Joshua Obiossai

Joshua Obiossai is a highly qualified Certified Information Systems Auditor (CISA) and GRC professional with nine years of experience specializing in the documentation and communication of complex cybersecurity requirements. His background is a near-perfect match for this role, as he possesses the necessary technical depth to analyze security controls and the practical experience to create easily accessible policies, procedures, and assorted documentation for the Integrated Security Department.

• Perform gap analyses to identify security control deficiencies.
• Lead comprehensive assessments of high-risk vendors, analyzing various risk aspects and conducting periodic reassessments to monitor changes.
• Streamline audit processes for HITRUST, SOC 2, and HIPAA.
• Proactively manage policy/control exceptions, prioritizing compliance and confidentiality.
• Collaborate with teams to refine incident response protocols.
• Continuously monitor vendor performance against contracts, SLAs, and industry standards, escalating critical issues.
• Offer actionable mitigation strategies to vendors.
• Oversee risk metrics, reported data, and maintain documentation in OneTrust, ensuring complete data upload and assisting in Trust Portal setup.
• Employ standardized methods (SIG and IRQ) for accurate risk assessments.
• Utilize JIRA and Knowbe4 to manage tasks and employee training.
• Develop and maintain information security program documentation.
• Identify gaps in third-party vendor controls and implement remediation plans.
• Review and evaluate compliance assessment results and document corrective actions.
• Assist sales and product teams with answering security questionnaires.

• Conducted risk and control assessments for medium and high-risk third-party service providers, ensuring the effectiveness of their control environments.
• Evaluated the security posture of vendors through the analysis of SOC reports, penetration test results, and Business Continuity/Disaster Recovery/Incident Response Plans.
• Reviewed critical vendor documentation, including financial statements, credit reports, legal contracts, and business licenses, to assess overall risk.
• Performed thorough due diligence on prospective vendors, analyzing their financial stability, regulatory adherence, and potential risk exposure.
• Collaborated with internal stakeholders to effectively navigate and mitigate risks across critical business areas, including supply chain, distribution channels, and regulatory compliance.
• Proactively identified and documented potential risks associated with new organizational initiatives and evolving operational landscapes.
• Developed and implemented standardized methodologies for collecting comprehensive vendor data, significantly improving data accuracy and operational efficiency.
• Successfully expanded the third-party risk management program to international operations, adapting processes to comply with diverse regional regulations.
• Utilized RSA Archer to efficiently track assessment progress, manage identified findings, and generate key risk metrics for presentation to senior leadership.

• Led evidence collection for annual NIST 800-53 assessments, ensuring all control requirements were met.
• Orchestrated the annual evidence collection process, ensuring flawless adherence to control requirements.
• Conducted analysis on logs, reports, and configuration data.
• Developed and managed a comprehensive system for both internal and external access.
• Produced reports and presentations for assessors, highlighting findings, remedial actions, and compliance progress.
• Managed the coordination of remediation activities, monitored progress, and ensured timely completion.
• Collaborated with risk owners, security engineers, system owners, and management on remediation plans and implementation.
• Provided training and support to internal stakeholders on requirements and evidence collection procedures.