Post Job Free
Sign in

Risk Management Third-Party

Location:
Cleveland, OH
Posted:
June 11, 2025

Contact this candidate

Resume:

ERIC AYENITAJU CYBERSECURITY GRC SPECIALIST

Cleveland, OH 44130 ***************@*****.*** +1-814-***-**** PROFESSIONAL SUMMARY

Experienced Cybersecurity and GRC Specialist with 7+ years of proven expertise in security compliance, risk management, audit readiness, and implementation of cybersecurity frameworks across enterprise environments. Strong track record supporting ISO 27001, NIST 800-53, PCI DSS, and SOX compliance initiatives while driving continuous control monitoring, third-party risk management, and secure system development practices. Skilled in vulnerability management, threat intelligence, cloud security assessments, and GRC tool integrations including ServiceNow and Archer. Adept at aligning security controls with business objectives and regulatory requirements to reduce enterprise risk and support certification efforts. CORE COMPETENCIES

Security Governance, Risk & Compliance

(GRC)

ISO 27001 / NIST / SOC 1 & 2 / PCI DSS / SOX

Risk Assessments & Control Design

IT General Controls (ITGC) Testing & Audit

Support

Vulnerability Management (Tenable Nessus,

Qualys)

Cloud Security Assessments (AWS, Azure, CSA

CCM)

Security Awareness & Training

Data security, Firewalls, Network Traffic

analysis, SIEM

Security Incident Response & SAP SoD

Reviews

ServiceNow, Archer, OneTrust, Imperva

SSP, POA&M, SAP, SAR Documentation (RMF)

Third-Party Risk Management

CIS Critical Security Controls NIST CSF

Audit Strategy, Evidence Collection &

Remediation

ITIL, Agile, PM Tools: JIRA, Confluence,

Remedy

PROFESSIONAL EXPERIENCE

Grant Thornton LLP — Senior Cybersecurity & GRC Analyst (Contract) Dec 2024 – Present Cleveland, OH (Hybrid)

Lead internal cybersecurity audits and compliance readiness for clients across healthcare, finance, and SaaS sectors, ensuring alignment with NIST 800-53, ISO 27001, SOC 2, and HIPAA standards.

Conduct comprehensive ITGC assessments, risk analysis, and audit remediation tracking for high-risk systems, supporting control maturity and reducing compliance gaps by 30%.

Develop and execute security strategies aligned with client objectives, focusing on third-party risk, cloud security posture, and regulatory requirements including PCI DSS and SOX 404.

Coordinate with cross-functional teams to build tailored GRC solutions leveraging tools such as Archer and ServiceNow, enhancing audit workflows and evidence collection.

Perform security assessments on AWS and Azure environments, validating implementation of least privilege, logging, encryption, and secure configuration practices.

Prepare and present audit findings to client stakeholders, assisting in development of corrective action plans and policy enhancements.

Drive continuous control monitoring initiatives, automating control testing and improving real-time compliance tracking using CIS benchmarks.

Mentor junior analysts and support training programs on security governance, regulatory frameworks, and enterprise risk methodologies.

Benchmark Inc. — Cybersecurity / GRC Specialist (Contract) Mar 2023 – Dec 2024 Remote/Cleveland, OH

Delivered end-to-end risk and compliance support for ISO 27001 implementation, including scope definition, risk assessments, SoA creation, and gap analysis.

Conducted organization-wide information security assessments, reviewed SOPs, access control models, backup strategies, and DR/BC plans.

Developed and implemented continuous control monitoring aligned with CIS and NIST CSF to meet audit and compliance benchmarks.

Facilitated PCI DSS and SOX control implementations; conducted SAP segregation of duties (SoD) and access control reviews.

Authored Security Assessment Plans (SAPs) and Risk Analysis Reports, and coordinated system security audits across Low, Moderate, and High FISMA levels.

Supported ServiceNow GRC integrations, optimized workflows, and established incident tracking metrics across IT assets.

Collaborated with security, IT, and audit teams to review ISMS posture and validate against internal/external policy standards.

