Post Job Free
Sign in

Information Security Data Privacy/Risk Mgt. Professional

Location:
Bedford, TX
Posted:
March 06, 2021

Contact this candidate

Resume:

Ijeoma Ojiako (US Citizen)

210-***-****

*************@*****.***

A professional with over 12 years of experience in Data privacy, compliance and controls most especially in IT operations, Business process, Remain calm under pressure while retaining the ability to influence others in high pressure situations. Highly collaborative work ethic with demonstrated agility and strong teaming skills. Strong project management skills while exhibiting an ability to multi-task across various initiatives and activities. Specialized skills in Enterprise security and control implementations, information technology and business process risk assessments, as well as cybersecurity controls design and effectiveness testing. My primary goal is to ensure the security of the organizational IT assets and achievement of corporate objectives. My professional callings help my clients to achieve and maintain compliance with regulatory requirements, improve internal controls, and reduce financial and operational risk.

TECHNICAL SKILLS:

Governance Risk and Compliance

Confidentiality, integrity, Availability, Access control, Audit and Accountability, ITIL, ISO 27001/2, PCI DSS

General computer controls, Application control, Compliance Testing, Vulnerability Scans, Project Management, Risk Assessment, Change and Configuration Management, Security Maintenance, Contingency Planning, Business Continuity Planning.

Policies and Procedures, Implementation; Intrusion Detection Systems, Snort, Incident Response, Physical Security, Computer operations, Environmental Security, Network Security, System Security, Personnel Security, Consulting, NIST 800-53, and other special publications, FIPS, FISMA, etc.

Perform IT SOX compliance testing, Business Process Control testing, Cybersecurity Control Testing, PCI DSS, HIPAA, ITGCs & IT Application Controls testing, ISO 27000, infrastructure audit – Database, Network, Operating Systems, Servers, SOC 1, 2, & 3 Reviews, Third Party Risk Assessment, Policies, Standard and Procedures document reviews.

Installing network and computer systems, troubleshooting Systems (Linux)

Maintaining, repairing and upgrading network and computer systems

Diagnosing and fixing problems or potential problems with the network and its hardware, software and systems

SUMMARY ACHIEVEMENTS:

Ability to balance risks in ambiguous and complex situations.

Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams.

Highly motivated to contribute and grow within a complex area of emerging importance.

Experience or understanding of software applications design tools and languages

Understanding of design for software applications running on multiple platforms.

Data literacy: finding and managing data, cleansing data, manipulating data.

Responsible for the execution and delivery of IT and business process audits to ensure business risks were recognized and appropriately mitigated before the company was adversely affected.

Coordinated the quarterly SOX 302 Assessment used by executives to certify and assess the internal controls over financial reporting.

Established application interface controls to ensure proper reconciliation as part of the SOX program.

Developed technical documentation for the infrastructure and Business Continuity Plan

Assessed audit and test program and security controls using organization IT Security Policy Handbook and NIST Special Publications to provide information necessary to determine their overall effectiveness

Developed audit plans and programs, following COBIT and FISCAM frameworks. Set up control matrix based on specific client application needs during planning phase of audits.

Defining and identifying technical requirements for AWS-based applications

Defining and identifying which AWS services meet a given technical requirement

Knowledge of recommended best practices for building secure and reliable applications on the AWS platform

Knowledge of security features and tools that AWS provides

Snr. Lead Data Privacy/Compliance Analyst

ASMR

July 2018 - Present

Evangelized and obtained C-level sponsorship to lead data privacy program

Created company wide data privacy program as part of a small core Data Privacy team

Introduced company to Japan by assisting loyalty team with data privacy solutions for protecting sensitive information

Enabled business and engineering success by conducting privacy assessments for CCPA, Japan APPI, GDPR

Provided Privacy by Design principles and data privacy guidance for Customer Data Platform and marketing systems

Facilitated the customer journey and targeted loyalty programs with data strategy, architecture, and vendor selection for Customer Data Platform (CDP) GDPR Lead & Enterprise Information Architect

Performed information security risk assessments and assist with the internal auditing of information security processes

Sends weekly report to management on overall work performed on the computer systems

Took turns for 24/7 production support

Project Coordinator HIPAA/HITRUST

Crest Consulting Group Rockville, MD

July 2017 – June 2018

Managed the development of an integrated business system for Pharmaceutical products procurement, marketing and distributions.

Managed business improvement processes, business governance, technical platform mix, revenue strategies and marketing activities to better align with business objectives.

