Risk Management It

ANTHONY AJIBOYE CISA, CRISC, CISM, CDPSE, PCIP

Tel: +1-437-***-**** *********@*****.***

PROFESSIONAL SUMMARY

Experienced IT Risk and Governance Leader with over 15 years of expertise in developing and implementing IT Governance, Risk, and Compliance (GRC) programs within complex and regulated environments. Adept at designing and enhancing IT risk frameworks, including IT General Controls (ITGC) testing, remediation planning, and operational risk metrics such as Key Risk Indicators (KRIs). Skilled in policy development, regulatory compliance, and risk mitigation strategies. A collaborative leader with a strong ability to align IT and business units through the three lines of defense risk management model. Recognized for delivering impactful training and awareness programs that drive organizational maturity and resilience. A trusted advisor to senior leadership, with a proven ability to effectively communicate IT risk profiles to support strategic decision-making and drive transformational initiatives. Develop sustainable GRC processes that effectively balance operational efficiency with strong risk management practices.

TECHNICAL SKILLS

Extensive knowledge of security frameworks such as ISO27001, PCI, OSFI, NIST, COBIT, FFIEC, COSO, CCM etc.

Strong knowledge of assurance standards such as SOX, SOC1, SOC2 etc.

Extensive knowledge with security tools e.g., SCCM, Nessus, Nipper, Qualys, Rapid 7, Windows defender.

Hands-on experience with IT GRC Tools – ServiceNow, Archer, Workiva, Resolver, One Trust, Tugboat.

Experience with vulnerability management program and Identity and Access Management (IAM).

Extensive experience with cloud security and cloud security assessment (Azure, AWS, GCP). EDUCATION & CERTIFICATIONS

Babcock University BSc Computer Science 2008

Certified Information Systems Auditor CISA 2017

Certified in Risk and Information Systems Control CRISC 2017

Certified Information Security Manager CISM 2020

Certified Data Privacy Solution Engineer CDPSE 2020

PCIDSS: PCI Professional PCIP 2021

WORK EXPERIENCE

Senior Manager GRC PwC November 2024 – Till Date

Drive the definition and execution of strategic initiatives within the Cybersecurity and IT risk management practice, focusing on enhancing resilience and compliance through innovative methodologies.

Manage the delivery of TPRM, Cybersecurity and GRC projects, including the design and implementation of processes, methodologies, operating models, and regulatory compliance requirement.

Serve as a trusted advisor, offering expert guidance on complex IT Risk Management challenges, regulatory requirements, and industry trends, ensuring alignment with strategic objectives.

Provide thought leadership and innovation within the IT Risk domain, contributing to the firm’s eminence and reputation as a leader in risk management advisory services.

Manage IT Audit Programs, working closely with stakeholders, overseeing ITGC testing, and ensuring effective remediation plans.

Partner with cross-functional teams to implement integrated risk management tools addressing client needs and regulatory requirement.

Led the design and implementation of innovative TPRM and Cybersecurity operating models, enhancing organizational resilience for multiple clients across diverse industries.

Play a pivotal role in mentoring and developing high-performing teams, fostering a culture of excellence and continuous improvement.

GRC Consultant Sobeys April 2023 – October 2024

Developed and enhanced Governance, Risk, and Compliance (GRC) practices, including a 3-year strategy covering tool acquisition, third-party risk programs, and PCI/ISO 27001 initiatives.

Directed the GRC team in operationalizing IT governance, risk management, and compliance programs, ensuring alignment with organizational objectives.

Performed comprehensive third-party risk assessments, SOC 2 Type 2 report reviews, Threat Risk Assessments

(TRA), Vendor Risk Assessments (VRA), and Privacy Impact Assessments (PIA).

Delivered security and compliance programs, including PCI compliance and ISO 27001 readiness assessments, to meet regulatory and business requirements.

Acted as a Subject Matter Expert (SME) in security and technology, performing IT risk assessments and supporting risk management processes.

Established and managed IT risk registers in alignment with Enterprise Risk Management and developed metrics and Key Risk Indicators (KRIs) to monitor controls, evaluate their effectiveness, and drive remediation efforts.

Managed dashboards to provide periodic updates to executive leadership on risk control, KRIs, and overall GRC program. Developed security policies, standards and processes while enforcing compliance.

Designed and implemented an enterprise risk, security, and compliance awareness training program to promote accountability and proactive risk management behavior.

Managed internal and external audits, ensuring timely remediation of findings and resolution of control gaps in collaboration with stakeholders.

Provided cybersecurity risk advisory services, reviewing architecture and solution designs to identify security concerns and recommending risk remediation strategies.

Partnered with Information Technology, Information Security, Business Operations, Audit, Privacy, and Legal departments to address security, risk, and compliance matters, providing guidance on cybersecurity threats, emerging technologies, risks, and regulatory compliance requirements.

