Personal Profile
An Insightful, analytical and result-driven professional with IT background and unique blend of several years of experience across all areas of Information Security, IT Risk Control, Identity and Access management, SAP Security and GRC (Governance, Risk and Compliance) implementation and configuration. Develop and implement governance frameworks and policy standards which enhance information technology functions for oil and gas companies and high growth organizations propelling them towards revenue growth. Profound understanding of the IT Audit, COBIT, ISO Standards and Governance.
Skills Summary:
Soft Skills:
? Strong problem resolution and analysis skills.
? Fast learner, hard-working, self-motivated, pro-active and goal oriented
? Strong functional (business) and technical background.
? Ability to work in a "dynamic" environment.
? Reporting and Proposal writing skills with the ability to present to a large audience.
? Highly committed to responsibilities and display maturity with addressing clients’ concerns.
? Strong at processing and analyzing data while adhering to privacy policy and company procedures
? Competent in working alone or as a team member.
? Excellent oral and relationship skills with high focus on customer service.
? Ability to organize and manage multiple tasks according to priorities and respect deadlines.
? Creative in overcoming and adapting to new challenges.
IT Security, Governance and SAP Skills:
? Excellent in evaluation and analysis of IT controls, processes and risks
? SAP Security authorizations: Expert in User administration concepts and trace using Central User Administration (CUA), role development using Profile Generator (PFCG) and in resolving all kinds of security issues.
? Experience in management of SAP change request audit trails
? Ability the potential business dangers involved in the processes and also the risks connected with the SAP R/3 system environment.
? Proficient in Role administration using PFCG, user reports, authorization objects and use of PA20, PO13D, SUIM, SU01, SU53 , ST01, SU10, SE16 and other SAP T-Codes.
? Good knowledge of SAP GRC configuration and implementation, security design in different SAP domains, (HANA, BW, BI, EAM, PSS, BRM, ARM, ARA, APO, BPM, ESS/MSS, and Enterprise Portal, SCM, CRM) SOD tools, SOX, SAP ECC systems and SAP RFC security.
? Experienced in development, testing, implementation, support, and documentation of SAP Authorization & Security roles and objects, and management of SAP user accounts.
? Strong corporate governance, internal control, regulatory, technology, and team building skill set
? Knowledge of IDS (Intrusion Detection System) and IPS (Intrusion Prevention System)
? Ability to identify, analyze and resolve complex security issues and develop appropriate solutions.
? Proficient in Internal Audit quality assurance reviews, planning and execution of systems audits
? SOX IT compliance testing; IT Application and General Computer (GC) controls testing
? Application security testing and problem resolution.
? Support development and maintenance of the governance, risk and compliance management.
? Microsoft Operating Systems such as Windows 2000, XP, 2003, 7 and MS Active Directory
? Strong and in-depth knowledge of Application lifecycle management (ALM ), Software testing lifecycle, Identity and Access Management (IAM) related to policy, governance, tools and controls; SSL, SSO, VPN and reverse proxies.
? Working knowledge of industry frameworks such as ITIL for Service Management, ISO9001 for quality management systems and best practice methodology, ISO/IEC 27001 for information security management systems (ISMS) on sensitive company information, PMI for Project Management and COBIT for Governance along with standards governing permissible use of data such as FCRA and HIPPA.
? Strong computer skills in Microsoft Office applications
? Provide appropriate and timely implementation and maintenance of security controls, including the creation, implementation management of security profiles and roles for named users and processes related security additions, deletions and changes.
? Design, develop, test, install, customize and troubleshoot information security systems and solutions to ensure protection of IT assets, business functions and requirements.
Education
? SAP GRC 300 for 10.0
? SAP Security ADM940 and ADM950 (London, United Kingdom)
? Cisco Networking - MCGILL University, Montreal, QC, Canada
? Diploma in Computer Networking - CCTI, Lagos
? BSc. in Accounting - University of Lagos
Professional Work Experience
PAA CORP/DEVON ENERGY-CALGARY, AB CANADA 2015 to date
SAP/IT Security Project Consultant
? Work on different SAP Security and GRC configuration projects for oil and gas Companies.
? Execute short projects on oil and gas software testing and application life cycle for different oil and gas companies.
? Conduct investigations on violations and breaches of Corporate security policies and SOX compliance.
