Information Security Officer
Resume:
Teju Oyewole, DSc., C CISO, CISM, CISSP, CRISC, CCSP, CISA, PMP
Toronto, ON 416-***-**** ************@*****.*** LinkedIn.com/in/drtejuoyewole Chief Information Security Officer Deputy Chief Information Security Officer Protecting Company Reputations Safeguarding Assets & Customer Data Maintaining Full Regulatory Compliance ENTERPRISE SECURITY EXPERT & INDUSTRY THOUGHT LEADER
Doctorate in Cybersecurity and 23 technology certifications.
Active advisor, working group member, and member of 5 leading InfoSec associations.
Adjunct Professor of Cybersecurity, award-winning trainer, and certification exam developer for 3 InfoSec organizations.
Journal reviewer and co-author/author of 5 peer-reviewed publications, including international journals. 24+ years of expertise in maturing enterprise information security for diverse organizations, strengthening cyber resilience, and driving compliance with regulations through international experience, living and working in North America, Europe, and Africa. History of positioning enterprise cybersecurity as a strategic business enabler and competitive differentiator in driving long-term brand value by introducing new enterprise programs, standards, and governance mechanisms. Multi-country expert in regulatory compliance and dozens of security industry standards and frameworks. Seasoned in cyberaware cultural transformation, producing 90% reductions in attacks caused by user error. Savvy in blockchain, artificial intelligence (AI), AWS, and Azure. Industries of Experience: Financial Services, Retail and E-Commerce, Fortune 500 Technology Companies, and Telecommunications Key Skills: Information Security Program Development Cybersecurity and Cyber Resilience Strategy Cybersecurity Governance Security Operations, DevSecOps Cloud Security Threat & Vulnerability Assessment Business Continuity and Resiliency Management (BCRM) Disaster Recovery Program Management Third-Party Risk Management (TPRM) Data Privacy Project Management Team Leadership, Training, Coaching & Mentoring Presentations Chronology of Organizational Impact
Sunwing Travel Group, Toronto, ON Jan 2023 – Present Sunwing Travel Group is a travel company headquartered in Toronto, Canada. The group operates an airline, three tour operators, a retail chain, a vacation club and destination management company mortgage investment company Director of Information Security Chief CyberSecruity Officer (CCSO) As a Cybersecurity Leader working in the Air Travel industry, Accountable for the Cybersecruity Strategy strategy, Managing security governance to protect critical infrastructure, which includes the systems and processes that are essential to ensuring the safe and secure operation of the airline. The airline industry is a critical infrastructure sector that plays a vital role in global transportation and commerce. Protecting the airline's critical infrastructure with comprehensive cybersecurity program that addressing the unique risks and challenges of the airline industry.
Developing and implementing cybersecurity policies and procedures that are aligned with industry standards and best practices, such as the NIST Cybersecurity Framework.
Conducting risk assessments to identify vulnerabilities and potential threats to critical systems and data.
Designing and implementing security controls and monitoring systems to protect critical systems and data, such as flight management systems, reservation systems, and customer data.
Providing ongoing security awareness training to employees to ensure that they are aware of cybersecurity risks and best practices.
Coordinating with internal and external stakeholders to ensure that cybersecurity risks are effectively managed and mitigated.
Conducting incident response and recovery activities in the event of a cybersecurity incident, such as a data breach or ransomware attack.
Maintaining compliance with regulatory requirements, such as the Federal Aviation Administration (FAA) regulations and the General Data Protection Regulation (GDPR).
MCAN Financial Group, Toronto, ON Oct 2020 – Jan 2023 Publicly-traded mortgage investment company and a reporting issuer in all provinces and territories in Canada. Head of Information Security Chair of Information Security Advisory Committee Own the enterprise information security strategy, roadmap, programs, and 8-member team. Partner with executives and the board to align security strategy with enterprise business objectives. Manage enterprise information security governance. Shape enterprise security maturity models and roadmap for continuous improvement. Spearhead compliance and coordinate internally and externally on security assessments and audits. Define annual/long-term goals, metrics, and reporting procedures. Lead strategic planning and program development; guide program and project priorities. Oversee risk assessment and Teju Oyewole 416-***-**** ************@*****.*** Addendum of Certifications, Standards and Frameworks, Affiliations, and Publications Attached security incident management. Direct evaluation of IT security controls and advise management. Establish security education and awareness programs and advise operating units at all levels on security issues, best practices, and vulnerabilities.
