Risks Analyst
Resume:
Davies OZIEGBE
Davies Oziegbe Cell 469-***-**** E MAIL ******.********@*****.***
PROFESSIONAL SUMMARY
.
●Cyber Resilience
●IT Compliance and Risk Management
●Soc 1 and Soc 2 Compliance
●Security and Privacy Control
●Agile
●Security Awareness Training and Program management.
●Third Party Risk Management
●Vulnerability Management and Scanning
●OWASP Top Ten Risks and Security Best practices
●IT Risk Assessments and Audits
●Authentication Protocols and Availability management.
Applications & Tools: MAS360, AD Manager, AD Audit, SolarWinds, MS Azure, SCCM, vSphere Hypervisor, ESET NOD32, McAfee, Kaspersky, Trend-Micro, and Viper Anti- Virus, ServiceNow.
Symantec Intruder Alert, Symantec Endpoint, Symantec Enterprise Security Management, Active Directory/ GPO Policies, Symantec Ghost, EFS Encryption, PKI, PGP Software, Net IQ, Wireshark, Splunk
Operating Systems: UNIX/Linux, Windows
Regulations: SOX, GLBA, PCI-DSS, HIPAA, HITRUST,GDPR,FFIEC and FISMA
Security Tools: CyberArk, Qualys, Imperva, QRadar, Nipper, Nessus,Nmap, Jira
Standards: ISO 27001, ISO 27000,ISO 27005, ISO 8583, COBIT 5,COSO, NIST 800-30,800-53,800-37,800-18,800-171, 800-137 and FedRAMP
GRC Tools: RSA Archer eGRC, MetricStream, Openpages, ServiceNow
GW TECH, TX
Nov 2021 till Present Senior Professional Information Security
Conduct comprehensive risk assessments to identify and classify risks, prioritizing management strategies to address business needs and ensure effective mitigation.
Develop and maintain System Security Plans (SSPs), updating them annually to reflect current security measures and compliance requirements.
Design and implement a global security awareness program, covering critical topics across information security and risk management, with performance metrics to assess success.
Review and analyze vendor service profiles, ensuring that standardized information gathering (SIG) questionnaires are completed during onboarding and periodic assessments.
Lead the deployment of RSA Archer GRC and Agile suites to streamline risk management, security, IT risk management, third-party governance, and regulatory compliance.
Integrate widely recognized frameworks such as NIST 800-53, ISO 27001, COBIT, and others to recommend and implement mitigating controls to meet regulatory compliance requirements (e.g., SOX, GLBA, HIPAA, PCI-DSS).
Coordinate with legal, vendor management, and information security teams to ensure compliance with regulations and laws regarding data protection and security.
Oversee privacy impact assessments for cloud solutions containing Personally Identifiable Information (PII), ensuring alignment with GDPR and other privacy regulations.
Conduct risk assessments on third-party service providers (cloud and on-premise) to evaluate and mitigate risks related to data security, including Business Associate Agreement (BAA) and Workforce Optimization (WO) reviews.
Perform network and application security assessments to ensure compliance with HIPAA, PCI-DSS, and SOX standards, identifying vulnerabilities and recommending remediation.
Facilitate ongoing threat and vulnerability identification, ensuring timely and effective mitigation across the IT infrastructure.
Assist management in the evaluation of new technology service providers and third-party service providers
Develop, Implements, Monitor and report performance measures that demonstrate value and ensure vendor performance
Conduct privacy impact analysis to determine privacy compliance status for cloud solutions with PII based on compliance with General Data Protection Regulation.
Tested for the Operating Effectiveness of IT security controls in cloud and on premise vendor environment.
Performed risk assessment on third party cloud service provider and on –premise to ensure data safety and security. Also conduct a BAA and WO review.
Performs Network and application Security Assessment where reviews are made in compliance with HIPAA,PCI-DSS and SOX standards while defining the scope as required
Threat/vulnerability identification and mitigation where necessary.
SWANSTON CONSULTING TX
March 2018– November 2021 IT Security & Compliance Analyst
Developed incident, preventative incident, preventative incident tickets and reports.
Conducted live migration drills with sustain teams and advisor call centers to test response time of teams.
Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of post mortem/root cause analysis.
Involved with architectural and network team to install and tune intrusion detection systems to match organizations security posture.
Institute Information Security awareness training.
Conduct risk assessments and business impact analysis to mitigate the risk of information loss and determine gaps in Information security processes and procedures.
Involved in risk assessments on PCI DSS,HIPAA,SOX 302,404 and GLBA standards
Establish and maintain working relationship with business to provide guidance on security measures around business processes.
Design and ensure implementation of approved access control measures to the different application support teams, third party vendors on and offshore.
Liaise with business operations to proactively assess security policy compliance and monitor risks.
Coordinate and perform compliance audits in accordance with information protection, data asset and threat provision under the Gramm-Leach-Billey and Sarbanes Oxley Acts
Coordinate external/3rd party audits, including PCI DSS,Incident Response Planning, and Business Process Improvement reviews.
