Nureni Ola
Summary
Results-oriented Solutions Analyst with a strong foundation in IT Risk, Process Analysis, and ServiceNow administration. Skilled at bridging business objectives with technology by designing and optimizing IT solutions that enhance operational efficiency and compliance. Experienced in developing ServiceNow catalog items, streamlining workflows, and automating Infrastructure processes to support organizational transformation initiatives. Proven ability to engage stakeholders, manage solution lifecycles, and ensure adherence to security, data governance, and regulatory standards.
Overview
8
8
years of professional experience
1
1
Certification
Work History
IT Risk & Compliance Analyst
Capital One
05.2023 - Current
- Acted as ServiceNow Systems Administrator, managing service catalog design, workflow automation, and platform maintenance to streamline IT request processes.
- Analyzed business processes across IT operations, identifying inefficiencies and recommending automation solutions that improved response time and accuracy.
- Designed IT Infrastructure solutions that automated evidence collection, risk reporting, and compliance validation across internal audit programs.
- Partnered with stakeholders across IT, Security, and Audit to align Infrastructure initiatives with business objectives and regulatory standards (SOX 404, ISO 27001, NIST 800-53).
- Supported ServiceNow CMDB data integrity by mapping configuration items, dependency relationships, and system ownership to improve change tracking and impact analysis.
- Collaborated with DevOps and Infrastructure teams to integrate automation workflows (Ansible, Terraform) with ServiceNow for improved provisioning and change control.
- Produced process documentation, performance reports, and dashboards in Power BI and Lucidchart to visualize solution design and track key operational metrics.
- Maintained audit-ready configurations, ensuring adherence to governance and compliance frameworks while supporting the digital transformation roadmap.
SENIOR IT AUDITOR/ RISK COMPLIANCE SPECIALIST
KPMG
02.2021 - 04.2023
- Performed all stages of the audit including, planning preparing the audit program, fieldwork executing, reporting and follow up.
- Assist in performing audit testing procedures, including attribute-based controls, through various means – inspection, observation, and re-performance.
- Identified and defined root cause of control issues and reviewed and evaluated adequacy of internal controls to ensure compliance with IT security policies and procedure and provided recommended solutions to identify internal control concerns.
- Provide recommended solutions to identified internal control concerns.
- Performing audit tests and preparing work papers which document work performed and conclusions reached.
- Reassessing the controls and deficiencies and retesting all the identified key controls within SOX guidelines.
- Assessing IT control elements to mitigate IT risks regarding the security, confidentiality, integrity, and the availability of business information.
- Identifying and evaluating the risks during review and analysis of system development life cycle (SDLC), including Design, Testing/QA, and Implementation of systems and upgrades.
- Reviewed Applications, Databases, and Operating systems and Performed IT general computer and application controls such as access controls, change management, SDLC, Segregation of Duties, IT Operations, Interface Check, Completeness Check, Input Controls testing to verify compliance with SOX section 404.
- Planned and managed the ITGC audit functions using best practice audit guidelines in compliance with COSO and COBIT standards.
- Knowledge of vulnerability assessment of operating systems (Unix/Linux, Windows).
- Conducted walkthrough, formulated test plans, documented gaps, tested the results and exceptions.
Identified and communicated audit findings to senior management and clients. - Knowledgeable in ERP (SAP) business processes and testing of relevant controls.
- Performing internal and external IT risk assessments, conducted GAP analysis against the industry standards and providing recommendations on mitigation options.
- Provided comprehensive testing and review program of the IT environment to ensure that access and security controls are maintained to appropriate standard and ensured comprehensive access and security controls are in place for all IT related systems, for both hardware and software.
- Advised the business on change management and ensured any impact on internal control environment is appropriately managed.
- Performed Infrastructure audit with Software Development Lifecycle managing security risk compliance and databases and documenting CIS critical security controls within the organization.
- Applied current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement.
- Worked with audit and assurance teams and the client to plan engagement strategy, define objectives, and address technology-related controls risks and issues.
- Performed general computer and application controls reviews in accordance with COBIT methodology.
- Developed strong relationships with key leaders to identify and address compliance risks and failures and manage action plans designed to fully mitigate risk(s).
- Conducted and supervised end to end SOX IT audit process including engagement planning, coordination, scope determination, risk and control identification, design of audit program, procedures, test control and evaluate results.
- Assisted leadership with planning work on assigned audits, system reviews, or other related engagements.
