Sign in

Information Security Manager

Mississauga, ON, Canada
May 12, 2020

Contact this candidate



Tel: +1-437-***-**** PROFESSIONAL SUMMARY

I have 10 years of extensive experience across the technology advisory and risk assurance landscape specifically, IT audit, software testing, IT control general (ITGC) & application controls testing (ITAC), IT risks assessment, project management (Agile), quality assurance on enterprise application, data analytics (FAIT), information security assessments, IT strategy and governance, process review and SOC - 1 & 2 reporting amongst others.


Advance knowledge of IT Audit, IT risk, and Cybersecurity maturity assessments.

Extensive knowledge of security compliance frameworks (ISO27001, PCI DSS, GDPR, NIST, COBIT, FFIEC).

Security monitoring/intelligence investigation/analysis using Qradar and ArcSight.

Patch Management with SCCM/WSUS.

Vulnerability management using security tools e.g. Nessus/Acunetix/Nipper and Qualys Guard.

Data analytics using Power Bi, ACL and Tableau.

Conducted review for a wide range of security technologies such as NIDS/IPS, HIDS, Network Access Control

(NAC), IAM, DLP, application firewalls.


IT Risk Advisory Consultant BDO Jan 2020 – Till Date

Executed IT Audit reviews, ITGC (Access, Change and Data Processing), and application controls.

Performed SOC 1 & 2 reporting for various service organizations.

Executed risk-based Information system audits in compliance with Information System audit standards to ensure key risk areas are audited i.e. achieve planned audit objectives.

Performed financial data analytics using ACL for various organizations including financial, oil & gas, manufacturing, health, telecoms and public sectors. Manager IT Risk Advisory Ernst & Young Dec 2017 – Dec 2019

Established and managed a cybersecurity strategy to align with organization’s goals and objective e.g. for a leading financial institution with an asset size of over $18B, the strategy implementation brought about increased customer trust, reduced Information security cost whilst responding to threat and potential data compromise. (referencing best practices COBIT, NIST, ISO 27001, FFIEC).

Create and communicate information security policies to guide development of operating procedures, guidelines, and other documentation in alignment with enterprise goals and objectives.

Established a cybersecurity governance framework to guide activities supporting information security strategy using industry best practices for a major telecoms company with a revenue size of about $1B.

Monitored, evaluate and present report of key information security metrics (Key performance indicators

“KPIs” and Key Risk Indicators “KRIs”) to stakeholders (board and senior management) regarding effectiveness of information security program and strategy.

Led a team of 10 people to carry out risk assessment, vulnerability assessments, threat analyses also identify risk to organization’s information asset.

Developed, promote and supervise a program for information security awareness and training to foster an effective security culture across enterprise.

Established, sustain and execute information security program in alignment with organization’s information security strategy.

Identified, assess, prioritize and report on material IT risks for IT and aligned business areas by working with risk owners under various senior management.

Conducted an IT risk assessments and ensure outputs are recorded in risk registers or enterprise tools and are in full compliance with defined policies and standards.

Executed IT risk control testing and monitoring (as applicable) and ensure testing activities are conducted in compliance with governing regulations, internal policies and procedures.

Developed IT Risk strategy, partnered with other risk groups to assess, implement, and communicate new/updated risk controls, frameworks, policies, indicators, metrics, and limits.

Designed risk controls and proffer recommendations to risk issues and control gaps, also Identified IT risks that are common across the landscape and help implement mitigating controls across enterprise.

Managed and reviewed the IT infrastructure, governance, and security assessment for clients in collaboration with other EY offices in Ireland and London.

Conducted international standards assessments and implementation – ISO 27001, PCI, COBIT, NIST, GDPR, FFIEC, and ensured it aligns with business objectives for various organizations.

Supervised and performed revenue assurance, reviewed IT general control (ITGC), and application control for various organizations including financial, oil & gas, manufacturing, health, telecoms and public sectors. Access Bank PLC Information System Auditor Nov 2011 – Nov 2017

Developed audit plan, managed and performed IT audit on network, application, database and security covering user access, change management and IT operations (incident management, business continuity and disaster recovery etc.) to ensure integrity, confidentiality and availability of data.

Communicated audit results and made recommendations to key stakeholders through meetings and audit reports to promote change when necessary also carried out a follow-up audit to ascertain recommendations have been implemented.

Led a team of 10 people to carry out IT Audit review for all the West Africa subsidiaries, identifying control weaknesses over IT process and evaluating vulnerabilities in key IT infrastructures covering operating systems, database, network, applications and electronic channels.

Investigated electronic fraud and cybersecurity incidents and proffer recommendations to remediate identified control gaps.

Managed the quality assurance team for key project implementation such as the Centralized Data Storage Facility (Hitachi), Stratus fault-tolerant server for the Front-End Processor and Omni-channel solution.

Implemented application certification framework and information security policy also carried out User Acceptance Testing (UAT) on applications to ensure stakeholders and security requirements (hardening standard) were applied.

Evaluated controls in preparedness for the PCI DSS and ISO 27001 certification. Resort Savings and Loans PLC Information Security Analyst Dec 2009 – Nov 2010

Conducted logical security and profile management on sensitive applications.

Performed vulnerability assessments on applications, databases and networks also participated in vulnerability remediation activity.

Managed policy configurations on Database Activity Monitoring solutions (DAM). EDUCATION & CERTIFICATIONS

Bachelor’s Degree Babcock University Computer Science 2008

Microsoft Certified Professional - MCP and Oracle Certified Associate - OCA 2008

IT Infrastructure Library - ITIL 2012

ISO/IEC 27001 Lead Implemental 2013

British Standards Institution - Advanced Auditing Skills 2016

Stratus 99.999 Certified Professional 2016

Certified Information Systems Auditor - CISA 2017

Certified in Risk and Information Systems Control - CRISC 2017

Certified Information Security Manager - CISM in view

Contact this candidate