Summary
Overview
Work History
Education
Skills
Additional Information
Certification
Timeline
Generic

Fikayo Ojo - CISA, PMP

Levittown,PA

Summary

In role as IT Security Compliance Analyst, Responsible for the continual enhancement and sustenance of new and existing security compliance and risk management programs and supporting the security interests of the organization across all security domains and technology environments. Task with leading and driving the compliance posture of the organization to include PCI DSS, SOC 1 and 2, CCPA, GDPR, ISO 27001, HIPAA, SOX and other industry related frameworks and standards. Expert in creating and updating compliance testing procedures for each assigned compliance test including scope of the test, key business contacts, documentation to review, risk control self-assessments and transaction testing sampling. Also perform follow up and reporting on findings throughout the implementation phase of the remediation process and validating that the remediation plan fully mitigated the findings. Experience includes working collaboratively with internal teams, SMEs, external customers, vendors, auditors, and other stakeholders. Over 8 years of experience in IT Security, Compliance, Audit and Assessment. Tasked with various IT Security and Compliance responsibilities within Commercial and Federal organizations, leading and managing audits, both internal and external, developing organizational documentations such as policy and procedures. Excellent interpretation of frameworks and privacy laws such as NIST, SOC, HIPAA, ISO 27001, GDPR and PCI DSS Possess in-depth ability performing information security risk assessments and analysis, determine organization’s risk appetite and developing a mitigation plan. Proficient in the use of risk management tools to aggregate data for accurate reporting. Possess excellent analytical/strong initiative and qualifications required to excel and succeed. Continuously upgrading and readily prepared to take on new challenges, absorb and easily adapt to any emerging technology. Quality-driven Compliance Analyst familiar with tracking, documentation and reporting requirements. Assesses work, materials and procedures and recommends adjustments to maintain compliance.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Sr. IT Risk & Compliance Analyst

Hospital Billing & Collection Services
11.2021 - Current
  • Manage organizational compliance program with oversight functions across business units.
  • Ongoing executive reporting on organizational compliance and risk posture
  • Perform compliance monitoring tasks, including employee security onboarding, performing vendor management, performing quarterly access reviews.
  • Maintain risk register in GRC tool and perform risk review for proper mitigation strategy.
  • Expert knowledge in delivering compliance with frameworks including PCI, SOC 2, NIST CSF, HIPAA and ISO.
  • Excellent oral and written communication.
  • Conduct validation and change control meetings with IT system and application owners including planning, documentation, and testing for adherence to industry compliance and protocol best practices.
  • Develops and maintain IT operational documentation
  • Reviews audit and monitoring reports related to consumer and client activities.
  • Prepares documentation and records for upcoming audits and inspections.
  • Provide responses to HBCS client requested security questionnaires, RFP responses and contract review.
  • Stayed current with latest changes to applicable regulatory standards and company procedures.
  • Hands on experience using and managing GRC and security tools.
  • Intermediate knowledge of Python coding language.

IT Audit and Compliance Consultant

Diamond Logic Consulting
07.2020 - 11.2021
  • Own and maintain audit frameworks customized based on client's compliance requirements
  • Manage GRC platform dedicated to audit and Compliance
  • Review evidence for assessment controls, evaluate operational effectiveness and provide feedback to assessor/reviewer
  • Report status of control assessments to key stakeholders
  • Perform and support external audit activities and evidence gathering
  • Knowledge of industry leading security controls frameworks (e.g., NIST CSF, NIST 800-53, CIS)
  • Knowledge and understanding of AICPA SOC2 certification requirements
  • Hands-on experience managing or using a GRC platform
  • Knowledge and understanding of cloud infrastructure and application security best practices
  • Experience conveying complex information in simple and succinct manner
  • Identify and recommend operational improvements to client, drawing on deep experience and industry specific knowledge of risks
  • Analyze complex issues to determine client impact and to suggest alternative solutions based on client needs and objectives
  • Manage communications with vendors, 3rd party service providers, company leadership, and client personnel
  • Responsible for compliance with all organizational engagement management requirements

