Sultan Yesufu

Results-driven IT Compliance & Security Analyst with 6 years of experience spanning IT Support, Cybersecurity, and
Governance. Skilled in regulatory compliance (HIPAA, PCI DSS, SOX, ISO 27001, NIST CSF), audit readiness, risk
assessment, and threat analysis. Proven ability to leverage security tools and cross-functional communication to
enhance IT security posture.

• CISA - Certified Information Systems Auditor, Passed on, 04/10/2024
• CompTIA Security+, Expected completion, 08/2024
• Google CyberSecurity Certificate, Expected completion, 09/2024
• Professional Scrum Master https://www.credly.com/badges/a15adbb8-8586-40cf-9fcd-41716575a3af/public_url
• Professional Scrum Product Owner https://www.credly.com/badges/fb949ee0-ba66-44e3-ba17-50596d3fa590/public_url
• The Definitive GRC Analyst Master Class Serial number cert_ht9phqcg
• Cybersecurity Internship Program Serial number 2022027
• Introduction to Cyber Security Learning Path https://tryhackme-certificates.s3-eu-west-1.amazonaws.com/THM-RUKJJUCZFG.png
• Pre Security Learning Path https://tryhackme-certificates.s3-eu-west-1.amazonaws.com/THM-DZ2FZSWFEH.png

Data Privacy Project

Goal: Develop and implement a comprehensive global data privacy program to ensure compliance with all applicable data protection regulations.

Scope: The project covers all aspects of data privacy, including policy development, employee training, data handling procedures, data classification, compliance auditing, and incident management across all global offices.

Key Tasks

Policy and Guidance Development:

• Review and update all data protection policies and guidelines.
• Centralize data privacy processes and implement a framework using OneTrust.

Training and Awareness:

• Develop and deliver comprehensive training programs for employees at all levels.
• Ensure that data privacy is embedded in the company culture through regular communications and awareness campaigns.

Collaboration with Key Departments:

• Work closely with Legal, HR, IT Security, and Business Leaders to integrate data privacy considerations into new projects, products, and initiatives.
• Act as a liaison to the Information Governance Committee.

Compliance and Auditing:

• Conduct systematic compliance audits and assessments across all offices.
• Report findings and implement robust, time-bound remedial plans.

Monitoring and Adapting to Industry Trends:

• Continuously monitor the industry landscape for evolutions, trends, and best practices.
• Adjust policies and practices accordingly to remain compliant and proactive.

Incident Management:

• Handle data privacy-related inquiries and issues in conjunction with HR and Legal.
• Manage the process for data subject requests, including the right to be forgotten and withdrawal of consent.

Outcome:

the project ensured compliance and embedded a strong data privacy culture within the organization, contributing to its overall success.

Risk Assessment and Mitigation Project

Goal: Conduct a comprehensive risk assessment and develop a mitigation plan to identify, evaluate, and address potential risks to the company's data, systems, and operations.

Scope: The project encompasses all business units and regions, focusing on identifying risks related to data privacy, cybersecurity, regulatory compliance, and operational continuity.

Key Tasks

Risk Assessment Planning:

• Assemble a cross-functional team including representatives from IT Security, Legal, Compliance, HR, and Business Units.
• Define the risk assessment framework and criteria using industry standards such as NIST CSF and ISO 27001.

Identification and Evaluation of Risks:

• Conduct a thorough analysis of the company's data assets, systems, and processes.
• Identify potential risks including data breaches, cyber-attacks, regulatory non-compliance, and operational disruptions.
• Evaluate the likelihood and impact of each identified risk.

Risk Mitigation Strategy Development:

• Prioritize risks based on their potential impact and likelihood.
• Develop and implement mitigation plans for high-priority risks, including enhancing cybersecurity measures, updating data privacy policies, and improving incident response protocols.

Collaboration and Integration:

• Work closely with IT Security to implement technical controls such as firewalls, encryption, and intrusion detection systems.
• Partner with Legal and Compliance to ensure all regulatory requirements are met and integrated into the risk management framework.
• Engage with HR to develop and deliver training programs on risk awareness and best practices.

Monitoring and Continuous Improvement:

• Establish a continuous monitoring process to detect and respond to emerging risks.
• Regularly review and update risk mitigation plans based on new threats, regulatory changes, and business developments.
• Conduct periodic risk assessments to ensure the ongoing effectiveness of the risk management program.

Outcome

The project safeguarded the company's assets and operations and positioned it as a leader in risk management among competitors.