FRANCIS UMOGO-OGBOLU
Philadelphia
Summary
Strategic cybersecurity leader with 13+ years of experience in aligning security, compliance, and risk initiatives with organizational goals in regulated industries. Proven track record of leading cross-functional audit and assurance programs, driving IT governance, FedRAMP implementations, FISMA/FISCAM compliance, and security control design. Expert at bridging the gap between business objectives and technical controls, fostering executive engagement, and enabling secure digital transformation. Holds certifications in CISA, CISM, CISSP, and ISO 27001 Lead Auditor.
Overview
11
11
years of professional experience
1
1
Certification
Work History
IT Audit Manager
Comcast Network
06.2022 - Current
- Driving strategic IT audits to completion on-time and within budget while also overseeing automation and improvement initiatives for the audit process
- Leading multiple IT audit engagements around various business units
- Assessing the effectiveness of the overall security program using standardized audit methodologies
- Providing updates on potential findings, and overall audit progression to leadership and client stakeholders
- Responsible for identifying the applicable scope area for technologies, applications, microservices under audit
- Performing review of workpapers and audit artifacts
- Meeting with stakeholders to discuss compliance audit plans and results, explaining options for improvement
- Managing and coaching teams of up to 4 individuals on audit projects
- Exploring new technologies and tools for productivity, security, and quality assurance purposes
- Worked effectively in fast-paced environments.
IT Audit Manager
Kearney & Company
03.2020 - 06.2022
- Supported the Office of The Inspector General (OIG) for specific agencies by assessing the extent of their compliance to FISMA
- Assessed the effectiveness of Information Security Programs for agencies to determine their level of maturity according to the IG FISMA reporting metrics
- Led FedRamp assessments for cloud service providers, ensuring their systems met federal security requirements
- Developed and implemented strategies to achieve FedRamp certification, including gap analysis, control implementation, and continuous monitoring
- Collaborated with stakeholders to address security findings and improve overall security posture to comply with FedRamp standards
- Performed reviews on risk assessments, Plans of Action, and Milestones (POA&M), Security Control Assessments, System Security Plans, and other specific security documentation
- Reviewed the (SA&A) Security Assessment and Authorization process to verify that systems have been appropriately categorized and that the required baseline controls have been implemented according to NIST SP 800-53 rev4 (now rev5)/FIPS 200 (Security Controls), NIST SP 800-53A rev4 (Assessing Security Controls)
- Assessed security controls, change management controls, and application controls to ensure that they are adequately designed and operating as intended by management
- Performed vulnerability assessments using Nessus to determine the extent of compliance to established baseline configurations
- Maintained the project plan and updated as project progresses to reflect the utilization of adequate resources according to the assigned budget
- Performed FISCAM engagements; specifically test of design and test of effectiveness on IT general controls (ITGCs) as mapped to NIST SP 800-53 rev4
Senior IT Auditor
GEICO
11.2018 - 03.2020
- Performed SOX engagements by testing for specific controls to ensure IT SOX compliance of systems within SOX scope
- Conducted and executed risk-based IT audits of cloud-based tools and other on-prem applications from planning to the final reporting stage
- Performed audit of MS SQL Servers hosted on MS Azure IaaS
- Assessed security controls, change management controls, and application controls to ensure that they are adequately designed and operating as intended by management
- Performed walk-throughs and conducted interviews during traditional audit engagements to verify the design of available controls
- Conducted risk assessments to identify risks and the controls that have been implemented towards risk mitigation
- Identified control gaps present during assigned audits, defining their criteria, condition, cause, consequence and providing adequate recommendations
- Validated Qradar output to ensure the right logs for SOX applications were being captured
- Conducted follow-up on past audits to verify that management's action plans have been executed per agreed upon target completion dates
- Assessed security controls through document reviews, interviews, and tests to ensure compliance with NIST standards
- Collaborated with cross-functional teams to ensure adherence to industry best practices, resulting in improved cybersecurity posture.
- Identified opportunities for process improvements within the IT department by analyzing current operational structures and recommending strategic changes when necessary.
Senior IT Auditor
Nymble, Inc.
