It Grc Emerging Technologies
Resume:
Suraj O Ajisebutu
Senior IT GRC (Consultant) @ Nodriam LLC USA
IT GRC/Cybersecurity/IT Audit SME/Career Coach
CISA CISM CGEIT CRISC CISSP* COBIT2019 CDPSE CCSK SSCP CC
Missouri City Texas US
**********@*****.***
EXECUTIVE SNAPSHOT
With over 23 years of diversified experience, I am a seasoned IT GRC/Audit professional specializing in consulting, controls reviews/testing, implementations, compliance enforcement, and risk management. I manage GRC-related projects by setting timelines and milestones, developing resource requirements, coordinating and conducting meetings, and communicating project status reports to stakeholders. Proven track record in risk assessment, compliance audits, and regulatory adherence. Adept at leveraging industry best practices to enhance organizational security posture and ensure compliance with relevant standards. Strong understanding, assessment and implementation of security frameworks like SOC, IT SOX, NIST CSF, CMMC, CSA CCM, PCI DSS, HITRUST etc
In my previous roles, I was responsible for conducting comprehensive security control testing to ensure compliance with industry standards and regulatory requirements. My experience includes:
Performing security assessments and vulnerability assessments.
Implementing and monitoring security controls based on frameworks such as NIST, ISO/IEC 27001, and CIS Controls.
Collaborating with cross-functional teams to remediate security vulnerabilities.
Creating detailed reports and providing actionable recommendations to improve security posture.
Experienced Governance, Risk, and Compliance (GRC) Policy and Standards Consultant with a proven track record of consolidating and aligning policy and standard documents with industry frameworks such as ISO 27001 and NIST CSF 2.0. Expertise in conducting document updates, gap analysis, and identifying missing policies and standards. Adept at ensuring the relevance and correctness of information and providing actionable recommendations for developing comprehensive GRC documentation.
Current Focus: As an IT Audit Specialist and Cybersecurity Manager with a CISSP certification, my current focus is on Governance, Risk, and Compliance (GRC), ensuring robust IT security postures within organizations. My expertise encompasses access management, user administration, and risk assessments, with a particular proficiency in PCI DSS, ISO 27001 and NIST Implementations and Assessments.
My approach is always geared towards operational excellence and strategic risk management, contributing to strengthened security frameworks and improved compliance statuses.
EDUCATION
Bachelor of Science (B.Sc.) Computer Science
University of Ilorin Nigeria - 1999
FinTech Security
Harvard Business School
CyberSecurity Management
MIT Sloan School of Management
Languages:
- English
- Yoruba
TECHNICAL SKILLS & EXPERTISE
Cybersecurity
IT Compliance
IT Governance
COBIT2019, ITIL, SSAE 18(SOC1, II, III)
IT Audit/Compliance Audit
IT Risk Management
GRC implementations
OWASP Top 10, SANS Top 18 & MITRE ATT&CK
Control implementations
Business process risk assessments
ISO 27001
ServiceNow/SAP GRC, Archer
PCI DSS
HIPAA/HITRUST
CSA STAR/CCM
SAP/ORACLE Security and Audit
IT Audit/Mock Assessment
NIST CSF 2.0
NIST 800-30/35/37/39/53/61/171
ITGC/SOX/IT Business Application Testing
Vulnerability/Patch Management
Cyber Threat Intelligence/Hunting
UNIX Reviews, Risk Management
Emerging Technologies: Blockchain, IoT, AI/Machine Learning, Data Analytics
Cloud Security Reviews: AWS & Azure
Network Security
Business Analysis/Project Management
Privacy Reviews: HIPAA, PCI DSS, HITRUST, CCPA, GDPR, Brazil Privacy Act (LGPD)
Technology Risk, Operation Risk, Compliance Risk
Metasploit Framework
SIEM: Splunk
Policy Development and Implementation
Soft Skills:
Goal Oriented
Customer Service
Quality Assurance
Strong Ethics
Team Management/Collaboration/Conflict Resolution
Effective Communication
Analytic Skills/ Critical Thinking
Coaching/Mentoring
Attention to Detail
Time Management
Effective Report Writing/Presentation
Continuous Learning/Adaptability
Innovation
Interpersonal Relationship
Leadership Management
Issue Management
Automation
Technical Documentation
SIGNATURE ACHIEVEMENTS
Cross-Functional Risk Assessments: Led cross-functional risk assessments and provided recommendations for patching vulnerabilities in Active Directory and updating vulnerable software, ultimately strengthening IT infrastructure against cyber threats.
