Risk Management Information Security
Resume:
MARCIA FOLAJIMI
******************@*****.***
317-***-****• Apollo Beach, FL
QUALIFICATIONS SUMMARY
Highly resourceful, collaborative, adaptable, self-motivated, and diligent PCI professional with practical experience in PCI DSS assessment, and continuous compliance. Also experienced in performing security and compliance assessments for NIST CSF, ISO27001, SOX and NERC CIP for critical infrastructures. Experienced with Third Party Risk Management and assessment of vendors for secure acquisitions. Solid understanding of Information security and IT security principles including Cloud infrastructure, Network, Database and Application Security, Firewalls, Multifactor Authentication Mechanisms, and Identity and Access Management. Assist clients in managing known and unknown risk. Able to interpret and communicate various processes and controls to assist with implementation, remediation, mitigation and compliance. Able to guide clients to properly utilize and configure tools to ensure compliance. Knowledge of security awareness training. Strong written and verbal communication skills, comfortable speaking with and delivering presentations to Clients and internal audiences. Ability to interpret processes and controls, identify risks, gaps, and exceptions to framework compliance, testing of controls, articulate remediation needs, and validate remediation of gaps and exceptions. Ability to work independently and within a team to accomplish assigned tasks timely and accurately.
CERTIFICATIONS AND LICENSES
Certified Information System Security Professional (CISSP), PCI ISA, Payment Card Industry professional (PCIP), CompTIA Security+, ISACA Certified Information System Auditor (CISA), ISACA Certified Information System Manager (CISM), (ISC)2 Certified in Cybersecurity (CC)
PROFESSIONAL EXPERIENCE
HT Staffing Solutions Contract 4/2024 – 4/2025
PCI Compliance Analyst
Functioned as a PCI Internal Security Assessor for a service provider that has never had to be PCI compliant, but has now been tasked with becoming PCI compliant by their primary customer. Ensured they would be ready to meet PCI DSS 4.0.1 level standards.
Verify PCI scope and gaps that will need remediation for PCI compliance.
Educate staff and management on the PCI DSS and what will be required to become compliant and what to expect during an assessment.
Guide stakeholders to understand the intentions of PCI DSS requirements and what processes and procedures will need to be in place.
Worked hands on with project manager for creating the project schedule as well as traceability matrix and guidance for the PCI initiative.
Created PCI DSS Charter for the client and ensured that all documentation needed to supply evidence to QSA was present or created.
Assisted with completion of Targeted Risk Assessment required for specific requirements.
Assisted with validation of solutions and controls in place to ensure they met or exceeded PCI DSS standards.
Set up processes and procedures for continuous PCI DSS compliance and monitoring.
Worked Closely with corporate compliance team and multiple other business entities to collaborate and push PCI DSS efforts
Contract 02/20/2023 – 8/2023
Midcontinent Independent System Operator (MISO) FTE 8/2023 – 3/2024
Senior Security Analyst -Third-Party Risk Management
Function as a senior member of the Information security and risk management team. Focused primarily on vendor risk management in relation to Critical Infrastructure Protection (CIP) guidelines to mitigate cybersecurity risks to the reliable operation of the Bulk Electric System (BES).
Review of suppliers’ cyber security programs and contracts to ensure compliance with CIP-13 standards and evaluate residual risks ensuring that mitigating controls were in place.
Work closely and collaborate with other teams throughout the company and all levels of senior management to ensure compliance, efficiency, and best practice.
Collaborated with Supply Management to test and on-board a new procurement tool (ZIPHQ), which streamlines and the procurement process for Supply Management, Information Security Risk Management (ISRM) and the company business partners.
Supported Supply Management with developing and implementing a new supplier scoring template to move the company from an engagement-centric security assessment to a vendor-centric security assessment to decrease assessment volume and allow ISRM to deepen and broaden its supply chain risk management related to security assessment.
Developed and implemented an assessment tracking tool within Microsoft Teams that simplified assessment status reporting and provided task tracking capabilities. This helped to organize the process as well as give management visibility into the status of request.
