Profiles search

Muyiwa Funso

Information Security Risk Analyst | Cloud Security Assessor | CRISC | CISA | CISM | PMP | Active DoD Secret Clearance
Dallas, TX, United States

Details

Experience: •Organize each aspect of risk recertification and track assigned third-party relationships, leading comprehensive risk assessments for these organizations to note system threats, vulnerabilities, and risks

•Examine risks across systems, applications, and service providers using proven framework and resources

•Verify that third-party relationships operate per company, regulatory, and industry guidelines

•Devise the System Security Plan, Plan of Action, Milestones, Security Control Assessment, Contingency Plan, Incident Response Plan, Risk Assessment, Root Cause Analysis, policies/procedures, and security control baselines

•Ensure adherence to NIST, FISMA, and security guidelines and best practices

•Craft and monitor exit strategies and contingency plans for third parties, resolving operational concerns if needed

•Determine operational fitness for third parties, engaging in due diligence reviews

•Liaise with vendors to discuss findings discovered during onsite and virtual assessment processes, partnering with vendors to remediate risks in a timely manner

•Lead continuous assessment of tools onsite to validate security questionnaires from vendors, working to protect data across vendor sites

•Author complete risk assessment reports that detail assessment findings for business owners and the Vendor Management Office that are pertinent to the system

•Fixed vulnerabilities that presented during risk assessments and measured risk levels for each

•Engage clients in interviews to learn more about the security structure of their systems and help complete the Security Assessment Plan using NIST SP 800-53A

•Track third-party risks, noting concerns, gaps, exceptions, and mitigation plans for timely resolution; help clients understand why risks pose a threat and how mitigation or compensation can be impactful

•Examine the cyber security posture to measure functional and technical risks.

•Assume control over third-party technical reviews across the assessment life cycle.

2022 : Present

Deloitte

Information Security Risk Analyst

•Demonstrated savvy to delve into technologies/architectures used by third parties to understand impacts/risks

•Decided which information security requirements and practices to use in new technical and functional areas of assessment; present all findings to stakeholders across organizational levels

•Stayed apprised of industry trends and security threats to guide management in risk containment and mitigation

•Suggested viable process enhancements to refine vendor information security assessments and review processes

•Operated as a trusted coach and mentor to junior staff, educating them on cybersecurity applications and principles; review important standards to tie them into the security assessment process

•Studied emerging technologies and practices that are conducive to the continuous improvement of risk assessment

•Spearheaded comprehensive security assessments to measure risks in cloud, vendor and third-party hosted environments

•In addition, led virtual risk assessment to determine control efficacy on an ongoing basis

•Managed vendors seamlessly to achieve proper tiering according to data accessibility levels

•Escalated important third-party vendors' concerns regarding instances of noncompliance to the Vendor Management Office (VMO) for detailed review and follow-up

•Designed and upgraded suppliers’ questionnaires to cover all areas of new threat signatures

•Authenticated IT control implementations, performed risk-based audits, and engaged in controls walkthroughs

•Studied corrective action plans closely to validate remediation control and lead process follow-up

2022 : 2022

Johnson & Johnson

Information Security Risk Analyst

• Managed steps required for recertification of risks & tracking of assigned 3rd-party relationships.

• Developed, update and review System Security Plan, Plan of Action, and Milestones, Security Control Assessment, Contingency Plan, Incident Response Plan, Risk Assessment, Root Cause Analysis, policies and procedures, and security control baselines in compliance with NIST guidelines, FISMA and security practices.

• Conducted end-to-end risk assessment of Third-Party organizations.

• Ensured Third-Party relationships adhere to the company's policies, and compliant with regulatory guidelines and industry best practices.

• Monitored and assist with exit strategies and contingency plans for Third parties.

• Facilitated remediation of any Third Party-related operational issues as needed.

• Assessed operational fitness of assigned Third parties through due diligence reviews.

2016 : 2021

General Dynamics Information Technology

Third-Party Risk Assessor

•Responded to incidents and led thorough agency incident response as cyber incidents occurred

•Assessed threats and vulnerabilities in the network, noting deviations from acceptable configurations or policies

•Suggested mitigation strategies to alleviate downtime and ultimately, restore service; investigated incidents using attention to detail to determine how to best mitigate resulting vulnerabilities

2016 : 2016

US Army

Cyber Operations Specialist
Company: Deloitte

About

Confident, industrious IT Cybersecurity Professional with years of diversified industry experience. Excel as it pertains to consulting, insurance, finance, and other domains. Leader of third-party risk management, audit, security, and application control assessment processes. Excel amidst high pressure in fast-paced working environments. Well-versed as it pertains to information security, project management, risk assessment, due diligence, Sarbanes-Oxley Act (SOX), IT auditing, SAS70/SSAE18 attestation, IT general controls, and other areas. Expertise includes HITRUST, SIG, PCI-DSS, SOC 1 & SOC 2, NIST 800-53, NIST 800-37, and NIST 800-137, used to maintain a strong sense of confidentiality, integrity, and information systems availability. Presently in search of a role that will allow for ongoing career growth.



Risk Identification, Security Analysis, Cybersecurity, Internal Risk Assessment, Vendor Relations, Control Maintenance, Systems Control Design, Risk Monitoring, RSA Archer, Prevalent, ServiceNow, BitSight, NormShield, JIRA, MS Office, OneTrust, OWASP, Strong Work Ethic, Leadership, Teamwork, Communication, Strategic Planning, Compliance, Palo Alto Networks CSPM Prisma, Tenable Agent Nessus, Serverless Lambda, Virtual Machine, EC2, Containers, Custom Code, SIEM, Veracode, Snyk, Black Duck, AWS Cloud Security, Security ScoreCard, Security Compass, Lacework, Skybox, Nightfall, IronScale.