Ayo Faniran
Corona,CA
Summary
An experienced IT security analyst, Risk Management Professional with Extensive IT risk and control experience. Ample experience in consulting and working in various organization sector such as technology, healthcare and financial institution. Skilled in Risk Management, Information Security principles, Project Management, Risk Assessments, Due Diligence and various Audit Methodologies. Knowledgeable with NIST frameworks 800-53 rev 4, 800-37, 800-137, ISO 27001, IS031000, HIPAA Standards, SSAE 18: SOC 1 and SOC 2, SIG questionnaires and other third-party certifications.
Overview
6
6
years of professional experience
Work History
Governance and Compliance Analyst
Booz Allen Hamilton Inc.
China Lake, CA
12.2019 - 01.2023
- Conduct, communicate, and maintain business continuity lifecycle planning including BIA, recovery planning, and testing
- Facilitate the exercise of the developed IT Disaster Recovery Plan, while collecting performance data to support reporting of results, and moving the recovery team toward successful completion of the exercise.
- Supporting the development of future state recovery and resilience testing portfolio, cyber recovery capability validation, and self-service solution
- Reviewed company policies against best practices to better understand level of compliance.
- Lead role in the third-party risk assessment process, which will include sending third party risk assessments to vendors, evaluating the risk level, recommending mitigating controls, documenting the assessment and following up on action plans.
- Lead role in the security and privacy risk assessment processes for the company.
- Experience auditing or working with security control frameworks such as NIST 800-53, Cybersecurity Framework for Improving Critical Infrastructure, CIS Critical Security Controls, ISO 27001/2 and COBIT
- Work on both sides of the audit and assessment process, proven experience; how to test controls and how to design them specific to IT operation
- Assist with security risk assessments on new or existing IT products, services, and technologies to analyze controls, identify and evaluate mitigating control opportunities and assign residual risk using the organizational risk management methodology
- Manage the assessment and remediation of IT control deficiencies through collaborating with auditors and control owners to perform root cause analysis, design remediation plans, and update control design documentation
- Perform risk assessments and synthesize analysis of the risk.
- Assist in responding to regulatory examiner and third party auditor inquiries.
- Conduct Third Party Risk Assessment Leverage on PCI-DSS to answer Security questionnaire and do Risk assessment
Information Security Risk Analyst
Saic (Science Applications Int.)
Herndon, VA
12.2017 - 10.2019
- Lead in the aggregation, documentation, and improvement of information and cyber security frameworks and measures, and apply improvements to the risk management process. Continue to monitor, update, and adapt to ongoing risks.
- Working closely with the Security Compliance Manager and Director to support with risk remediation and tracking.
- Executes the day-to-day activities of HITRUST assessments (Readiness, Validated, Interim), including scoping and planning the engagements
- Perform risk assessments, to effectively plan and execute compliance and professional standards
- Perform review of completed vendor assessment questionnaires for conformance to program objectives and methodology
- Perform risk assessments on organizational controls around information security including cyber and physical, business continuity and disaster recovery, resiliency, privacy, and governance.
- Partner with the team to track Vendor Risk Management process- Conducts technical and policy-based information security risk reviews of third-party vendors.
- Test implemented controls
- Assist in IT and Information Security audits, and report on findings and ensure corrective actions are complete and sustainable
- Support internal and external audit processes for relevant compliance concerns, including state regulations, privacy laws, and security frameworks
Cyber Security Analyst
Equifax
City, STATE
09.2016 - 12.2017
- Provide counsel to ensure that internally developed and commercially available business applications include adequate Information Security controls; Consult process owners on the identification, development and testing of Information Security controls for risk mitigation effectiveness
- Collaborate closely with the various Security and Information Technology teams globally to insure that they follow Corporate Security Policies to protect the enterprise, and that policies, best practices, and Security Standards are implemented uniformly across the company
- Experience and knowledge with leading and validating evidence for IT audits for ISO 27001, NIST 800-53, PCI, HIPAA, SOC 2, etc.
- Document risk issues in the designated risk register
- Provide risk remediation recommendations that the business and technology may implement to mitigate identified control gaps
- Schedule and perform information risk assessments using company methodology; identify, document and communicate control deficiencies in business processes and technology systems
- Participate in and influence information risk assessment process improvement.
Education
MA Management Information System
University of Redlands
Redlands, CAMs Cybersecurity
Northcentral University
San Diego, CAPMP
Project Management Institute
CSM
Scrum Allaince
Bachelor of Science - B.S Geography
University of Ibadan
Nigeria2004
Skills
- Audit Coordination
- Policy Enforcement
- License Verification
- Process Implementation
- Remediation
- Business Continuity
- Security Questionnaire
- Risk Mitigation
- Internal Assessment
- PCI-DSS
- SSAE -18 (SOC1 & 2)
Timeline
Governance and Compliance Analyst
Booz Allen Hamilton Inc.
12.2019 - 01.2023
Information Security Risk Analyst
Saic (Science Applications Int.)
12.2017 - 10.2019
Cyber Security Analyst
Equifax
09.2016 - 12.2017
MA Management Information System
University of Redlands
Ms Cybersecurity
Northcentral University
PMP
Project Management Institute
CSM
Scrum Allaince
Bachelor of Science - B.S Geography
University of Ibadan