Canary Harbour
Senior Security Analyst/ IS auditor 03/01/2020 – 02/10/2023
Assisted on planning and completing various internal audits for NIST 800-53, ISO27001, CMMC, PCI DSS, ITGC and
SOX. Test of controls and review of test findings, facilitate the remediation of control gaps/exceptions, escalate client
and project issues as needed to management in a timely manner to inform and engage the necessary resources to
address the issues. Assist clients converting from SAQ to ROC assessments, assisting with selection and completion of correct Self-Assessment Questionnaires (SAQs) and assistance with attestation of compliance (AOC) by performing internal audits, gap assessments and assist with mitigation as needed along with confirming follow up. Examine firewall setup, server and network security configuration and documentation, network and dataflow diagrams, and policies/procedures for assuring adherence to regulatory policies and standards.
Management.
Work with control owners and operators to ensure quality, consistency, and operability of new and existing controls and ensuring that they align with business objectives.
Ensure scope, testing, and remediation activities are accurate by validating and updating documentation as needed.
SAP audit and review.
Work in a team that noticed weaknesses in a customers’ wire transfer controls that made significant theft of funds possible. Recommended changes that were adopted immediately.
Assist clients in maturing their PCI programs including education of control owners, gap assessments, preparing for review, standing up new PCI programs, and making PCI business as usual in their organizations.
Review of web application firewalls (WAF) for compliance with PCI DSS standards before deployment. Was able to detect major flaw in configuration that would have left company open to threats,
Worked with project team to reduce vulnerabilities and risk as well as avoid financial penalties and reputational damage by conducting risk analysis and ensuring remediation processes for major findings.
Risk Analyst 06/12/2017-02/28/2020
Responsible for working closely with client process and control owners to assess controls and evaluate action plans for
control deficiencies and to ensure deficiencies are satisfactorily remediated in a timely manner. Determined that
established policies and procedures are adequate and being followed. Recommend improvements to policies and
procedures and assist in the development of audit methodologies.
Performed interviews with client process and business owners at all levels and across the company to gather information, ascertain key risks, areas of concerns, and the expected internal control that should be in place.
Assessed risk, identify relevant controls, evaluate/validate controls and compliance with internal policies and procedures, and draft audit reports.
Produced report that clearly documented the audit work performed, which met or exceeded the division standards while adhering to schedules and deadlines which ensured projects did not go over budget.
Performed and supervised IT General Controls (ITGC) and Application Controls (ITAC) audits over Applications and Databases, Enterprise Resource Planning applications for compliance.
Coordinated and consulted on data security compliance trends, best practice, and recommendations for risk management & security design.
GRC consulting focusing on managing risk for clients, gap analysis and strategic remediation.
Knowledge of Information Security policies, procedures, guidelines, and metrics including Exception Management Processes.
Complete IT Consulting 06/2016 – 06/2017
Compliance Auditor/ Internship
Gain valuable insights on internal and external Information Systems (IS) auditing positions, IS compliance analyst, SAP audit, cyber security frameworks and standards such as Service Organization Control (SOC), NIST SP 800-53, ISO27001 and PCI DSS, Center for Internet Security (CIS) and security consultancy by successfully attending and completing internship. Determined weaknesses and gaps in control structures to prevent unforeseen circumstances.
●Worked with control owners and operators to ensure quality, consistency, and operability of new and existing controls.
●Ensured scope, testing, and remediation activities are accurate by validating documentation.
●Worked with team that decreased clients’ expenses and ensured compliance by discovering undocumented resources that were not in use but still billed for.
Eskenazi Health 06/2001– 03/2023
Registered Nurse/ Team Captain
During my time at Eskenazi Health, I have held multiple positions. Experience includes surgical, medical and neuro intensive. Care, Post-Anesthesia Care, Pre-Anesthesia care, primary care and internal compliance. Nearly all roles required me to oversee multiple staff members, coordinate care, set schedules, plan trainings, and organize improvement processes. In my final years at this organization, I had the position of team captain. This required me to manage multiple team members, coordinate schedules, ensure compliance standards were met and lead team meetings. Ensuring readiness and compliance for Joint Commission on Accreditation of Hospitals (JCAHO).
TOOLS
Splunk, SharePoint, ServiceNow, Qualys VMDR, EPIC, CyberArk, SAP, AWS, Microsoft Office, Microsoft Word, Excel, Power Point, Google, Webex, Zoom, Microsoft Teams, Cherwell, Upguard, Visio, Archer, KnowBe4, AuditBoard, Drata, ClickUp.
Contact this candidate