Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

UYI OSUNDE

CHICAGO,IL

Summary

IT Security Analyst with over 5 years of experience in risk assessments, security policy development, and compliance with PCI and HIPAA. I have successfully implemented risk mitigation strategies that significantly reduced organizational vulnerabilities. Additionally, I developed security training programs to enhance employee awareness and foster a culture of security. I stay up-to-date with industry standards and regulations to ensure best practices in information security.

Overview

5
5
years of professional experience
1
1
Certification

Work History

Compliance Analyst

New York University
NY
08.2023 - 01.2024
  • Provided security assessments that included reviewing policies, identifying and mitigating risks and vulnerabilities
  • Established and managed compliance programs to ensure adherence to applicable regulations
  • Auditing of major applications within health systems and assessing control gaps
  • Implement corrective actions and improvements based on vulnerabilities and threats
  • Evaluate third-party vendors' security and compliance practices to minimize potential risks, establish vendor risk assessment processes and monitor vendor compliance with contractual obligations to ensure that vendors meet the organization's security and data protection requirements
  • Conduct IT security and compliance training for employees to promote a culture of security awareness
  • Provided regular updates and reports to senior management on risk and compliance status in a clear and understandable manner.

Information Security Analyst

Acentia
Falls Church, VA
02.2021 - 07.2023
  • Conducted IT controls risk assessments that included reviewing organizational policies, standards, procedures and guidelines
  • Developed audit and performed the general Computer controls testing, identified gaps, developed remediation plans, and presented final results to the IT management team
  • Conducted IT general controls risk assessments as well as risk auditing with frameworks like HIPAA, PCI and ISO 27001
  • Conducted meetings with IT client team to gather evidence, developed test plans, testing procedures and documented test results and exceptions
  • Conducted Business Impact Analysis (BIA) to identify high risk areas where audit effort will be allocated to
  • Conducted walkthrough, formulated test plans, documented gaps, test results and exceptions, and developed remediation plans for each area of testing.

Compliance Specialist

Forest Pharmaceutical
Cincinnati, OH
02.2020 - 01.2021
  • Provided HITRUST and SOC2 control advisory services on various projects
  • Assisted with the development of contingency plans in response to identified threats and vulnerabilities
  • Recommended ways to control and reduce risk
  • Documented and communicated key risks
  • Worked with SIG (Standard Information Gathering) questionnaire, as well as other information security documentation for vendor risk assessment
  • Validated evidence from vendors, before Remediation Plans are closed
  • Performed peer reviews on completed assessments for quality assurance
  • Escalated issues associated with vendors as needed to management decision
  • Performed risk and security assessment and evaluated results with system owners.

Information Security Analyst

Washington Hospital Center
Washington, DC
01.2019 - 12.2019
  • Performed control risk assessments that included reviewing hospital policies, SOPs, procedures and guidelines
  • Performed Vendor/3rd party security Risk Assessments to assess the effectiveness of cloud vendor's controls against ISO 27001, HIPAA and NIST 800-53rev4
  • Developed remediation plans with regards to the results of the HIPAA security/meaningful use assessment
  • Participated in regular meetings with technical staff to discuss current threats and vulnerabilities
  • Implemented access control measures to ensure data confidentiality and integrity
  • Created reports outlining findings from security audits, incident response activities, and other related processes
  • Review and analyze SOC 2 Type II reports of 3rd parties and data centers
  • Assist with the updates of security documents such as policies, standards and operational procedures.

Education

Bachelor of Computer science -

Skills

  • Risk Management Framework
  • Vendor Risk/Third party Risk Management
  • Create POAM for corrective actions from Vulnerability scanning
  • Compliance Testing
  • Policy writing & review
  • HIPAA security assessment
  • HITRUST
  • NIST Security Standards
  • Risk monitoring and remediation activities
  • Review and update MOU (memorandum of understanding) and ISA (Interconnection security document)
  • Good project management skills
  • Flexibility to multi-task, work independently or share workloads and deal with sudden shifts in project priorities
  • Review and analyze SSAE18/SOC2 Type II reports
  • Security Awareness and Training
  • Excellent communication skills
  • Risk reporting (KRI, metrices, etc)

Certification

Actively working toward CISSP

Timeline

Compliance Analyst

New York University
08.2023 - 01.2024

Information Security Analyst

Acentia
02.2021 - 07.2023

Compliance Specialist

Forest Pharmaceutical
02.2020 - 01.2021

Information Security Analyst

Washington Hospital Center
01.2019 - 12.2019

Bachelor of Computer science -

UYI OSUNDE