Summary
Overview
Work History
Education
Skills
Timeline
Generic

Ojochide Ebo

Richardson,TX

Summary

Information security professional with six years of progressive experience in the cybersecurity industry. Demonstrated skill in identifying business risks and compliance issues and designing proactive solutions. Proficient in documents and policy writing with a background in developing and implementing layered network security approaches. Hands-on experience in third-party risk management, risk assessment, and technical problem-solving. Experienced in various compliances and regulations, as well as FEDRAMP processes. A conceptual thinker who can work independently and as a team member to successfully achieve project goals and objectives. Proficient in Cloud security, identity, access management, monitoring and event management, governance and compliance, application delivery, data protection, image and patch management, self-service, and ops analytics in the AWS platform.

Overview

6
6
years of professional experience

Work History

HIPAA and FQHC Compliance Specialist

North Texas Area Community Health Center
08.2023 - Current
  • Provided oversight and reporting of third party by utilizing data and facts during evaluation process to satisfy regulatory
    Utilize vendor management system to document risk ratings on all vendors
  • Assessed inherent risk on vendors during Relationship review to ensure proper tier of Vendors
  • Collaborated with vendor's relationship owner to ensure information are corrected and valid in GRC Archer.
  • Conducted performance management with Business Unit to prevent services disruption or interruption
  • Conducted Security Assessment of all engaged Vendors by sending SIGs questionnaires to third Parties with security documentation request.
  • Stratified third parties based on risk to organization and
    performed SaaS assessments for all software vendors.
  • Actively managed all assessment deadlines by coordinating execution with both external third party and internal business partners.
  • Coordinated with external vendors to enhance and operate third party risk management program.
  • Responded to assessment and audit requests from clients.
  • Coordinated and managed internal and external assessment requests.
  • Reviewed information security requirements for both new and existing contractual agreements with outside parties
  • Reviewed contractual agreements with new, current, and prospective clients.
  • Updated and reviewed Information Security policies and procedures
    Review and enhance Technology and Security systems, processes, and tools to identify, track, and reduce risk within firm.
  • Prepared Reports and documentation process.
  • Reviewed controls population in SOC 2 type 2 and ensure CUECs are
    implemented.
  • Uncovered risks and document controls in line with our risk appetite
  • Documented findings and recommend risk mitigation plans for risks and controls.
  • Managed timely completion of information requests for third party
    products/services.
  • Led or contribute to strategic projects to enhance overall effectiveness of program.

GRC Analyst

Meta
03.2022 - Current
  • Review, manage and update company Policies, Procedures and Controls implementation to ensure Laws and Regulation are respected.
  • Work in collaboration with Stakeholders to create new Policies that meet Company requirements.
  • Create monitor and submit policies exceptions for closure for activities that occurred and are against Company 's procedures.
  • Assist in internal and external Audits activities, by acting as a Liaison, preparing meetings, gathering documentation and evidences and assisting during controls review.
  • Work on findings identified by Auditors in Audits reports such as SOC1, 2 .
  • Partake in Company Business continuity and running Tabletop exercises for IRP, CP and DR plan.
  • Conduct Cyber-training programs for new and existing employees, and conducting campaigns such as Phishing on a quarterly basic.
  • Prepare Company for yearly ISO 27001 Compliance Certification
  • Provide monthly reporting to Upper Management in regards to environment cyber posture.
  • Develop corrective action plans for vulnerabilities identified, and work with SMEs to develop remediation plans.

Risk Analyst and Disaster Recovery Playbook

Goldman Sachs
06.2019 - 01.2023
  • Designed company-wide policies to bring operations in line with Center for Internet Security (CIS) standards.
  • Developed and maintained incident response protocols to mitigate damage and liability during security breaches.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Monitored computer virus reports to determine when to update virus protection systems.
  • Supported various systems on-prem and Cloud using NIST 800-37 and FEDRAMP compliance.
  • Created A&A documentation such as SSP, SORN, PTA FIPS 199 as part of Risk Management Framework.
  • Developed POA&Ms and ensure Milestones are met.
  • Conducted Categorization, Control Selection and Implementation prior to Assessment.
  • Prepared systems for Assessment and Authorization process.
  • Conducted continuous monitoring and ensure that change, configuration, risk and vulnerability management using NIST 800-137 as guide.
  • Scheduled, ran and collected scans results and ensured that POA&Ms are created.
  • Created and updated Systems wide Policies and Procedures.

