Information Security Management
Resume:
ISAAC AJAYI *** Orford Street,
IT Audit/Governance/Risk/Compliance West Haven, CT 06516
adbooc@r.postjobfree.com
PROFESSIONAL Successful professional with over 16 years experience in IT Governance, Risk, and
SUMMARY Compliance management. Implement and manage the GRC program from “Cradle to
Grave”, within a dynamic and complex business structure. Design controls to mitigate operational and IT risks. Perform and coordinate enterprise-wide risk assessment, including testing, impact analysis, risk mitigation, and reporting. Proficient in
enterprise and regulatory compliance evaluation – SOX, FFIEC, GDPR, HIPAA, PCI- DSS, OSHA, etc; using industry standards, Tools, and Frameworks, such as NIST, COBIT, COSO, ISO 27001, RSA Archer, BWise, etc. Develop strategies for crisis management, business continuity and disaster recovery (BCP/DRP), using the LDRPS. Possess extensive knowledge of SharePoint, Lotus Notes, Microsoft Exchange, MS Teams, MS Office Suites, etc.
Languages: English; German
EDUCATION & CERTIFICATION
BA - (Social Sciences), University of Lagos, Lagos Nigeria
Certifications:
•Certified in Risk and Information Systems Control (CRISC)
•Certified Information Systems Auditor (CISA)
•Certified Information Security Manager (CISM)
•Certified Sarbanes-Oxley Expert (CSOE)
•Certified in the Governance of Enterprise IT (CGEIT)
•Information Technology Infrastructure Library (ITIL)
SKILLS
- Enterprise Governance
- IT/Operational Risk Management
- Compliance Management
- BCP/DRP
- Information Security
-Process Improvement
- IT Auditing
- Change Management
- SDLC
- SOX
- PCI-DSS/GDPR/OSHA
- Vendor Risk Management
WORK HISTORY
Assurance Senior (IT Audit) CohnReznick LLP 1301 Ave. of the Americas, New York Nov 2019 – Present
Perform complex analysis of client’s operating environment and draws meaningful conclusions.
Ensure accuracy of reports, evaluate test results and identify/recommend solutions for SOC engagements, as well as IT general controls engagements.
Research and resolve significant assurance issues.
Review and test client’s SOX operating environment to ensure adequacy and effectiveness of controls for financial reporting purposes.
Perform thorough review of work papers to ensure that procedures have been completed, conclusions have been supported, and firm quality control procedures have been adhered to;
Contribute technical expertise to assurance engagement teams; and
Keep current on pronouncements and compliance with generally accepted auditing standards (GAAS).
Risk Management Consultant Leo Constructing Inc. Stratford, CT – January 2019 – June 2019
Designing and implementing an overall risk management process for the organization, which includes an analysis of the financial impact on the company when risks occur
Evaluating the company’s previous handling of risks, and comparing potential risks with criteria set out by the company such as costs and legal requirements
Risk reporting tailored to the relevant audience. (Educating the board of directors about the most significant risks to the business; ensuring business heads understand the risks that might affect their departments; ensuring individuals understand their own accountability for individual risks)
Conducting policy and compliance audits, which will include liaising with internal and external auditors
Building risk awareness amongst staff by providing support and training within the company
PCI-DSS Compliance Consultant CooperSurgical Inc. Trumbull, CT – October – November 2018
Responsible for the certification and compliance with the payment card industry (PCI) data security standards (DSS) program throughout CooperSurgical organization.
Leveraged the PCI knowledge with IT experience to assist the company in meeting the PCI certification timeline.
Identified compliance risk gaps during process review/testing, and provided recommendation for prompt and effective gap remediation.
Managed the PCI project, initiated review of compliance risk areas, and discussed the details of the compliance activities with company management
Assisted in the development, update, review, and ongoing maintenance of policies and standards as they relate to PCI-DSS
Provided additional support for program audit review and ongoing management of the control environment
IT GRC Consultant
New York Community Bancorp (NYCB)
Commack, Long Island, New York – December 2016 to June 2018
•Coordinates and oversees the teams responsible for IT governance, risk and compliance.
•Responsible for developing the enterprise risk assessments program - risk identification, gap analysis and remediation, and reporting to upper-level management.
•Leads the planning and execution of IT Disaster Recover and integrated compliance requirements in accordance with FFIEC guidelines and NIST framework.
•Coordinate with Application and Infrastructure owners in developing standard operating procedures (SOP/Run book), for usable/repeatable recovery procedures in a DR mode.
•Monitors key risk indicators and significant change activities and escalates emerging technology issues to management in a timely fashion.
•Manages the integration of internal control practices into IT processes and projects.
•Facilitates GRC activities as needed with examiners (FFIEC).
•Facilitates IT SOX policies, narratives, and control self-assessment documentation.
•Develops recommendations to improve the IT internal control environment.
•Ensures compliance with corporate and IT policies and procedures, and integrates corporate methodologies and standards, as appropriate.
Principal Operations Risk Consultant
Nasdaq
Manhattan, New York – April 2016 to September 2016
•Led the systems and operations risk assessment project, using the NIST and COBIT standards.
•Provided guidance and necessary training in self risk assessment, risk identification and risk treatment, to the various lines of businesses within the Nasdaq organization.
•Worked with business owners to document new business processes or changes to existing processes, including process narratives and identification and documentation of key controls.
