Information Technology Senior
Resume:
Ayokunle Odubena
CISA, CDPSE, SCCP, SMC, SMF, CYBERARK
SUGARLAND, TEXAS, 77498.
**************@*****.***
CELL: 832-***-****
EXPERIENCED SENIOR INFORMATION TECHNOLOLGY AUDITOR PROFESSIONAL
DEDICATED TO THE CONTINUOUS IMPROVEMENT PF PEOPLE, PROCESS & TECHNOLOLGY
#LIFELONGERLEANER
Ayokunle is a Senior Information Technology (IT) Audit or with Cloud Security, with knowledge in SOX, PCI, NIST, SOC, Network and Cloud Security Architecture. He has over 7 years of experience in auditing and control rations, Business process, Cybersecurity testing of controls and controls advisory roles in special projects. Specialized skills in Enterprise security and control implementations, information technology and business process risk assessments, as well as standard and Procedures document reviews. Mentoring and Security Awareness, Incident Response Team, Disaster /Business Continuity Recovery Team, IT project Control Advisors recommendation,Critical analysis and good communication skills, Highly motivated and proactive professional with strong organizational, interpersonal and time management skills, Quick adaptability to new environment and curiosity to learn and develop new skills/knowledge, Strong analytical skills, including the ability to problem solve to make value-added control recommendation, Demonstrates coaching, leadership and project management skills.
Key Projects & Career Highlights
Kanshe Infotech working closely with a senior leadership to quickly understand the client Azure & AWS Cloud platform structure, Secure Software and System Development (SSDLC/DevSecOps) practices, supporting SOX remediation efforts leading to a successful primary listing on the New York Stock Exchange (NYSE).
Situation: (Cyber Ark. – tied into Sailpoint IDM) Situation was vaulting into cyberArk- 1 Month for 6 core applications. 3 Main projects PAM NPAs, SOP updates, Change management.
Task: Onboard application Oracle, Core, HighJump, Lucernex, OMC, VR2 Active Directory (NPAs and Service accounts that were not financlialy significant– colo- data centers,
Action: Traning the entire Compliance cordinator team rather than application specific teams breaking down silos Task was to ensure vaulting and password rotation, action was to devlop sops get managements signoff, educate compliance cordinators. Negotiate with sme teams to execute, collect validated evidence,
Result met the deadline and got week in time for the respetive teams.) Standardized documentation and processes for future phases – Documented lessons learned and communicated to senior management.
TAC Audit Sprint: 15 business units. 5 k employees Enetertainment company Azure for Data management, AWS for Operations backup and security Carbon Black. Multiple Sites (lose confederation company of smaller companies)
Situation: Corporate Audit was pending in Q4 2022, They had not had an audit since 2019 pre-covid, needed to show progress with the information security program. New CISO as well
Task: Review all enterprise infrastructure domains, AD – Azure, AWS – Backup (63 Applications that were PCI scoped), Palo Alto Prisma cloud, Cisco ISE and VMWARE Carbon black
Action: Refreshed and drafted New IAM policy approved by management, refreshed Incident response plan. Conducted Pre-Audit assessments with Infrastructure Tower SMEs, provided recommendations and POAMS and WRaid Risk action issue decision- and drove remediation ahead of the audit (For the Audit I challenged my own findings and performed an additional review to obtain evidence of compensating controls and processes
Result: They passed the audit contract and was delivered with High NPS scores. Operationalized compliance with senior management
Situation: Log4j & Log4Shell Supply chain risk. Slow response of SecOps team to attribute vulnerable applications and proactively mitigate IOCs
Task was to Implement an SBOM – software bill of materials which scans the code base of open-source software and individual application code package components for dependencies and focuentiosn
Action. Implement a security process and SOP for Supply chain risk management in line with SOC – SSAE 18 for Supply chain – Process controls.
Results Identification of Critical enterprise applications, interdependencies, proper isolation of core Software code sources and Implementing Hashing value checking for Integrity of components. Also included interim blockage of Iocs from Threat intelligence Feeds (Palo alto Cortex XDR)
Situation: Global security Operations center- 36 Global sites across Europe, North America, Asia/Apac, Middle east, South America, - Part of a multi-million-dollar MSP outsourcing project. (GSOC alone Was 3 million recurring across 2 years and 1.7 Operational post implementation)
Task: To onboard all locations into the SOAR platform, Radar using Data discovery of Qualys. Qradar was onprem MSP data centers. Qualys was hybrid. Agents on colors and AWS cloud. And MSP. All tied into Okta SSO.
Action: Program management working with Project managers and doubling up as a technical PM tracking different phase of the project. Onboarding on remote sites and data clean up and validation exercises. Running matrix reports, % Completion. And Offboarding to operations
Result Successfully stood up GSOC documented SOPs and Runbooks for operationalizing security operations- Developed solid matrix for the CIO and reporting to the board of directors.
Situation: SCCM Implementation 25 mps and DPS. Segmentation and break up., Distribution points and Management Points. Tied in to manage global infrastructure. Data/Asset discovery flagged rogue devices. Crowdstrike validated applications running on devices.
