plan, process, and procedures. Engaged with other teams to mitigate cybersecurity threats, improved processes, and improved on security posture, analysed threat intelligence for relevancy, impact, and exposure. Research and incorporate relevant threat intelligence during the incident investigation and communicated updates in written and verbal reports.

Facilitated gap analysis on Payment Card Industry Data Security Standard (PCI DSS assessments) by conduction controls checks, and assessment review.

•Managed information security delivery work stream on a technical and strategic level, guided high-level priorities in risk management and actioned with Operational support and guidance.

•Facilitated gap analysis on Payment Card Industry Data Security Standard (PCI DSS assessments) by conduction controls checks, and assessment review.

•Provided training and prevention awareness in malicious attacks offering remediation in critical situations, and across all levels of organisation(s).

•Facilitated



Contact this candidate