Information Security Delivery Manager

ALAO, SAMUEL DAMILOLA

Indianapolis, IN ***** 312-***-**** E-mail: ***********@*******.***

PROFESSIONAL SUMMARY

A Third party risk assessor / IT Risk and Compliance with over 5 years experience where I am currently responsible for performing independent risk identification, management of risks associated with Third Party relationships, which includes review and determination of accuracy of due diligence information, documentation of appropriate risk assessments, approval of risk ratings, monitoring of assigned portfolio and identification of exceptions. Ensuring the implementation and compliance with security standard such as ISO 27001, SOC1 & SOC2, and PCI-DSS

PROFESSIONAL DEVELOPMENT

● Certified Information System Auditor (CISA)

● Certified in Risk and Information Systems Control (CRISC)

● Certified Information Security Manager (CISM)

CAREER SUMMARY

Sr. Third Party Risk Assessor,

Intelex Technologies Inc Jun 2022 – Present

● Conduct assessment by conducting interviews, reviewing evidence, determining final disposition of findings, written and verbal communication of findings, rating criticality of findings and evaluating action plans provided by the third party

● Lead discussions around remediation activity and compensating controls to help manage risk. Influence remediation when necessary

● Communicate and present risks and remediation activity in a clear manner to non-technical audiences.

● Partner with colleagues across multiple business units to help drive completion of assigned third party risk assessments from scheduling, execution and remediation

● Produce fact based assessment reports and remediation plans to be delivered to Business Owners outlining each Third Party’s compliance with enterprise Information Security and Business Continuity program standards

● Maintain a current understanding of relevant third party risk management best practices and regulations

● Develop positive working relationships to maintain an open environment for collaboration, risk identification and remediation

● Work with IT and business partners to prioritize its inventory of processes and help build the risk assessment plan based on the inherent risk of each process, application, and technology.

● Review the IT divisional risk exposure metrics and helps the management team monitor known risks and assess capabilities effectiveness in managing risk exposure. Sr. Vendor Risk Analyst,

MassMutual Insurance Company

May 2020 – Jun 2022

● Capture high level information for third-party engagements, including analysis of the business environment, the data involved and how the business will use the vendor

● Apply third party inherent risk scoring to determine level of due diligence required

● Assess the existence and efficacy of third-party information security and business continuity controls and recommend treatment as needed to align with Standard’s risk appetite and information security standards

● Support the evolution and continuous improvement of third-party risk assessment processes including the development and maintenance of procedures, automation, artifacts, and metrics to be used in the assessment of third parties

● Conducing onsite compliance risk assessments of third parties for purposes of identifying, assessing, and documenting whether third parties continue to comply with Third Party Management Policy and Procedures.

● Partner with internal parties in mitigating risk identified through monitoring activities.

● Routinely perform testing of third party business operations to ensure that all regulations are being followed.

● Documenting findings, compensating controls and residual risks and work with the LOB Delivery Manager to resolve issues through control breaks, Action Plans (APs) or Risk Acceptances (RAs)

● Validating evidence from Third Party, before Action Plans are closed IT Risk and Compliance Specialist,

Old National Bank

Feb 2019 – Apr 2020

● Manage the third party vendor assessment process by reviewing vendor assessment questionnaires including SOC 2 reports and ISO 27001 certifications

● Participate in walkthroughs of SOX processes and audit readiness

● Design and implement SOC1 & 2, ISO 27001

● Conduct meetings with business process owners to discuss processes and controls

● Develop process narratives and flowcharts, and provide feedback to management on design of internal controls

● Conduct testing (tests of control design and operating effectiveness) for business process controls

(and IT controls as needed)

● Define, plan and lead projects to remediate vulnerabilities and other issues identified during audits and risk assessments - drive remediation efforts to deliver remediation plans on time

● Effectively interpret and communicate compliance requirements to internal teams, and lead efforts to produce actionable plans to meet requirements

● Collaborate cross-functionally and with leadership to mitigate compliance risk while supporting innovation and instilling best practices within the work place

● Ensure compliance with all applicable data protection rules and regulations, particularly SOC/SSAE/CSAE/HIPAA/PCI-DSS by providing administrative support by implementing systems, procedures, and policies; completing projects in support of compliance auditors

● Prepares compliance audit data by compiling and analyzing internal and external information

● Conducts on-site risk assessments based on agreed upon procedures guidelines

● Collaborate with technical staff including software developers, infrastructure engineers, security engineers, and department leaders to execute on near- and long-term information Security compliance programs

● Review and validate evidence required for audits to ensure appropriate validity standards

● Responsible for spearheading initiatives to identify, investigate and improve security risks

● Conduct Risk Assessments within customer systems to quickly assess associated risks, recommend actions and develop plans for remediation and risk metrics

● Carry out various types of vendor assessments such as onsite, virtual, risk assessment for vendors depending on triage information from the vendor management office IT Project Manager,

Old National Bank Jul 2017 - Feb 2019

● Led cross-functional project teams through the full project lifecycle, from initiation to closure, ensuring on-time and on-budget delivery of projects.

● Developed and managed project budgets, resource allocations, and timelines, ensuring projects were completed within scope and on budget.

● Identified and mitigated project risks by creating risk management plans and monitoring risk throughout the project lifecycle.

● Established and maintained strong relationships with key stakeholders, ensuring alignment with project objectives and timely communication of project status.

● Conducted project assessments to identify areas for improvement and implement process improvements for future projects.

● Managed project changes by developing change management plans and ensuring stakeholders were informed of changes and their impact on the project.

● Coordinated and facilitated project team meetings, ensuring effective communication and collaboration among team members.

● Oversaw vendor relationships, ensuring vendors delivered on commitments and met project expectations.

● Conducted project evaluations to measure project success against key performance indicators and identify areas for future improvement.

● Developed project documentation, including project plans, status reports, and project charters, ensuring project stakeholders had timely and accurate information on project status. Education and Qualifications

B.Sc (Hons) Industrial & Production Engineering, University of Ibadan, Nigeria. 2002 Project Skills

● Knowledge of information security controls and frameworks such as NIST CSF, SP-800-30, NIST 800-53, ISO 27001/27002, ISO 27005, and Centre for Internet Security (CIS)

● Experience in assessing risk, documenting control deficiencies, and developing appropriate corrective actions

● Establish and maintain partnerships with internal and external stakeholders to ensure effective collaboration to identify, measure and manage Third Party risks and controls

● Good understanding of various security domains and cyber security frameworks (NIST, ISO)

● Proficient in 3rd party risk assessment, and the review of Cloud Security

● Thorough knowledge of Implementation of SOC, & ISO 27001

● Support for PCI-DSS & SOX Readiness Audit

● Project Management skills

● Knowledge of GRC tools like RSA Archer, ServiceNow, Jira etc

Contact this candidate