Compliance Specialist Cyber Security
Resume:
Kegan Oyeronbi
PERSONAL INFORMATION
Mobile: +1-678-***-****
E-mail *************@*****.***
PROFESSIONAL PROFILE
Senior IT Governance, Risk, Compliance Specialist is responsible for developing, managing, and overseeing the implementation and execution of Global IT controls. I utilize sound judgment to drive IT compliance processes related to Privacy, SOC 2, PCI-DSS, IS027001 and IT vendor risk management. Experience includes coordinating, assessing, reporting on control status, remediation and conducting the different annual assessments.
CORE COMPETENCIES
Knowledge of IT security and compliance standards including PCI, ISO 27001/27002, NIST and SOC1/SOC2
Good working knowledge of Vulnerability Management technologies and practices, Risk Assessment methodologies and practices.
Excellent senior stakeholder management across all levels including third parties and external customers
Experience in IT controls testing
Knowledge of Sox (Sarbanes-Oxley Act) and PCI audit readiness
Experience leading ISO 27001/2 and SOC 1/2 audit readiness
Experienced with updating/maintaining information security policies that consider a company's unique operating environment while still meeting control objectives
Experienced with monitoring and tracking cyber security audit issues, remediation activities and providing advice to affected team
ACADEMIC AND PROFESSIONAL QUALIFICATIONS
BSC Computer Science and Information Technology
Certified in Risk and Information System Control (CRISC)
PROFESSIONAL EXPERIENCE
ROHRER CORPORATION GEORGIA
APRIL 2017 – DATE
CYBERSECURITY RISK & COMPLIANCE SPECIALIST
Conduct assessments of IT risks and controls, including general IT controls within information systems in support of internal and external audit engagements.
Improved the design and operation of the IT controls by working closely with the control owners to develop remediation plans where deficiencies are found and develop compensating controls to mitigate the risk.
Worked with the process and control owners to develop a set of process, risk, and control metrics to allow the processes and systems to be continuously monitored through a trusted and robust set of metrics.
Acted as a champion for good control design and operation by providing coaching and training to control owners and encouraging a culture of continuous improvement.
Built a trusted relationship with IT Process and IT Control Owners and collaborated with the Process and Control owners to improve Processes and Controls
Analyzed responses to in-depth information security questionnaires that were completed by new and existing service providers.
Reviewed evidence provided by the third-party supplier to ensure effective implementation of described controls such as internal and external audit reports, PEN test results, policies, standards, procedures, on-boarding, and termination processes, etc.
Ran one IT RCSA each quarter for audit quality and risk assessments and oversee the remediation of any defects identified by the RCSA process
Performed ad hoc deep-dive reviews of IT processes and controls, specifically where repeated incidents have occurred
Documented control deficiencies and recommended improvements to process and control design and operation
Conducted onsite or desk-based risk assessments of third parties during the on-boarding or tender process to identify risks and weaknesses in the supplier’s systems prior to commencing services with them
CACHIM LLC
JAN 2015 – MARCH 2017
CYBER STRATEGY, GOVERNANCE, RISK AND COMPLIANCE
Oversee, maintain, and keep up to date cyber security policies and standards, and ensure that they meet both internal and external requirements.
Oversee the cyber security audit issues management program by tracking and reporting on the status of remediation and providing advisory support to teams regarding remediation activities.
Assess cyber security policy exception requests to assist the business owners in making informed risk-based decisions.
Provide management of the CIO risk portfolio, ensuring that risks are owned, prioritized, and accurately reported in line with the Group Risk Management Framework.
Support the CIO, Directors, and Heads of Department to maintain compliance across SOX, PCI/DSS and other regulatory requirements, reporting any weaknesses and managing remediation.
Support IT directorate with recording of emerging and existing departmental risks and compliance issues, determining impact and mapping to divisional and/or organizational risks.
Work with 2nd and 3rd line of defence Risk teams to ensure that assurance processes are supported, and any resulting actions are taken.
Develop and produce periodic Management Information to accurately represent Risk, Compliance and Audit landscape and actions.
Partner with IT directorate and with senior stakeholders across the 2nd line of defence Risk and Compliance teams to ensure appropriate management of existing and emerging divisional risks.
Engaging with risk peer groups to complete Vendor Risk Assessments and work to resolve any issues creating delays.
Deliver efficient and effective escalations in line with the established policies and procedures.
Lead assessment of Vendor risk develop mitigation plan and partner with internal stakeholders to monitor responsibility.
Engaging with business owners and vendors to obtain required due diligence documentation.
Keep current with ongoing trends and changes within the cyber security GRC community.
Esselunga di Pioltello
Milan, Italy
JAN 2014 – JUNE 2015
BUSINESS ANALYST
Establish a standard for customer new Service and product introduction for VNS
Develop, document, and maintain processes and job aids related to Virtual Network Services for internal operational support teams
Participate in developing an automated VNS service
CSAP, PEATS and other project management for the VNS portfolio
Gather, document business and system requirements as well current and proposed process maps
Revise and approve all BBM requests (BBM/IT)
Contact this candidate