Manage internal IT audit engagements including system platform audits, PCI and HIPAA Compliance Readiness reviews, IT Risk Assessments, change management, and business process control assurance.
CHECKPOINT SOFTWARES TX November 2017-February 2018 Technical Advisor
Independently identify, troubleshoot, document, replicate customer’s network security and vpn in an enterprise environment R77.30 and R80.10 checkpoint firewall using Siebel ticketing system
Managing and monitoring firewall management server in an enterprise environment
Log monitoring in R77.30 and R80.10 checkpoint firewall
Troubleshoot TCP/IP network using relevant protocols in linux and window environments
Responsible for providing support in Checkpoint R77.30 and R80.10 software environment
Assessed and analysed the risks and exposures for several types of network architecture system designs (WAN/LAN),management server, internet, vpn and wireless(802.11)telephony, ensuring data is sent through secure protocols to protect critical company assets and resources
Troubleshoot and resolve network connection issues focusing on network diagnostic
Escalate complex network problems in accordance with internal processes
COLINK LLC TX
January 2015 –November 2017 Senior IT Risk Analyst
Updates System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments and Incident Response Plans
Provide services as security control assessor (SCA), an integral part of the Assessment & Authorization process that includes A&A scanning, documentation, reporting and requirements analysis
Monitor Security Controls leveraging NIST 800-137 in order to perform periodic vulnerability scanning and test portions of applicable security controls annually
Review and document contingency plans (CP), privacy impact assessments (PIA) and risk assessment (RA) documents per NIST 800 guidelines for various agencies
Perform Continuous Monitoring (CONMON)NIST 800-137 tasks for the purpose of identifying & reporting new findings to clients via vulnerability assessment reports.
Applied Risk Management Framework (RMF) Using NIST 800-37 as guide to System Life Cycle Approach for Security and Privacy.
Applying NIST 800-53 for Security and Privacy Controls. Also applying NIST 800-50 for Security Awareness and Training Program
Ensured security controls were implemented correctly, executed per design and provided appropriate results
Experienced with CSAM for assessments and uploading artifacts in security documents
Supported DEV OPS efforts as point of contact for all clients and user requests
Performed testing, QA, and reported defects via JIRA
Review firewall systems, cyber security controls, authentication mechanisms, remote access, protocols, applications, networks, operating systems, servers and all other relevant aspects of securing IT operations for corporate and client data
Assist with Security and IS management, the Legal department, Fraud department, Human Resources and law enforcement agencies to manage security vulnerabilities or inquiries.
OMNIGREAT TRAINING AND CONSULTING MN
July 2013-January 2015 Security Analyst
Performed vulnerability assessments using client provided security compliance scans and POA&M
Leveraged analysis results to identify and resolve anomalies with validation script, facilitating close out of findings to meet ATO due dates
Reviewed and processed manual security artifacts provided by system engineers via IV&V efforts
Developed dashboard tracker to manage received artifacts using approved Open Source Tools
Utilized Splunk machine learning capabilities to analyze logs, research incidents, and provide feedback to management (Non-Prod)
Assist Information Security Engineer with complex risk decisions and provide advice and guidance where required.
Conduct meetings, interview control owners, generate documentation request lists, evaluate documentation and prepare recommendations for improvement.
Demonstrates advance understanding of organization's Information Security, Cyber Security and Business Continuity Management to clients during onsite visit, speaking on conference calls, email responses and completing client’s questionnaire
Develop and manage the Information Security delivery of the Vendor Risk Assessment program.
Develop infrastructure and IT Process assessments for use across the organization's computing environment.
Document risk issues in the designated risk register
Engage with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs
AMATIMBA RESOURCES INC SA
JULY 2011-JULY 2013 IT Business Analyst
Assisted in writing Test Plans, Test Cases and participated in User Acceptance Testing.
Compliance attestation testing of financially significant applications for Change Control and Logical Access processes.
Conducted security assessments to determine the effectives of planned and implemented security controls.
Developed maps, workflow diagrams and flowcharts of current and future business processes.
Ensured preventative and predictive maintenance programs are developed /established and functioning efficiently to support operation requirements.
Evaluated client’s key IT processes such as change management, systems development, computer / data Centre operations and managing security at database, network and application layers.
Facilitated Change management Process from Request for Change (RFC) to implementation and review.
Identified areas for business improvements.
Organized meetings with system owners prior to assessment schedules.
Performed all aspect of verification including feature testing, functional testing, unit testing, regression, load and performance testing.
Performed systems security evaluations, audits, and server logging reviews to verify secure operations.
Reviewing internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls.
Mahatma Gandhi University, INDIA
Bachelor of Science (Honours), Information Technology
University of South Africa,RSA
Certificate, Project Management
Cisco Certified Network Associate CCNA
Cisco Certified Network Professional CCNP SECURITY
CompTIA A+
CompTIA Network+
ITIL
CISA
CISM
Pending Certifications
CRISC
CISSP
CORE COMPETENCIES
SKILLS & TOOLS
PROFESSIONAL EXPERIENCE
EDUCATION
PROFESSIONAL CERTIFICATIONS
Contact this candidate