Cybersecurity Policy Framework: Overhauled the cybersecurity policy framework to align with NIST 800-171, NIST CSF 2.0, and ISO 27001, resulting in a 31% improvement in compliance rates and a 17% decrease in policy-related incidents.
Training Program Design: Designed and delivered a company-wide training program on new cybersecurity policies and best practices, achieving 95% adoption within 3 months, significantly improving organizational awareness and adherence to security standards.
Revenue Assurance: Led a team of IT Auditors and Control professionals on the ACL Audit Exchange Implementation for Revenue Assurance, which led to millions of dollars in recouped income and prevented future income leakages.
Forensic Audit: Conducted a forensic audit and discovered fraud that had persisted for over 10 years in a subsidiary.
Certification Preparation: Prepared for ISO 27001 and PCI DSS audits with readiness/mock audits, reducing the actual certification processes, time, and costs by 50%.
PROFESSIONAL CERTIFICATIONS
Certified Cloud Security Knowledge (CCSK) - Dec’23
COBIT 5.0 - Foundation - Jul’14
Certified Risk and Information Security Control (CRISC) - 2014
Certified in the Governance of Enterprise IT (CGEIT) - Dec’13
OneTrust (GRC, Third Party RM, Privacy)
Project Management Professional (PMP) - Nov’07
Certified Information System Security Professional (CISSP) - Dec’07
Certified Information System Auditor (CISA) - Jun’07
Certified Information System Manager (CISM) - Jun’07
PROFESSIONAL AFFILIATIONS
International Information System Security Certification Consortium (ISC)2
Project Management Institute (PMI)
Information Systems Audit and Control Association (ISACA)
CAREER CONTOUR
Senior IT Governance, Risk & Compliance Manager (Consultant)
Nodriam LLC USA
Apr’23 - Present
Conduct compliance and security assessments, design and implement controls, and assist in drafting governance documentation
Use of other common security and privacy standards such as NIST, HIPAA, ISO/IEC, GDPR, CCPA, etc.
Advise senior leadership and key stakeholders on strategic security matters to align security programs with business objectives
Assess and understand our client’s current security posture and future architecture, providing a viable solution path to bridge the gap using industry and vendor best practices
Information Security Expert and Trusted Advisor: Serve as an information security expert and trusted advisor to partners in IT and the business. Stay current on changes in regulations and industry trends to ensure the company remains in compliance with new standards and requirements
Control Management: Manage the review and update of current enterprise-wide technical, administrative, and physical controls.
Policy Development: Develop, review, and update Information Security Policies, Standards, and Security Baselines in accordance with ISO-27001, NIST SP 800-18, and NIST SP 800-37 Risk Management Framework (RMF) towards FISMA compliance, strengthening enterprise cybersecurity and improving regulatory compliance.
Policy Review: Review and update enterprise-wide policies, standards, and guidelines to reflect current company strategy and business needs. Develop, maintain, and implement compliance reporting processes, ensuring accurate and timely submissions of regulatory filings and reports.
Framework Implementation: Implement and manage security frameworks, including ISO 27001, NIST 800-171, and NIST 800-53.
System Design Advisory: Advise on the design and development of secure systems architecture, as well as industry best practices and information systems technologies available to meet security requirements. Provide training and guidance to staff on compliance policies, regulatory updates, and reporting procedures.
Compliance Reporting & Improvement: Make broad recommendations on improving compliance-related processes and procedures as they pertain to the IT department. Monitor and ensure compliance with industry regulations such as HIPAA, GDPR, and other applicable laws, standards, and company policies.
Contract Review: Review contracts and service level agreements to ensure they meet current business needs and security requirements. Conduct regular audits and assessments to evaluate the organization's compliance with regulatory standards and internal policies
Business Continuity Planning: Lead a team to perform Business Impact Analysis (BIA) and develop business continuity and disaster recovery plans.
Security Alignment: Ensure IT security design, controls, processes, and procedures are aligned with information security standards and are adequate to mitigate the risk of exposure.
Data Analysis Process: Establish and implement a process to compile and analyze data from various security tools, such as SIEM, anti-virus, active directory, advanced endpoint threat detection, and patching systems, and develop meaningful and actionable IT compliance reporting.
Risk Assessment Management: Manage the overall planning, execution, and reporting of risk assessments and IT compliance audits to support ISO and NIST requirements.
Collaborate with other Key Stakeholders: Collaborate with legal, IT, and business teams to identify risks, ensure proper controls are in place, and implement remediation actions as needed
IT Audit Manager (Consultant)
Nodriam LLC USA
Jan’22 – Mar’23
Supervised IT Audits: Supervised IT General Controls (ITGC) and Application Controls (ITAC) audits over applications, databases, and Enterprise Resource Planning applications for compliance.
