Risk Management Compliance Specialist
Resume:
ADEDAMOLA OGUNLEYE
GRC Analyst Governance & Compliance Specialist Risk Management Consultant
Apple Valley MN 469-***-**** ************@*****.***
professional Summary
Governance, Risk, and Compliance (GRC) Analyst with 8+ years of experience supporting enterprise security programs, regulatory compliance, and risk management strategies across cloud-based and hybrid infrastructures. Adept at translating technical security controls into business-aligned compliance measures using frameworks such as NIST 800-53, ISO 27001, FedRAMP, HIPAA, and SOC 2. Skilled in evaluating security posture, conducting risk assessments, managing audit readiness, and leading access governance and third-party due diligence initiatives. Brings a technical foundation in IAM, CSPM, and DevSecOps to strengthen policy development, streamline evidence collection, and drive sustainable risk mitigation in complex environments.
SKILLS
Frameworks & Governance: NIST SP 800-53, NIST 800-30, NIST 800-161, ISO 27001/2, SOC 2 (Type I & II), PCI-DSS, GDPR, HIPAA, FedRAMP, CMMC, CAIQ, SIG, SSAE 18, SOX/ITGC, COBIT, MITRE, FISMA, FIPS 199, HITRUST
Risk & Compliance: Risk Register Development, Control Effectiveness Testing, Threat Modeling, Compliance Monitoring, Audit Remediation
Audit & Evidence Management: Internal/External Audit Support, Evidence Collection, Control Narratives, Continuous Monitoring, Documentation Readiness
Cloud Compliance: AWS Security Governance, IAM Reviews, RBAC, Security Hub, Cloud Policy Enforcement
Security Knowledge: IAM, CSPM, CIEM, SIEM (Splunk, Prometheus), Encryption, Terraform, DevSecOps Integration
Third-Party Risk Management: Vendor Due Diligence, Risk Analysis, Questionnaire Reviews (SIG, CAIQ), M&A Assessments, Risk Acceptance Support
Training & Awareness: KnowBe4 Program Rollout, Phishing Campaigns, Security Culture Enablement, Policy Communication
Reporting & Metrics: KRIs/KPIs, Dashboards, Risk Reports, SOPs, Incident Response Plans
Tools & Platforms: RSA Archer, Vanta, OneTrust, KnowBe4, Privacera, ServiceNow, Jira/Confluence, Microsoft 365, SharePoint, Teams, Slack
Collaboration: Work closely with InfoSec, Legal, Privacy, IT Ops, Audit, and Engineering Teams
CERTIFICATIONS & Education
CISA - In view
AWS Certified Security – Specialty AWS Solutions Architect – Associate
AWS Certified Cloud Practitioner Scrum Master Certified (SMC)
Bachelor of Science (BSc), Computer Science – Western Governors University
PROFESSIONAL EXPERIENCE
Baker Tilly Senior GRC Consultant (Contract) September 2021 – Present
Lead governance, risk, and compliance (GRC) activities, focusing on strategic planning, executive reporting, and regulatory compliance across client engagements.
Drive enterprise security and compliance initiatives aligned with NIST 800-53, HIPAA, NYDFS, SOC 2, and PCI-DSS, collaborating with Legal and Compliance to enforce policies across cloud environments.
Conduct internal risk and compliance assessments, mapping AWS security controls to enterprise policies and regulatory standards.
Support audit readiness by documenting evidence, leading remediation efforts, and maintaining continuous monitoring with stakeholders and auditors.
Manage identity governance using IAM policies and RBAC, supporting access certifications and aligning with HIPAA and NYDFS mandates.
Perform gap analyses against NIST 800-53 control families, driving remediation roadmaps and reporting KRIs and compliance metrics.
Lead vendor risk assessments for onboarding and annual reviews, identifying regulatory, security, and privacy risks.
Track risk findings, assessments, and remediation plans using Archer GRC, ensuring centralized documentation and visibility across compliance activities.
Evaluate third-party security artifacts (e.g., SOC 2, pen test results, data practices) to assess vendor posture and inform risk decisions.
Document findings and coordinate with Legal and Procurement on mitigation strategies and risk acceptance for vendor engagements.
Develop and update security policies and SOPs for cloud deployments, data handling, and vendor integrations to support compliance.
Guide implementation of security safeguards (encryption, logging, SIEM) to meet business needs and regulatory standards.
Review new cloud services and third-party integrations, ensuring secure data handling and regulatory alignment.
Coordinate the annual penetration test, managing SOW development, AWS authorization, scope validation, and internal readiness.
Respond to client security questionnaires, ensuring accurate and timely disclosure of security and compliance practices.
Lead annual reviews of key compliance documentation, including ISRA, SSP, PIA, IRP, Certification & Accreditation, and System Risk Assessments.
Dell Technologies Third-Party Risk Analyst (Contract) June 2017 – August 2021
Managed the third-party risk assessment process for non-supplier vendors, ensuring alignment with organizational risk management policies and regulatory standards.
Conducted third-party due diligence and periodic risk assessments to ensure alignment with internal policies, regulatory requirements, and risk appetite.
Reviewed vendor documentation, including SOC 2 reports, security certifications, penetration test results, vulnerability scans, financial statements, and phishing evidence to evaluate risk posture.
Advised business owners on risk-informed decision-making and best practices when engaging vendors that did not meet baseline security or compliance requirements.
Performed third-party risk assessments for mergers and acquisitions (M&A), analyzing inherited vendor relationships, contractual obligations, and cybersecurity risks.
Facilitated meetings with high-risk vendors to address control gaps, discuss remediation strategies, and monitor issue resolution.
Recorded vendor risks in the enterprise risk register, assigned ownership, and tracked remediation activities to closure.
Implemented continuous monitoring processes to evaluate vendor performance, compliance status, and shifts in risk exposure.
Prepared recurring and ad-hoc reports on Key Risk Indicators (KRIs), remediation progress, and vendor risk metrics for senior leadership.
State Farm IT Compliance Analyst (Contract) April 2015 – May 2017
Collected and organized audit artifacts and supporting documentation for internal and external audits, ensuring alignment with NIST SP 800-53, SOC 1 & SOC 2, and internal risk governance frameworks.
Tracked audit findings, control gaps, and risk exceptions, and monitored remediation activities through to closure.
Maintained compliance documentation to support IT risk management initiatives and readiness for regulatory inspections.
Collaborated with system owners and SMEs to gather evidence related to access controls, incident response, and data protection practices.
Coordinated with auditors and regulators, providing validated evidence and timely responses to ensure audit efficiency.
Contributed to the development and execution of corrective action plans in response to audit observations and internal assessments.
Contact this candidate