BABATUNDE AJAYI, CISM, CISA, CompTIA
Education:
Bachelor's degree
Business Administration
Crown Polytechnic
2010 : 2015
Experience:
Began vendor reviews by engaged in kickoff /IRP call with Business units to gather information about
TPP, and Sent out/review Scoping documents from the BURM to determine the inherent risk before
launching out questionnaires to vendors for completion.
Lead planning, development, and implementation of all risk frameworks / measurement methodologies,
policies, standards, and procedures specific to the needs of the enterprise. Ensure adherence to global
regulatory compliance requirements within risk and policy frameworks.
Reviewed and analyzed vendor service profile standardized information gathering SIG questionnaire
artifact during onboarding and periodic assessment.
Conduct privacy impact analysis to determine privacy compliance status for cloud solutions with PII’s
based on Bank of the West definition compliance with General Data Protection Regulation, tested for
the Operating Effectiveness of IT security controls in cloud vendor environment
Reviewed vendor SOC 2 Type 2 report, Info Sec, PCI DSS, ISO, Penetration test report, and vulnerability
scan report.
Leverage standard frameworks such as NIST, ISO, Policies standard and produces to recommend.
mitigating control to meet regulatory requirement specifically SOX, CCPA, GDPR, HIPAA, PCI DCC.
Collaborated with Legal, Vendor Management, Information Security, to meet practices and application
laws and regulation.
I engaged in our Network Security Assessment where I review Network Diagram, firewall rule, IPS/IDS,
NAC, System Hardening, Wireless network and Log Retention in order to ensure they are suitably
implemented.
Designed processes for collecting and documenting vendor evidence.
I Updated all necessary documents into share drive and into Archer.
Drafted report in SharePoint after due diligence and monitored identified risks to remediation.
I tracked Vendor performance through BitSight tool.
2022 : Present
Bank of the West
Third Party Risk Assessor/Information Security Assessor (Client)
• Perform initial risk assessment, identify, calcify inherent risk and prioritize risk management to meet the business needs
• Review and analyst vendor service profile standardized information gathering SIG questionnaire artifact during onboarding and periodic assessment
• Review vendor SOC 2 Type 2 report
• Review vendor ISO27001 Certificate
• Review vendor Penetration Test Report
• Review vendor hardening standard
• Leverage standard frameworks such as NIST, ISO, COBIT, Policies standard and produces to recommend mitigating control to meet regulatory requirement specifically SOX, CCPA, GDPR, HIPAA, PCI DCC
• Develop tactical actionable timeframe to compliance issues are remediated and evidence to close finding documentation
• Guild stakeholder as it relates to data minimization, tokenization, Encryption, data pseudonymization and anonymous to ensure appropriate security around PII
• Collaboration with Legal, Vendor Management, Information Security, to meet practices and application laws and regulation
• Assist management in the evaluation of new technology service providers and third-party service providers
• Develop, Implements, Monitor and report performance measures that demonstrate value and ensure vendor performance
• Conduct privacy impact analysis to determine privacy compliance status for cloud solutions with PII’s based on Lincoln definition compliance with General Data Protection Regulation.
• Tested for the Operating Effectiveness of IT security controls in cloud vendor environment.
• Designed processes for collecting and documenting vendor evidence.
• Performed risk assessment on third party cloud service provider to ensure data safety and security.
• Executed phases of testing schedules and conducted substantive testing.
• Maintaining internal risk register to track and monitor identified risks to remediation
2017 :
Laketech Solution LLC (supporting different clients)
Third Party Risk Assessor
Company: Bank of the West
Years of Experience: 7
● An accomplished Third-Party Risk Analyst/ Risk Assessor with over 6 years of experience in Cyber Security and good mastery of third-party vendor risk assessment
Area of expertise
• Data Privacy
• PCI-DSS
• Human Resource Security
• Risk Assessment
• Information Security Management
• Disaster Recovery
• Business Continuity
• HIPAA
• SOC2 Type2
• GDPR
• Access Control
• SOX
• NIST SP 800-53 rev4
• SOC2 Type2
• ISO 27001
• Risk Management
• Compliance
• End Use Device Security
• Application Security
● Possessed great knowledge in managing risk properly and understanding security requirements by supporting and monitoring the security posture of the business, including managing endpoint security, creating policy and procedure such as incident response, incident remediation, change management and Third-Party Risk Management program. proactive, dynamic, detail oriented, good listener, fast learner with good documentation skills, comfortable working in a team and independently with ability to adapt in diverse environments.
● Effective in Vendor Risk Mgmt, Assessment and Authorization, Vulnerability Mgmt and Patch Mgmt.
● Vendor classification as well as vendor selection. A result-driven professional with hands-on experience in analyzing SOC reports, security documentations and evidence, risk assessment reports and risk treatment plan. Adapt in compliances review, policies creation and audit support.
● My goal is to maintain Confidentiality, Integrity Availability, and Privacy.