Built the Cyber Resilience Program from the ground up, driving 100% regulatory compliance across the company’s most valuable digital assets, slashing cyber attack risks and costs. Designed program with a focus on OSFI and Bill C 198, embedding security into the enterprise IT fabric to accelerate digital transformation and maintain privilege to operate in the financial industry.
Advanced information security maturity, simplified risk reporting, and improved cyber stress testing by adopting NIST and ISO cybersecurity standards for cyber risk management.
Enabled agility and pivot of investments to company priorities and highest-risk areas. Created and deployed a Sustainable Enterprise Cyber Resilience and Privacy Risk Management Program.
Facilitated compliance with stricter data protection laws and protection of customer data by extending the enterprise cyber resilience risk assessment to include information privacy.
Strengthened business security in the COVID-related hybrid workplace by implementing a zero trust security architecture.
Improved cyber risk governance by forming a cross-functional Cyber Risk Committee to shape and oversee cyber risk strategy and integrate cyber risk governance into operational decision-making. Developed and implemented a core set of cyber key risk indicators (KRIs) to provide board visibility into material cyber risks and resilience capabilities.
Migrated to and managed security portfolios in the cloud with 95% of enterprise security workloads moved to the public cloud and a 20%+ reduction in security spending.
Leveraged the CLAIM (Culture, Learning, Automation, Integration, Metrics) Framework for DevSecOps program that provided significant opportunities to close the security gaps in CI/CD pipeline. Indigo Books and Music, Toronto, ON Jun 2013 – Oct 2020 Canada's only major bookstore chain and its largest book, gift, and specialty toy retailer, operating stores in all provinces, 1 territory in Canada, and the East Coast states in the USA.
Senior Manager, IT Security & Compliance, May 2016 – Oct 2020 Directed enterprise security strategies, programs, 5 teams, and security protocols for internal and customer-facing systems. Managed regulatory compliance and enterprise cybersecurity and risk frameworks. Developed and managed the information security budget. Managed information risk testing, information security assessments, and policy reviews. Set program strategy for Computer Security Incident Response Team (CSIRT) and served as SME. Developed and oversaw security awareness programs.
Built corporate security framework from scratch with executive management support and visibility for new security initiatives.
Maximized customer confidence in digital payments, maintaining PCI DSS compliance. Delivered PCI Report on Compliance
(RoC) for 6 straight years, working closely with stakeholders to facilitate PCI DSS assessment and management process.
Achieved high quarterly control ratings for 5+ years and reduced IT General Control (IGTC) testing program costs 70%. Overhauled the IGTC testing program to align with SOX and ICFR regulatory requirements.
Developed a unified framework to manage and demonstrate compliance with various regulatory regimes.
Minimized risks associated with third parties by forming a Vendor Risk Management Strategy and incorporating information security requirements into contracts and vendor activities.
Elevated security organization as a strategic business partner and enhanced customer satisfaction by rolling out a new engagement model for stronger integration of security services with business objectives.
Revamped Computer Security Incident Response (CSIRT) tabletop exercise, testing plan relevance, eliminating assumptions, and improving team readiness.
Fortified enterprise protection by defining high-level enterprise security policies, processes, procedures, and baseline aligned with industry-leading standards.
Headed cloud services management and risk across IaaS, PaaS, and SaaS, including policies, agreements, and pricing models. Manager, IT Security & Compliance, Jun 2015 – May 2016 Lead, IT Security & Compliance, Jun 2013 – May 2015 Led IT security, compliance, processes, frameworks, tools, controls, and risk mitigation. Assessed ICFR through audits and strategized mitigation. Managed penetration testing, vulnerability scanning, application security testing, and patch and vulnerability management.
Cut security vulnerabilities 90% enterprise-wide by directing deployment of updated security controls and new tools.
Lowered phishing and social engineering attacks 90% by partnering with HR to develop and update Information Security Education, Training, and Awareness (SETA) for all employees.
Selected the right tools to help automate security testing and provided security-on-demand to developers with other elements for a successful DevSecOps program.
Collaborated to find new ways to shift security left so that it becomes part of development rather than an afterthought. Quantumatics Cyber Consulting (QCC), Toronto, ON May 2012 – Jun 2013 Teju Oyewole 416-***-**** ************@*****.*** A cybersecurity training facilitator providing cybersecurity training and certifications online in Toronto. Director, Cybersecurity Services
Drove continuous evolution across the internal information security landscape and the cybersecurity education practice. Led risk management, regulatory compliance, alignment with industry-leading frameworks (NIST and ISO), best practices, and protocols. Liaised with solution architecture and planning and design team to ensure alignment between security and enterprise architecture.
Designed a framework for information ownership roles and responsibilities.
