Information Security Analyst

Olu Bodunde

Information Security Analyst GRC Specialist Third Party Risk Analyst

Phone 678-***-****

E-mail ********@*****.***

LinkedIn www.linkedin.com/in/obodun

Results-driven and detail-oriented Information Security Analyst with a solid foundation in Governance, Risk, and Compliance (GRC) and specialized expertise in Third-Party Risk Management (TPRM). Armed with years of experience, I have a proven track record of developing and implementing robust security policies, procedures, and controls to fortify organizations against cyber threats. My adeptness encompasses ensuring compliance with diverse security frameworks, including HIPAA, PCI-DSS, TPRM, ISO 27001, SOX, and SOC. Committed to creating and maintaining resilient security postures through strategic risk mitigation and compliance measures.

Technical Skills & Tools

Assessment and Authorization (A&A) NIST 800 Series Plan of Actions and Milestone (POAM) System Security Plan (SSP) System Assessment Report (SAR) Risk Analysis Risk Assessment Risk Control & Mitigation Security Life Cycle Threat Reports Contingency Planning Data Security Developing security plans Implementing security programs Wireshark Nmap Implementing security controls Nessus Software TPRM ISO 27001 PCI DSS Risk Management Framework (RMF) SOX HIPAA SSAE SIEM Monitoring iOS/OS platform security Mobile/tablet device security Penetration testing Ethical hacking Vulnerability assessment Network security Firewall management Encryption Access control and authentication Log management and monitoring Jira Confluence Mural Project Management Systems Risk Assessment Technical Writing Data Analysis Business Application User Support Performance Management Vulnerability Assessment SOC Privacy

Other Areas of Expertise:

Risk Management and Mitigation

Compliance Management (HIPAA, PCI-DSS, TPRM, ISO 27001, SOX, SOC, COBIT)

Third-Party Risk Management

Security Policy Development and Implementation

Security Assessments and Audits

NIST Framework (800-53, 800-53A, 800-60, 800-30, 800-37, 800-171)

FIPS Compliance (FIPS 199, FIPS 200)

Information security policy and procedure development

Security awareness training

Excellent communication skills

Information Security Governance

GRC Automation Tools: RSA Archer, SAP GRC, MetricStream, ServiceNow GRC, Xacta, IBM OpenPages

Development Methodologies: Waterfall, Scrum, Agile, Iterative

Operating System: Windows win 7, 8, Vista, XP, 2000, UNIX

Microsoft Tools: MS Office (Excel, Word, Power Point), MS Visio, SharePoint, Teams, and MS Projects

Browsers: Internet Explorer 7,8, 9, Fire fox, Chrome, Safari

Work History

2020-01 - Current

Information Security Analyst

Top Group Technologies, LLC, LARGO

Conducted regular assessments of third-party vendors and their security controls to identify potential vulnerabilities or weaknesses in their systems.

Worked with vendors to ensure compliance with industry standards such as HIPAA, PCI-DSS, or ISO 27001.

Developed and executed risk-based approaches to assess and monitor third-party vendors, including continuous monitoring and reporting of risks and issues.

Conducted on-site assessments of third-party vendors' information security programs to ensure compliance with policies and procedures.

Developed and implemented third-party risk management metrics and reports to provide insight into vendor risk exposure and trends.

Maintained knowledge of industry standards and regulatory requirements to ensure compliance with vendor management practices.

Collaborated with internal teams such as Legal, Procurement, and Information Security to ensure appropriate risk management controls were in place.

Conducted due diligence assessments for mergers and acquisitions to assess third-party risks and compliance.

Reduced incident response time by 30% through real-time monitoring, correlation, and automated alerting, resulting in faster detection and containment of security incidents.

Improved threat detection capabilities by identifying and blocking 90% of malicious traffic, preventing potential data breaches and unauthorized access.

2018-02

2020-01

GRC Specialist Third Party Risk Management

Yahoo Inc Contract

Developed and implemented IT GRC frameworks, policies, and procedures to ensure regulatory compliance and mitigate IT risks.

Conducted comprehensive risk assessments and gap analyses to identify potential vulnerabilities and implement appropriate controls.

Conducted comprehensive assessments using NIST Cybersecurity Framework (CSF) to evaluate and enhance the security posture.

Collaborated with internal teams to evaluate and address IT risks related to data privacy, security, and business continuity.

Led the implementation of industry best practices and standards such as NIST, ISO, and COBIT.

Developed and delivered training programs on IT security awareness, regulatory compliance, and risk management.

Conducted audits and assessments to evaluate the effectiveness of IT controls and processes.

Implemented a TPRM program resulting in a 20% reduction in overall third-party risk exposure within the first year.

Conducted successful risk assessments for key vendors, identifying and mitigating critical vulnerabilities, and ensuring continued compliance.

Received commendation for effectively communicating complex security concepts to non-technical stakeholders, facilitating collaboration and understanding across departments.

Played a key role in achieving and maintaining compliance with regulatory standards and industry best practices.

Education

University of UNAD

Bachelor of Science in Accounting

University of Texas, Austin

Master of Science in Cybersecurity

Certifications

Certified Governor Risk and Compliance (CGRC)

Certified Information System Auditor (CISA)

CompTIA Security +

Health Insurance Portability and Accountability Act (HIPAA)

Contact this candidate