Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

MICHAEL ASODJI

IRVING,TX

Summary

Information Security Professional, experienced with 6+ years of hands-on experience in Security Risk Assessments, Privacy assessment, Internal Control Testing and Validation, Developing Security Policies, Testing Information and Privacy Controls, Procedures and Guidelines based on ISO 27001, NIST 800-53rev 5, Knowledgeable in Privacy Security Compliance assessment such as CCPA, GDPR. In-depth knowledge in reviewing independent audit documents like; ISO 27001, SOC 2 type 2, Penetration test report, vulnerability scans etc.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Security Risk Analyst

Xcel Energy
11.2022 - Current
  • Performed onsite visit to assess adequacy of vendors risk management practices against client vendor control requirements and expectations
  • This includes but not limited to walkthrough of vendors facility and review vendors documents, policies, processes and procedures that support previous questionnaire responses
  • Functioned as lead analyst in more efforts to assist with risk analysis, third party risk, exception to policy analysis and other security efforts
  • Perform third party security due diligence; liaising with business and external stakeholders to perform assessment
  • Identifying risk and collaborating with internal and external stakeholders in drawing up timelines for risk remediation activities
  • Executed governance activities including metrics gathering and reporting
  • Supported recertification of SOC and ISO 27001 reports
  • Engage SME in completion of security traceability matrix to ensure IT controls are working effectively as desired
  • Respond to client/vendors information security questionnaires i.e., RFP/RFI and audit reports in coordinated manner by working with internal stakeholders across all disciplines
  • Collaborated with engineers, architects, and other security professionals to understand risk of system, project, third party or applications and recommend security controls to mitigate known risks.

Information Risk Analyst

CarMax, Inc.
12.2021 - 10.2022
  • Owned and managed risk register, tracking all risk with documented timeline
  • Primary responsibility of managing all third parties in queue, sending out and reviewing third party questionnaires leveraging SIG, ISO 27001 and NIST control standards
  • Technical writing of reports on all on-boarded vendors and communicating to interested stakeholders
  • Owned and managed third-party mailbox/ replying to emails related to third party
  • Lead internal control testing and validation
  • Supported certification of compliance audit and independent report, i.e., ISO 27001, SOC 2, and SOC 3
  • Collaborated with vendors in completion and closing assessment questionnaires
  • Reviewing independent audit documentations such as ISO 27001 and SOC 2 type II
  • Participated in implementing and maintenance of security policy documents and procedures of third-party program
  • Evaluate contractual (SOW, MSA, License) agreements for security and data protection controls.

Security Assurance Analyst—Third Party Risk

Sorenson Communication LLC
08.2020 - 11.2021
  • Participated in creation of policies and procedures for Vendor Security program, and in review of company’s Policies and Standards
  • Experienced supporting internal and external SOC 1&2, and ISO 27001 audits/certification
  • Track, measure, and evaluate vendor/supplier performance, create associated management information for monthly metric reporting
  • Reviewing Independent audit report such as SOC1&2, ISO 27001, Vulnerability Scans and Pen test report
  • Developing and implementing third party risk management processes and associated solutions
  • Leveraging Microsoft Office Suite & Microsoft 365 (Word, PowerPoint, and Excel) to create deliverables, proposals, and outreach materials for prospective vendors
  • Effectively communicate and collaborate with internal departments, including, but not limited to Operations, Legal, Information Security, IT, and Procurement
  • Engage in remediation efforts by prioritizing risk ratings, documenting, and closing risk when implemented
  • Engaged in tracking and monitoring required procedures related to high risk and moderate-high risk vendors.

IT Risk Analyst

Wells Fargo
11.2019 - 07.2020
  • Reviews, third party responses and communicated decisions/reports to appropriate stakeholders
  • Facilitates remediation of any third-party related operational issues
  • Understanding technical and operational standard and industry practices involving third party risk management regulations / standards to build programs, risk assessments and business processes
  • Ensures new third-party due diligence and supporting documents are properly captured in Vendor Information Management (VIM) system
  • Provides follow-through on assessment deficiencies to assure corrective actions are implemented and completed as expected
  • Explain risk outcome on high level to relationship managers, business owners, and other stakeholders associated with organization and advice on final decisions.

Information Security Analyst

Kolen Services
03.2018 - 10.2019
  • Performed Third Party/Vendor Risk Assessment to identify and evaluate risks in establishing and/continuing operations with business partners and vendors
  • Identified control gaps and vulnerabilities with suppliers and worked with management and suppliers to address security concerns and remediation in timely manner
  • Assessed compliance to organization’s information security policies, processes, and procedures
  • Review Statement of Applicability (SoA) and developed continuous monitoring plans
  • Liaised with external auditors for required audit engagements and closure of external audit findings/reports.

Education

Diploma in Business Administration -

Advance Business University College (Ghana)
Ghana
07.2011

BSc. Information Technology -

Abilene Christian University (Texas)
Abilene, TX
02.2026

Skills

  • Well-organized and comfortable working in a dynamic and challenging environment
  • Able to work under pressure with or without supervision
  • Effective interpersonal and communication skills
  • High sense of Integrity and confidence
  • Proficiency in Microsoft Excel (Pivot Tables, V-Lookups) ability to create, publish, and deliver briefing and training materials
  • Experience with GRC tools such as; SharePoint, Archer, Jira, Coupa, Congruence and LogicGate

Certification

  • CompTIA Security+ Certified
  • CISA

Timeline

Security Risk Analyst

Xcel Energy
11.2022 - Current

Information Risk Analyst

CarMax, Inc.
12.2021 - 10.2022

Security Assurance Analyst—Third Party Risk

Sorenson Communication LLC
08.2020 - 11.2021

IT Risk Analyst

Wells Fargo
11.2019 - 07.2020

Information Security Analyst

Kolen Services
03.2018 - 10.2019

Diploma in Business Administration -

Advance Business University College (Ghana)

BSc. Information Technology -

Abilene Christian University (Texas)

Similar Profiles

CREATE PROFILE
MICHAEL ASODJI