Risk Management Security Analyst

OLUWAYEMISI REBECCA OLUFUNSO

GRC ANALYST IT RISK ANALYST SECURITY ANALYST

●**********************@*******.*** ●214-***-**** ●Dallas, TX ●76065 ●https://www.linkedin.com/in/oluwayemisiolufunso/

PROFESSIONAL SUMMARY

Dedicated and experienced Governance, Risk and Compliance analyst with a proven track record of implementing and overseeing comprehensive cybersecurity risk assessment and risk management programs. Skilled in developing, updating, and reviewing security documentation and policies in compliance with NIST-CSF, ISO 27001, SOC, HIPAA, PCI-DSS frameworks. Adept at conducting security assessments in accordance with these frameworks for different clients across several industries including Finance, healthcare, government, and logistics. Adept at generating detailed reports and providing recommendations on cybersecurity risks to senior executives and stakeholders. Strong analytical abilities combined with excellent communication and interpersonal skills.

CORE COMPETENCIES

Cybersecurity Frameworks: HITRUST, SOC (SOC1, SOC2, SOC 3), NIST 800-53, NIST 800-37, NIST 800 -137, PCI-DSS, HIPAA, ISO 27001, CIS controls, NIST 800-53, FedRAMP, GDPR, CCPA.

GRC Tools: OneTrust, RSA Archer, Vanta, ServiceNow, Auditboard, Security Scorecard

Computing Technology: Amazon Web Services (AWS), Azure, Google Cloud Platform (GCP), SAP

Security Tools: OKTA, Sailpoint, Nessus, Splunk, AWS Trusted Advisor, Microsoft Defender, Microsoft Sentinel, Microsoft Active Directory, Veracode.

Project Management tools: Jira, Miro, MS Project, Confluence, Microsoft Office

Data Analysis: Advanced Excel, Data handling (SQL, Python), Data Visualization (Tableau, Power BI)

Business Acumen: Business Analysis, Project planning, Project Management, Risk Management

Non- technical skills: Critical thinking, Collaboration, Presentation, Course Planning, Time Management, Facilitation, Communication, Problem-Solving and Analytical Thinking

Security and Risk assessment related Skills:

oVulnerability management

oPenetration testing

oSecurity Information and Event Management

oCompliance monitoring and reporting

oGovernance framework development

oSecurity policy and procedure development

oGRC software implementation

oIncident response and management

oSecurity awareness training

oVendor risk management

oEnterprise Security Solutions Administration

oFirewalls Configuration

oSecurity Patch Management

oRoot cause investigation and analysis

oIncident Management & Disaster Recovery

oOWASP Top 10

oSANS

oData Protection

oSoftware Development Lifecycle

oIntrusion Detection, Protection and Firewall

CERTIFICATIONS

Security+

Certified Information Security Manager (CISM)

Certified in Risk and Information Systems Control (CRISC)

Certified Information Systems Auditor (CISA)

AWS Certified Cloud Practitioner

WORK HISTORY

Third Party Security Risk Analyst

Dynamic Agile Consulting – Dallas, TX December 2022 - Present

Developed and maintained comprehensive risk assessment methodologies to identify, assess, prioritize, and mitigate potential risks, vulnerabilities, and threats which led to reduction in critical cybersecurity risks by 50%.

c

Ensured compliance across clients SAAS applications, networks and databases ensuring adherence to secure coding principles, proper access control and data security which led to improvement in compliance scores by 70%.

Conducted Third party vendor security risk assessments and audits across their security architecture to evaluate the effectiveness of existing controls and processes and provided recommendations related to onboarding and due diligence reports.

Provided and implemented recommendations on improvement of processes and workflows related to the third-party vendor risk assessment program.

Collaborated with cross-functional teams to design and implement risk mitigation plans, ensuring alignment with organizational goals and objectives.

Identified and coordinated scalable security control enhancements, reducing risk, and improving performance efficiency across diverse technical environments.

Developed employee-facing technical documentation, internal wiki pages, and periodic security-oriented communications to spread awareness about Information Security policies and standards.

Conducted compliance assessments and gap analyses to identify areas of non-compliance and developed remediation plans to address issues.

Led the implementation of GRC Software solutions, streamlining risk management, compliance tracking and reporting processes.

Monitored regulatory changes and industry best practices, ensuring that the organization remained up-to-date and compliant with evolving requirements.

Prepared third-party portfolio reporting of risk and performance for senior executives, providing valuable insights into high-level security posture and vulnerabilities.

Completed security assessments, internal controls testing, and risk assessment for both clients and vendors.

Cybersecurity Risk Analyst

Jet Tax Service – Dallas, TX January 2020 – November 2022

Developed, updated, and reviewed System Security Plans (SSP), Plans of Action and Milestones (POA&M), Security Control Assessments (SCA), Contingency Plans (CP), Incident Response Plans (IRP), Risk Assessments (RA), policies, procedures, and security control baselines in accordance with NIST guidelines, and security practices.

Created Security Assessment Plans to initiate Information Security Assessments, conducting client interviews to determine system security posture and assist in completing Security Assessment Plans using NIST SP 800-53A.

Conducted security control assessments based on NIST-CSF framework ensuring compliance with established standards and regulations.

Ensured timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds.

Evaluated the Third-Party Risk Management (TPRM) program, identifying optimization opportunities and providing recommendations for process improvement.

Conducted business analysis to ensure alignment of TPRM functions with overall organizational and enterprise risk frameworks.

Served as a TPRM subject matter expert to the first line, providing risk management guidance and performing testing of controls for all phases of the TPRM lifecycle.

Reviewed third-party risk assessments for conformance to program objectives and methodology, assisting in researching, reviewing, developing, and maintaining TPRM policies and standards.

Planned and conducted security risk assessments for all third-party vendors/suppliers, designing and upgrading supplier questionnaires to cover new threat signatures.

Administered questionnaires to vendors to determine control effectiveness and tracked vendor progress on remediation efforts.

Reviewed and recommended enhancements to the organization's disaster recovery and business continuity plans, ensuring alignment with GRC principles and best practices.

Collaborated with internal audit teams to facilitate cybersecurity audits, ensuring adherence to established controls and timely remediation of any identified gaps.

Collaborated with IT teams to implement security controls and measures to mitigate identified risks.

Cloud Security Risk Analyst

Aacres WA LLC – Tacoma, WA July 2017 – December 2019

Developed and implemented risk assessment methodologies specific to AWS Cloud environments, ensuring alignment with industry best practices and regulatory requirements.

Conducted comprehensive security assessments of cloud infrastructure, platforms, and services, identifying potential risks and vulnerabilities.

Utilized

posture, collaborating with stakeholders to implement remediation measures.

Communicated industry-standard frameworks such as CIS Controls, and AWS Well-Architected Framework to assess cloud security controls.

Defined and tracked Key Performance Indicators (KPIs) to measure the effectiveness of cloud security risk management efforts, including metrics related to risk reduction, compliance status, and incident response.

Provided actionable recommendations to mitigate identified risks and improve cloud security assessment findings and recommendations to senior management and technical teams, facilitating informed decision-making and prioritization of security initiatives.

Conducted ongoing monitoring and reassessment of cloud security controls to ensure continued effectiveness and compliance with evolving threats and requirements.

EDUCATION

Bachelor of Science in Chemical Science

Adekunle Ajasin University Akungba- Akoko, Ondo State, Nigeria

Contact this candidate