Led vulnerability and configuration risk reviews and tracked mitigation efforts across IT environments. Softchoice Technologies — Information & Cybersecurity Analyst Jan 2020 – Feb 2023 Remote

Executed risk-based internal audits and vulnerability management processes using Tenable and Qualys across cloud and on-premise assets.

Created enterprise-wide audit strategies, conducted gap analyses, and improved policy alignment with frameworks such as ISO 27001, COBIT, and NIST CSF.

Reviewed and updated security policy documentation, conducted annual security awareness training, and provided GRC advisory to stakeholders.

Performed cloud security control reviews based on CSA CCM, and provided recommendations for enhancing shared responsibility models.

Evaluated and onboarded GRC platforms for automated control testing, issue tracking, and continuous compliance management.

Authored POA&M, SSP, and SAR documentation for FISMA-aligned systems and supported ATO package submissions.

Led Security Control Assessments (SCAs) for General Support Systems and business-critical applications. Sidmac Technologies — Information Security Analyst (Advisory & Assurance) Jan 2018 – Dec 2019 Hybrid

Delivered ITGC readiness reviews and control maturity assessments across finance and healthcare clients.

Conducted control effectiveness testing, audit evidence collection, and SOC 1/2 audit readiness reviews.

Spearheaded third-party risk evaluations, cataloged security gaps, and helped implement a scalable third- party monitoring framework.

Conducted vulnerability scans and remediation tracking using Nessus and Qualys, aligned findings with ISO 27001/27002 controls.

Facilitated ISMS gap assessments to help clients prepare for and maintain ISO certification.

Reviewed logical and physical access control policies and performed risk mitigation mapping.

Led cyber awareness campaigns, reducing phishing risk by 40% via targeted engagement strategies. Lint Technologies — L1 IT Service Desk Specialist

Jan 2015 – Dec 2017 Onsite

Provided frontline support for IT incidents and requests across AD, Exchange, and Windows-based environments.

Built and deployed end-user systems, maintained accurate hardware inventories, and ensured asset compliance.

Supported ServiceNow ticketing, customizing modules to streamline incident, change, and problem workflows.

Integrated LDAP and SSO capabilities with ServiceNow to support secure user authentication and account provisioning.

Delivered Tier-1 remediation for antivirus, endpoint protection, and password reset requests. EDUCATION

Saint Leo University, FL — M.S. in Cybersecurity

University of Worcester, UK — M.S. in International Management Adekunle Ajasin University, Nigeria — B.S. in Computer Science CERTIFICATIONS & TRAININGS

CompTIA CySA+

CISA – Certified Information Systems Auditor

AWS Certified Solutions Architect

Azure Security Engineer Associate

Cloud Security Assessment & Response

Vulnerability Management, Detection, and Response (VMDR)

PCI Controls Implementation

CISSP (In Progress)

TECHNICAL TOOLS & PLATFORMS

Vulnerability Management Nessus, Qualys, CIS-CAT, OpenVAS GRC Tools RSA Archer, ServiceNow GRC, OneTrust, ISMN Online Cloud Security AWS NACLs, Azure Security Center, CSA CCM Security Tools SIEM, EDR, UTM, Imperva, DLP, Antivirus, IDS/IPS Access Control SAP ECC, R/3, PeopleSoft, Active Directory, ManageEngine Documentation & Audit SSP, POA&M, SAP, SAR, RMF, FIPS, NIST 800-53 Ticketing & ITSM ServiceNow, BMC Remedy, ITSM, Jira, Confluence Operating Systems Windows, Linux, UNIX, Mainframe

HIGHLIGHTS

Successfully supported ISO 27001 certification readiness for multi-subsidiary enterprise environments.

Reduced control weaknesses by 35% through continuous risk assessments and mitigation planning.

Enhanced vulnerability remediation SLAs by implementing structured remediation workflows.

Achieved >95% audit passing rate through proactive GRC strategy execution and audit preparedness.



Contact this candidate