Risk Management Third-Party
Resume:
Ola Adedoyin
667-***-**** ********@*****.***
Experienced cybersecurity expert skilled in recognizing risks across various cloud service models (IaaS, PaaS, and SaaS) and assessing third-party and vendor risks. Proficient in applying frameworks such as SOC 2, NIST SP 800-53, HITRUST, HIPAA, and PCI DSS to ensure compliance and security. Adept at engaging with senior stakeholders to align complex technical and business requirements, leveraging technical expertise to devise effective solutions. Combines strong leadership with performance management skills to uphold quality, meet targets, and ensure adherence to deadlines.
CORE COMPETENCIES
Assessments & Compliance: SOC 2 - Type 1 & 2 Reports, PCI-DSS, GRC,CAIQ, SSAE 18, SIG, HITRUST, HIPAA, ISO 27001/2, NIST 800 series, FedRAMP, ITGC, Vendor/Supplier Security Audit, FIPS 199, FISMA.
IT Program Directorship & Management: Cybersecurity Technical Writing (Policies, Standards, and Procedures), Third-Party Risk Management, Business Continuity & Disaster Recovery (BC/DR),SDLC Security Controls, Policies and Procedures, Implementation, Incident Response, Supplier management, Risk Assessment and Risk Mitigation Analysis, Access Control Management, Contingency Plan, Policy Review,Continuous Monitoring, Artifacts gathering, Remediation,SSP, SCRM,SAR, SAP, CMP.
IT Security Tools: RSA Archer, Vanta, OneTrust, Knowbe4, Privacera.
Productivity Tools: Microsoft 365, ServiceNow, Jira /Confluence, Sharepoint, Slack,Teams, Google Docs.
Soft Skills: Teamwork,Problem Solving,Interpersonal Communication, Conflict resolution.
CERTIFICATION AND RECOGNITION
Certified Information Systems Auditor (CISA)
Microsoft Azure Security Engineer Associate
AWS Cloud Technical Essentials
Aws cloud Security
Systems Security Certified Practitioner (SSCP)
Maersk – Client Satisfactory Consultant of the year for consistently delivered high-quality cybersecurity services to clients, ensuring their satisfaction and building strong relationships.
WORK EXPERIENCE
Maersk Cybersecurity Consultant (Contract) May 2020 –Present
Proactively identify and assess organizational risks using a risk-based approach, leveraging frameworks like NIST 800-53, SOC 2, HITRUST, HIPAA, PCI-DSS, and ISO to enhance security posture.
Utilize client-provided GRC tools for managing audit evidence, documenting compliance activities, and tracking progress to ensure regulatory adherence.
Develop and maintain security governance artifacts, including models, templates, standards, and procedures, to support consistent security practices in projects and operations.
Define and shape end-to-end Information Security control requirements across applications, systems, and infrastructure for both Cloud (O365, AWS, Azure, GCP) and On-Prem environments, ensuring alignment with regulatory standards and best practices.
Provide strategic guidance at Information Security Clinics, advising stakeholders on security policies, risk management, and compliance requirements.
Identify, document, and oversee the lifecycle of security risks, collaborating with risk owners on treatment plans, and escalating to Internal Audit and the CIO as needed.
Develop governance frameworks for access control and Identity and Access Management (IAM) policies to support secure access to systems and data.
Oversee risk-based monitoring practices and coordinate with teams to ensure EDR insights are aligned with organizational security policies.
Lead the design and governance of security architectures within hybrid cloud environments, ensuring adherence to regulatory standards and internal policies.
Act as a subject matter expert, collaborating with the third-party assurance team to incorporate cybersecurity requirements in vendor agreements and risk management processes.
Conduct weekly access control reviews to ensure compliance with security policies and uphold the principle of least privilege across systems and applications.
Assist clients in reviewing vendor assessments to ensure compliance with regulatory standards and internal security policies, identifying any gaps for remediation.
Update the System Security Plan (SSP) to ensure readiness for annual audits, maintaining alignment with current security standards and regulatory requirements.
Oversee the management of Plans of Action and Milestones (POA&Ms), ensuring timely remediation of identified risks and alignment with compliance objectives.
Draft Statements of Work (SOW) for Tabletop Exercises and Disaster Recovery (DR) planning, outlining objectives, scope, and key deliverables to support organizational resilience and preparedness.
Zheeta Dating Third-Party Risk Analyst ( Contract) Mar 2015– April 2020
Conducted comprehensive risk assessments of third-party vendors and affiliates associated with the socio-affiliate dating platform, identifying potential security threats, vulnerabilities, and compliance gaps.
Evaluated and monitored third-party security architectures, focusing on network security, application security, and data protection practices to ensure alignment with platform standards.
Provided guidance on regulatory requirements and industry standards applicable to third-party relationships, ensuring vendors and affiliates met legal obligations related to data protection, user consent, and privacy rights.
Collaborated with third-party vendors to develop and implement incident response plans, ensuring prompt and effective action in the event of security breaches or incidents.
Educated third-party developers, administrators, and support staff on cybersecurity best practices, emphasizing the importance of maintaining security controls within the platform ecosystem.
Regularly assessed and documented the security posture of key third-party vendors, such as payment processors and marketing partners, to mitigate risks associated with external partnerships.
Scheduled Single Sign-On (SSO) integration based on client requests, coordinating timelines and resources to ensure seamless and timely implementation.
Evaluated Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP) to verify compliance with organizational goals and regulatory requirements.
Leveraged ServiceNow for monitoring assessment progress, assessing risk data, and providing senior leadership with strategic insights for informed decision-making.
Created and standardized methods for collecting vendor information, such as SIG, CAIQ, and IRQ, to streamline the risk assessment process and improve data reliability.
CodeSolutions Internal IT Auditor (Contractor) February 2012 – February 2015
Evaluated and advised on the selection, design, justification, and implementation of security controls, ensuring alignment with organizational policies and regulatory standards throughout project lifecycles.
Assessed the effectiveness of security architectures within a hybrid cloud environment, including MS Azure, Salesforce, and private data centers, to verify compliance and identify potential risks.
Collaborated with the first line of defense to reinforce the three lines of defense approach to security, recommending standards and processes that empower key decision-makers in managing risk.
Reviewed incident response processes for security alerts, offering guidance on system management improvements and coordinating with external security teams for audits and customer inquiries.
Defined and reviewed architectural principles, standards, and roadmaps, ensuring they supported business objectives and complied with audit criteria.
Conducted third-party security assessments, reviews, and audits for supplier onboarding and annual evaluations, focusing on risk and compliance factors.
Assessed information security awareness programs, identifying gaps in training effectiveness that contributed to phishing risks and recommending targeted improvements.
EDUCATION AND CERTIFICATION
MSc. Artificial Intelligence – University of Wolverhampton
B.Tech. Computer Science – Ladoke Akintola University of Technology
Contact this candidate