Built a culture of cybersecurity awareness, reducing phishing and social engineering attacks by 90%+. Initiated and led a cultural transformation program comprised of monthly security training videos, a cyber awareness ambassador program, ongoing phishing simulations, secure-by-design gamified developer training, and role modeling by senior business leaders. Additional Experience
Adjunct Professor, Cybersecurity Lambton College, Sarnia, ON 2014 – Present Adjunct Professor, Cybersecurity Toronto Business College, Loyalist College, Toronto, ON 2020 – 2022
Lead, IT Security Services Vocalink Financial Services, UK 2011 – 2012 Lead, IT Proactive Analyst, Client Service Quality Oracle Corporation, UK 2009
– 2011
IT Infrastructure Analyst Citigroup UK, EMEA 2007 – 2009 IT Technical Analyst SITA UK, Airline Service Provider 2006 – 2007 Unix Development Engineer British Telecommunications PLC, UK and Ireland 2006 Senior Systems Engineer MTN Telecoms PLC, Lagos, Nigeria 2005 – 2006 Senior Unix Engineer Computer Warehouse LTD, Nigeria 2003 – 2004 Senior Field Engineer JKK LTD, Lagos Nigeria 1998 – 2003 Education
Doctor of Science (DSc.), Cybersecurity Capitol Technology University, Laurel, MD, USA Master of Science (MSc.), Information Technology and Strategic Innovations with Management Kingston University, London, UK Bachelor of Science (BSc. Hons.), Physics University of Ibadan, Nigeria Certifications
Certified Chief Information Security Officer (C CISO) EC-Council Cyber Leadership Program CLI
Certified Information Security Manager (CISM) ISACA Certified Information Systems Security Professional (CISSP) (ISC)2 Certified Risk and Information Systems Control (CRISC) ISACA Certified Cloud Security Professional (CCSP) (ISC)2 Blockchain Expert V2 (CBEV2)
AWS Cloud Practitioner Amazon
Certified Information System Auditor (CISA) ISACA Project Management Professional (PMP) PMI
ISMS ISO27001 Lead Auditor (ISO27001 LA)
COBIT 5 Competent Assessor (COBIT5 Certified Assessor) ISACA COBIT 2019 Bridge (COBIT Framework) ISACA
Certified Sarbanes-Oxley Expert (CSOE) SOXCPA
Business Analyst Foundation (BA) ISEB
ITIL Problem Management Practitioner (ITIL PMP)
ITIL Foundation in Service Management (ITIL)
SUN System Administrator for Solaris Operating System 8,9 & 10 (SCSA) SUN Cluster 3.2 Administrator (SCCA)
SUN Solaris 10 Security Administrator (SCSECA)
SUN Solaris 10 Network Administrator (SCNA)
Standards and Frameworks
Awards:
2020 Infosec Hall of Fame, InfoSec Institute
2019 Academic Instructor Circle of Excellence
Award, EC Council
Teju Oyewole 416-***-**** ************@*****.*** Addendum of Certifications, Standards and Frameworks, Affiliations, and Publications Attached ITIL, COBIT, COSO, OCTAVE, ISO, NIST, Sarbanes-Oxley (SOX), Canada MI 52-109, PCI, PCI-DSS, SSAE16, SAS70, SOC, HIPAA, HITECH, FISMA, PIPEDA, FIPS, HITRUST, GRAMM-LEACH BLILEY ACT, EU-GDPR, CCM, OSFI, CCPA Affiliations and Activities
EC-Council Advisory Board
ISACA Working Group
BlockChain/DLT Working Group, Cloud Security Alliance ISACA Item Developer and ISACA Journal Article Reviewer EC-Council Exam Item Developer
(ISC)2 Exam Item Developer
Member of: British Computer Society Association for Computer Machinery Information Systems Audit & Control Association Sarbanes-Oxley Compliance Professional Association (SOXCPA) International Information System Security Certification Consortium Project Management Institute (PMI)
Peer-Reviewed Publications
Corda Enterprise 4.8 Architecture Security Report CSA Research Publications, Cloud Security Alliance Dec 2021 PEDAM: Priority Execution Based Approach for Detecting Android Malware International Conference on Emerging Applications and Technologies for Industry 4.0 Jul 2021
Hyperledger Fabric 2.0 Architecture Security Report CSA Research Publications, Cloud Security Alliance Jun 2021 Consumer Preference: A Study of Mobile Digital Wallet Capitol Technology University ProQuest Dissertations Publishing 2018 Application of Situation Awareness (SA) Theory in Security Incident Response ISACA Journal 2016
Contact this candidate