Selected and implemented a GRC tools to support risk identification, assessment, prioritization, and tracking.

Provided guidance on management of security risks within project implementation, ensuring alignment with the organization's risk appetite and policies.

Senior Manager IT Governance Risk and Compliance Teranet Aug 2021 – March 2023

Established the IT GRC function at Teranet, directly reporting to the Chief Information Officer (CIO) and dotted line to the Chief Risk Office (CRO).

Developed the IT Risk Management Policy in alignment with the Enterprise Risk Management (ERM) methodology. Leveraged industry best practices to design and implement a risk taxonomy (Risk Universe).

Conducted IT Risk Assessments and managed IT risk engagements across the organization, including Project Risk Management, Maturity Assessments, Strategic Risk Assessments, and Third-Party Risk Assessments.

Served as a Subject Matter Expert (SME) for IT, Security, and business teams on matters related to third-party risk, privacy, compliance and legal requirements.

Developed a project risk management program that feeds all project risks to the overall IT Risk register. Established and managed the IT Risk register at asset level.

Developed and managed the IT GRC strategic roadmap in alignment with the organizations objectives and provide periodic status updates to the Execute Risk and Audit committee.

Managed a team to operationalize the overall GRC program, including the Business Continuity program, PCI and ISO 27001 compliance, SOC 2 & SOX (ITGC) audit and the third-party management program.

Promote risk culture & awareness across the organization and developed IT risk trainings for the enterprise.

Developed and tracked risk metrics (KRIs) that ensures Teranet’s meets its strategic objectives and its customers contractual obligations.

Conducted interviews, workshops, focus group meeting for business unit alignments and other strategic discussions. Facilitate Technology & Security meetings, reporting risk updates to the Executive Committee.

Served as the SME on Risk & Compliance for the organization's data center cloud migration and transformation projects, providing guidance on both business and technical related matters. IT Business Advisor (Audit & Compliance) Just Energy Nov 2020 – July 2021

Developed IT Risk strategy, partnered with other risk groups to assess, implement, and communicate new/updated risk controls, frameworks, policies, indicators, metrics, and limits to stakeholders.

Designed controls and proffer recommendations to risk issues. Identified IT risks that are common across the landscape and help implement mitigating controls across enterprise.

Conducted best practices standards assessments and implementation – ISO 27001, PCI, COBIT, NIST, GDPR and ensured it aligns with business objectives for various organizations.

Conducted an IT risk assessments and ensure outputs are recorded in risk registers or enterprise tools and are in full compliance with defined policies and standards. IT Risk Advisor BDO Jan 2020 – Oct 2020

Performed SOX reviews - ITGC (Access, Change and Data Processing), and Application controls.

Carried out SOC 1 & 2 compliance reports for various service organizations.

Executed risk-based Information system audits in compliance with Information System audit standards to ensure key risk areas are audited i.e., achieve planned audit objectives.

Performed data analytics using ACL for various organizations especially in the financial sector.

Managed and reviewed the IT infrastructure, Governance, Risk and Compliance for organizations.

Conducted review for a wide range of security technologies such as NIDS/IPS, HIDS, Network Access Control (NAC), IAM, DLP, application firewalls.

Manager IT Risk Advisory Ernst & Young Dec 2017 – Dec 2019

Established and managed cybersecurity strategy to align with organization’s goals and objective, the strategy implementation brought about increased customer trust, reduced Information security cost whilst responding to threat and potential data compromise. (Referencing best practices COBIT, NIST, ISO 27001)

Created and communicated information security policies to guide development of operating procedures, guidelines, and other documentation in alignment with enterprise goals and objectives.

Established a cybersecurity governance framework to guide activities supporting information security strategy using industry best practices for a major telecoms company with a revenue size of about $10B.

Monitored and reported key information security metrics (Key performance indicators “KPIs” and Key Risk Indicators “KRIs”) to stakeholders regarding effectiveness of information security program.

Established, sustain and execute information security program in alignment with organization’s information security strategy.

Identified, assess, prioritize and report on material IT risks and aligned business areas by working with risk owners under various senior management.

Access Bank PLC Information Security Analyst & IT Auditor Dec 2009 – Nov 2017

Developed and executed an audit plan covering network, application, database, and security audits, focusing on user access, change management, and IT operations, including incident management, business continuity, and disaster recovery.

Communicated audit results and made recommendations to key stakeholders through meetings and audit reports also carried out a follow-up audit to ascertain recommendations have been implemented.

Investigated electronic fraud and cybersecurity incidents and proffer recommendations to remediate identified control gaps.

Evaluated controls in preparedness for the PCI DSS and ISO 27001 certification.

Performed vulnerability assessments and remediation activities for systems and applications.

Contact this candidate