Task: Asset Clean up as part of a larger CMDB project. Identified several vulnerabilities, Rogue AWS instances detected on company managed devices. Via Crowdstrike EDR (Falcon) with IP references.
Action: Created AMIs of the rogue instances and replicated in corporate instance. Data in S3s was Packaged with AMIs and deliver to corp operations for integration with the corrsponding business unites. Running Qualys scans.
Results: Remediated and patched the vulnerabilities via risk assesment and onboarded all known devices aas well as developing exception process and reducating users.
Professional Certifications
CISA (Certified Information System Auditor)
CDPSE (Certified Data Privacy Solution Engineer)
SCCP (Secure Cloud Computing Practitioner)
SMC (Scrum Master Certified)
CyberArk
Soft Skills and Inter-related proficiencies
Planning & Prioritization - Time Management, Creative thinking, Presentation skills, Process Management.
Emotional Intelligence – Effective communication, Active Listening, Cultural Acceptance/Diversity, Deliberation, Influence/Negotiation & Adaptability.
Strong analytical skills – Attention to Detail, Perceptual Reasoning, Strategic Thinking, Problem Solving, Excellent documenting.
Leadership & Delegation – People & Project Management, Coaching/Mentorship, Teamwork, Risk Oriented, Client-driven, Innovation, Collaborative.
Experience & Achievements
Kanshe Infotech Houston, Tx
Senior IT Auditor January 2020-Present
Supported the configuration, deployment, and management of CyberArk and RSA Archer GRC
Platform for Clients as part of a multidisciplinary team. Focusing on IT Audit functions of; Identity and Access Management (IAM), Privileged Access Management (PAM), Change Management, Regulatory Compliance, and Report Generation.
Led the architecting, configuration, deployment, and management of Azure and AWS Cloud Infrastructure, implementing Workday HCM audit checks, compliance requirements, and Identity Management Security Group Policies in line with Cloud Security Alliance directives.
Overhauled continuous monitoring program by spearheading Assured Compliance Assessment Solution (ACAS), Security Content Automation Protocol (SCAP), and Security Technical Implementation Guide (STIG) engineering and analysis activities by integrating with other security products such as SIEM - Splunk, Cisco ISE.
Led Teams to test the design appropriateness and operating effectiveness of IT General Controls (ITGCs) and IT Application Controls (ITACs) within financial data housing systems and their underlying IT infrastructure in line with PCAOB requirements.
Third-Party Risk Management: Executed Third-Party IT infrastructure and Cybersecurity Audits, testing- Operating systems, Virtual machines, Networks, Servers, and Databases. (Microsoft, Cisco, IBM & Oracle)
Performed and Supervised walkthroughs and tests of PCI DSS Compliance testing and IT internal controls to ensure compliance with Sarbanes-Oxley (SOX) regulations, using COSO mapped to COBIT frameworks.
Evaluate ITGCs and IT Application Controls using COSO and COBIT Frameworks.
Execute cyber security audit, testing preventive, corrective, detective and compensating controls.
Review of attestation engagements SSAE18, SOC 1, II, III review.
Execute audit readiness to identify and correct internal control weakness in order to be complying for the annual SOX Compliance audit.
Evaluate IT operations, backup and restoration and disaster recovery audits.
Kanshe Infotech
IT Security Analyst – Compliance (Contract) February 2016 – December 2019
Provided Quality Assurance validation and testing for Identity and Access Management.
Supported SOX Audit remediation and assisted process owners with developing effective remediation plans to address control exceptions identified during audits. (Achieved Quarterly remediation metrics of 93%)
Identified risks by performing Vendor Risk assessments and vetting by evaluating SOC 1, 2 - Type 1 & 2 Reports, ensuring Compliance with various regulatory, industry, and SLA requirements, validating controls for Information security & Network Security.
Designed IT testing procedures and Control Self-Assessments (CSAs) to identify and assess risk exposures and determine the effectiveness and efficiency of change controls in the Change Advisory Board (CAB).
Executed PCI-DSS Compliance testing using roadmaps, ensuring the design and operating effectiveness of Payment support devices and applications while communicating results to the appropriate stakeholders.
Facilitated developing and implementing security policies mapped to CIS Critical Security Controls for multiple applications and platforms, CyberArk, SAP, SQL, Linux, and diverse system environments. Provided regular updates and reports to senior management.
Led cross-functional agile project teams to help drive AZURE cloud migration through project design, development, testing, deployment phases, and user acceptance testing (UAT).
TRELLEBORG MARINE SYSTEMS
Cybersecurity Analyst February 2015 – March 2016
• Provide security support for information systems throughout the Risk Management Framework
(RMF) lifecycle.
• Works closely with business and technical stakeholders to select and help implement security controls as outlined within the information security policy and regulatory framework.
• Ensured conformance to regulatory compliance bodies such as PCI DSS and ISO 27001.
• Member of the Change Control Board (CCB)
• Advises on the design and development of secure systems architecture as well as industry best practices and information systems technologies available to meet security requirements.