•Worked with control owners and internal audit to ensure testability of edits to existing controls or documentation of new key controls.
•Engaged in the robust overhaul (upgrade) of BWise, to accommodate additional functionalities as the business grows
•Updated existing GRC program, using BWise, for edits to control elements and issues monitoring.
•Acted as liaison to external auditors for SOX concerns including facilitation of meetings; annual walkthrough with control owners as well as the discussion on remediation action plan for identified deficiencies.
•Provide necessary support for effective management and usage of the internal SOX control database application (BWise).
IT Risk Advisory
Royal Bank of Scotland (RBS)
Stamford, CT – April 2015 to February 2016
•Coordinated the BWise implementation/upgrade and risk management program, to ensure that the Tool is more adaptable, better understood and user-friendly.
•Used audit methodologies and principles to facilitate gap analysis review of internal controls in line with the ISO 27001 and COBIT standards.
•Partnered with Technology leads to ensure a strong control framework and continuous update of testing approach of risks in the current climate (in accordance with the NIST/COBIT Frameworks).
•Worked with stakeholders on controls testing, to identify deficiencies, and developed action plans for remediation.
•Worked with European and Asian company staff, to streamline and coordinate the risk management program.
•Assisted with the coordination of external/internal audit requirements to meet regulators’ requests.
IT Risk Advisory
Bank of America
Manhattan, New York – September 2014 to January 2015
•Assisted in the development and execution of a quality assurance testing program focused on identifying and reporting the adequacy of Information Technology Controls
•Led regulatory compliance efforts for the SOX, and some global regulators like FRB.
•Identified of key operation risks and tested existing controls
•Identified root causes of control deficiencies, and assisted in designing stronger ones
•Partnered with business process owners in developing remediation plans
•Generated reports (written, pie-chats, histograms, excel), to communicate controls testing results
•Provided guidance to ensure assessments are executed in a consistent manner
IT Advisory Services consultant
United Bank for Africa (UBA)
Manhattan, New York – June 2014 to Sept 2014
•Coordinated compliance efforts around the PCI-DSS, BSA, and AML, and provided feedback on a weekly basis, to the compliance and risk management director.
•Coordinated the testing and timely delivery of SOX requirements for financial and operational reporting purposes within clients’ environment.
•Planned and executed IT risk programs, including system development implementation, SSAE 16, database and platform security reviews within the enterprise.
•Evaluated the design and adequacy of physical security and technology controls throughout the organization.
•Identified and communicated control gaps and provided recommendations for remediation. Identify performance improvement opportunities for engagement clients.
Career Gap: January 2013 – April 2014
•Travelled outside the States, for an extended vacation to take care of an ailing family member, and family matters.
Risk and Compliance Consultant
Citizens Bank
Cranston, RI – September 2012 to December 2012
•Led the development and maintenance of IT Governance, Risk, and Compliance management strategy for the Information Security Risk Management group.
•Coordinated compliance testing effort around the PCI-DSS, BSA, AML, etc, and provide feedback on a regular basis to the compliance and risk management director.
•Developed strategies for crisis management, business continuity and disaster recovery (BC/DR), using the SAS CoB strategic initiatives.
•Coordinated the bi-annual testing and timely delivery of SOX regulatory requirements around financial operations.
•Improved IT operations efficiency and IT customer service delivery through the use of industry control standards and frameworks - COSO, COBIT, and ITIL.
•Created a networking forum among stakeholders (locally and globally), to ensure understanding, uniformity, and continuity, regarding new regulatory requirements.
IT Audit, Risk and Compliance Consultant
UIL Holdings Corporation
Orange, CT – March 2006 to July 2012
•Led in the implementation, upgrade, and maintenance of the SAP, PeopleSoft, and other enterprise applications (SDLC methodology) across the organization.
•Defined key Information security requirements using as ISO 27001, ISO 31001 for various governance, risk and compliance projects.
•Demonstrated expert knowledge in ISMS, BCP/DR, PCI DSS, Data Privacy Act and Regulatory compliance.
•Led the bi-annual planning and testing of SOX internal controls for compliance on financial reporting.
•Provided the audit committee with risk and compliance assessment reports regarding critical applications and Information Technology General Computer (ITGC) Controls.
•Headed the LDRPS implementation and training program, leading to greater reliability and resilience of the disaster recovery and business continuity efforts.
•Partnered with process owners and senior management in the creation of audit plan and program for the year; while assisting external auditors as needed.
•Led a team of auditors in evaluating the adequacy and effectiveness of the supervisory control and data acquisition (SCADA) system - critical to operational efficiency, and provided assurance to management that the systems monitoring program is efficient and up-to-date.
•Evaluated the effectiveness of controls designed by service organizations (vendors), using the SSAE 16 standards, {formally SAS 70}.
Senior IT Solutions and Compliance Consultant Orbit Technologies Inc.
Grand Prairie, TX – March 2003 to February 2006
•Performed testing/evaluation and documentation of controls, including SOX.
•Led a team of auditors in establishing a process of control self-assessment in the internal operations, thus ensuring early risk detection, concentration on areas of high risks, and re-evaluating existing controls.
•Reviewed employees’ access to sensitive company information, and created appropriate access and segregation of duties.
•Prepared audit plans, conducted spot audits, and communicated audit results, as well as follow-up with clients on the status of mitigation action plans on control gaps.
•Prepared timely report on audit engagements to senior management.
Contact this candidate