Internal Controls Compliance: Performed and supervised walkthroughs and tests of IT internal controls to ensure compliance with Sarbanes-Oxley (SOX) regulations, using COSO mapped to COBIT frameworks.
Audit Planning and Oversight: Planned and oversaw the auditing process and reviewed team members’ work for accuracy and compliance.
Relationship Management: Managed ongoing relationships with external auditors, business units, and senior management.
Follow-Up and Reporting: Followed up on the progress being made to address unresolved control matters, evaluated corrective measures taken, and prepared summary reports for executive management to ensure appropriate actions were taken in a timely manner.
Audit Strategy Development: In conjunction with other Audit Services leadership, developed the audit strategy and plan, with an emphasis on assurance and advisory services.
Consultation and Collaboration: Advised and collaborated with leadership on effective IT and Cyber Security controls and the regulatory environment
GRC Policy and Standards Consultant (Consultant)
Nodriam LLC USA
Jul’20 – Dec’21
Developing, Reviewing, and updating Information Security Policies, Standards, and Security Baselines in accordance with PCI/PA DSS, ISO-27001, NIST CSF, and NIST Risk Management Framework (RMF) to strengthen enterprise cyber security and improve regulatory compliance.
Document Consolidation:
oReviewed existing policy and standard documents to identify redundancies and inconsistencies.
oConsolidated documents, ensuring alignment with industry frameworks including ISO 27001 and NIST CSF 2.0.
Document Update and Gap Analysis:
oVerified the relevance and correctness of information in all documents.
oConducted gap analysis to identify missing or outdated content, suggesting amendments to align with industry best practices.
Missing Document Identification:
oIdentified missing policies and standards required by frameworks such as ISO 27001 and NIST CSF 2.0.
oProvided comprehensive recommendations for developing missing documents to ensure compliance and completeness.
Project Management:
oInitiated and managed GRC document development projects, ensuring timely completion and adherence to milestones.
oCoordinated with cross-functional teams, including IT, legal, and compliance departments, to gather necessary information and insights.
IT Governance, Risk, and Compliance Analyst
Kanshe InfoTech LLC USA
Jan’19 – Jun’20
Risk Assessment and Mitigation:
oConducted risk assessments and developed mitigation strategies to address identified risks.
oEnsured compliance with regulatory requirements and industry standards.
Policy Development and Implementation:
oDeveloped and implemented comprehensive GRC policies and procedures.
oProvided training and awareness programs to employees on GRC policies and best practices.
Audit and Compliance:
oAssisted in internal and external audits, ensuring compliance with GRC policies and standards.
oPrepared audit reports and implemented corrective actions as needed.
IT GRC Consultant
Responsible for planning & execution of the IT GRC Program/ISO 27000
AlphaGRC Consulting - Houston, Texas
Jan’17 – Dec’18
Developed and executed an Information Technology compliance program.
Conducted risk assessments for existing and new IT infrastructures, initiatives, and projects.
Responsible for IT control analysis and process improvements.
Conducted periodic evaluations and reported on IT performance and compliance status.
Ensured compliance with policies, standards, procedures, and regulations.
Ensured IT policies and procedures were well-documented and up to date.
Conducted and facilitated control self-assessments and performed gap assessments and audits.
Implemented and maintained the Information Security Management System (ISMS) in accordance with ISO 27002.
Championed security awareness training initiatives.
Engaged in third-party risk assessments and vendor relationship management.
IT Audit: Internal Audit
Mayo Clinic, Rochester USA
Jun’15 - Jul’16
Responsible for conducting IS and security control reviews.
Ensured compliance to policies and regulatory authority standards that affect information security & processes.
Assisted in the planning, execution, and delivery of IT audits.
Assisted IT professionals and auditor in preparation for engagement risk assessment, planning, and audit scope development.
Worked with the audit project team to achieve departmental goals.
Documentation of audit activities and preparation of audit work papers.
Analysis and implementation of the NIST Cybersecurity Framework.
Manager, IT Audit Unit
IT Audit: Internal Audit Department Union Bank of Nigeria
Jan’10 – Jun’15
A managerial role responsible for managing IS Audit projects and tasks.
Developed annual audit plan & Project management of audit assignments using risk-based audit approach.
Monitored compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties.
Performed information security risk assessments and serving as the internal auditor for information security processes.
Conducted effective risk management of E-business products.
Periodic evaluation of organization security controls, intrusion & penetration testing.
