Information Security Risk Management

HAKEEM OLUOKUN

*************@*****.*** (***) *** - 5400 New York United States.

Summary

With almost a decade of comprehensive experience engaging and facilitating IT risk analysis projects, internal preparedness and external audit readiness program and developing security controls for small- and large-scale organization while leveraging internal and industry best practices for security control testing, framework design, process enhancement, gap analysis and staying in compliance of regulatory requirements such as SOX, HIPAA, PCIDSS, GDPR and CCPA. Consistently Interfaced with business, business information security officers, stakeholders, Info Sec and third-party point of contacts. Knowledgeable in NIST, ISO 27001, FEDRAMP and ability to leverage other widely acceptable guidelines. Skilled in Risk Management, Risk Assessment, Internal Assessments, Information Security principles, Project Management, Gap Analysis, Due Diligence, Panorays, Audit board, using Key Risk Indicators (KRI), and various Audit Methodologies. Worked with some cybersecurity risk rating indicators like RISK SECURITY SCORECARD, BLACK KITE and RISK RECON. I continuously detect, analyzes and combats advanced threats by detecting vulnerabilities and mitigating associated cybersecurity risk via tenable and burpsuite tools.

.

Skills

• Risk Management

• Scripting and Programming

• Python

• JavaScript

• Shell

• Remediation

• Data Management and

Analysis

• Cloud Security

• Team Building

• Multiple Priorities Management

• Risk Mitigation

• KPI Analysis

• Documentation and Reporting

• Intrusion Detection

• MS Office

• Preliminary Conclusions and Recommendations

• Attention to Details

• Critical Thinking

Experience

TD Bank

Governance and Control Specialist.

01/03/2025 – 05/03/2025

• Ensure alignment with regulatory requirements and industry best practices.

• Identify, assess, and monitor operational, compliance, and financial risks.

• Assist in the design and implementation of risk mitigation strategies.

• Ensure the organization complies with internal policies, external regulations, and contractual obligations.

• Prepare governance, risk, and compliance reports for senior management or regulatory bodies.

• Maintain thorough documentation of controls, risk assessments, and governance activities

• Evaluate the effectiveness of existing controls and recommend improvement

• Monitor changes in regulations and industry standards and adapt governance processes accordingly.

• Develop, maintain, and update governance framework policies, and procedures.

REVVITY/PERKINELMER

LEAD CYBER SECURITY

ANALYST

04/2023 – 07/2024

• Implemented industry-standard frameworks (NIST 800-53 rev 4&5, COBIT, COSO, ISO 27001, ISO31000, CIS20), sparking a 20% development in overall cybersecurity compliance.

• Supervised security audits on web applications, on-prem applications, and software, aligning development processes with industry standards, achieving a 15% reduction in potential security risks.

• Reviewed and analyzed various artifacts to support the risk assessment process, ensuring comprehensive understanding of the security landscape.

• Executed risk analysis procedures, identifying potential threats and vulnerabilities, leading to the implementation of effective security countermeasures.

• Coordinated internal efforts to assess third-party risks, improving the organization's ability to identify and manage potential security implications by 20%.

• Monitored vendors cybersecurity risk rating through black kite indicators or dashboard.

DISCOVER FINANCIAL SERVICES

SENIOR THIRD-PARTY RISK

ANALYST

• Conducted advisory and challenge functions, ensuring alignment of TPRM program with business objectives. Scrutinized third-party risk assessments,

02/2018 - 03/2023 providing detailed reports to business owners and vendor management offices, prompting a 20% elevation in program effectiveness.

• Ensured timely escalation of non-compliance issues, leading to a 15% reduction in risk exposure. Investigated and validated all controls at vendor sites to ensure data confidentiality, producing a 10% improvement in control effectiveness.

• Led remediation efforts, working with business units to mitigate identified gaps, bringing about a 25% reduction in overall risk exposure. Facilitated risk mapping implementation process with clients, improving risk visibility by 30%.

• Worked on Coupa platform to bring together all parties involved in risk management to collaborate on cost of compliance, minimizing risk and maximizing the value of their relationships.

• Create and process MS Excel import template for Coupa intake of existing suppliers.

• Planned and managed security risk assessments for third-party vendors, bringing about a 20% progress in overall vendor security posture. Administered questionnaires to determine control effectiveness, generating a 20% increase in risk awareness.

• Utilized e-GRC tools to ensure secured and prompt communication of findings and track vendor progress on remediation, resulting in a 20% improvement in efficiency. Designed and upgraded suppliers' questionnaires to cover new threat signatures, resulting in a 15% improvement in risk coverage. EARLY WARNING

SERVICES

IT RISK ANALYST

01/2015 - 01/2018

• Established and implemented a novel risk assessment framework, resulting in a 30% improvement in risk identification and a 25% reduction in security vulnerabilities.

• Tracked mitigation efforts, developing comprehensive risk reports that improved visibility for senior management.

• Led security risk-related projects, including third-party risk assessments and security policy updates, contributing to a 20% enhancement in overall security posture.

• Executed security awareness programs, educating 1500+ employees and reducing security incidents by 15%.

• Conducted comprehensive risk assessments, addressing 50+ security vulnerabilities and achieving a 40% reduction in potential risk exposure. Tracked findings to remediation based on risk severity and due dates, ensuring a 95% on- time remediation rate.

• Maintained the IT risk register, refined IT Risk Management metrics and reports, and operationalized a new risk register structure, improving data accuracy by 20%.

• Revised laws, regulations, industry standards, and ethical requirements, ensuring organizational compliance with ISO27001, SOC 2, and PCI DSS.

• Utilized JIRA, Confluence, Microsoft Excel, PowerPoint, PowerBI, and Azure DevOps to streamline risk management processes, resulting in a 30% improvement in operational efficiency.

Education and Training

Ekiti State University

Bachelor Of Science- Finance

NIIT Education & Training Center

Professional Diploma – Information Technology

Institute Of Technology Massachusetts Professional Education Applied Data Science Program

Certifications

• Certified in Risk and Information Systems Control (CRISC)

• Certified Third Party Risk Professional (CTPRP)

• Aws Certified Security Specialty

• Project Management Professional (PMP)

• Agile Certified Practitioner (ACP)

Contact this candidate