Remote - GRC Analyst
Resume:
IT security professional with over * years’ experience in implementing and administering secured solutions in support of business objectives. Identify security issues and risks and develop mitigation plans.
Expert in IT Audit and compliance, Risk assessment management and regulatory compliance (SOX, NIST, SOC1&2), with proficient knowledge of Audit planning and execution.
Demonstrated understanding of ISO 27001/2, SOC 1&2 and NIST controls for implementing and enforcing organization wide ISMS policies and procedures.
Expert in vulnerability management and assessment, compliance management for (OS, DB and WEB) using Qualys, Nessus, Rapid7 and patch management.
CERTIFICATIONS
Certified Information Security Manager (CISM)
CompTIA Security+
AWS Certified Security Specialist
Certified Ethical Hacker (CEH)
Certified Cisco Network Associate (CCNA)
Microsoft Certified Professional (MCP)
Microsoft Certified System Administrator (MCSA)
SKILLS & TOOLS
Vulnerability & Patch Management: Qualys, Rapid7, Tenable, Security Scorecard, WSUS
Frameworks & Compliance: NIST CSF, NIST 800-53, ISO, CIS, SOC 2, PCI, SOX, IT-GC, PIPEDA, COSO and COBIT
Ticketing & Collaboration: Archer, ServiceNow, Jira, Confluence
Infrastructure: Azure, VMware, Windows, Linux, Docker, Kubernetes
Cloud Security: Azure Defender for Cloud, Azure Web Application Firewall, Azure Firewall
Data Security & Governance: Microsoft Purview, DLP for endpoint, M365 Defender, AIP scanner
Network Security: Palo Alto, Checkpoint, Algosec
Endpoint Protection: TrendMicro, Tanium, CrowdStrike, McAfee, Symantec
Email Security: Zix protect, Mimecast, Proofpoint, Barracuda, Microsoft Exchange, Trend Micro
Scripting & Automation: Terraform, Ansible, Bash
Others: Netwrix Auditor, Veeam Backup, Solarwinds Orion, Wireshark, Nmap, VirusTotal, Talos Intelligence, shodan, spamhaus, ipinfo.io, urlscan.io, CyberChef, Abused IPDB, HaveiBeenPwned, CISA Known Exploited Vulnerabilities, DNS Dumpster, digwebinterface, CVE, CVSS, CWE, OWASP10.
PROFESSIONAL EXPERIENCE
The Home Depot
Cybersecurity Compliance Analyst August 2021 –Present
Develop, review and update information security policies and procedures, ensuring compliance with security.
Support the implementation of a strategic framework for IT controls, aligning with industry best practices and frameworks such as ITIL, COBIT, COSO and NIST.
Develop and implement ITSM controls with appropriate measures (CSFs and KPIs) and reporting mechanisms to validate control objectives.
Conduct IT risk assessments using NIST 800-30 and NIST 800-39, documenting key controls with NIST 800-37
Communicate policies to employees, stakeholders, and review policies to comply with relevant laws, regulations, and industry standards.
Conduct regular reviews and risk assessments of information systems and infrastructure, identifying vulnerabilities and recommending appropriate mitigation strategies.
Develop and implement risk treatment plans, aligning solutions with information security policies and standards.
Assess the impact of identified risks on the organization’s information assets and assist with annual policy and procedure reviews and improvements.
Monitor and enforce compliance with internal policies and external regulations.
Coordinate and support audits and assessments by external parties.
Assist in the development and maintenance of an incident response plan.
Participate and analyze incident response activities to identify areas for improvement in security controls.
Develop and deliver security awareness training programs for employees, foster a security-conscious culture.
Evaluate the security practices of third-party vendors and assess associated risks.
Work with procurement and legal teams to ensure vendors adhere to security requirements.
Contribute to the development and implementation of information security governance frameworks.
Collaborate with other teams and departments to ensure security controls are integrated into business processes.
Maintain accurate and up-to-date records of security policies, risk assessments and compliance activities.
Develop and maintain security metrics to measure the effectiveness of security controls.
Generate regular reports for management on the status of information security GRC initiatives.
Conduct PCI and CIS benchmark scans and advise on adherence to compliance requirements.
Lead security initiative into unrestricted file sharing to ensure least privilege and minimize access to organizations sensitive data.
Manage external vulnerability assessment with 3rd party vendor and drive remediation activities.
Single point of contact for penetration testing remediation and compliance management activities.
Analyze all risk acceptance requests for security implications and documents findings and decision in Archer.
Conduct integration of cloud environment, docker hub and repositories to Vulnerability assessment tool.
