Post Job Free

Resume

Sign in

Risk Management Third Party

Location:
Atlanta, GA
Posted:
February 28, 2024

Contact this candidate

Resume:

OLUFEMI D. OGUNTOLA

(CISA, CISM, CDPSE)

718-***-****)

ad3zsc@r.postjobfree.com

THIRD-PARTY RISK MANAGEMENT CYBER AND TECH RISK

US CITIZEN

IT Audit, Third-Party Risk Management, Cyber, and Tech Risk professional with over seven years of broad experience in performing Vendor Risk Management and ITGC internal controls as part of financial audits, internal and operational audits, risk assessment, and audit readiness. Conducted IT audit projects such as compliance testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SAS 70 /SSAE18 reviews, using COBIT, PCI DSS, FISCAM, FISMA and NIST 800-53 with expertise in NIST publications, FISMA guidance, Risk Management Framework, security audit, vulnerability assessment, security lifecycles, and vulnerability management. Recognized for the ability to conduct, report, and manage detailed assessments, and vulnerability management including POA&M. Exceptional organizational and interpersonal skills cutting across departmental boundaries while maintaining strong communication and disseminating information from technical to understandable language to management, peers, and users.

PROFESSIONAL EXPERIENCE

EVERGY

SENIOR IT RISK AND COMPLIANT CONSULTANT 11/2022 - PRESENT

•Vendor Risk Management: Oversight of overall vendor risk portfolio, relationship management processes, governance, compliance standards, and performance tracking. Review of due diligence information of onboarding new vendors, periodic annual review, and termination. Ensure risk assessments, control assessments, and documentation reviews are completed in a timely and efficient way.

•Performed security assessments of new and existing third-party service providers and ensured they complied with regulatory and audit obligations, including review of controls and third-party attestation artifacts, e.g., SSAE 18/SOC1/SOC2/Pen. Test/ISO27001.

• Ensures that the First Line of Defense appropriately manages the enterprise risks relative to the units’ business activities. Primary risk focus within third-party risk Management, Enterprise Data, Identity Access Management, Artificial Intelligence, Property, and procurement as it relates to support and effective challenge of the Risk and Control Self-Assessment framework.

•Worked with the technology gating committee to support the strategic mission and objective of the IS security department as needed.

•Worked with e-GRC tools such as RSA Archer, Jira and monitoring tools like Security Score Card and categorized risk and highlighted items out of compliance using this platform to ensure secure and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.

•Review and update the TPRM information security procedures and work instructions.

•Tracked all critical, high, and moderate vulnerabilities identified in suppliers’ penetration tests, ensuring remediation is performed within industry standard remediation timelines.

•Communicated third-party security issues to stakeholders, ensuring their understanding of associated risks, mitigating controls, and actions needed to remediate those risks.

•Worked with e-GRC tools such as RSA Archer, and Jira and monitoring tools like Security Score Card and categorized risk and highlighted items out of compliance using this platform to ensure secure and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation.

•Focused on ensuring the risk management framework, processes, and practices are executed in a way that complies with internal policy and industry best standards while supporting a credible, principle-based risk strategy.

•Partnered and collaborated with First Line leadership, Enterprise Risk Management, and Internal Audit to ensure timely identification, mitigation, resolution, and reporting/escalation of existing, emerging, and upstream risks and issues.

TICHENOR & ASSOCIATES, LLP

SENIOR IT AUDITOR 04/2021 – 09/2022

Perform federal compliance and financial audits by developing the audit Programs, conducting audits, and preparing work papers and audit reports using FISCAM methodology, FISMA metrics, and NIST 800 – 53 SP.

Experienced in performing application control, ITGC internal controls as part of financial statement audit, risk assessment, attestation engagement, and compliance audit using COSO, COBIT, and PCI DSS frameworks in commercial sectors.

Developed and maintained a good working relationship with clients to enhance customer satisfaction, and work with client management and staff at all levels to perform audit services.

Develop a Kickoff template to streamline the distribution of Artifacts and other documents to SharePoint for Audit purposes.

Developed AR SOP to standardize the flow and process of audit work.

Conducted FISCAM and FISMA-based security risk assessments for various government contracting organizations and application systems - including interviews, tests, and inspections; produced assessment reports and recommendations; conducted out-briefings. Assessments were conducted following NIST 800 processes and controls.