- Developed strong relationships with key leaders to identify and address compliance risks and failures and manage action plans designed to fully mitigate risk(s)
Cloud Security & Vulnerability Management Analyst
KPMG Global Services
06.2019 - 01.2021
- Led enterprise vulnerability management by configuring and managing tools such as Qualys, Tenable Nessus, and Rapid7 InsightVM to scan, classify, and prioritize vulnerabilities across 5,000+ assets.
- Developed a vulnerability scoring system based on CVSS v3, integrating results into the Archer GRC platform and reducing patch remediation SLAs by 40% through automated workflows.
- Collaborated with DevOps and infrastructure teams to enforce AWS and Azure cloud security baselines, including encryption, least privilege IAM roles, secure APIs, and hardened EC2 instances.
- Monitored and mitigated misconfigurations in S3 buckets, IAM roles, security groups, and Lambda functions using AWS Config, Security Hub, and GuardDuty.
- Built integrations between SIEM (Splunk) and vulnerability scanners to trigger real-time alerts for zero-day threats and critical vulnerabilities.
- Participated in incident response activities, assisting with root cause analysis, evidence collection, and attack vector analysis for cloud-hosted applications.
- Contributed to the creation of security playbooks for patch management, zero-day response, and AWS security incidents to support a 24/7 global SOC.
Risk Analyst – Governance, Risk & Healthcare IT Security
Leon Medical Center
12.2017 - 05.2019
- Conducted HIPAA compliance audits and security risk assessments across healthcare systems, including EMRs, cloud storage, and mobile endpoints.
- Monitored access to ePHI and PII, performing periodic user access reviews and security logs analysis using Splunk and Microsoft Sentinel to detect suspicious activity.
- Managed IT risk registers, risk acceptance documentation, and control remediation plans using Excel, SharePoint, and basic GRC toolsets.
- Led the implementation of Business Continuity Planning (BCP) and Disaster Recovery (DR) testing for key clinical and IT systems.
- Delivered security awareness campaigns, phishing simulations, and HIPAA training to 1,000+ staff, resulting in a 45% drop in simulated phishing click rates.
- Partnered with legal and compliance teams on breach investigations, coordinated data recovery efforts, and submitted documentation to HHS OCR when required.
- Actively contributed to the implementation of ISO 27001-based ISMS tailored to the healthcare environment.
Education
Post-Graduate Certificate - Cybersecurity & Digital Forensics
University of Texas At Austin
Austin, TX07-2023
Bachelor of Science - Computer Science
National Open University
Lagos01-2016
Skills
- Cloud Platforms: AWS (EC2, S3, IAM, Security Hub, Config, GuardDuty), Microsoft Azure (AD, Defender, Sentinel)
- GRC Tools: RSA Archer, ServiceNow GRC, ZenGRC, MetricStream, AuditBoard
- Security Tools: Splunk, Tenable Nessus, Qualys, Rapid7, CrowdStrike Falcon, Symantec DLP, McAfee ePO
- IAM & Access Controls: Azure AD, Okta, SailPoint, Ping, RBAC, SoD, MFA, JML automation
- Compliance & Frameworks: SOX 404, NIST 800-53, ISO 27001, HIPAA, PCI-DSS, GDPR, COBIT 5, CIS Benchmarks, OWASP Top 10
- Monitoring & SIEM: Splunk, ELK, Azure Sentinel, QRadar
- DevOps & Secure SDLC: GitHub, Jenkins, CI/CD pipelines, Secure Code Reviews, OWASP Zap
- Dashboards & Reporting: Power BI, Tableau, Excel, JIRA, Confluence
- Vulnerability & Patch Mgmt: WSUS, SCCM, PatchMyPC, Qualys VMDR
- Productivity: Microsoft 365, Google Workspace, SharePoint
Certification
- Certified Information Systems Auditor (CISA) – ISACA
- CompTIA Security+, CySA+, CASP+
- AWS Certified Solutions Architect – Associate
- Microsoft Certified: Azure Security Engineer Associate
- ITIL v4 Foundation
Timeline
IT Risk & Compliance Analyst
Capital One
05.2023 - Current
SENIOR IT AUDITOR/ RISK COMPLIANCE SPECIALIST
KPMG
02.2021 - 04.2023
Cloud Security & Vulnerability Management Analyst
KPMG Global Services
06.2019 - 01.2021
Risk Analyst – Governance, Risk & Healthcare IT Security
Leon Medical Center
12.2017 - 05.2019
Bachelor of Science - Computer Science
National Open University
Post-Graduate Certificate - Cybersecurity & Digital Forensics
University of Texas At Austin