10.2015 - 11.2018
- Completed tests around financial system controls compliance, IT General Computer Controls (ITGCs), and Application Controls
- Identified performance improvement opportunities
- Assessed information system controls in areas of information assurance, access control, change control, disaster recovery, and segregation of duties (SoD)
- Assisted with reviewing the work of junior level staff and provided guidance and on-the-job training
- Prepared presentations, briefings and be actively involved in leading client meetings and day-to-day interactions
- Developed and wrote reports and Corrective Action Plans (CAPs) to identify findings and provide recommendations
- Utilized audit procedures to determine the design and operating effectiveness of the controls
- Conducted risk assessments
- Assessed Access Management, Change Management, SDLC, Business Continuity / Disaster Recovery, and Application-level controls
- Performed and managed the IT audit team that performs PCI DSS, HIPAA testing on doctors' offices, hospitals, and health insurance providers
- Planned and scoped IT SOX and PCI compliance work streams and other operational/security control audits
- Assessed security controls through document reviews, interviews, and tests to ensure compliance with NIST standards
- Monitored controls post authorization to ensure continuous compliance with the security requirements
- Created reports detailing the identified vulnerabilities and the steps taken to remediate them
- Conducted gap analyses to determine the controls that require assessment in continuous monitoring phase
- Prepared and submitted Security Assessment Plan for approval
Staff IT Auditor
Cybersoft Technologies
04.2014 - 09.2015
- Identified, evaluated, and documented the design and effectiveness of the company's IT internal controls looking for both control gaps and opportunities to gain process efficiencies
- Conducted and led information systems audit engagements, including ITGCs review and IT Application Controls testing, operating systems audits, information security review, network performance review, and disaster recovery in accordance with department and professional standards
- Reported control deficiencies and provided recommendations to resolve deficiencies
- Worked cross-functionally to develop solutions to audit deficiencies and identified risks and drive a team to implement the solution
- Worked with LAN, WAN, and internet networks for providing security to the data being transmitted over these channels
- Prepared and submitted Security Assessment Plan for approval
- Conducted risk assessment of controls deemed "other than satisfied" to determine risk level
- Worked with system owners to remediate control gaps identified during the assessments
- Documented walkthrough and presented findings with recommendation to remediate the control weaknesses
Education
Masters - Cybersecurity & Policy
University of Maryland Global Campus
Associate’s degree - Computer Information Systems
Anne Arundel Community College
Arnold12.2018
BSc - Industrial Chemistry
University of Lagos
Lagos01.2004
Skills
- Skilled in vulnerability scanning and risk detection tools
- Effective problem-solving skills
- Excellent communication
- Verbal communication
- Analytical reasoning
Certification
- Certified Information Systems Auditor (CISA).
- Certified Information Security Manager (CISM).
- Certified Information Systems Security Professional (CISSP).
- ISO 27001 Lead Auditor
- Security+ CE.
Timeline
IT Audit Manager
Comcast Network
06.2022 - Current
IT Audit Manager
Kearney & Company
03.2020 - 06.2022
Senior IT Auditor
GEICO
11.2018 - 03.2020
Senior IT Auditor
Nymble, Inc.
10.2015 - 11.2018
Staff IT Auditor
Cybersoft Technologies
04.2014 - 09.2015
Masters - Cybersecurity & Policy
University of Maryland Global Campus
Associate’s degree - Computer Information Systems
Anne Arundel Community College
BSc - Industrial Chemistry
University of Lagos
Similar Profiles
Anas AlaraikAnas Alaraik
Intern at Comcast Network EngineeringIntern at Comcast Network Engineering
Brian AikenBrian Aiken
Manager, Video Operations at ComcastManager, Video Operations at Comcast
Walter C. Fortado JrWalter C. Fortado Jr
Direct Sales Representative/Direct Sales Supervisor, Direct Sales Representative, Direct Sales Supervisor at Comcast Cable Corporation, ComcastDirect Sales Representative/Direct Sales Supervisor, Direct Sales Representative, Direct Sales Supervisor at Comcast Cable Corporation, Comcast
MOHAMED KANEMOHAMED KANE
Warehouse Worker (Packer) at Ontrack Philadelphia, PAWarehouse Worker (Packer) at Ontrack Philadelphia, PA
Amber HawkAmber Hawk
Medical Laboratory Technician at Sweetwater Hospital AssociationMedical Laboratory Technician at Sweetwater Hospital Association