Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Ekele Etumeahu

Calgary,Canada

Summary

I have a degree in Computer Science and several years of combined experience playing roles in the execution of Cybersecurity - Security Governance, Policy development and regular reviews/updates, Security Assessments, Enterprise Risk Mitigation, Threat and Vulnerability Management, Security Awareness and Training, Third-Party Security Assessments, and Compliance (PCI, NIST, ISO, GDPR, PIPEDA etc.). Seeking a role that promotes continuous growth as well as great value add to the organization.

Overview

15
15
years of professional experience
1
1
Certification

Work History

Sr, Cybersecurity Risk Advisor

Rogers Communications
04.2023 - Current


  • Led a team of Risk Advisors in evaluating critical risks (applicable in cloud and traditional environments), across several business units, ensuring accurate identification and resolution.
  • Enhance Security and governance practices, which involves the development, revision and updates to security policies and standards used organization wide.
  • Created a Cyber Risk Management Framework document, referencing NIST 800 SP, OSFI, ISO 27005, and ISO 31000, implemented organization wide for Rogers and its subsidiaries.
  • Defined processes for cyber rules of engagement for the project assessments prior to production deployment.
  • Lead threat modeling sessions with cybersecurity teams to identify and reduce security risks.
  • Created risk statement library, documented risk statements for every security requirement for projects and solution assessments. Drafted compensating controls library for policy exception process.
  • Led security and Privacy programs aligned with NIST CSF, ISO 27001 and CRTC telecom compliance standards to mitigate enterprise risk.
  • Keep management informed of risk status and update Jira dashboard for mitigation control progress.

Sr Cybersecurity Risk Analyst

Shaw Communications
07.2021 - 04.2023
  • Performed security risk assessments for Canada's largest telecom merger (Rogers and Shaw), ensuring effective security and risk management in integration projects.
  • Evaluated and assessed risks associated with exception to policy requests, ensuring compliance with organizational standards and mitigating potential negative impacts.
  • Offered recommendations to mitigate risk identified from security assessments/reviews.
  • