Anthony Omisore
Third-Party Risk Assessor | IT Risk & Compliance Specialist | Cyber Security Professional
Atlanta,GA
Summary
A Third-Party Risk Assessor | IT Risk and Compliance specialist | Cyber Security Professional. Having over 7 years of experience performing and maintaining extraordinary relationships with analytic acumen to liaise with all aspects of an organization (product, engineering, legal, HR, Sales, and Marketing, etc.) I always have a strong focus on Risk, Cyber Security, Compliance management into driving internal audit and translating regulatory or contractual requirements into mission-critical business priorities. I also ensure thorough vendor assessments by understanding the data flow and data elements shared with suppliers. All at the same time staying up to date on the latest security practices and threats.
Overview
16
16
years of professional experience
4
4
years of post-secondary education
4
4
Certifications
Work History
Party Vendor Risk Assessor
Third, BMO, Bank of Montreal
08.2021 - Current
- Lead effort in Interviewing the Supplier manager and the supplier to determine the scope of service and information exchange with the supplier and to confirm the Inherent Risk of receiving service to BMO
- Responsible for Initiating discussion on the purpose of assessment, the Control Questionnaire (CQ), and documentation requests with the supplier and supplier manager
- Responsible for obtaining QA team approval of the scope of engagement
- Responsible for Obtaining supplier manager acknowledgment of Inherent Risk and scope
- Responsible for creating the control questionnaire based on the approved risk and scope, sending the questionnaire to the supplier, and establishing timeframes with the supplier and SM for the completion of the assessment
- Responsible for evaluating the control question responses/documents and completing the evaluation within the CQ
- Review and confirm gaps and observations with the SM and supplier to determine findings and remediation plans
- Obtain QA team approvals of work paper/work document and report
- Clearly document and define risks, potential impacts, and the probability of such an event
- Complete and distribute the internal final report to the SM for confirmation
- Responsible for Inputting, monitoring, and closing findings
- Assist business unit in identifying and escalating potential areas of risk
- Assist QA team in coordinating and fulfilling the third-party assessment questionnaires (IRVQ- Reviewed organization external regulatory reports and compliance audits including SOC 1 & 2, PCI-DSS, and ISO other evidence provided during a risk assessment
- Ensured application security design is in accordance with policy
- Escalate issues of 3rd party vendor’s non-compliance to the vendor management office
- Act as a peer-to-peer review for other colleagues to ensure all findings are accurate and well defined
- Used GRC Archer to conduct and track all engagement
Third-Party Risk Specialist
Tekni-Plex
09.2015 - 08.2021
- Lead efforts to effectively identify risks, partner to develop remediation approaches and controls, and ensure remediation plans are executed and validated
- Contribute to the development and maintenance of the third-party risk management database
- Reviewed compliance reports such as SOC and Pen tests to validate and make recommendations on findings
- Reviewed organization external regulatory reports and compliance audits including SOC 1 & 2, PCI-DSS, and ISO other evidence provided during a risk assessment
- Ensured application security design is in accordance with policy
- Consulted with technical teams to ensure security controls are backed into the evaluation, selection, design, installation, and hardware, applications, software, and private/public cloud solution
- Support vendor onboarding process such as walking the vendor through the different teams like business team, procurement team, security team, and legal team
- Partnered closely with the Enterprise Architects, Project Managers, Infrastructure Leaders, and Application Development teams to identify Information security risks/controls and ensure a consistent approach to security solutions throughout the development lifecycle
- Performed cyber risk assessments across the corporate IT infrastructure and external vendors or service providers
- Support sourcing managers in conducting and validating vendor risk assessments
- Assist business unit in identifying and escalating potential areas of risk
- Assist QA team in coordinating and fulfilling the third-party assessment questionnaires (TPAQ) with an emphasis on corrective action plans (CAP) for the Incident Management Log (IML)
- Clearly document and define risks, potential impacts, and the probability of such an event
- Creating strong working relationships with critical vendors to ensure a smooth and continuous audit
- Developed security control assessment documentation (including but not limited to the security assessment report) and gave recommendations associated with findings on how to improve systems’ security posture in accordance with NIST controls
- Used GRC Archer to conduct and track all engagement
IT Risk and Compliance Specialist
Enbridge
06.2013 - 09.2015
- Providing strategic risk advice for IT projects, evaluation, and recommendation of technical controls and safeguards
- Develop and facilitate annual crisis management functional exercises that test all security, information technology, and business continuity procedures for business units
- Ensure third-party adherence to contractual regulatory compliance to minimize the risk of fines and reputational harm and participate in the audit process
- Conduct vendor risk assessment with a focus on information security and privacy
- Performed audit of ongoing IT projects, including timely evaluation of SOX, and impacts to ensure financial controls and security requirements are baked-in at all phases
- Monitor controls post-authorization to ensure continuous compliance with the security requirements by evaluating threats and vulnerabilities through Nessus scan results and working with the IT staff for mitigation actions
- Review disaster recovery and business continuity plans including business impact assessments, RPO / RTO recommendations, and test cases
- Ensured compliance and findings of unmitigated risks and/or control deficiencies are adequately communicated to be understood and remediated by operating management and senior management.