Complaince Intern

Johns Hopkins Center For Communication Programs
04.2018 - 06.2019
  • Contributed to implementing an effective risk management framework, allowing for more informed decision-making processes related to compliance efforts.
  • Enhanced regulatory understanding by conducting thorough research on compliance policies and procedures.
  • Aided in preparing timely reports for senior management regarding compliance issues and trends within the organization.
  • Participated in regular team meetings focused on addressing emerging trends or challenges within the field of compliance management.
  • Managed risk and vulnerability assessments, validation testing, compliance reviews, and audits under NIST standards
  • Managed and supported SOC 2 and global ISO 27001 audits
  • Promoted widespread implementation of ISO 27001 standards
  • Maintained and monitored a central repository for audit evidence
  • Informed the proper stakeholders of important concerns and hazards
  • Worked with other stakeholders to link our corporate IT, procurement, and privacy departments with GRC objectives
  • Maintained up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise
  • Managed security standards, policies, and practices on an annual basis to make sure they meet corporate demands
  • Assisted the department in responding to inquiries from the business units about ongoing operational compliance
  • Sought out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
  • Shared information with managers to avoid surprises, draw attention to problems, and guarantee delivery on time

Education

Master of Science - Healthcare Leadership And Management -HIPAA&HITECH

West Coast University
Texas, United States
12.2023

Bachelor of Science - Communication Information Systems

Covenant University
Nigeria
07.2013

Skills

SKILLS

  • Microsoft Office 365
  • Attention to detail
  • Designing security controls
  • Verbal and written communication
  • Teamwork
  • Vendor Risk/ Third-Party Security Risk Management
  • ISO 27001 / PCI DSS / HIPAA/CCPA /GDPR / NIST /FISMA /FIPS /HITRUST
  • FEDRAMP COMPLIANCE
  • Scout tool/ Zen GRC/ Know before/ Bit-sight/ Archer
  • Good listening skills
  • Time management
  • Multitasker
  • Project completion
  • Analytical skills
  • POA&M] Plan of Action and Milestones
  • NIST 800-37, NIST 800-60, FIPS 199, NIST 800-53, NIST 800-53A, NIST 800-18, NIST 800 30r1, NIST 800-139, NIST 800-137
  • Policy and Control Analysis

Timeline

HIPAA and FQHC Compliance Specialist

North Texas Area Community Health Center
08.2023 - Current

GRC Analyst

Meta
03.2022 - Current

Risk Analyst and Disaster Recovery Playbook

Goldman Sachs
06.2019 - 01.2023

Complaince Intern

Johns Hopkins Center For Communication Programs
04.2018 - 06.2019

Master of Science - Healthcare Leadership And Management -HIPAA&HITECH

West Coast University

Bachelor of Science - Communication Information Systems

Covenant University

Similar Profiles

  • Paola Reyes-Marquez

    Paola Reyes-MarquezPaola Reyes-Marquez

    National Certified Medical Assistant at North Texas Area Community Health CentersNational Certified Medical Assistant at North Texas Area Community Health Centers

    View Profile
  • Blakely Dorsey

    Blakely DorseyBlakely Dorsey

    Patient Care Coordinator at North Texas Community CenterPatient Care Coordinator at North Texas Community Center

    View Profile
  • Stephanie Brabson

    Stephanie BrabsonStephanie Brabson

    Radiologic Technologist at Tri Area Community Health Center At FerrumRadiologic Technologist at Tri Area Community Health Center At Ferrum

    View Profile
Ojochide Ebo