AFOLABI FOLAWOLE
IT
Houston,Texas
Summary
Senior Risk and Compliance Analyst responsible for developing and delivering high-impact, actionable risk analysis and
mitigation strategies for global risk management using security tools and GRC tools to ensure maximum compliance and
protection of company/client with strict adherence to Confidentiality, Integrity, and Availability principles of
cybersecurity.
CORE SKILLS
Risk Management and Mitigation Strategies
Security Framework and Standard (ISO 27001, NIST, HIPAA, FedRAMP, PCI DSS, GDPR) Audit Response and
Remediation
Vendor Risk Management
Incident Response Planning and Execution
Security Awareness Training and Education
IT Audit Expertise
Regulatory Compliance (SOX, Project Management, Root Cause Analysis)
Leadership
COBIT
Ms O ce Suite
Risk Management Framework
Organizational Skills
Adaptability
Performance and Project Management
E cient use of GRC tools such as SAP, ServiceNow, GRC playbook.
Regulatory Compliance Assessment and Documentation
Policy, Procedure, and Control Development
Overview
7
7
years of professional experience
Work History
Senior GRC Risk/Compliance Analyst
RSM US LLP
, York
08.2022 - 01.2024
- Performed variance analysis, root cause analysis, and trend analysis on variances and socialized the results with risk partners
- Assessment and documentation for regulatory compliance
- Generated e ective testing programs, reducing the audit test cycle time by 25%, and guaranteeing policy compliance
- Works with legal, and internal audit global security to create a corporate global anti-fraud policy
- Developed and tracked Key Risk Indicators (KRI)
- Formulation and execution of risk management and mitigation strategies
- Expertise in security standards and frameworks, including ISO 27001, NIST, HIPAA, and GDPR
- Management of audit responses and remediation processes
- Incident response strategy development and execution using SIEM, IDP/IPS, and security information and event management tools
- Improved and expanded compliance framework by identifying control gaps and enhancing processes, resulting in an average 100% improvement in compliance records.
Senior GRC Compliance Analyst
LAMBDA IT CONSULT
BOSTON
05.2019 - 08.2022
- Conducted assessments of compliance and risk posture and evaluated third-party security posture and compliance with contractual requirements
- Drafted policies to mitigate cybersecurity risks and enhance security resilience
- Collaborated with internal stakeholders to ensure e ective implementation of security controls
- Conducted security awareness training sessions and phishing simulations to educate employees
- Participated in penetration testing exercises and vulnerability management programs
- Led business continuity and disaster recovery planning initiatives
- Conducted due diligence on high-risk customers to ensure compliance with Know Your Customer (KYC) requirements, resulting in the prevention of potential money laundering activities
- Managed the compliance risk assessment process, identifying and addressing areas of non-compliance, and implementing control measures that reduced compliance violations by 30% for our organization, which is also one of my key achievements
- Orchestrated the development and implementation of the GRC program, aligning it with regulatory mandates and industry benchmarks
- Oversaw the vendor risk management framework, assessing third-party security practices and verifying adherence to contractual stipulations
- Directed incident response initiatives, overseeing stages from investigation to recovery to mitigate and resolve security incidents
- Engaged in audit processes, coordinating with auditors to ensure thorough compliance reviews and the execution of remediation plans.
GRC/Risk Analyst
KP Global IT Consult
01.2017 - 05.2019
- Spearheaded the development and execution of the organization's GRC program, aligning it with regulatory mandates and industry norms
- Performed thorough evaluations of the company's compliance and risk landscape, identifying discrepancies and formulating strategic remediation initiatives
- Authored and implemented key policies, procedures, and controls to reduce compliance and cybersecurity risks, thereby strengthening the organization's security posture by 40%
- Engaged in productive collaboration with internal stakeholders to guarantee adequate security measures and control deployment
- Directed the vendor risk management process, conducting evaluations of third-party security practices to ensure alignment with contractual obligations
- Oversaw comprehensive incident response operations, managing phases from investigation to recovery to mitigate security breaches e ectively
- Facilitated security training programs and phishing simulation exercises to heighten employee awareness and reduce risk from human error
- Actively involved in audit processes, working closely with external auditors to oversee compliance reviews and drive subsequent remediation actions
- O ered proactive strategic advice on evolving regulatory landscapes and industry benchmarks, maintaining a forward-looking compliance framework
- VOLUNTEERING AND PROJECTS
- Collaborated and partnered with other tech communities to create more awareness of cybersecurity in
- Africa
- Cyberpatron team coordinator of the Africa Cybersecurity Festival 2022
- Participated in the Lagos State project on SME cybersecurity awareness events for the non-digital literate people in petty and small-scale businesses
- Conducted a security awareness campaign for organizations during their sta week
- Spearheaded the team in charge of creating internship opportunities and tech skill upscaling training for individuals in partnership with NITDA and Cyberpatron Network.
Education
Bachelor of Science - Management and Accounting
Obafemi Awolowo University
2016
Certified Information Systems Manager ( CISM) -
Certified Information Systems Manager ( CISM)
July 2022
Certified Information Systems Auditor (CISA) -
Certified Information Systems Auditor (CISA)
Skills
- Data Backups
- Strategic Execution
- Regulatory Requirements
- Compliance Risk Management
- Complaint Management
- Complaint Response
- Business Continuity Planning
- Fund Accounting Software
- Organizational Systems
- Data Integrity
- Risk Identification
- Pivot Tables
- Microsoft Project
- Quality Assurance
- Creative Solutions
- International Financial Reporting Standards (IFRS)
- Profit Margins
- Customer Interaction
- SOX Compliance
- ADP Workforce Now
- Microsoft Dynamics
- Operational Auditing
- Compliance Testing
- UNIX Platform
- SQL Understanding
- Microsoft Access
- Advanced Excel Spreadsheet Functions
- Microsoft Visual Basic
- Compliance with Security Requirements
Timeline
Senior GRC Risk/Compliance Analyst
RSM US LLP
08.2022 - 01.2024
Senior GRC Compliance Analyst
LAMBDA IT CONSULT
05.2019 - 08.2022
GRC/Risk Analyst
KP Global IT Consult
01.2017 - 05.2019
Bachelor of Science - Management and Accounting
Obafemi Awolowo University
Certified Information Systems Manager ( CISM) -
Certified Information Systems Manager ( CISM)
Certified Information Systems Auditor (CISA) -
Certified Information Systems Auditor (CISA)
Certification
Certified Information Systems Auditor (CISA)
Certified Information Systems Manager ( CISM)