Defined project objectives, requirements, and assumptions necessary to structure a project or activity

Planned, scheduled, and controlled project activities to fulfill business objectives and satisfy project requirements

Requirement gathering, analysis and implementation of security solutions such as SIEM, Network access Control, Security Operation Centre, Network Tool Optimizer, File Integrity Monitoring, DLP, Firewall Analyzer, Endpoint Protection, Vulnerability Assessment, Two Factor Authentication.

Develop Security designs and architecture

Engage in technical pre-sales and proof of value.

Perform gap assessment and control recommendations

Product Management and Business Development

Achieve and maintain advanced partnership level with Original Equipment Manufacturers (OEMs) through continuous improvement and certification.

Developed and drove integrated project plans, aligning project techniques with project strategy

Served as the project advocate to management team, vendors and the client organization

Led, coordinated, facilitated, and motivated all project resources to gain alignment on project goals and deliverables.

Business Support System Administrator

eGlobalTech

August 2016 - June 2017

Understanding of end-to-end risk management principles and how to apply them across multiple business units.

Provided base level IT supports to both internal and external customers.

Logged all complaints and inform customers about issue resolution progress.

Assigned issues to appropriate support group for thorough support and prompt resolution.

Researched and analyzed Business, Technical, Functional and User Interface requirement of a project. Active Directory and Exchange user support.

Created test scenarios, test conditions and expected results and test cases.

Executed test scripts and document results.

Logged defects and verify defect. Supported users having data and network connectivity issue.

Monitored network performance and troubleshoot problem areas as needed

Participated in Scaled Agile framework.

Hands-on experience with Windows Server 2012

Data and compliance Security Analyst

Morgan Stanley,

January 2014 - July 2015

Supporting Government Security Program Stakeholders (ISSOs, ).

Developing content for security plans, test plans, waivers, POA&Ms, Atos, SARs, IT Contingency plans, change management, etc.

Working with Engineers and System Administrators to properly document information system data flows, system architecture, system boundary, interconnections and other necessary di…sposition workflow of POA&M Table and Closure Request Forms (CRFs)

Work as part of a team and provide 7x24 support when required

Planning, installation, configuration, management and troubleshooting of Red Hat Enterprise Linux platform, Splunk.SDLC

Develops Privacy by Design playbook for the enterprise Enables business success by conducting privacy and data protection assessments & providing recommendations for business and engineering teams across NetApp

Drives data governance for Enterprise data in partnership with Enterprise Data Management team

Creates digital transformation to cloud business model with the development of enterprise information strategy and target state architecture

Information services risk assessment, IT Audit and Sarbanes-Oxley (SOX) compliance projects for companies ranging in size from small to Fortune 100

Security Assessor Lead

InfoZen(A wholly owned subsidiary of ManTech, LLC)

Dec 2012 - Dec 2013

Conducts security assessments for IT systems based on OMB, FISMA, NIST Special Publications (800 series), DHS 4300 policies and guidelines

Reviews vulnerability scan reports and incorporates findings into SCA documentation. Escalates critical vulnerabilities to SCA lead and federal manager immediately when needed.

Participate in meetings related to SAP and ongoing authorization (OA) as directed by the government leadership.

Load and maintain all supporting artifacts and information for documents like FIPS, eAUTH, CP, SP etc as appropriate for assigned systems into the company's repositories as designed by ISD in information Assurance Compliance System (IACS) and SharePoint.

Participate and present slides for the monthly meeting where security posture of each system participating in OA program are reviewed.

Track action items noted during the meeting and ensure the appropriate personnel are notified

Review the ongoing Authorization (OA) tools e.g. CAT, Account Management review Tracker, Trigger Accountability logs for compliance before the monthly meeting

Compile the Master Trigger Accountability log (TRAL) and update the TRAL.

GDPR Lead & Enterprise Information Architect

K&K Financial Enterprise Tyler, TX

November 2011 - November 2012

Quarterbacked business systems inventory and risk assessment of 100 plus systems as part of GDPR program initiation

Assisted marketing team in selection and implementation of preference management tool for GDPR compliance

Created privacy assessments and worked with privacy counsel and stakeholders to mitigate privacy risks

Developed data architecture, operational guidelines, and data solutions for GDPR. Provided thought leadership and guidance to legal and business for phased approach to GDPR compliance

Built innovative solutions for risk assessment, risk positioning, and risk management for GDPR with capability to track changes for all business systems

Defined, developed, and introduced Business Data Architecture for big data analytics platform

Designed business data strategy, roadmap, business information model and data services for Product master at Autodesk.