• Review System Security Plans (SSPs), reviews and uploads supporting security artifacts and evidence, generates risk reports and facilitates continuous monitoring processes for authorized systems.
• Verify applications and support systems are meeting information security policies, (e.g., automated scans are performed monthly, patch management, configuration management, etc.)
• Member Information Security Incident Response Team (IIRT)
• Ensure compliance to SLA, process adherence and process improvisation to achieve operational objectives
• Responsible for the execution and delivery of IT and business process audits to ensure business risks were recognized and appropriately mitigated before the company was adversely affected.
• Coordinated the quarterly SOX 302 Assessment used by executives to certify and assess the internal controls over financial reporting.
• Established application interface controls to ensure proper reconciliation as part of the SOX program
• Developed technical documentation for the infrastructure and Business Continuity Plan
• Assessed audit and test program and security controls using organization IT Security Policy Handbook
and NIST Special Publications to provide information necessary to determine their overall effectiveness.
OTA TOWN PLANNING OFFICE
Staff Auditor Apr 2010- Aug 2014
• Assessed the design appropriateness and operating effectiveness of Information Technology controls throughout the business cycle.
• Performed all aspects of IT audit process from planning, execution, reporting and follow-up
• Assisted with audit scope determination, risk and control identification, design of audit program, policies, standards and procedures evaluation, control testing, and evaluation and analysis of results.
• Performed Access control, Change Management control, IT Operations Control and IT application controls
• Identified deficiencies in the design and operating effectiveness of controls and provided recommendations.
• Provided status of the internal control environment within business units and provide recommendations to mitigate the control weaknesses between the current and recommended state.
Assessed the adequacy and effectiveness of
• Developed audit plans and programs, following COBIT and FISCAM frameworks. Set up a control matrix based on specific client application needs during the planning phase of audits.
• Participated in integrated audits - carrying out ITGC testing in support of financial statements audits.
• Reviewed documentation of clients' internal controls (both IT controls and business cycle controls)
• Communicated with the company's external auditors on general computer control related matters and SOX test procedures.
• Established QAR (Quality Assurance Review) program implementation; achieved uniform adherence to standards and streamlined audit activities resulting in reduced redundancy and wider audit coverage.
• The internal controls environment using a risk-based methodology such as COSO, COBIT, ISO and ITIL.
• Supported clients with audit readiness initiatives.
SUNNY OLU & SONS Lagos, Nigeria
Business Analyst January 2009 - February 2010
• Responsible for leading development of test scenarios for process, function, integration and acceptance testing.
Responsible for facilitating and leading test strategy, test plan, and triage discussions and meetings
• Performs text executions and writes test scripts for complex integrated systems
• Participates in the development and implementation of structured testing, concepts, methodologies, and support tools
• Assist with definition and management of software test environments and aids in major audits/reviews of programs and processes.
• Provides status reporting to QA and management.
• Partner with senior management to resolve deficiencies or compliance issues in a timely manner.
• Contribute to the continual improvement of the testing development lifecycle processes.
• Provided Quality Assurance validation and testing for Identity and Access Management.
Professional Skills & Proficiencies
Core Skills:
IT Program Directorship & Management – Cybersecurity Technical Writing (Policies, Standards, and Procedures), Third-Party Risk Management, Business Continuity & Disaster Recovery (BC/DR), COBIT, COSO, OCTAVE Allegro, and Secure Controls Framework (SCF).
Assessments & Compliance – SOC 2 - Type 1 & 2 Reports, GDPR, IAM Audit, CIS-CSC v.8, Network & Cybersecurity Audit, SDLC & Change Management Audit, SOX (PCAOB), NIST, PCI/PA-DSS, HIPAA, ITGC, ITAC, GRC, RCSAs, Vendor/Supplier Security Audit.
Security Posture – Hybrid Cloud Security (On-prem, AWS, Azure, GCP), Data Security, AppSec, CASB, DLP, Threat & Attack Modeling (MITRE ATT&CK, Lockheed Martin Kill Chain)
IT Security Tools – RSA Archer, Reciprocity ZenGRC, TeamMate, SailPoint, Okta, Zscaler, CyberArk, Cisco ISE, Azure AD, Microsoft Defender for Cloud, Microsoft Intune, AWS Security Hub, Wireshark, Nmap, Tenable Nessus, Rapid7 Nexpose, Splunk, IBM QRadar, VMware Carbon Black, McAfee MVISION, CrowdStrike Falcon.
Productivity Tools: Google G-Suite, Microsoft 365, Microsoft Dynamics, Workday, SAP (Basis, FI/CO, HR), Box, ServiceNow, Tableau, Atlassian Jira & Confluence.
IT Architecture & Engineering Tools: Cloud services in Microsoft's Azure, Amazon's AWS, and Google's GCP, Cisco (Meraki, Catalyst series), VMware (vSphere, Tanzu, Horizon on Azure), Aviatrix Transit, Palo Alto (Cortex, Panorama, Prisma), GitLab Enterprise.
Education
Olabisi Onabanjo University - June 2010
Bachelor of Science (BSc Hons) Architecture & Designs
Contact this candidate