Information Security Risk Management

Sam Seye

E-mail: ***.*********@*****.***; Tel: 204-***-****

PROFESSIONAL SKILLS

• Robust familiarity with Information security frameworks and standards including ISO 27001, NIST 800 series, Payment Card Industry Data Security Standards (PCI DSS), SOC 1 and SOC 2.

• In-depth knowledge of Third-Party Risk Management (TPRM)

• Demonstrated ability to work both independently and as part of a team, showing initiative and sound judgment in Governance Risk and Compliance (GRC) matters.

• Experience with ISO 27001, SOC 1 and 2, and PCI-DSS Audit readiness.

• Experience in performing ISO 27001 Surveillance audits and full implementation.

• Experience in conducting Risk assessment/Maturity Model using NIST CSF.

• Well versed with GRC tools (OneTrust, ZenGRC, RSA Archer, KnowBe4, Proofpoint, SANS Security and Awareness, etc.) to streamline compliance processes.

• Adept in Agile methodology, framework and Atlassian suite of products (Jira, Trello, Slack, etc.) and Business process modelling / diagramming tools (MS Visio, BPMN 2.0, Balsamiq, Lucid Chart, Draw.io).

• Advanced proficiency in Microsoft Visio, Word, Excel, PowerPoint, and Power BI

• Strong communicator and collaborator with an excellent report writing, presentation, and teamwork capabilities.

• Sound ability to interpret and provide guidance on client’s security requirements for non-technical resources.

• Great organizational skills, good time management, proactive prioritization with meticulous attention to details and maintaining documentation and records.

• Excellent ability to carry out risk assessments, privacy audits, providing actionable advice, and promoting a culture of data protection

• Proven expertise in driving rigorous internal and external audits to identify vulnerabilities and to ensure organizational compliance.

DESIGNATIONS AND EDUCATION

• Certified in Risk and Information System Controls (CRISC, ISACA)

• Certified Information Privacy Professional (CIPP/C, IAPP) In view.

• Project Management Professional (PMP, PMI)

• Certified Scrum Master (CSM, Scrum Alliance)

• Certificate in Risk Management (University of Toronto). WORK EXPERIENCE

Security and Compliance Analyst April 2022 till date Kudos Inc., Canada

• Lead and conduct external audits (SOC 2, ISO 27001, PCI DSS) to ensure compliance with security standards.

• Act as the primary point of contact between the organization and external regulators or auditors.

• Lead and work effectively with departments such as IT, Legal, and HR to drive GRC initiatives.

• Primary GRC system owner, responsible for ensuring accurate alignment of controls and system inventories

• Lead and direct risk assessments on technology projects, initiatives, and infrastructure by working closely with stakeholders to identify, classify, and mitigate cyber threats.

• Develop, review, and update policies, standards, and procedures to align with regulatory requirements and best practices.

• Build and maintain unified controls matrix, in alignment with multiple compliance frameworks including SOC 2, ISO 27001, and PCI-DSS.

• Lead the third-party risk management program, including the development of RFPs and security questionnaires, conducting inherent risk tiering assessments, and determining vendor criticality

• Spearhead detailed risk assessments of third-party vendors/supplier responses against established information security controls to ensure completeness and quality, evaluate their security and compliance, and oversee remediation of identified vendor risks through collaboration.

• Maintain a risk register, tracking identified risks and mitigation strategies, and produce security risk management reports for management

• Orchestrate the security and privacy awareness campaigns and training for employees, foster an environment of privacy consciousness and compliance, resulting in a 25% reduction in privacy incidents due to increased staff awareness and compliance.

• Conduct information security risk assessments on technology projects, initiatives, and infrastructure by working closely with stakeholders (IT, SRE, Product, and Development teams) to identify, classify, and mitigate cyber threats.

• Identify and mitigate privacy risks associated with third-party data handling, leading to enhanced vendor management practices and improved compliance process.

• Work on privacy framework implementation by applying ISO 27001, ISO 27701 (PIMS), NIST, and PCI DSS standards to fortify the company’s privacy and data protection strategies.

• Provide privacy advice and support to various business areas, enhance their understanding and implementation of privacy best practices.

Security Risk and Compliance Specialist Dec 2019– Mar 2022 Acuren Group Inc., Canada

• Reviewed and analyzed controls (i.e., SOC reports, ISO27001).

• Performed assessments, monitored, and managed supply chain security risks.

• Acted as the ombudsman for the organization’s Risk Management Committee executives.

• Conducted third-party/vendor risk assessment and carried out operational metrics and reporting.

• Took ownership of the corporate security policies, ensuring they are current, benchmarked against industry standards

(ISO 27001, PCI DSS etc.) and communicate to various internal and external stakeholders.

• Owned and maintained the cyber security awareness program/content using lunch and learn, storytelling, phishing campaign activities and reporting.

• Participated in security incident management and resolution pertaining to Security Incident Response Plan.

• Handled day-to-day operational matters pertaining to information security, compliance, and data privacy.

• Led training campaigns, significantly enhancing the organization’s culture of security and compliance awareness.

• Tracked security posture assessment reports and worked with stakeholders (IT, SRE) on proactive remediation plans.

• Collaborated with multiple stakeholders, promoting seamless integration of governance policies, and enhancing the organization security posture.

• Worked with cross-functional teams, including IT, human resources, contracts, and security to address potential compliance issues, implemented data privacy program initiatives, and provided as-needed support to other programs within organization ethics and compliance.

• Developed, maintained, and implemented business continuity strategies and solutions, including risk assessments, business impact analysis, and documentation and testing of business continuity procedures, in working with auditors to successfully complete SOC 2 audits and other certifications.

• Facilitated client consultations, understanding their unique cybersecurity needs to offer bespoke advice and strategic solutions.

Information Security Risk and Compliance Specialist July 2017 – Nov 2019 Shaw Communications

• Planned, developed, managed risks, and provided support for all ISO 27001 and ISSO 27701 procedures.

• Ensured all policy and related documentation were up to date and responded to customer security inquiries.

• Identified opportunities to improve risk posture, developed solutions for remediating or mitigating risks and assessing the residual risk.

• Maintained documentation related to compliance systems, reviewed, and monitored effectiveness of security controls.

• Interfaced with auditors, helped to set scope and articulation of control implementation.

• Developed, reviewed and maintained company’s data privacy policies, procedures, and documentation, achieving a 95% compliance rate with GDPR and other relevant privacy regimes.

• Identified additional security compliance opportunities for the business, including but not limited to SOC 2 and ISO/IEC 27001.

• Supported the effective monitoring and reporting of all systems-related information security, data privacy or compliance gaps or vulnerabilities.

• Documented risks and provided recommendations to mitigate gaps in a vendor’s information security controls.

• Contributed to the Cyber assessment metrics and Governance, Risk and Compliance (GRC) reporting to senior management to influence risk-based results.

• Proactively provided analysis and recommendations for identified security exceptions; participated in defining remediation efforts.

• Achieved significant success in reducing security incidents, enhancing compliance rates, and fostering a culture of security and privacy awareness through the design of effective security and privacy awareness initiatives and program.

Other Roles:

• Cybersecurity Specialist Olive EHS Consulting January 2014 – June 2017 REFERENCES

Available on request

Contact this candidate