Providing internal security consulting and advisory services regarding information security requirements, including policies, procedures, technical systems, compliance, and risk assessment activity.
Blueram Technology Consulting
Cybersecurity Risk Analyst July. 2017 – July 2021
Conduct IT risk assessments using NIST 800-30 and NIST 800-39, documenting key controls with NIST 800-37
Update and analyze system security plan (SSP), Risk assessment (RA), Privacy Impact Assessment (PIA), and Plan of Action and Milestones (POA&M).
Support the implementation of a strategic framework for IT controls, aligning with industry best practices and frameworks such as ITIL, COBIT, COSO and NIST.
Develop and implement ITSM controls with appropriate measures (CSFs and KPIs) and reporting mechanisms to validate control objectives.
Conduct risk-based/security audits encompassing applications (internal & external facing), databases, operating systems, network, sensitive data, patch management, change management, BCP/DR, third party, and cloud environments.
Interact with external audit firms, providing guidance and support for audit engagements.
Execute test procedures and concluded on the operating effectiveness of relevant controls, producing formal reports.
Led interviews/meetings to ensure relevant information was obtained for analysis and planning of audit engagements.
Identified control issues and findings to Internal Audit Management and collaborated with external auditors for comprehensive IT coverage.
Demonstrate business risk awareness and judgement in executing operational IT, SOX IT, and or integrated operational audits.
Prepare draft of audit findings to be communicated to the internal Audit lead auditor and client management, assist with negotiating finalization of issues with senior client management.
Assist in drafting audit reports, writing clear and concise findings, preparation of audit planning memoranda.
Support system owners and ISSO in preparing Certification and Accreditation packages.
Provide support for audits and gathering of artifacts for ISO27001, PCI, SOC1 & SOC2
Conducting monthly reviews of user account details, audits of contractor accounts.
Provide weekly and Monthly security reports to Senior Management
Northwestern Memorial Hospital, Chicago USA
Security Operation Analyst Aug. 2016 – June 2017
Design and implement data classification and rollout DLP controls for SharePoint, Exchange online and other M365 applications.
Creating, customizing, and managing DLP policies within the McAfee (or similar) DLP solution required and blocking data transfer.
Conducted data discovery and analysis using Varonis, identifying, and mitigating security risks.
Assisted in the development and implementation oof data security policies and procedures, ensuring alignment with industry standards.
Monitored external data sources to stay updated on threat conditions and emerging trends
Centrally managed the security of endpoints using McAfee ePO/MS defender to eliminate exposure to threats, gain visibility and strengthen protection.
Perform investigation of host-based and network-based intrusion attempts and in-depth analysis of indicators of compromise from several log sources (Server and network).
Deploy and configure custom Microsoft Entra password protection lists to block weak passwords and monitor.
Identified, analyzed and evaluated all vulnerabilities of operating systems, databases and web applications ensuring all vulnerabilities above CVSS7 are remediated.
Identified all vulnerabilities as per OWASP top 10, comprehending the severity and its level, and gave recommendations on how to remediate to reduce exposure to threats and avoid risk.
Analyze and identify cyber threat activity-based security alerts. Responding to potential threats and vulnerabilities using MITRE Att&CK Framework.
Administered password management solutions such as Password State to ensure secure access to sensitive information.
Managed antivirus solutions including McAfee/Trellix and windows defender to protect endpoint against malware.
Provide support for audits and gathering of artifacts for ISO27001, PCI, SOC1 & SOC2
Support and monitoring Mimecast (Email Gateway) with policy and phishing detection and email filtering.
First Bank Of Nigeria, Ibadan Nigeria
IT Support Analyst – Desktop Support Feb. 2014– July. 2016
Provided technical Support to End Users via telephonic, electronic and hands-on to resolve systems fault throughout the organization.
Performed second level technical support on all reported end-user faults and ensured they are logged and resolved on the service management tool.
Supported IS personnel using applications systems such as Single View, Provident, Reflection (Billing System)
Daily\Weekly Backup of the Enterprise Servers using VERITAS Backup Exec.10.0 on Windows 2008 Server
Provided Desktop software (Office 2003, Office 2007, Windows XP, Vista.) and hardware (HP, Compaq, Dell, IBM) Support, Installation, Configuration, and troubleshooting.
Identified system security violations and resolved virus attacks.
EDUCATION
Humber College – IT Infrastructure with Honor
Anglia Ruskin University – Master, Business Administration (MBA)
University of Lagos – Engineering Mgt (Bachelor of Science)
NCT Academy – Computing and Networking (Diploma)
Canada IMT College – Cisco Networking (CCNA Certificate)
Contact this candidate