Assisted in Fraud forensic investigations.
Ensured compliance to legislation and regulatory authority standards that affect information security & processes.
Partnered with IT management on Project Management control advisory functions.
Involved in security awareness training and control advisory functions.
Pre-and Post-implementation reviews of core Banking and support applications.
SPECIAL SECURITY/AUDIT PROJECTS AND ACCOMPLISHMENTS
Security Operation Centre (SOC) Management & Solutions Deployment: Reviewed and provided security recommendations for key security monitoring tools used in SOC, including Arcsight SIEM, Imperva DBF & WAF, Checkpoint SmartEvent, Encase Forensic Tool, and Actimize Antifraud.
Systems Security Events Monitoring & Review: Monitored and reviewed security events captured from network devices (firewalls, routers, and switches), databases (Oracle, MS SQL, MySQL), applications (core banking, internet banking, fund transfer, mobile apps, messaging/collaboration), and operating systems. Ensured prevention of unauthorized access, configuration changes, and system-related fraud.
Risk Assessment & Penetration Testing: Conducted risk and vulnerability assessments and penetration testing on various critical platforms, including internet banking applications, core banking applications (Globus, Flexcube, and Finacle), Kastle Loan Application, databases (Oracle, MS SQL, MySQL), Postilion, PostCard, Active Directory/Microsoft Exchange, DNS, and firewalls using tools such as BackTrack, Imperva, and Nessus.
Security Policy Development & Compliance Monitoring: Developed, reviewed, audited, monitored, and enforced various security information policies/standards to drive compliance and PCIDSS certification for organizations including Spring Bank, Skye Bank, and UBN.
Systems Investigation and Forensic Audit: Conducted forensic investigations and log extractions on critical platforms including online banking applications, fund transfer applications, messaging & collaboration systems, ATMs, databases, firewalls, anti-virus systems, IPS/IDS, AD/DNS, and VPNs for Skye Bank and UBN.
Systems Configuration Changes Review, Monitoring, and Approval: Performed daily reviews and approvals of configuration change requests (network, databases, and applications) to ensure compliance and prevent unauthorized changes.
TRAININGS/COURSES
ISO 27001 LI/LA 2024
NIST CSF 2.0 Ampcus Cyber 2024
SSAE18/SOC Reviews: Online, 2022
GDPR: Online, 2024
Cloud Security: Online, 2024
SAP Security/GRC: Infotech, USA, 2017
Cloud Security Audit: Network Intelligence 2024
Artificial Intelligence Security: Ampcus Cyber 2024
PCI DSS Security: Digital Encode, 2016
COBIT 5.0 Assessor (Foundation & Assessor): Digital Encode, 2014
ISO 27001 Lead Auditor: AlphaGRC, USA
PMP Training: PM Tutor, Lagos, 2014
Imperva Security Training: Imperva, UK, 2013
Operational Risk & Compliance: CIBN, 2014
ACL Audit Exchange: CQS, South Africa, 2011
ADDITIONAL SKILLS
Cloud Security and Privacy Reviews
IT Audit experience with respect to major system infrastructures (UNIX/Linux, Windows, mainframe, and iSeries/AS/400)
Project management experience with regard to new system implementations and modifications to existing implementations
ERP: SAP, Salesforce, Oracle Netsuite ERP
Application of the following frameworks: BASEL II, NIST, ISO (27001/2, 31000, 38500), PCI DSS, HIPAA/HITRUST/HITECH, 3rd Party Risks, COSO, SOX compliance, SOC(SSAE16), COBIT 5.0
Database programming / modeling: Oracle, MS-SQL.
Security Tools: Vulnerability Scanners (Nessus, NMap), Packet Sniffers, and IDS.
Programming Languages: C, Java, JavaScript, Bash Shell, XML, PHP, HTML, CSS, SQL, PL/SQL.
Software Suites: MS Office XP (Word, Excel, PowerPoint, Access), Visio, Project, Computer Assisted Audit Techniques (CAAT) using ACL, Access, and Excel, Lotus Notes/Domino.
Audit Documentation: MKInsight & Protivitis Audit Management Software.
SIEM and other Cybersecurity Tools: Splunk, Arcksight, CyberArk.
ACHIEVEMENTS & AWARDS
Certificate of Congressional Recognition: On the occasion of the First Annual Afrocentrik Honors for Excellence in Diaspora June 18, 2023, District of Texas
Afrocentrik Honors for Excellence in Diaspora 2023: Presented to Complete Consultancy in recognition of your commitment as an educational organization
Thanks & Regard
Suraj O Ajisebutu
Contact this candidate