Joshua A Odunayo
Forney
Summary
Specialized in Governance, Risk, and Compliance with a strong background in IT risk assessment, vulnerability management, and regulatory compliance. Expertise in aligning security controls with NIST and ISO frameworks while enhancing security awareness across clinical and administrative teams.
Overview
8
8
years of professional experience
1
1
Certification
Work History
GRC & Cybersecurity Analyst
Right At Home
06.2019 - Current
- Led enterprise-wide risk assessments across healthcare systems and business units, identifying and mitigating security and operational risks impacting patient data, clinical applications, and supporting infrastructure.
- Directed SOX ITGC testing (access controls, change management, and computer operations) for financial and healthcare-related systems, collaborating with IT, Finance, and compliance teams to remediate control gaps and maintain consistent audit readiness.
- Implemented automated risk monitoring using ServiceNow GRC, improving risk assessment efficiency and strengthening governance visibility across healthcare operations.
- Managed third-party risk assessments for vendors and healthcare service providers, ensuring compliance with SOX, PCI-DSS, SOC 2 Type II, and healthcare regulatory requirements including HIPAA.
- Led vulnerability management initiatives across clinical and enterprise environments, reducing critical vulnerabilities and improving overall system resilience.
- Conducted cloud and AI security risk assessments supporting digital health initiatives, ensuring secure handling of electronic protected health information (ePHI) and maintaining a strong security posture.
- Strengthened organizational cybersecurity posture by aligning controls with industry frameworks (NIST, ISO standards), supporting compliance programs, and enhancing security awareness across clinical and administrative teams.
IT Risk & Security Analyst
Texas Woman’s University
08.2018 - 06.2019
- Developed and maintained an enterprise IT risk register covering cybersecurity, operational, and compliance risks across critical systems and business processes.
- Executed ITGC and change management control testing for production changes, ensuring proper authorization, documentation, and audit readiness.
- Monitored security events through SIEM tools, investigating and resolving security incidents to strengthen incident response and threat detection capabilities.
- Designed access control matrices and segregation of duties (SoD) documentation for key systems to enhance governance, accountability, and compliance.
- Supported internal and external audits by providing control evidence and assisting with remediation efforts aligned with COSO and ITGC frameworks.
- Performed vulnerability assessments and supported penetration testing activities across web applications and network infrastructure to reduce security risks.
- Contributed to business continuity and disaster recovery planning and testing for critical IT systems to ensure operational resilience.
- Led security awareness initiatives and training programs, improving organizational security culture and strengthening compliance with established policies and standards.
Education
MASTER OF SCIENCE (M.S.) - MATHEMATICS WITH INFORMATICS
Texas Woman’s University
12-2019
BACHELOR OF SCIENCE (B.SC.) - MATHEMATICS
Lagos State University
01-1999
Skills
- IT Risk Assessment
- Cyber Risk Analysis
- ITGC Testing
- SOX Compliance
- Security Control Assessment
- Third-Party Risk Management
- Regulatory Compliance
- Audit Support
- Business Continuity
- Vulnerability Management
- Incident Response
- SIEM Monitoring
- IAM
- Access Controls
- Cloud Security Risk Assessment
- NIST
- ISO 27001
- ISO 27002
- COBIT
- COSO
- ITIL
- ServiceNow GRC
- Archer
- Nessus
- Qualys
- AWS
- SQL
- Power BI
- Windows
- Linux
Certification
- Tableau Desktop Specialist, 2023
- Certified in Risk and Information Systems Control (CRISC), Not Provided
Projects
- SOX ITGC Compliance Program, Led a comprehensive ITGC testing program across financial applications. Developed automated testing procedures for access controls and change management. Achieved consistent clean SOX audit opinions with strong control effectiveness.
- Enterprise Risk Management Platform, Implemented ServiceNow GRC platform integrating cybersecurity and operational risk management. Migrated legacy ITGC testing processes to centralized platform.
Core Skills
IT Risk Assessment, Cyber Risk Analysis, ITGC Testing, SOX Compliance, Security Control Assessment, Third-Party Risk Management, Regulatory Compliance (SOX, SOC 2, PCI-DSS, HIPAA), Audit Support, Business Continuity, Vulnerability Management, Incident Response, SIEM Monitoring, IAM, Access Controls & SoD, Cloud Security Risk Assessment, NIST, ISO 27001/27002, COBIT, COSO, ITIL, ServiceNow GRC, Archer, Nessus, Qualys, AWS, SQL, Power BI, Windows, Linux
Professional Highlights
- Led enterprise-wide IT risk assessments, identifying and mitigating risks while strengthening governance and control maturity.
- Directed the SOX ITGC program across financial systems, achieving consistent clean audit opinions with strong control effectiveness.
- Implemented ServiceNow GRC automation to improve risk and control testing efficiency and enhance audit readiness.
- Reduced critical vulnerabilities and minimized exposure through structured vulnerability management and continuous monitoring.
- Managed third-party risk assessments for vendors, ensuring compliance with SOX, SOC standards, PCI-DSS, and NIST/ISO standards.
Timeline
GRC & Cybersecurity Analyst
Right At Home
06.2019 - Current
IT Risk & Security Analyst
Texas Woman’s University
08.2018 - 06.2019
MASTER OF SCIENCE (M.S.) - MATHEMATICS WITH INFORMATICS
Texas Woman’s University
BACHELOR OF SCIENCE (B.SC.) - MATHEMATICS
Lagos State University