Uwem Essien

• Drive execution and evolution of information security risk management program
• Work closely with functional teams to assess existing and new processes, providing guidance on control design and risk mitigation
• Conduct targeted risk assessments to identify strengths and weaknesses related to privacy, security, and compliance frameworks
• Execute risk-based operational audits focused on Cybersecurity and IT systems according to internal audit plan

Oversee implementation and maintenance of Enterprise GRC tool

• Collaborate with leads across Information Security team to measure and plan remediation for security risks
• Document and maintain workflows and procedures to identify gaps in risk posture
• Create and present risk posture reports and recommendations to leadership
• Perform ad-hoc assessments as needed
• Assist IT Audit Manager in risk-based IT audit and advisory activities to assess and provide assurance over IT risk universe
• Evaluate effectiveness of IT controls via testing to determine if controls are designed appropriately and operating as intended,
• Perform planning, fieldwork and reporting for IT audits, including preparing audit planning memos, developing and executing test steps, reviewing and analyzing evidence, identifying and assessing risks and control issues, and drafting summary memos and audit reports
• Be a trusted business advisor by developing business relationships and providing value-add assurance, advice, and insight to management on governance, risk, compliance, control improvement
• Work regularly and communicate effectively with IT, GRC, Product and Finance organizations, and business process owners to relay findings and recommendations, track and help drive remediation efforts to closure, advise on control requirements in design of new systems and processes, identify trends and insights, and continuously seek improvement opportunities matters, and key Company initiatives
• Conduct work efficiently and effectively, monitoring and communicating adherence to project timelines and departmental budget
• Familiarity with COSO, COBIT, NIST, ISO, and CIS frameworks

• Perform quantitative security risk analyses and recommend security enhancements to management
• Ensure IT operations comply with relevant regulations, industry standards, and best practices (e.g., GDPR, SOX, HIPAA)
• Oversee lifecycle of information security policies, including development, review, approval, and dissemination.
• Provide mentorship and guidance to peer analysts, supporting of Governance, Risk, and Compliance (GRC) capabilities and processes.
• Work closely with Senior Cybersecurity Analyst to create and manage security policies and documentation.
• Manage Vendor Risk Management Program, evaluating third-party vendor risks
• Evaluate data management processes to maintain data integrity, security, and privacy
• Communicate security risks and controls clearly and efficiently to both internal and external auditors.
• Collaborate with Compliance team to ensure accuracy of IT SOX documentation during process redesigns and system implementations
• Conduct risk assessments of applications and technology vendors based on defined frameworks
• Identify and assess potential IT risks, including cybersecurity threats, data breaches, and system vulnerabilities
• Review hardware, software, and network components to ensure they meet organizational and regulatory requirements
• Develop, coordinate, and implement security strategies to safeguard data from unauthorized access, alteration, or disclosure.
• Execute risk-based operational audits focused on IT systems and compliance with security requirements
• Conduct risk assessments and ensure prompt remediation of identified vulnerabilities.
• Lead review and remediation planning for ineffective information security controls.
• Review cybersecurity measures, including firewalls, encryption, authentication processes, and backup protocols
• Collaborate with various departments, including Cybersecurity, Telecommunications, Engineering Operations, Billing, Finance, Legal, Privacy, and Risk Management, to ensure security measures align with organizational goals.
• Implement, test, and continuously monitor effectiveness of both design and operational information security controls.
• Examine internal controls related to IT processes, including data access, data protection, and system management practices