MICHAEL ASODJI
Summary
Information Security Professional, experienced with 6+ years of hands-on experience in Security Risk Assessments, Privacy assessment, Internal Control Testing and Validation, Developing Security Policies, Testing Information and Privacy Controls, Procedures and Guidelines based on ISO 27001, NIST 800-53rev 5, Knowledgeable in Privacy Security Compliance assessment such as CCPA, GDPR. In-depth knowledge in reviewing independent audit documents like; ISO 27001, SOC 2 type 2, Penetration test report, vulnerability scans etc.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Security Risk Analyst
Xcel Energy
11.2022 - Current
- Performed onsite visit to assess the adequacy of a vendors risk management practices against client vendor control requirements and expectations
- This includes but not limited to a walkthrough of the vendors facility and review of the vendors documents, policies, processes and procedures that support previous questionnaire responses
- Functioned as the lead analyst in a more efforts to assist with risk analysis, third party risk, exception to policy analysis and other security efforts
- Perform third party security due diligence; liaising with business and external stakeholders to perform the assessment
- Identifying risk and collaborating with internal and external stakeholders in drawing up timelines for risk remediation activities
- Executed governance activities including metrics gathering and reporting
- Supported the recertification of SOC and ISO 27001 reports
- Engage SME in the completion of security traceability matrix to ensure IT controls are working effectively as desired
- Respond to client/vendors information security questionnaires i.e., RFP/RFI and audit reports in a coordinated manner by working with internal stakeholders across all disciplines
- Collaborated with engineers, architects, and other security professionals to understand risk of a system, project, third party or applications and recommend security controls to mitigate known risks.
Information Risk Analyst
CarMax, Inc.
12.2021 - 10.2022
- Owned and managed the risk register, tracking all risk with a documented timeline
- Primary responsibility of managing all third parties in queue, sending out and reviewing third party questionnaires leveraging SIG, ISO 27001 and NIST control standards
- Technical writing of reports on all on-boarded vendors and communicating to interested stakeholders
- Owned and managed the third-party mailbox/ replying to emails related to third party
- Lead internal control testing and validation
- Supported the certification of compliance audit and independent report, i.e., ISO 27001, SOC 2, and SOC 3
- Collaborated with vendors in completion and closing assessment questionnaires
- Reviewing independent audit documentations such as ISO 27001 and SOC 2 type II
- Participated in the implementation and maintenance of security policy documents and procedures of the third-party program
- Evaluate contractual (SOW, MSA, License) agreements for security and data protection controls.
Security Assurance Analyst—Third Party Risk
Sorenson Communication LLC
08.2020 - 11.2021
- Participated in the creation of policies and procedures for the Vendor Security program, and in the review of our company’s Policies and Standards
- Experienced supporting internal and external SOC 1&2, and ISO 27001 audits/certification
- Track, measure, and evaluate vendor/supplier performance, create associated management information for monthly metric reporting
- Reviewing Independent audit report such as SOC1&2, ISO 27001, Vulnerability Scans and Pen test report
- Developing and implementing third party risk management processes and associated solutions
- Leveraging Microsoft Office Suite & Microsoft 365 (Word, PowerPoint, and Excel) to create deliverables, proposals, and outreach materials for prospective vendors
- Effectively communicate and collaborate with internal departments, including, but not limited to Operations, Legal, Information Security, IT, and Procurement
- Engage in remediation efforts by prioritizing risk ratings, documenting, and closing risk when implemented
- Engaged in tracking and monitoring required procedures related to high risk and moderate-high risk vendors.
IT Risk Analyst
Wells Fargo
11.2019 - 07.2020
- Reviews, third party responses and communicated decisions/reports to the appropriate stakeholders
- Facilitates remediation of any third-party related operational issues
- Understanding technical and operational standard and industry practices involving third party risk management regulations / standards to build programs, risk assessments and business processes
- Ensures new third-party due diligence and supporting documents are properly captured in the Vendor Information Management (VIM) system
- Provides follow-through on assessment deficiencies to assure corrective actions are implemented and completed as expected
- Explain risk outcome on high level to relationship managers, business owners, and other stakeholders associated with the organization and advice on final decisions.
Information Security Analyst/ Third-Party Risk
Kolen Services
03.2018 - 10.2019
- Performed Third Party/Vendor Risk Assessment to identify and evaluate the risks in establishing and/continuing operations with business partners and vendors
- Identified control gaps and vulnerabilities with suppliers and worked with management and suppliers to address security concerns and remediation in a timely manner
- Assessed compliance to organization’s information security policies, processes, and procedures
- Review Statement of Applicability (SoA) and developed continuous monitoring plans
- Liaised with external auditors for required audit engagements and closure of external audit findings/reports.
Education
Diploma in Business Administration -
Advance Business University College (Ghana)
BSc. Information Technology -
Abilene Christian University (Texas)
Skills
- Developing Security Policies
- Independent audit documents review
- Exception to policy analysis
- Third party security due diligence
- Risk identification and collaboration
- Governance activitie
- Information security questionnaires
- Security controls recommendation
- Information Risk Analyst
- Risk register management
- Third-party mailbox management
- Contractual agreements evaluation
- Security Assurance Analyst
- Vendor Security program policies and procedures creation
- Microsoft Office Suite & Microsoft 365 proficiency
- Effective communication and collaboration
- Risk remediation
- Tracking and monitoring of procedures related to high-risk vendors
- Continuous monitoring plans development
- Goal Setting
Certification
- CompTIA Security+ Certified
- CISA
Timeline
Security Risk Analyst
Xcel Energy
11.2022 - Current
Information Risk Analyst
CarMax, Inc.
12.2021 - 10.2022
Security Assurance Analyst—Third Party Risk
Sorenson Communication LLC
08.2020 - 11.2021
IT Risk Analyst
Wells Fargo
11.2019 - 07.2020
Information Security Analyst/ Third-Party Risk
Kolen Services
03.2018 - 10.2019
Diploma in Business Administration -
Advance Business University College (Ghana)
BSc. Information Technology -
Abilene Christian University (Texas)