Risk Management It Security
Resume:
CHIBUEZE O. ALUTU
IT Security Manager
GRC, SOC *, PCI, and Risk Management Audit, Compliance & Cybersecurity Excellence
Transforming Security Postures for Business Resilience
**** ** **** ******, Sunrise, FL 33351
Phone: 954-***-**** Email: *************@*****.*** LinkedIn: Chibueze Alutu
PROFILE SUMMARY
Dynamic and results-driven IT Security professional with over a decade of comprehensive experience in risk management, compliance auditing, and information security across diverse industries, including finance, healthcare, and technology. Proven success in directing security assessments, developing robust compliance programs, and executing strategic security initiatives to identify and mitigate risks while improving organizational resilience. PCI, SOC 1, SOC 2, HIPAA, and SOX audit experience with extensive knowledge of the regulatory frameworks, including ISO 27001, NIST, and COBIT; worked as part of cross-functional teams to design and implement security programs that protect sensitive data, proving adherence to all industry standards. Built a security-aware culture through training and fun-filled programs designed to engage with employees. Commitment to using analytical expertise and security best practices to ensure continuous improvement to protect the organization's assets.
CORE COMPETENCIES
Expert in identifying, assessing, and mitigating risks to protect organizational assets and data
Knowledge of industry regulations, including PCI DSS, HIPAA, SOX, CMMC, GDPR, CPRA, FISMA, and FEDRAMP
Proficient in implementing security frameworks: NIST CSF, ISO 27001, CIS Controls, and COBIT
Able to develop incident response plans to manage security breaches and minimize impact
Conducting security audits (SOC 1, SOC 2, PCI, and SOX); ensuring adherence to compliance requirements
Ability to remediate vulnerabilities through proactive monitoring & risk assessment strategies
Proven track record in creating security policies and procedures aligned with best practices
Strong leadership skills with experience in managing teams and promoting security awareness
Competence in designing training programs to enhance employee awareness and compliance
Proficient in managing multiple security projects, ensuring timely completion within scope
SKILLS HIGHLIGHTS
Information Security Management Cyber Risk Management Regulatory Compliance
Vulnerability Assessment & Remediation Security Framework Implementation Incident Response & Recovery
Threat Intelligence & Analysis Security Architecture Design Data Loss Prevention (DLP)
Security Information and Event Management (SIEM) Identity & Access Management (IAM) Penetration Testing
Disaster Recovery Business Continuity Planning Business Impact Analysis
Cloud Security Best Practices End-User Security Training & Awareness Third-Party Risk Management
Network Security Protocols Malware Analysis & Mitigation Highly Detail-oriented
Continuous Monitoring & Compliance Reporting Critical Thinking & Decision-making Flexibility & Adaptability
PROFESSIONAL EXPERIENCE
RB Advisory LLC
Lead IT Auditor/Security Consultant Jan 2024 – Present
Provide comprehensive PCI, HIPAA assessments, and GRC advisory services to enhance client information system security compliance.
Develop and implement compliance monitoring programs to ensure adherence to regulatory and internal policies.
Collaborate with internal security teams to manage network security and mitigate identified vulnerabilities.
Lead risk assessments during mergers, identifying risks and suggesting corrective actions for integration processes.
Review third-party/vendor risk management processes to strengthen the overall client security posture and compliance requirements using SIG questionnaires.
Provide guidance on policy reviews to ensure alignment with best practices and regulatory standards.
Deliver security training sessions for clients to enhance awareness of compliance and risk management practices.
Key Accomplishments:
Achieved significant improvements in client compliance ratings through rigorous audit processes/ remediation strategies.
Reduced security risks by 70% through comprehensive risk assessments and enhanced security control implementation.
Cinch Home Services, Inc.
Information Security Manager Aug 2022 – Dec 2023
Designed security programs compliant with PCI DSS, ISO 27001, NIST CSF and CIS frameworks to mitigate risks.
Facilitated annual PCI assessments, managing artifact collections and remediation activities for regulatory compliance.
Reviewed and updated security policies and standards to align with business goals and regulatory requirements.