IT Risk and Compliance Specialist
AltaGas
05.2010 - 06.2013
- Evaluating and assessing emerging security threats and vulnerabilities and working with various SMEs to identify appropriate controls
- Lead and Liaises Internal/External Audits (Including ISO 27001, SOC 2 Type II), being a point person between the Auditors and relevant Subject Matter Experts Monitors security event tools and escalates issues for remediation
- Conduct Gap/Readiness Assessment to review and evaluate the company’s current compliance status against ISO 27001, SOC, and PCI DSS and identify areas of improvement, best practices, and lessons learned
- Develops, implements, and maintains IT Compliance controls; reviews existing IT Compliance controls for regulatory updates and performs the necessary gap analysis; creates and maintains various internal and external audit and compliance schedules for Information Technology
- Assist in the preparation and coordination of third-party audits and assessments, including client on-site visits, third party security/risk questionnaires
- Successfully project manages and drives testing activities across various teams within the organization
- Prepare deliverables, reports, for review by the Risk and Compliance management and senior leadership that include issues, trends, and other micro/macro level risks identified through the execution of IT internal control work and other assurance-related activities
- Drive collaboration and communication with cross-functional stakeholders to ensure a risk management program’s success
- Contribute to the enhancement of our compliance and audit tools and processes to meet compliance business needs
- Maps regulatory requirements across regulations to identify overlapping requirements and compliance efficiencies
- Work with auditors and internal stakeholders to remediate and resolve potential security and compliance issues related to contractual, legislative, and regulatory or audit obligations.
Cloud Solutions Architect
AWS, Tekni-Plex, Dolco Division
02.2008 - 05.2010
- Managed Amazon Web Services- ELB, S3, CloudWatch, SNS, EC2, RDS
- Created and managed S3 bucket and managed its policies
- Created and managed user’s account profile, security, and process monitoring
- Worked with security division design and manage IAM role for Users, Vendors, and third-party vendors
- Responsible for Creating AWS IAM Users, Policies, Groups , etc
- Administered Single Sign-On LDAP authentication for users by employing AWS AD connector
- Employed IAM to create & control AWS users & groups access to AWS services and resources
- Daily Health checks of the resources in the organization resource group
- Self-learning/teaching Infrastructure as Code using Terraform
- Assist in creating fully automated CI/CD build and deployment infrastructure and processes for multiple projects
Education
Associate of Science - Computer Engineering
New York City College of Technology of The City University of New York
Brooklyn, NY 09.2006 - 07.2010
Skills
PMP: Project Management Professional
Certification
Microsoft Security Operations Analyst
Timeline
Party Vendor Risk Assessor
Third, BMO, Bank of Montreal
08.2021 - Current
Third-Party Risk Specialist
Tekni-Plex
09.2015 - 08.2021
IT Risk and Compliance Specialist
Enbridge
06.2013 - 09.2015
IT Risk and Compliance Specialist
AltaGas
05.2010 - 06.2013
Cloud Solutions Architect
AWS, Tekni-Plex, Dolco Division
02.2008 - 05.2010
Associate of Science - Computer Engineering
New York City College of Technology of The City University of New York
09.2006 - 07.2010