Risk Management It
Resume:
SAMUEL SOKOYA, Ph.D.
CISA, CISM, CRISC, CEH, CHFI
North America
Phone
**********@*****.***
Relevant Experience
IT Risk and Compliance Manager Feb 2020 - Present
Infosys Limited
■ Delivered customer-facing requirements by applying traditional security lifecycle management processes.
■ Worked with project managers and business analysts to ensure that security requirements were adequately identified and addressed as part of system development efforts.
■ Provided Subject Matter Expertise in security assessment and risk management.
■ Executed comprehensive Third-Party Risk Management (TPRM) programs, assessing and aligning vendor security profiles with industry standards and regulatory requirements.
SUMMARY
I am a senior GRC specialist skilled in IT risk and security management. Experienced in client and technical support management, worked in various areas of cyber security practice that include but are not limited to IT security operations, IT risk management, 3rd party/vendor risk management, Controls Assessment, compliance
management & Endpoint system management.
• Expertise in managing IT General Controls
(ITGCs) related to significant systems, with a
specific focus on aligning with SoX and NIST key
controls.10+ yrs. of Security and Compliance
• 8 + yrs. in IT controls assessment, IT security, internal controls, regulatory compliance, quality
assurance, or process improvement
• 10+ yrs. in Identity & Access management
architecture
• 8+ yrs. in Cloud platforms Security.
• 6+ of License check & Activating Audit
• 8+ yrs. of end-2-end implementation of GRC
programs
Senior IT Risk and Compliance Analyst Nov 2017 - Feb 2020 Accenture Federal Services
■ Ensured compliance with federal customer and US Government policies by performing technical assessments of information systems security configurations, identifying vulnerabilities, and recommending corrective actions, aligning with risk management frameworks.
■ Enhanced information protection and insider threat detection by coordinating efforts with CISO, Deputy CISO, and multiple security teams to assure information protection and awareness, utilizing strong verbal communication skills.
■ Supported the Information Security Program and security assessment activities by conducting technical assessments, verifying and validating controls, and providing recommendations for vulnerability reporting and risk management.
■ Maintained compliance with RMF requirements and federal security policies by developing, reviewing, and maintaining SSPs and ATO packages for Assessment, Authorization, and Continuous Monitoring, ensuring alignment with ISO standards.
■ Provided support in the development of IV&V strategies and methodologies, contributing to the enhancement of assessment processes.
X
Relevant Experience (Cont’d)
IT Risk and Compliance Consultant Jan 2016 – Oct 2017 ZHYPRO – California
■ Prepared draft audit reports in good form, with recommendations, appraisals, or analyses that will assist the area manager with the proper discharge of responsibilities.
■ Enhanced system security by conducting assessments on information systems based on NIST 800-53, NIST 800- 37, FIPS 199 & FIPS 200 and collaborating with various teams for proper artifact collection to satisfy assessment requirements.
■ Supported the development of test plans and conducted tests to verify system performance, security, and reliability.
■ Analyzed system documentation and user requirements to identify potential risks and areas for improvement. IT Risk and Compliance Analyst April 2014 – Jan 2016 SoftHQ – San Diego
■ Ensured compliance with federal security policies by overseeing and maintaining all Information Systems Security Plans (SSPs) and Authorization to Operate (ATO) packages per RMF requirements.
■ Provide technical assistance to remediate critical vulnerabilities and security weaknesses through the completion of Plans of Action and Milestones (POA&Ms).
■ Assessed compliance with related laws, regulations, operating policies, and procedures.
■ Conducted analysis of information systems and related controls and developed an appropriate audit program to evaluate and test the effectiveness of the design and operational effectiveness of security-related controls. IT Security Analyst May 2012 – June 2013
Riverside City College – Riverside
■ Monitored network and system activity, detecting and responding to potential security threats.
■ Coordinated incident response activities and conducted forensic investigations to determine the cause and impact of breaches.
■ Managed security tools and software updates, ensuring systems were protected against the latest threats.
■ Provided security training and awareness programs for employees, reducing phishing incidents by 30%.