As GRC process owner, led the development and implementation of the company's policies, risk management, and compliance across the entire company.
Conducted business impact analysis (BIA) to ensure adequate protection of company assets based on their criticality and risk profile.
Oversaw updates to business continuity and disaster recovery plans to ensure operational resilience during disruptions.
Managed Security Operation Center (SOC), ensuring timely remediation of identified threats to enhance overall security posture, including hiring the MSSP, threat detection monitoring, and vulnerability management.
Developed and managed OWASP security awareness training for the development team as part of the secure coding initiatives I introduced to the company.
Established a third-party risk management program to evaluate and mitigate risks associated with vendors using Security Scorecard and OneTrust.
Collaborated with the development team to integrate security requirements throughout the software development life cycle.
Key Accomplishments:
Increased overall security posture by achieving successful compliance with PCI, CIS, and ISO standards company-wide.
Developed and implemented security awareness training programs, resulting in a 90% improvement in employee security awareness ratings.
RB Advisory LLC
Lead IT Auditor Mar 2020 – Aug 2022
Managed SOC 2 assessments from initiation through completion, ensuring compliance with audit requirements and standards.
Conducted PCI assessments for various sectors, ensuring adherence to the Self-Assessment Questionnaire framework.
Supported clients in updating IT policies and developing monitoring programs to enhance compliance efforts.
Established continuous vendor risk monitoring processes, improving risk identification/management for client organizations.
Developed audit test procedures, assessing the operating effectiveness of internal controls through comprehensive testing methods.
Documented exceptions found during audits, providing actionable recommendations for timely remediation of identified issues.
Conducted business continuity tabletop exercises to evaluate preparedness and improve disaster recovery planning initiatives.
Key Accomplishments:
Led multiple organizations to obtain compliance certifications, enhancing their operational credibility and reputation.
Achieved a 95% satisfaction rate from clients on audit support services and remediation strategies provided.
The Judges Group (Contractor to PWC)
Senior Risk Assurance Associate Aug 2018 – Jan 2019
Planned and executed SOC 1 Type 2 audits, ensuring compliance with applicable GAAP requirements.
Conducted SOX IT general control audits, assessing access management and business recovery control effectiveness.
Evaluated application control audits to determine the design and operating effectiveness of automated controls.
Reviewed segregation of duties to mitigate potential risks and enhance organizational control effectiveness significantly.
Analyzed key reports and documentation to ensure compliance with regulatory standards and audit requirements.
Provided comprehensive audit findings to stakeholders, offering insights for improving internal control frameworks.
Key Accomplishments:
Achieved a record completion rate for audits, reducing turnaround times while maintaining thoroughness and accuracy.
Implemented audit recommendations, resulting in a 25% reduction in identified control deficiencies across clients.
Broward Health
Senior IT Auditor Feb 2018 – June 2018
Planned and executed IT audits, ensuring compliance with established regulations and organizational standards.
Designed audit programs, performing walkthroughs, and reporting findings to enhance organizational compliance efforts.
Collaborated with IT infrastructure management to assess and improve the overall control environment significantly.
Reviewed HITRUST reports and coordinated the implementation of auditor recommendations to enhance security measures.
Assisted internal audit team members by conducting peer reviews to ensure high-quality audit deliverables.
Documented audit findings and recommendations, presenting reports to management for corrective action implementation.
Developed training materials for staff on audit procedures and compliance requirements to improve awareness.
Key Accomplishments:
Improved audit efficiency by implementing new processes, resulting in a 30% reduction in time spent.
Successfully identified key control weaknesses, leading to immediate corrective actions and enhanced security compliance.
Deloitte & Touché LLP
Senior Solution Advisor Sept 2016 – Dec 2017
Conducted security assessments for federal agencies, ensuring compliance with NIST 800-53 standards effectively.
Audited SOX IT controls of publicly traded companies, focusing on change management and access controls.
Led quality assurance initiatives, reviewing team deliverables to ensure exceptional service delivery to clients.
Documented findings and action plans in the POAM system, providing detailed remediation recommendations for clients.