SUNCOR ENERGY-CALGARY, AB, CANADA 2012-2014
IT Security/SAP GRC Consultant
? Participated in designing and executing audit programs and testing procedures in accordance with auditing principles and IT security that ensure compliance, quality and operational processes are functioning efficiently, effectively and in accordance with company policy.
? Developed and maintained risk assessment program for business applications and processes.
? Directed and/or performed audits, assist with corporate audit process and provide supporting materials for audit and regulatory requests.
? Tracked and Ensured adequate and timely resolutions to all audit/review issues relating to security
? Produced metrics showing operational compliance with best practices
? Managed engagements by overseeing the identification of control objectives, the assessment of risk, planning, supervising, and executing control testing and documentation of IT General, Application, and Process controls.
? Effectively communicated audit and special project scope, status, findings and corrective action plans with all levels of management through verbal presentations and written audit and special project reports.
? Managed company’s IT assets and ensured that external compliance checks and audits related to data protection and Corporate assets are regularly performed.
? Mentored multiple analysts on testing of IT General and Application controls in support of IT security and audit engagements.
? Acted as educator between the internal and external vendors on compliance with regulatory requirements and policies in regard to data protection.
? Administered Risk Assessment methodologies using COBIT, Model Audit Rule, ITIL, key management indicators and alerts to identify and mitigate business risks and vulnerabilities.
? Coordinated and performed appropriate security awareness programs regularly for the company
? Analyzed and mitigated risk violation using SAP GRC 10.0 functionality;
? Reviewed user violations and reports submitted by other IT departments which include access privileges, SOD conflicts and user assignments;
? Performed SAP GRC Access controls, review and Audits (Sarbanes-Oxley specifics)
? Monitored and Reported Information security observations and operations in relation to protecting data storage, integrity and confidentiality.
ENCANA CORP./CENOVUS – CALGARY, AB, CANADA 2008 –2012
IT Access Management/Governance Analyst
? As a project team member, executed IT controls by implementing audit techniques to detect and remove unused applications. As a result, it saved the company over $300,000 on software licenses.
? Implemented IT general access controls in collaboration with Information Security and Internal Audit teams which added great value to the business.
? Created and managed access recertification’s and entitlement reviews for user and privileged access utilizing Active Directory and security groups.
? Participated in engagements to scope, facilitate, and perform procedures to prepare clients for external financial audits and compliance with the Sarbanes-Oxley Act (SOX) by overseeing the performance of risk analyses, documenting control gaps, developing action plans to address control gaps, and designing and executing test procedures based on the COBIT framework.
? IT GCC SOX Compliance – Recommended and implemented Data analysis to monitor inactive Network accounts for over 60days for fraud prevention.
? Performed internal and external IT risk assessments, conducted gap analysis against industry standards, and provided recommendations on mitigation options.
? Established IT compliance solutions based on company policies and standards, industry best practices, industry standards, and regulatory requirements.
? Defined and implemented IT operational practices and procedures and provided the practical background needed to successfully adopt the control environment that is required to comply with government regulations.
? Assessed information technology internal controls based upon the COBIT framework: IT general and application controls, information security, systems development, change management, business continuity, disaster recovery, computer operations, risk management and regulatory compliance.
? Participated in the assimilation and encryption of security information for a large Data Privacy and Protection project to assess the processes and procedures for safeguarding the integrity of confidential, proprietary, restricted, and highly sensitive identifiable information.
AJILON CONSULTING, MONTREAL, QC, CANADA 2006-2008
Senior System/SAP Security Analyst
? Offered support to Harley-Davidson and Hewlett Packard customers and employees on complex technical problems. Promoted to MERCK CORP service desk as IT Team Lead as a result of my dedication and excellent service. Administered different cases using various types of applications such as Active Directory. Performed SAP Access Controls and Risk analysis; Created SAP roles and Template. Configured and managed EAM in SAP.
? Participated in SAP GRC 5.3 end to end Implementation and configuration.
Professional Affiliations and Designations
? CISA & CIP designations in progress (Expected in 2015)
? Certified in ITIL Foundation - 2012
? Silver Member of ISACA (Information System Audit and Control Association, Inc.) 2009 to date
Personal Interests and Skills
Travelled across Western Europe, Scandinavian, Gulf countries, West and East Africa, learned other cultures, read novels. I was a Volley ball captain, Sports Coach and attend Gymnastics thrice a week.