Information Security Consultant

Praise Seye

IT GRC CONSULTANT

587-***-**** **************@*****.***

PROFESSIONAL SUMMARY

Dedicated information IT Security consultant with over 7 years of experience in IT governance, risk, and compliance. Hold key certifications including CISA, CRISC, ISO27001:2022 Lead Auditor, PMP, and Scrum Master, reflecting a sound knowledge in both IT audit skills and project management. Strong familiarity with information security frameworks and standards including ISO 27001, PCI DSS, NIST 800-53, and SOC 2. Proficient with GRC tools (Onetrust, ServiceNow, ZenGRC etc.), Business process modelling/diagramming tools (Visio, Draw.io, Balsamiq) and adept in Agile methodology (Jira, Confluence, Slack etc.). Strong ability in evaluating the security posture of IT environments, completing due diligence requests, and enhancing employee security awareness (using KnowBe4, SANS Security, Awareness, ProofPoint etc.). Adept at stakeholder engagement, with a proven ability to articulate IT security issues to a diverse range of audiences. Passionate about learning and has a natural investigative approach to identifying IT security gaps and compliance issues. An insightful, proactive, diligent, good planner that is attentive to details, resourceful and able to work remotely, lead and self-manage with a troubleshooting attitude. TECHNICAL SKILLS

Audit and Compliance monitoring Risk management Policy development Privacy Impact Assessment (PIA) Data Mapping and Inventory management Regulatory compliance Incident Response and Management Process improvement Security awareness training Gap analysis Agile and Waterfall methodologies Cloud Security Identity & access management

SOFT SKILLS

Cross functional team management Stakeholder engagement Facilitation & Presentation Critical thinking Negotiation Problem solving Strategic thinking Training and mentoring Time management Positive attitude Navigating Organizational dynamics Effective communication TOOLS

OneTrust RSA Archer ZenGRC ServiceNow Confluence Jira KnowBe4 SANS Security and Awareness ProofPoint Draw.io Balsamiq Microsoft Visio Power BI PROFESSIONAL EXPERIENCE

Senior Information Security Consultant Oct. 2022 – Present TELUS Communications Inc.

• Oversee, monitor progress, manage Internal and External risk/threat assessments and ensure key stakeholders are kept informed about progress and expected outcomes.

• Conduct comprehensive audits of TELUS’ IT environments, identifying security risks and compliance gaps.

• Create key risk indicators that show variances to policy and standards adoption or adherence.

• Support and track adherence to contractual, regulatory, and legal security requirements, ensuring compliance with Information Security standards and frameworks such as PCI-DSS, ISO27001, COSO, NIST, etc.

• Perform cybersecurity risk assessments, create, disseminate, and update risk assessment documentation.

• Manage Vendor/Third Party risk management due diligence processes, effectively communicating security measures and policies.

• Author detailed reports for management, providing ongoing updates on program activities, as well as highlighting findings, potential impacts and recommending risk mitigation strategies to decrease the risk profile of the organization.

• Review the organization’s information security policies, procedures, and standards.

• Champion security awareness programs, utilizing various tools to educate team members company-wide.

• Provide privacy advice and support to various business areas, enhance their understanding and implementation of privacy best practices.

• Organize comprehensive data inventory initiatives, improving data governance and compliance with privacy regulations..

Senior Security Specialist Mar 2020 – Oct. 2022

Canadian Tire

• Identified, investigated, communicated and advised on information security risks in the Canadian Tire’s IT investments.

• Provided leadership while working with other technology teams to assess cyber security risks for the organization and determining mitigation strategies.

• Contributed to organization's compliance initiatives, focusing on regulatory and legal requirements.

• Led IT security audits to assist Canadian Tire in obtaining IT security related certifications (ISO/IEC 27001, SOC 2 Type 2, NIST 800-53).

• Owned the development and implementation of corporate security policies and procedures, ensuring they are current, communicated and appropriately aligned with organization’s adopted framework.

• Conducted vendor’s Security and Privacy Impact Assessment (SPIA) as well as facilitated the third-party security risk management process.

• Provided oversight and reporting, including metrics, on risk functions.

• Mentored colleagues and provided expert guidance on cyber security third-party assurance, supporting their professional development, and enhancing team capabilities.

• Engaged with stakeholders across departments to foster a culture of security and compliance. Cybersecurity Specialist Jan 2016 – Feb 2020

Kumbie Technologies

• Led and coordinated Information Security readiness checks across multiple areas and teams to ensure compliance with organization’s and industry standards (PCI-DSS, ISO 27001, SOC2 etc.) on an on-going basis.

• Ensured all organization’s security and compliance policies and related documentation were up to date.

• Conducted risk assessments with relevant stakeholders, identified and documented risks, relevant risk owners, as well as developed risk strategies to provide counter measures for remediating organizational IT risks.

• Identified opportunities to improve organization’s information security posture.

• Facilitated Third-Party/Vendor Risk Assessments and assisted in the reporting of risk management activities.

• Worked with cross-functional teams, including Corporate IT, People services, contractors, Security Operation Centre (SOC), and Network Operating Centre (NOC) to address potential compliance issues. CERTIFICATION AND EDUCATION

• Certified Information Systems Auditor (CISA, ISACA)

• Certified in Risk and Information System Controls (CRISC, ISACA)

• ISO27001:2022 Lead Auditor

• Google Cloud Digital Leader Certification

• Canadian Risk Management (CRM) Designation

• Project Management Professional (PMP, PMI)

• Certified Scrum Master (CSM, ScrumStudy)

• Certificate in Risk Management (University of Toronto)

• B.Sc. Surveying and Geoinformatics Engineering

References available on request.

Contact this candidate