TECHNICAL SKILLS

Vulnerability: SIEM, QUALYS, OWASP

Platforms/Databases: Window, Unix, Oracle, MS SQL

ERP Application: SAP, PeopleSoft, IFS

Frameworks: SOX, COBIT, ITIL, HIPAA, COSO, SOC

Audit Tools: MS Excel, MS Visio, SharePoint

Service Management Tools: ServiceNow, Remedy, APM, Track It

Issue Tracking and Project Management Tools: JIRA, Service Now, Share point

GRC Compliance/Third Party Risk Management Tools: RSA Archer, Service now.

PROFESSIONAL EXPERIENCE

Confidential

IT Information Security Analyst

Responsibilities:

• Perform initial risk assessment, identify, classify inherent risk, and prioritize risk management to meet teh business needs
• Review and analyze vendor service profile standardized information gathering (SIG) questionnaire artifact during onboarding and periodic assessment
• Leverage standard frameworks such as NIST, ISO, COBIT, Policies standard and produces to recommend mitigating control to meet regulatory requirement specifically SOX, CCPA, GDPR, HIPAA, PCI DCC
• Develop tactical actionable timeframe to compliance issues are remediated and evidence to close finding documentation
• Guild stakeholder as it relates to data minimization, tokenization, Encryption, data pseudonymization and anonymous to ensure appropriate security around PII
• Collaboration with Legal, Vendor Management, Information Security, to meet practices and application laws and regulation
• Assist management in teh evaluation of new technology service providers and third - party service providers
• Develop, Implements, Monitor and report performance measures that demonstrate value and ensure vendor performance
• Conduct privacy impact analysis to determine privacy compliance status for cloud solutions with PII’s based on Lincoln definition compliance with General Data Protection Regulation.
• Tested for teh Operating Effectiveness of IT security controls in cloud vendor environment.
• Designed processes for collecting and documenting vendor evidence.
• Performed risk assessment on third party cloud service provider to ensure data safety and security.
• Executed phases of testing schedules and conducted substantive testing.
• Maintaining internal risk register to track and monitor identified risks to remediation
• I engage in our Network Security Assessment where I review firewall rule to ensure they are reviewed at least every six months
• I verify that teh firewall is configured to deny all insecure protocols such as FTP and HTTP which display username and password in plain test, and that firewall is configured and enabled to allow all secure protocols such as SFTP, HTTPS, IPS. Etc.

Confidential

SOX Audit

Responsibilities:

• Testing and reporting of compliance levels and adherence to policies, standards, and regulatory requirements.
• Investigates security requirements and assist IT and business partners to understand and implement such requirements.
• Communicate with IT administrators, developers and support teams to help improve teh Company’s security posture
• Coordinated quarterly penetration testing with various vendors such as McAfee, to hardening servers with stakeholders,
• Analyzed incident response, foreign threats, firewall attempts, DoS attack,
• Responsible for identifying and escalating vulnerability assessment and Penetration testing results.
• Perform peer reviews of Security Assessment Reports.
• OWASP Top 10 Issues identifications like SQLite, CSRF, XSS
• Assess vendor service operations as part of risk management of security and privacy controls
• Review and analyze Standardized Information Gathering (SIG) questionnaire
• Recognize existing and emerging information security threats and vulnerabilities
• Document findings and suggested remediation through risk summary reports.
• Assist our legal team with reviews of security standards in contracts and date processing agreements.

Confidential

IT Audit

Responsibilities:

• Conduct information security and business continuity assessments of vendors,
• Collaborated with IT in design and implementation of Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) for vendor,
• Participated in teh design of Business Impact Analysis (BIA)
• Review systems and application strengths and weaknesses as well as recommended teh appropriate compensatory controls to mitigate against any potential risk
• Managed IT risk-based audits to review ITGC, Change management, Access control, Batch Processing, and IT Operations Problem management, Data backup and recovery.
• Tested operating effectiveness of client's internal controls
• Conducted periodic SOX compliance audit and tracked expectations to remediation
• Performed project reviews, data analysis and continuous risk assessment for organizations
• Recommended mitigating controls to identified risks
• Conducted Global Data Privacy review, Data Center Reviews, Pre and Post Application Implementation Reviews, IT infrastructure and application control review
• Participated in Audits requiring technical IT skills for evaluating network application compliance with Corporate Security Policy

Confidential

Project Procurement Manager

Responsibilities:

• Responsible for all end-to-end purchasing activities across teh countries in all teh Central East and West Africa Sub region.
• Identify potential suppliers, create and process RFx’s/ (RFI, RFP, RFQ) for both new and existing vendors.
• Cost-effective sourcing based on high personal credibility and professional ethics.
• Liaising with stakeholders both local and international and key decision makers within teh business
• Forecast business on sourcing needs and build supplier capacity
• Work with Engineering/projects team and R&D during teh development cycle to research potential new products or to qualify more cost-effective alternatives
• Strategic Sourcing of Network, IT Hardware, Technology, software, data centre, and overall management of 3PP vendors e.g., Oracle, Cisco etc. contracts, SLAs.
• Benchmarking, Negotiation, Warehousing, Logistics and distribution, Demand planning across teh sub region
• Supplier, Partner, Stakeholders and CXO management.
• People Management, Quality, and performance excellence