Risk Analyst Controls Specialist

Temitope Olarewaju Obagbamigbe

Cell Phone: 832-***-****, E-mail: **********@*****.***

SUMMARY:

Experienced Third Party Risk and IT Audit and controls specialist with over 10 years’ work experience spanning across Logistic (Risk Analyst), Internal Audit and the last 5 years have been focused on Vendor risk management. Experienced in compliance and process improvement, as well as core competencies in increasing productivity and improving quality. Skilled in Risk Management, Business process assurance, Vendor Risk Management, SOC reviews, HIPPA, Audit readiness exercise and business process re-engineering.

I bring top-tier experience and I am adept at building strong client relationships, effectively implement strategic concepts and motivating the teams. I have a Master's degree in Geographic Information System (GIS), a Certified Information Systems Auditor (CISA) among other certifications. Relevant Skills and Expertise:

• Strong understanding of HIPPA and other information privacy and security laws and practices (ISO 27001, PCI DSS, SOC, SOX, GLBA, OCC-2013, HITRUST, OWASP, COBIT, COSO, NIST800-53, GDPR

• Good understanding of reporting tools including Nmap, Nessus, IDEA/ACL, TeamMate, Microsoft share point, Microsoft Visio, Lucidchat.

• Good understanding of RSA Archer, OneTrust GRC and KY3P with over 5 years of experience.

• Strong knowledge of Microsoft Office products including Excel (V lookups, Data Analytics, Pivot tables), Word and PowerPoint.

• Good analytical thinking, detail oriented, excellent communication and report writing skills.

• Effective ability to work both independently and within a team environment.

• Great team player, Motivated, initiative-taker with strong proactive critical thinking skills. PROFESSIONAL EXPERIENCE

Shilloh Inc, Houston TX

Third Party Security Risk Analyst: June 2017-till date

• Assessing and analyzing ongoing due diligence questionnaires to determined nature and level of risk, as well as reviewing and incorporating order relevant materials as needed.

• Performed due diligence on an individual third-party relationship to assess the technology risks.

• Ensure risk is being managed throughout the third -party life cycle (planning, due diligence, contract execution, on-going monitoring, and exit).

• Ensure third party adherence to contractual/regulatory compliance to minimize the risk of fines and reputational harm.

• Worked with the senior management on the procedures and policies of the strategic sourcing and procurement team.

• Communicates with vendor’s representative to gather vendor’s profile and deploy Standard Information Gathering (SIG) questionnaire to vendor representative.

• Ensue that proper documentation for new and existing third-party relationships is properly completed and retained.

• Provide analysis and recommendations for identified security exceptions; participate in defining remediation efforts.

• Engage with service providers to obtain due diligence reports and evidence of control operation.

• Identifying risk posed to organizations by vendors by reviewing and analyzing the vendors control environment and performing additional research as needed.

• Assist in kick off, status, and closing meetings with engagements team and clients and contributes to party audit knowledge base and Internet project development initiatives.

• Tracking and monitoring resolutions of issues arising at vendors.

• Perform site visits to the third-party facility when needed

• Represent all supports the reputation of the complaint to minimize compliance and regulatory risk by resolving issues and ensuring adherence to company on legal standards.

• Work closely with senior managers and managers to ensure awareness and understanding of third-party risk program requirements and associated risk within their portfolios.

• Monitor and manage risk exposure compliance with the company's policy.

• Ensure appropriate systems are updated, remediation action plans to address control weaknesses are documented and approved by appropriate stakeholders.

• Monitor activities to minimize the company's exposure to risk e.g., risk identification and remediation.

• Identifying risk post to organization by vendors by reviewing and analyzing the vendor’s control environment and performing additional research as needed.

• Assist with monitoring and testing adherence to policies and procedures.

• Provide input to security program reporting on information risk Key Performance Indicators (KPIs), Key Control Indicators (KCIs), and Key Risk Indicators (KRIs). GlobalScan Systems LLC Jan 2014 - Dec 2016

IT Auditor

Worked directly with the IT Audit and Compliance Sr. Manager with defining, implementing, and managing the control framework, to include development / refinement of the appropriate IT and Risk Management policies.

Responsible for audit task completion with accuracy in alignment with industry best practices.

Performed examination of security controls to determine design (TOD) and operational effectiveness (TOE).

Analyzed and evaluated risk controls form different business units.

Helped in Performing annual process evaluations and IT Process assessments.

Worked with the IT Audit and Compliance Sr. Manager in testing of controls identifying risks within the business process areas.

Participated in developing the audit strategic plan as well as continuous control and monitoring of IS controls.

Worked as a team to provide recommendations to mitigate risk or control deficiency gaps.

Worked with the Audit and Compliance Sr. Manager to review results and provide recommendations on penetration tests and vulnerability reports.

Work with various process owners to create and update process documentation, flow charts and process risk assessments.

Performed follow-up of corrective actions for audit findings.

Evaluates IT operations, backup, restoration, and disaster recovery audits.

Coordinates and perform IT risk-based audits to identify control gaps and areas for improvement.

Evaluate IT internal controls as part of the financial statement audit and operational audits

(integrated examination).

Responsible for working closely with client process owners to assess controls and evaluate action plans for control deficiencies and to ensure deficiencies are satisfactorily remediated in a timely manner.

Perform Sarbanes-Oxley (SOX) and PCI audit projects, SOC I, II and III testing, review SOC I type II, and SSAE 18.

Test IT General Controls (ITGCs) and IT Application Controls (ITACs) for design adequacy and operating effectiveness.

Conduct IT infrastructure control testing (severs, active directory, databases, and operating systems).

Performed audit planning, conduct walkthroughs, and assessed the internal control environment through control testing.

Involve in the IT audit process during audit execution from planning, execution, reporting, and follow-up phases as needed.

GlobalScan Systems LLC Oct 2010 - Dec 2013

Risk Analyst

• Developed short-term goals and long-term strategic plans to improve risk control and mitigation.

• Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures.

• Instituted contingency plans, ensuring business continuity through cross-training, documentation, and data backups.

• Encouraged stakeholders to approach assessments analytically and offer unique insights to bring new understanding to risk management programs.

• Investigated allegations to check validity and recommend actions to minimize risk.

• Advised senior managers on policy strategies for reducing liability and preventing losses.

• Engaged with collections, risk, and fraud teams, collaborating on implementation of collection strategies.

• Produced accurate and timely collections reports, facilitating measurement, decision-making, and engagement with customers.

• Reviewed contracts and agreements to identify potential risks and ideal mitigation strategies. CERTIFICATIONS:

• Certified Information System Auditor (CISA)

• Certified CompTIA Security+ CE

• CyberArk Certified Trustee

• Splunk 7. X Fundamentals Part 1

• AWS Cloud Practitioner Essentials

• AWS Cloud Audit Academy - Cloud Agnostic

EDUCATION:

• (2011) Masters in Geographic Information System

University of Lagos, Akoka Lagos, Nigeria

• (2009) B.Sc. Geography and Planning Science

University of Ado-Ekiti, Ekiti State, Nigeria

Contact this candidate