Assisted clients in implementing security improvements based on audit findings and regulatory compliance requirements.
Coordinated with stakeholders to develop strategies for addressing identified risks and enhancing operational efficiency.
Developed training programs for team members to improve knowledge and understanding of compliance requirements.
Key Accomplishments:
Achieved a high client satisfaction score through effective communication and delivery of audit findings.
Contributed to significant improvements (95%) in clients’ security postures by implementing audit recommendations.
Auditwerx LLC, Division of Carr Riggs Ingram CPA Aug 2015 – May 2016
Senior IT Auditor
Planned and executed SOC 2 audits for diverse clients in the financial, healthcare, and educational sectors.
Conducted IT security assessments of educational providers, verifying compliance with federal FISMA requirements.
Established internal controls and evaluated their effectiveness regarding security and financial reporting processes.
Communicated identified control deficiencies to clients, offering remediation strategies and timelines for implementation.
Provided comprehensive audit reports, highlighting key findings and recommending improvements to security measures.
Collaborated with management to develop action plans for addressing audit findings and compliance gaps.
Mentored junior auditors, enhancing their skills and knowledge in auditing practices and compliance requirements.
Key Accomplishments:
Achieved a 100% completion rate for audits, maintaining high-quality standards and client satisfaction consistently.
Recognized for exceptional performance through client testimonials and repeat business from satisfied organizations.
Royal Caribbean Cruises Ltd (Consulting)
IT Compliance Analyst Sept 2013 – Mar 2015
Executed and reported information system audits, ensuring adequate internal controls over processing environments.
Conducted month-end SOX compliance audits, including change management and logical access controls assessment.
Prepared month-end compliance reports and facilitated remediation processes for identified control deficiencies.
Trained new employees on SOX compliance testing procedures to ensure understanding of regulatory requirements.
Collaborated with cross-functional teams to ensure established processes effectively operate and remain compliant.
Monitored ethics hotline operations, ensuring effectiveness in addressing reported compliance and ethical concerns.
Key Accomplishments:
Enhanced overall audit quality, leading to positive feedback from senior management on compliance effectiveness.
Streamlined reporting processes, resulting in timely submissions and improved accuracy of compliance documentation.
State of Florida Office of Insurance Regulation
Financial Examiner & Analyst/IT Auditor May 2011 – Sept 2013
Planned and executed comprehensive audits of insurance companies, identifying IT risks and control effectiveness.
Assessed IT controls using the COBiT framework to ensure compliance with regulatory requirements effectively.
Documented recommendations in audit reports, presenting findings to management for timely corrective actions.
Developed audit work programs within the TeamMate Audit Management system for organized audit processes.
Conducted interviews with C-level executives to evaluate corporate governance and risk management practices.
Key Accomplishments:
Identified key risks within multiple organizations, leading to enhanced regulatory compliance across the industry.
Recognized for excellence in audit reporting, receiving commendations from senior management for thoroughness.
State of Florida Department of Health
Accountant May 2008 – Mar 2011
Provided accurate cash receipt data utilized in financial statement preparations, ensuring compliance with GAAP and state regulations for accurate reporting.
Managed cashiering processing for employees, ensuring timely and accurate recording of receipts.
Analyzed financial transactions to identify discrepancies and recommend corrective actions for resolution.
Key Accomplishments:
Streamlined cash receipt reporting processes, reducing preparation time by 75% while improving accuracy significantly.
Achieved zero cash receipt recording discrepancies during daily audits, demonstrating exceptional compliance and management practices.
EDUCATION
Nova Southeastern University Davie, FL
Master of Accounting (MACC)
Nnamdi Azikiwe University Awka, Nigeria
Masters in Business Administration (MBA) – Accounting
Federal Polytechnic Oko Nigeria
Bachelors – Accounting
CERTIFICATIONS
Certified Information System Auditor (CISA)
Certified Data Privacy Solutions Engineer (CDPSE)
Certified Information Security Manager (CISM)
CMMC-AB Registered Practitioner
AWS Technical Professional Certificate
AWS Security Fundamental Certificate
Contact this candidate