Olutunji Olujide
Washington,DC
Summary
PROFILE SUMMARY 6+ years of progressive work experience in information security governance and/or related functions (such as IT Audit, Vendor Management/Third Party Risk Management, and IT Risk Management). Strong working knowledge of information risk and/or security management frameworks and/or regulatory and compliance programs such as NIST, ISO, SOC 2, PCI – DSS. Solid understanding of security best practices and defense in depth strategies.
Overview
7
7
years of professional experience
1
1
Certification
Work History
Third-Party Risk Analyst
WELLS FARGO
09.2018 - Current
- Conduct compliance and information security risk assessments on prospective third parties
- Administer assessment questionnaires to our vendors
- Conduct periodic performance and risk reviews of existing third parties
- Collaborate with business and various risk subject matter experts to address and/or mitigate identified risks
- Facilitate remediation for any third-party related operational issues as needed
- Ensure third-party relationships adhere to company policies and are compliant with regulatory guidelines and industry best practices
- Ensure new third-party due diligence and supporting documents are properly captured in the Supplier Information Management (SIM) system and the Governance, Risk and Compliance (GRC) system (RSA Archer, Jira)
- Manage recurring third-party risk management reports to be shared with the organization which will include risk ratings, policy exceptions, performance, and other risk management key performance indicators (KPIs)
- Communicates risk assessment findings to team owners and custodians of information risk “business partners,” or information governance teams and information security teams
- Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed
- Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
- Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
Vendor Risk Analyst
BREMER BANK
11.2016 - 08.2018
- Perform end-to-end third-party risk assessment
- Evaluate security controls to confirm there is adequate coverage of requirements from standards, policies, regulations, contracts, etc
- Collaborate with external auditors to ensure security assessments are completed and compliance certifications are achieved annually
- Demonstrate our security capabilities to business partners by responding to security assessments
- Work with owners to ensure policies adequately cover compliance and regulatory obligations
- Evaluate third parties for security risks stemming from the services they provide
- Identify and meticulously manage information security risks
- Support the ongoing management and operations of a cyber-security risk management program
- Provide analysis and continuous improvement of the GRC tool capability through life-cycle management best practices
- Coordinates with vendors to secure necessary due diligence documentation for onboarding review/approval
- Manages the vendor database, ensuring that all data is up-to-date and fully accurate, and produces required vendor reporting
- Update critical vendor annual reviews and develop monthly vendor category presentations that support the TPRM governance activities
- Engages with Business Units and Vendors to collect and analyze vendor questionnaires, due diligence documentation, external risk assessment reports, and other artifacts to accurately and effectively assess a third party’s control effectiveness and the residual risk associated with strategic third-party relationships, focusing on the vendor’s ability to demonstrate the existence of required information security and privacy controls aimed at protecting the confidentiality, integrity, and availability of Bremer’s data
- Maintains ongoing third-party risk monitoring review schedule to ensure periodic reviews are performed as described in the policy, standard, and procedure documentation
- Perform additional duties and projects as assigned by management
- Prepare and share final assessment report with the stakeholders.
IT AUDITOR
XFINITY
05.2015 - 09.2016
- Participated in all phases of IT Audit – Planning, Fieldwork and Follow up using applicable framework
- Document and test control descriptions and changes to meet regulatory and internal audit requirements
- (e.g
- ISO27001, SOX, etc.)
- Execute & coordinate established plans for validation testing of defined regulatory controls
- Meet with control owners to ensure control accuracy and remediate any issues related to control exceptions
- Perform IT process monitoring (e.g
- Access control, daily checklists)
- Track outstanding IT remediation items to ensure timely completion
- Maintain and update the department’s Intranet website, and email communications
- Responsible for the maintenance of current policies and standards
- Maintain familiarity with current and upcoming regulatory requirements and their impact on compliance
- Monitor & respond to work tickets in a timely manner to meet Service Level Agreements
- Assist with risk assessments to ensure compliance with corporate security policies, regulatory requirements, and adherence to best practices
- Participate in risk management activities as required.
Education
ICTS -
Old Dominion University
MCSE - undefined
BSC - Computer Science
University of Ibadan
Higher Diploma - Electronic Engineering
Ibadan Polytechnic
Skills
- SKILL
- Nessus, Nmap
- Windows Windows Active Directory, SharePoint, Excel, and PowerPoint
- Framework: NIST, ISO 27001, CCPA, GDPR, HIPAA, PCI-DSS, HITRUST
- Excellent organizational, communication, and presentation skills with the ability to multitask in a fast-paced environment
- Experience using GRC TOOLS; JIRA, CONFLUENCE, BITSIGHT, WORKDAY, AND SERVICENOW, PROCESS-UNITY
- Third-Party Integration
- Third-Party Charges
- Oil Monitoring Analyst
- Independent Analyst Platform
- Analyst Relations
Certification
Oracle Certified Professional (OCP )
Certified Microsoft System Network Engineer (ID#937941)
CompTIA Security +
Certified Information Security Auditor (CISA)
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Third-Party Risk Analyst
WELLS FARGO
09.2018 - Current
Vendor Risk Analyst
BREMER BANK
11.2016 - 08.2018
IT AUDITOR
XFINITY
05.2015 - 09.2016
ICTS -
Old Dominion University
MCSE - undefined
BSC - Computer Science
University of Ibadan
Higher Diploma - Electronic Engineering
Ibadan Polytechnic
Similar Profiles
PATRICIA M. SCHERERPATRICIA M. SCHERER
Regional Bank Private Banker II at Wells Fargo Bank / Wells Fargo AdvisorsRegional Bank Private Banker II at Wells Fargo Bank / Wells Fargo Advisors
Andrew S. HollenbachAndrew S. Hollenbach
Collateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NACollateral Valuation Analysis at Wells Fargo Home Mortgage and Wells Fargo Bank NA
Laxmikanth ChittampallyLaxmikanth Chittampally
Senior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells FargoSenior Operational Processor at Wells Fargo India Solution PVT Ltd, Wells Fargo
Mayank OberoiMayank Oberoi
Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)Financial Accounting Associate/ Alteryx SME at Wells Fargo International Solutions Private LTD (Wells Fargo)
Sabrina JacobsSabrina Jacobs
General Utility Worker at Aramark Food and BeverageGeneral Utility Worker at Aramark Food and Beverage