Defined Business Information Model and enterprise data strategy for Cloud offer

Originated engagement model and data management strategy for Enterprise Data Management team at Autodesk. This framework is being used to transform how business captures & communicates information

Internal Audit and Risk Assessment Manager

Karios Consulting Services LLC

August 2009 – Oct 2011

Managed teams of up to 8 members, motivating them to achieve results while I reported to the Audit Manager

Engagement senior and taking overall client engagement responsibility on several internal audit, IT audit and risk assessment assignments, supporting clients in the financial services, manufacturing, telecommunication and utility industries.

Provide security support for information systems throughout the Risk Management Framework (RMF) lifecycle.

Works closely with business and technical stakeholders to select and help implement security controls as outlined within the information security policy and regulatory framework.

Ensured conformance to regulatory compliance bodies such as PCI DSS and ISO 27001.

Member of the Change Control Board (CCB)

Advises on the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet security requirements.

Verify applications and support systems are meeting information security policies, (e.g. automated scans are performed monthly, patch management, configuration management, etc.)

Member Information Security Incident Response Team (IIRT)

Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives

Performed audit planning, conduct walkthroughs, and assessed the internal control environment through control testing.

Performed Tests of Design (TODs), Tests of Effectiveness (TOEs) of Key defined control activities and tested for Audit Readiness.

Excellent understanding of the following control frameworks: PCAOB requirements for SOX, PCI-DSS, COSO and COBIT, SSAE-16 (SOC 1 Type 2 review), HIPAA and Data Privacy.

MTN West Africa

Senior IT/SOX Auditor (Contract)

April 2006 – July 2009

Performed IT general controls testing for Sarbanes-Oxley 404 compliance in public companies and Service Organization Control (SOC) reports in compliance/SSAE16 (formerly SAS 70).

Tracked, monitored, and reported all Internal Risk Control Self Assessments (RCSA) in compliance with policies and standards.

Enhanced the performance of the internal audit department by managing multiple concurrent projects with quality, and in accordance with a documented schedule that meets or exceeds customer expectations.

Reviewed test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management within IT.

Produced detailed timelines for each assigned project and implement effective project controls by monitoring progress and reporting status.

Validated and updated SOX documentation as needed to ensure scope, testing, and remediation activities are accurate.

Collaborated and built long-term relationships with key stakeholders in a fast-paced and matrixed work environment.

Performed walk-throughs, and assessed the internal control environment through control testing.

Ensured scope, testing, and remediation activities are accurate by validating and updating SOX documentation as needed.

Conducted Service Organization Control (SOC 1 Type 2) reviews.

Reviewed test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management within IT.

Worked with control owners and operators to ensure quality, consistency and operability of new and existing controls.

Provided technical support in the assessment, design and implementation of ITGC requirements.

Ensured scope, testing, and remediation activities are accurate by validating and updating SOX documentation as needed.

Worked in a team that noticed weaknesses in a customers’ wire transfer controls that made significant theft of funds possible. Recommended changes that were adopted immediately.

Reviewed test findings, facilitate the remediation of ITGC control gaps, and escalate possible critical issues to senior management within IT.

Worked with control owners and operators to ensure quality, consistency and operability of new and existing controls.

Supported the review of IT tools, control designs, and control remediation planning efforts.

Training and Certifications

Project Management Professional (PMP)

Certified Data Privacy System Engineer (CDPSE)

Certified in Risk and Information Systems Control (CRISC)

Certified Identity and Access Manager (CIAM)

Certified Information Security Manager (CISM)

Certified Information Security Auditor (CISA)

Certified Scaled 5.0 Agilist

ICP Agile certified

AWS certified Developer

CompTIA Security+

AWS certified solutions architect

Certified Data Privacy practitioner (CDPP)

Certified web applications security practitioner (CWASP)

Certified Professional Forensic Analyst (CPFA)

Governance, Risk and Compliance Professional [Training for Certification] ASQ Lean Six Sigma Black Belt (CSSGB) certification [Training for Certification]

PROFESSIONAL MEMBERSHIPS

Information Systems Audit and Control Association (ISACA)

Project Management Institute (PMI)

American Society for Quality (ASQ)

International Association of Privacy Professional (IAPP)

Education

Master's in Information Assurance & Cybersecurity

Graduate Certificate in Management in Management

Bachelor’s degree in Mathematics & Computer Science



Contact this candidate