Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Micheal D. Ovuede

Houston,TX

Summary

A senior GRC Professional with years of experience in planning and executing end-to-end IT Audit engagements, Risk Management and development of security policies. I have strong expertise in SOX audits, SOC reporting, HITRUST CSF Audits and ISO 27001 audits to ensure compliance with industry standards and best practices. I have gained relevant knowledge in testing IT Internal Controls over financial reporting (ICFR) and Security Compliance review, Risk Assessment, Project Management, and stakeholder management

Governance, Risk, and Compliance professional prepared for impactful roles in organizational risk management. Extensive background in designing and executing compliance programs that enhance operational integrity. Known for fostering collaboration and achieving results in dynamic environments. Proficient in risk assessment, regulatory analysis, and policy development, valued for reliability and adaptability.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Sr. GRC Consultant

Cigna
12.2021 - Current
  • Supported GRC operations by assessing third-party risks, assisting with ISO 27001 Implementation, SOC2 audits, HITRUST CSF audits and other compliance activities
  • Maintained a comprehensive global security risk register, identifying and evaluating potential risks and their impact on our operations
  • Conducted assessments of third-party vendors and partners to ensure they met organizational security and compliance standards
  • Performed annual SOX IT Control scoping and risk assessment to determine applications, systems and processes that are in scope for annual control testing
  • Performed walk-throughs and test of controls to assess design effectiveness of SOX ITGC controls, document design gap and provide recommendations on remediation to audit clients
  • Collaborated with business customers to translate information security risks and requirements into business terms
  • Facilitated risk discussions, provided guidance, and promoted risk-aware decision-making to management
  • Independently reviewed contractual agreements and requirements related to information security and information technology-related compliance
  • Identified gaps and developed strategies to meet contractual obligations
  • Supported the implementation and maintenance of a global GRC framework and tool
  • Conducted risk assessments to identify, evaluate, and prioritize information security risks
  • Developed risk mitigation strategies and worked with stakeholders to implement controls and measures

GRC Analyst

United Apartment Group
07.2017 - 08.2021
    • Supported the development, implementation, and monitoring of data confidentiality, system integrity, system reliability, recovery methods and procedures
    • Utilized the risk assessment process to continuously detect new internal and external risks, vulnerabilities, and apply the results to produce recommendations for mitigating control
    • Consulted with systems technology staff members, business unit staff and provided guidance in the definition of the appropriate security architecture and technical requirements necessary to address information security needs
    • Created and disseminated a PCI Best Practice Manual and built a PCI database to track and report on all the in-scope departments
    • Designed third-party risk management playbooks and procedures to implement management approved policies on contracting and vendor engagement with the organisation
    • Coordinated with Control owners and external auditors to guarantee that all SOX documentation, including narratives, risk control matrices, and process diagrams, is reliable and up to date
    • Effectively tested management controls covering User Access Reviews, Privilege access management, Access Administration (Joiners, Movers, and leavers), User Identification and Authentication, Change management and Segregation of Duties (SOD), Job Processing, Backup and Disaster Recovery, Incident management, Data Security controls and IT Automated Controls
    • Coordinated SOX IT Audit review covering access to programs and data, change management, program development and computer operations, and tested SOX IT controls through review of entity-level controls (ELC), IT Application controls (ITAC) and IT General Control (ITGC) and evaluated the operating effectiveness of controls implemented within the IT control environment

