Summary
Overview
Work History
Education
Skills
Affiliations
Timeline
Generic

OLU FATUNMBI

COMPLIANCE , THIRD-PARTY RISK ANALYST

Summary

Highly motivated and experienced information systems auditor and risk control professional with extensive experience in auditing, vendor risk assessments, and a thorough understanding of the Sarbanes-Oxley Act (SOX), HIPPA, IT General Controls (ITGC), SAS70/SSAE16 attestation, PCIDSS, and NIST 800-53 Frameworks. Extensive experience in all phases of auditing, including planning, studying, assessing, testing controls, reporting, and follow-up. Organized and dependable team player,successful at managing multiple priorities with a positive attitude. Willingness to take on added responsibilities to meet team goals.

Overview

10
10
years of professional experience
4
4
years of post-secondary education

Work History

GRC Analyst

CITI BANK
01.2021 - Current
  • Conduct comprehensive risk assessments and compliance audits to identify potential risks, vulnerabilities, and gaps in operations, processes, and systems
  • Collaborate with Stakeholders to create new policies Multifactor Authentication (MFA) etc that meets Citi. Bank requirements.
  • Worked with cross-functional teams, including Compliance, Legal, Quality Assurance, and IT, to develop risk mitigation strategies and implement effective controls.
  • Assisted internal and external audits activities, by acting as liaison, preparing meetings, gathering documentation, evidence and assisting during controls review.
  • Partake in CITI Bank Business Continuity seminar and held tabletop exercises for Incident response plan (IRP) and Data Privacy (DP) plan.
  • Prepared and presented detailed reports, findings, and recommendations to senior management and key stakeholders to support decision-making and continuous improvement initiatives.
  • Performed NIST cybersecurity framework (CSF) Gap analysis across five high-level function to identify major IT and Cyber security Gaps.
  • Performed multiple cybersecurity Assessment audits for financial security, Incident Management, Endpoint Security, Logging and Monitoring, Mobile Device Security, Threat and Vulnerability Management, Windows and Active Directory.

Third Party Risk Vendor Analyst

CITI BANK
01.2017 - 12.2020
  • Planned and executed security risk assessments for all third-party vendors/suppliers
  • Worked with vendor oversight to ensure adequate tier-ing of vendors based on client level or organizational data they have access to.
  • Administered assessment questionnaires to vendors
  • Performed continuous monitoring by assessing monitoring tools during onsite visits to validate security questionnaires filled out by vendors to ensure protection of data at the vendor sites
  • Conducted on-site risk assessments based on agreed upon procedures and guidelines
  • Reviewed key vendor-provided documentation such as SSAE 16 Type-II report
  • Reviewed access control managements on vendor sites
  • Assessed areas such as business continuity and disaster recovery, physical security, system development, operations, access control, incident management, insider threat, security policy and vendor management
  • Escalated issues of 3rd party vendor's non-compliance to the Vendor Risk management Office (VMO)
  • Review all essential security policies and procedures documentation
  • Performed Data lost prevention analysis of applicable data at the vendor site
  • Validated all controls at the vendor site to ensure there is confidentiality of data hosted in their custody
  • Worked with the vendors to ensure risk discovered are remediated within reasonable time.
  • Reduced lead times through effective communication with vendors regarding production timelines and inventory levels
  • Developed comprehensive vendor selection criteria to identify the best-suited partners for the organization.
  • Supported continuous improvement initiatives by analyzing spend data to identify areas where efficiencies could be gained or costs reduced without compromising quality or service levels

GRC ANALYST - Consultant

TD BANK CONSULTING
01.2015 - 12.2017
  • Drafted and maintained the organization's GRC framework, including policies, procedures, and controls, to ensure alignment with regulatory requirements and industry best practices
  • Conducted risk assessments and gap analyses to identify potential risks, vulnerabilities, and compliance issues within the organization's operations, processes, and systems.
  • Monitored regulatory developments and industry trends to determine their possible influence on the organization's risk profile and compliance requirements.
  • Facilitated internal and external audits, assessments, and exams to examine efficacy of controls and assure compliance with regulatory standards and regulations.
  • Prepared and presented comprehensive reports, findings, and recommendations to senior management and key stakeholders to support decision-making and strategic planning initiatives
  • Collaborated with information security and other IT/Business functions to document and report on relevant initiatives and projects
  • Coordinated with stakeholders and assist in planning and managing audit and risk assessment activities, which include and not limited to SOX, PCI and country assessments
  • Assisted information security team in implementing security principles and risk management in IT activities.
  • Worked with information security colleagues to document and report on relevant initiatives on SOC projects.

GRC ANALYST

PROTOLABS
01.2014 - 12.2014
  • Stayed abreast of regulatory developments, industry trends, and emerging risks to assess their impact on organization's risk profile and compliance obligations.
  • Coordinated and supported internal and external audits, inspections, and regulatory assessments to evaluate effectiveness of controls and ensure compliance with regulatory requirements.
  • Prepared and presented comprehensive reports, findings, and recommendations to senior management and key stakeholders to support decision-making and continuous improvement efforts.
  • Partnered with Third-Party Risk Management (TPRM) to continuously improve TPRM program as subject matter experts for Information Security and Cyber Security
  • Completed vendor assessments for engagements, including management reporting
  • Worked closely with operational, technical, and corporate function personnel to foster technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to management and various stakeholders
  • Assisted in performing IS self-assessments to ensure systems and applications are complying with corporate policies, applicable regulatory and legal requirements, and leading industry practices.

Education

Bachelor of Science - International Relations

COVENANT UNIVERSITY
Nigeria
04.2004 - 05.2008

Skills

Vendor risk assessment managementundefined

Affiliations

Information System Audit and Control Association (ISACA)

Timeline

GRC Analyst

CITI BANK
01.2021 - Current

Third Party Risk Vendor Analyst

CITI BANK
01.2017 - 12.2020

GRC ANALYST - Consultant

TD BANK CONSULTING
01.2015 - 12.2017

GRC ANALYST

PROTOLABS
01.2014 - 12.2014

Bachelor of Science - International Relations

COVENANT UNIVERSITY
04.2004 - 05.2008

Similar Profiles

CREATE PROFILE
OLU FATUNMBICOMPLIANCE , THIRD-PARTY RISK ANALYST