IT Security Compliance Analyst

SHI International
11.2015 - 02.2020
  • Leads Compliance audit projects such as HIPAA, PCI DSS, ITGC, ISO 27001 Cyber Essentials and customer audits.
  • Examines and evaluate internal controls based on various security and privacy standards (PCI, SOC 2, NIST, HITRUST etc.).
  • Manages PCI Compliance initiatives and annual recertification.
  • Supports ongoing GDPR compliance initiative by responding to privacy inquiries from EU subjects and organizations.
  • Manages content and deployment of annual security awareness training.
  • Develops and presents training and reference materials to users.
  • Develop organizational policies and procedures.
  • Aligns policies, standards, and procedures with compliance objectives.
  • Manages policy approval committee.
  • Performs audit on compliance to policies and standards.
  • Leads departmental compliance meetings.
  • Conduct presentations and demonstrations to leadership, users, and partners.
  • Reviews Patching and Vulnerability Management, Change Management, Penetration testing reports.
  • Audits internal systems and controls against compliance and regulatory requirements.
  • Prepares metrics and reports for management on status of Compliance objectives.
  • Leads IT-related audits and examinations conducted by external auditors.
  • Presenting audit findings to management and stakeholders and ensuring timely remediation.
  • Review and responds to customer security questionnaire and contract reviews.
  • Manages repository for security related questions.
  • Create documentation, metrics, and diagrams for management reporting.
  • Maintains and develops Vendor Management procedures such as reviewing agreements and performing due diligence on vendor compliance initially and annually.
  • Remain up to date with current security and privacy related laws, regulations, and standards.
  • Represents Information Security Team by participating directly with projects and providing guidance for technology processes and procedures to be documented and assist in collecting necessary documentation to facilitate process.

Third Party Risk Manager

Johnson & Johnson
08.2015 - 10.2015
  • Responsible for documenting and maintaining accurate vendor inventory in database
  • Accountable for identification and tracking of vendor issues and associated remediation plans including reporting and escalation activities
  • Completing daily activities associated with but not limited to following:
  • Identification of third parties not in vendor database
  • Engaging vendor managers and/or vendors for onboarding of third parties
  • Onboarding third party engagements including performing/facilitating/documentation all efforts and results
  • Continued monitoring and management of third-party engagements
  • Support onsite/virtual vendor risk assessment process
  • Responsible for miscellaneous job-related duties as assigned by departmental leadership
  • Reviewed vendor responses and artifacts for security questionnaire
  • Managed follow up conversations with third and fourth parties to ensure compliance with security benchmarks

Information System Security Analyst

Crest Consulting Group
12.2012 - 07.2015
  • Conduct meetings with IT team to gather documentation and evidence about their control environment.
  • Perform Security Categorization (FIPS 199), Privacy Threshold Analysis (PTA), E-Authentication with business owners and selected stakeholders.
  • Develop and conduct ST&E (Security Test and Evaluation) according to NIST SP 800-53A.
  • Develop, maintain, and communicate consolidated risk management activities and deliverable calendar.
  • Work with business process owners to ensure timely identification and remediation of jointly owned risk related issues and action plans.
  • Perform comprehensive Security Control Assessment (SCA) and prepare reports on management, operational and technical security controls for audited applications and information systems.
  • Review audit logs and provide documentation guidelines to business process owners and management

Education

Bachelor of Science - International Relations & National Security Stdys

New Jersey City University
Jersey City, NJ
08.2015

Skills

  • Training & Development
  • Incident Response Management
  • Problem solving
  • Implementing security programs
  • Microsoft Office
  • Leadership
  • Identifying and managing risk

Additional Information

  • United States Citizen
  • US Army Veteran
  • Secret Security Clearance (inactive)


Certification

  • Project Management Professional (PMP) - 2020
  • Certified Information Systems Auditor, ISACA - 2020

Timeline

Sr. IT Risk & Compliance Analyst

Hospital Billing & Collection Services
11.2021 - Current

IT Audit and Compliance Consultant

Diamond Logic Consulting
07.2020 - 11.2021

IT Security Compliance Analyst

SHI International
11.2015 - 02.2020

Third Party Risk Manager

Johnson & Johnson
08.2015 - 10.2015

Information System Security Analyst

Crest Consulting Group
12.2012 - 07.2015

Bachelor of Science - International Relations & National Security Stdys

New Jersey City University

Similar Profiles

  • PAULINA NIETUPSKA

    PAULINA NIETUPSKAPAULINA NIETUPSKA

    Account Manager at Civica Medical Billing and CollectionAccount Manager at Civica Medical Billing and Collection

    View Profile
  • Muhammad Nadeem

    Muhammad NadeemMuhammad Nadeem

    Accounts Receivable Specialist at Naseem Medical Billing And CollectionAccounts Receivable Specialist at Naseem Medical Billing And Collection

    View Profile
  • Crystal Seepersaud

    Crystal SeepersaudCrystal Seepersaud

    Medical Billing Administrator at ADO Billing ServicesMedical Billing Administrator at ADO Billing Services

    View Profile
Fikayo Ojo - CISA, PMP