Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Samuel Sewonuga

Las Vegas,NV

Summary

Third Party/Cyber Risk Professional, I specialize in Incident Response, Data Protection, and PCI DSS compliance. My expertise with GRC and SIEM tools has significantly enhances incident response efficiency, ensuring robust data protection and regulatory adherence. Skilled in translating risk analytics into actionable strategies, I've strengthened operational security and vendor risk management. Additionally, my commitment to raising risk awareness and conducting comprehensive training programs has played a pivotal role in building a culture of security mindfulness and resilience within organizations i have worked in.

Overview

6
6
years of professional experience
1
1
Certification

Work History

Information Security Analyst (Contract)

NUGA Financials
Richmond, TX
01.2023 - 09.2023
  • Conducted ITGCs and IT Application Controls (ITACs) testing to assess IT internal controls as part of integrated audit.
  • Assess the physical controls established to safeguard organization Information System Assets.
  • Leveraged DataDog to identify and assess security risks
  • implementation of a new cybersecurity policy using RSA Archer, resulting in a 38% decrease in security incidents
  • Managed Risk Register
  • Coordinated with IT department and external auditors during SOX IT testing.
  • Documented detailed audit work paper based on findings in Walkthrough and Detailed tests.
  • Conduct interviews with key Process/System owners to understand organizations' Internal Control structure.
  • Make recommendations to management, as needed, to improve the design and operational effectiveness of internal controls.
  • Business Continuity and Disaster recovery testing

Information Security Analyst

Primetech Associates
, NV
12.2021 - 12.2022
  • Conducted research on emerging cybersecurity threats and vulnerabilities
  • Assisted in the development of incident response plan and Risk analytics
  • Performed IT security assessment processes, including audit and organizational policy and standards review
  • Evaluated the design and operational effectiveness of IT General Controls and IT System Controls
  • Performed continuous risk assessment and defined the Internal Controls plan in collaboration with leadership to prepare for annual SOC 1 and SOC 2 audits
  • Conducted various internal compliance reviews, risk assessments, gap assessments or maturity assessments that were used to enhance the compliance program
  • Supported internal audits, identified, and corrected compliance issues, documentation shortfalls, and inefficiencies in clients third party vendors
  • Maintained and monitored progress of the IT Risk Profile including periodic reporting to management on potential security exposures and the corresponding mitigation activities
  • Reported on high risk vendors and ineffective controls and highlighting gaps

Cyber Security Risk Analyst

Ambercare
Woodbridge, VA
03.2020 - 12.2021
  • Applied Information Security knowledge to address vendor risks regarding IT and business implementations in a timely fashion
  • Establish a baseline of vendor risk, identify areas of potential exposure, developed and aligned vendor risk management strategies with Cardinal health’s goals and objectives, and execute program ensuring consistency.
  • Established and developed relationships with various members of the business and became knowledgeable about the respective IT environment controls and processes
  • Evaluated third-party business operations
  • Communicated and identified security gaps and recommended solutions for compensating controls to business managers as well as various members of leadership especially when issues needed to be escalated
  • Implemented best practices for risk analysis and developed awareness of emerging trends and new threats
  • Mediated between vendors and business leaders utilizing knowledge of IT risk within the organization
  • Analyzed third party vendor IT risks – risk assessment and audit

Third-party Risk Analyst

Wawa Inc
Philadelphia, PA
12.2017 - 02.2019
  • Participated in ongoing risk assessment processes and assisted in developing and executing a dynamic audit plan to address substantial risk areas within client's sales and marketing functions
  • Identified and mitigated risks to the program
  • Supported the evolution and continuous improvement of Third-Party Risk Assessment processes, including the development and maintenance of procedures, artifacts, and metrics to be used in the assessment of potential and existing third parties
  • Collaborated with other non-IT compliance functions (Human Resources, Finance, Development, others) for organizational compliance requirements
  • Completed monthly and quarterly compliance assessments and reporting
  • Verified that policies and procedures were updated to reflect implemented improvements and complied with relevant compliance standards
  • Supported the lead auditor with generation of an audit report to include audit findings and details of areas reviewed
  • Conducted advisory reviews on the identified risk areas

Education

Bachelors - Computer Science

University of Lagos
Lagos State Nigeria
01.2010

Skills

  • ITGC and frameworks: ISO-27001, PCI-DSS , RMF and SSAE 18
  • ServiceNow
  • Vendor Risk management /Third Party Risk Analyst
  • GRC
  • MicroSoft Azure , Excel
  • Regulatory Compliance and Documentation
  • Business Continuity and Disaster Recovery
  • Vendor Risk management /
  • Incident Response/Cyber Threat Intelligence
  • Data analytics and visualization
  • Managing Security Breaches
  • Reporting and Documentation

Certification

CISSP in progress

Timeline

Information Security Analyst (Contract)

NUGA Financials
01.2023 - 09.2023

Information Security Analyst

Primetech Associates
12.2021 - 12.2022

Cyber Security Risk Analyst

Ambercare
03.2020 - 12.2021

Third-party Risk Analyst

Wawa Inc
12.2017 - 02.2019

Bachelors - Computer Science

University of Lagos

Similar Profiles

CREATE PROFILE
Samuel Sewonuga