Conducted risk assessments for enterprise technologies, products, services, and operations based on applicable framework requirements from ISO/IEC 27001, ITIL, COBIT, and NIST as well as PCI-DSS standards and CSA Cloud security.

Discussed the remediation process for past security vulnerabilities with the client. Experience in performing Application control, Financial Improvement, and Audit Readiness (FIAR) Audit in Government agencies.

Conducted in-depth risk-based security assessments of housed Cloud, vendor, and third-party hosted environments. The assessment focus included Risk Management, Physical Security, Identity and Access Management, Encryption, Data Loss Prevention, Secure Development, Incident Management, Security Infrastructure, and Security Policy.

Worked with vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access to.

Developed methodology of risk ranking vendors and streamlined level of effort for each assessment.

MINDLANCE, INC. / FEDERAL MANAGEMENT SYSTEM INC. 04/2019 TO 03/2021

SENIOR IT AUDITOR

** Mindlance, Inc. was a subsidiary of Federal Management System, Inc., which provides IT Audit and other services to various clients. The company was divided into two separate firms in 2018, in which employees were split amongst the firms.

I Perform federal compliance and financial audits by developing the audit Programs, conducting audits, and preparing work papers and audit reports using FISCAM methodology, FISMA metrics, and NIST 800 – 53 SP.

Experienced in performing application control, ITGC internal controls as part of financial statement audit, risk assessment, attestation engagement, and compliance audit using COSO, COBIT, and PCI DSS frameworks in commercial sectors.

Developed and maintained a good working relationship with clients to enhance customer satisfaction, and work with client management and staff at all levels to perform audit services.

Develop a Kickoff template to streamline the distribution of Artifacts and other documents to SharePoint for Audit purposes.

Developed AR SOP to standardize the flow and process of audit work.

Conducted FISCAM and FISMA-based security risk assessments for various government contracting organizations and application systems - including interviews, tests, and inspections; produced assessment reports and recommendations; conducted out-briefings. Assessments were conducted following NIST 800 processes and controls.

Conducted risk assessments for enterprise technologies, products, services, and operations based on applicable framework requirements from ISO/IEC 27001, ITIL, COBIT, and NIST as well as PCI-DSS standards and CSA Cloud security.

Discussed the remediation process for past security vulnerabilities with the client. Experience in performing Application control, Financial Improvement, and Audit Readiness (FIAR) Audit in Government agencies.

Conducted in-depth risk-based security assessments of housed Cloud, vendor, and third-party hosted environments. The assessment focus included Risk Management, Physical Security, Identity and Access Management, Encryption, Data Loss Prevention, Secure Development, Incident Management, Security Infrastructure, and Security Policy.

Worked with as vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access to.

Developed methodology of risk ranking vendors and streamlined level of effort for each assessment.

FEDERAL MANAGEMENT SERVICES - (1CE) WASHINGTON DC

IT AUDITOR 03/2017 TO 02/2019

Performed audit with IT general controls such as access control, change management, IT operations, disaster recovery, and platform reviews (Windows and UNIX OS)

Performed application controls assessment in the retail banking and Insurance industry by checking authorization control, interface control, computation control, and data validity check.

Performed internal and external IT risk assessments; conducted gap analysis against industry standards and provided recommendations on mitigation options.

Provided and assisted in the oversight of the Internal Audit participation of the Corporate Intern Program

Provided direct assistance to external auditors (performs work on behalf of external auditors and is supervised directly by external auditors)

Responsible for the review of the internal control environment to ensure the design, implementation, and monitoring of control points are efficient and effective, including risk assessments, audit plans, audit programs, and audit reports.

Developed and delivered SOX compliance, including Business/IT management and Internal Audit

Plan and execute audit assignments which include assessing the design and operating effectiveness of the internal control structure and compliance with policies and procedures.

Knowledge of the Standards for the Professional Practice of Internal Auditing (Attribute, Performance, and Implementation); familiarity with the Institute of Internal Auditors’ Code of Ethics and Practice Advisories for Assurance and Consulting Services

Developed and maintained effective working relationships with the external auditors and global Controllership teams, including Global Internal Controls Teams.

EDUCATION/PROFESSIONAL DEVELOPMENT

University of Lagos, Nigeria: - Bachelor of Science in Accounting

CERTIFICATION

Certified Information Security Manager (CISM)

Certified Information Security Auditor (CISA)

Certified Data Privacy Solution Engineer (CDPSE)



Contact this candidate