■ Collaborated with IT teams to implement security measures and address vulnerabilities. Assessed compliance with related laws, regulations, operating policies, and procedures. IT Network Security Analyst March 2009 – July 2011 Netcad Solution Limited – Lagos
■ Monitored network and system activity, detecting and responding to potential security threats.
■ Design network solutions suitable for small and medium-scale businesses.
■ Maintains the Group Policy infrastructure based on the policies and guidelines provided
■ Assist in management and support of internal and external DNS systems. Assist in the management and support of internal DHCP architecture and scoping
IT Security Analyst June 2007 – Fe 2009
Akebono Industrial Co. Ltd – Lagos
■ Design the architecture of enterprise network solutions for the company.
■ Design and develop IT infrastructure and enterprise multi-platform solutions based on business requirements.
■ Ensure continuous business operations through contingency planning and implementation and integrity through security administration.
■ Provide IT management support for the 24/7 shop. Education
Ph.D., Information Security
2022
University of the Cumberlands – Kentucky
Master's Information Security & Assurance
Western Governors University
Bachelor of Science (BS) – Mathematics
Chartered Oak State College – Connecticut
2017
2015
Skills and Competencies
■ Security Framework/Standards: ISAE 3402, COBIT, SOC 2, FISMA, PCI DSS, ISO 27001, HITRUST CSF, HIPAA, SOX, NIST, FedRAMP, GLBA
■ Networking: NACL, Routers, Security Groups, NAT, Gateways, Load-balancers, Firewalls, DCHP, DNS, LDAP, ADFS, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols Port, IP, Protocols
■ Service Management & Delivery: Incident, Change, and Request Management; Service Level Agreements (SLA), Key Performance Indicators (KPIs) and Metrics Framework, ITIL, Agile/Scrum, JIRA, Tivoli, Remedy
■ Security Assessment and Risk Management: IT Audit, Controls Assessment, TPRM, Vulnerability Management, Compliance Management, IT & Security Risk Management.
■ Infrastructure Security: LDAP, Kerberos, AWS, Azure. IPS, IDS, SIEM, Nessus, Splunk, IBM BigFix, Nessus Tenable, McAfee e-Policy Orchestrator, Ivanti Heat
■ Cloud Platforms: AWS, Microsoft Azure, Appian Cloud, GCP, Alibaba Cloud Certifications
■ Certified Ethical Hacker (CEH® - ECC18118740881) 2016
■ Computer Hacking Forensic Investigator (CHFI®- ECC22678111839) 2016
■ Certified Information Systems Auditor (CISA®- 17143739) 2017
■ Certified Information Security Manager (CISM®- 1738584) 2017
■ Certified in Risk and Information Systems Control (CRISC® - 17722950) 2017.
■ Cisco Certified Network Associate (CCNA Security) 2006 Expired
■ Microsoft Certified System Engineer (MCSE Server 2003) Expired Relevant Project Experiences
IT Security Transformation Architect Sep 2022 – Sep 2024 Tyson Foods – Arizona
■ Industry: Agriculture
■ Project Description/Scope: Service Now GRC/Bitsight Security Design
■ Role: GRC lead
IT Security Transformation Architect March 2022 –Sep 2022 TRUIST Bank – Atlanta
■ Industry: Banking
■ Project Description/Scope:
■ Role: Security Transformation
IT Security Transformation Architect March 2020 –Dec 2021 Monina Healthcare – California
■ Industry: Healthcare
■ Project Description/Scope: Security Design /GRC Operations
■ Role: GRC lead
IT Security Transformation Architect March 2020 –Dec 2021 CalPERS – California
■ Industry: Public Sector
■ Project Description/Scope: Solution Manager Security Design
■ Role: Information Security Officer
Control Assessor GRC Architect Aug 2018 –Feb 2020
Department of Labor – Washington DC
■ Industry: Public Sector
■ Project Description/Scope: Information Assurance/Security Authorization
■ Role: Lead Assessor IV&V
Information System Security Officer Nov 2017 –August 2018 Health Resources and Services Administration HRSA – Maryland
■ Industry: Public Sector
■ Project Description/Scope: Information Assurance/Security Authorization
■ Role: Information System Security Officer (ISSO)
Contact this candidate