Risk & Control Analyst

SafePro Services
11.2016 - 04.2017
  • Leveraged security compliance such as NIST, ISO, and CSA CCM requirements to deliver on risk management and security assessment program and treat risks through controls design and implement
  • Verified control design and test approaches to ensure appropriateness and risks are identified and prepared clear, concise, and consistent documentation to adequately support all controls, testing, conclusions, and findings
  • Presented audit findings to various management levels (from business unit to enterprise-level), along with any concerns and suggestions for improvement or appropriate measures as needed
  • Reviewed financial resources to evaluate internal controls over faculty incentives and merit-based fringe benefits which are processed and paid in accordance with departmental plans, state salary caps, and University rules and regulations
  • Established incident response playbooks in alignment with the incident response plan, and benchmarking Information Security Policy with frameworks e.g., ISO 27001, SOC 2, CIS CSC, NIST and HITRUST
  • Planned and executed independent security audits and assessment to evaluate risk mitigation measures and control effectiveness
  • Performed internal audit reviews related to IT controls testing, information security compliance evaluation, systems post-implementation review, and controls related to IT governance, management, and operations

IT Service Desk Specialist

Amazon Energy
08.2015 - 10.2016
  • Provided first point of contact for system related issues or queries that come into the helpdesk via different channels (e.g., email)
  • Supported installation of bespoke applications and hardware on client computer systems
  • Created new user accounts on Active Directory and Exchange servers
  • Managed the build, administration, distribution, and support of devices ensuring that all asset lists are accurate
  • Ensured all support calls are answered and correctly logged in accordance with policies and procedures
  • Logged call details onto call management and ticketing systems such as Remedy, ITSM
  • Analyzed service requests and progress them to the next stage following company policy and processes
  • Prioritized incidents based on impact and Service level Agreements

Customer Relationship Analyst

Power Holding Company of Nigeria (PHCN)
11.2013 - 05.2015
  • Engaged and managed existing and potentials clients while promptly responding to all enquiries, to reduce turnaround-time, increase customer satisfaction, retention, and brand recognition
  • Provided personalized service to all clients and responded to requests and queries
  • Escalating queries where necessary and contributing towards the overall sales performance of the store
  • Keeping accurate and up to date records of interactions with customer accounts
  • Reviewed the SLAs with clients and ensures KPI alignment that affects the customer service delivery
  • Created positive working relationships with other department sales and operations
  • Worked with customer service delivery team and Account Team to prioritize and plan customer engagements and programs, driving outcomes to improve the performance, and business capabilities of the prioritized workloads
  • Enabled successful roll-out of the firm's product/service to large enterprise customers and multinationals, including sharing and developing relevant creative assets
  • Conducted comprehensive portfolio reviews, identifying opportunities to grow client assets under management.

Education

Bachelor of Science -

Western Delta University
Delta State
09.2013

Skills

  • Risk Control Self-Assessment
  • OneTrust GRC Administration
  • KnowBe4
  • Database Management
  • Stakeholder Management
  • Auditing
  • ISO 27001/2
  • NIST-CSF
  • GDPR
  • HIPAA
  • SOC 2
  • CIS CSC
  • COBIT 5
  • Risk Documentation
  • Vulnerability Scanning

Certification

  • CISA (Certified)
  • CRISC (Certified)
  • CISM (Certified)
  • CompTIA Security+ (Certified)
  • Cisco CCENT (Certified)

Timeline

Sr. GRC Consultant

Cigna
12.2021 - Current

GRC Analyst

United Apartment Group
07.2017 - 08.2021

Risk & Control Analyst

SafePro Services
11.2016 - 04.2017

IT Service Desk Specialist

Amazon Energy
08.2015 - 10.2016

Customer Relationship Analyst

Power Holding Company of Nigeria (PHCN)
11.2013 - 05.2015

Bachelor of Science -

Western Delta University

Similar Profiles

  • JAMIE LAVALLEY

    JAMIE LAVALLEYJAMIE LAVALLEY

    Account Installation Senior Representative at CignaAccount Installation Senior Representative at Cigna

    View Profile
  • Kristina Nestor Walker

    Kristina Nestor WalkerKristina Nestor Walker

    HCC Coder and Quality Review Audit Analyst at CignaHCC Coder and Quality Review Audit Analyst at Cigna

    View Profile
  • Noël Potter

    Noël PotterNoël Potter

    Dental Claims Processor at CignaDental Claims Processor at Cigna

    View Profile
Micheal D. Ovuede