BABATUNDE ODUOLA

Houston, Texas. Phone: 254-***-****

Email: ad5azg@r.postjobfree.com

Personal Profile

Strategic Cybersecurity Professional with a record of developing and executing strategies that scrutinize and manage risks while upholding compliance with critical regulations. Expertise in leading cross-functional teams to achieve 100% compliance with a broad spectrum of regulatory standards, including ISO27001 & 27002, GLBA, NIST, CIS Controls, PCI-DSS, GDPR, SOC, and SOX. Demonstrated success in enhancing organizational compliance posture through the development and deployment of comprehensive risk management strategies, resulting in a massive improvement in compliance metrics.

Professional Skills

Governance, Risk & Compliance Framework

Risk Assessment

IT Risk Management

IT Audit Management

Regulatory Compliance

Policy Development and Implementation

Third-party risk management

Elicitation Techniques: Brainstorming, JAD sessions, Workshops, Documentation, One-on-One Interviews.

Soft Skills: Excellent Written and Oral Communication skills, Facilitation, Presentation, Negotiation, Leadership, Organization, Stakeholder Management, Attention to detail, Accountability, Resilience

Professional Experience

Senior GRC Analyst Sep 2022 – Till present

PAYMENTS CA

Responsibilities:

Addressed critical flaws within the Real time Rail project's security architecture and the Lynx payment platform, delivering strategic solutions that enhanced system integrity and reduced security gaps.

Maintained policies governing data, networks, and other services to support NIST, ISO27001 and PCI DSS compliance.

Performed Ad-hoc and Standardized risk and compliance assessments to ensure payment infrastructure complies with internal policies and aligns with the NIST, ISO27001 and PCI DSS frameworks.

Spearheaded risk and compliance assessments involving scope determination, process development and changes, testing, documentation, reporting and remediation activities with diverse business units, mitigating risks and aligning defensive strategies with corporate objectives.

Architected and deployed a GRC framework that standardized risk assessment, policy formation, and procedural guidelines, leading to a robust improvement in governance efficiency.

Monitored and achieved compliance with industry regulations and internal policies, maintaining an absolute compliance rate.

Orchestrated training initiatives that bolstered employee compliance and risk management proficiency, resulting in a significant decrease in compliance deviations.

Forged partnerships with auditors to streamline audit processes, review external and internal audit compliance and ultimately remediate findings, contributing to a significant reduction in compliance discrepancies.

Track and report completion of action plans, provide status updates to all necessary stakeholders.

Interface directly with Vendors and business functions to identify changes to existing procedures and processes and recommend and initiate remediation plans.

Prepare reports and briefing notes for management, member groups and the Payments CA senior management as appropriate.

IT Risk and Compliance Analyst Oct 2021 – Sept 2022

STADXL Consulting Ltd

Responsibilities:

•Executed bi-annual risk assessments and crafted tailored risk mitigation strategies, which resulted in a significant reduction in potential threats to the organization's information infrastructure.

•Monitored and mitigated vulnerabilities disclosed by the software providers, responded to information security incidents, performed root cause analysis, communicated issues to affected parties and managed business continuity.

•Led internal and external audits of the security infrastructure, ensuring absolute adherence to industry frameworks and pinpointing improvement opportunities that bolstered system security.

•Partnered with legal and compliance teams to address regulatory queries and audits, navigating several audits without significant infractions.

•Crafted critical documentation such as business requirements, user training manuals, and traceability matrices, enhancing user comprehension and system usability.

•Reviewed implemented changes periodically to meet strategic objectives, maintaining a continuous improvement cycle that improved process outcomes.

•Deepened the understanding of business needs by engaging stakeholders in discussions and interviews, leading to a significant improvement in meeting user requirements.

IT Audit and Risk Analyst Feb. 2018 – Jun 2021

TDBANK

Responsibilities:

Led Audit planning and execution initiatives in accordance with established guidelines and standards such as ISO27001 and COBIT

Evaluated effectiveness of IT controls and assess compliance with regulatory requirements and internal policies.

Oversaw risk assessments by identifying, assessing, and prioritizing IT related risks that could affect the organization’s operations, assets, and reputation.

Participated in responding to and investigating IT security incidents, including conducting root cause analysis, and recommending corrective actions.

Developed risk mitigation strategies and action plans to address identified risks.

Conducted test of IT controls to ensure effective operations and actioned risk response plans to identified risks.

Documentation of test results and recommendation of improvements to control processes where needed.

Monitored compliance with regulatory requirements to ensure adherence to industry standards and regulations.

Checked security control logs to ensure conformance to internal policies and standards and report on cases where conformance is not absolute.

Development and delivery of IT security awareness and training programs for employees to address misconceptions and enhance their knowledge of security risks and best practices.

Development and maintenance and IT security policies and procedures based on best practices and ensure communication and enforcement throughout the organization.

Continuous evaluation of IT audit and risk management to improve and stay abreast of industry trends and emerging threats.

Vendor Risk Assessment analyst/Manager Dec 2012 – Feb 2018

FIRST CITY MONUMENT BANK

Responsibilities:

Recommended and executed an overhaul of First City Monument Bank's vendor risk management framework, enhancing assessment methodology and reducing vendor-related risks significantly within the first year.

Prepared assessment reports that included findings, risk levels, recommendations for remediation, target, and completion dates

Reviewed SOC 2 and Pen test reports to validate findings.

Partnered with It compliance resources to implement the Venminder third party risk management platform to support Vendor assessments and review vendors.

Led the implementation of advanced risk analysis software, boosting the efficiency and accuracy of vendor risk assessments significantly.

Negotiated and secured multiple strategic partnerships with key vendors under favorable terms, achieving a significant cost reduction and improved service quality while adhering to regulatory standards.

Optimized vendor onboarding procedures to reduce process times significantly, ensuring absolute compliance with all regulatory and bank-specific risk criteria.

TECHNICAL ACUMEN

ServiceNow, Venminder, KCM, Qualys, Microsoft Office Suite (Word, Excel, PowerPoint), SharePoint Online, Azure, AWS, Visio, Jira, Mock flow, and Lucid Charts.

Educational and Professional Qualifications

Project Management Professional (PMP)

Project Management Institute, USA

Certified Information Systems Auditor (CISA)

Certified in Risk and Information Systems Control (CRISC)

Bachelor of Science in Economics & Education (WES assessed)

Obafemi Awolowo University, Ile-Ife

Contact this candidate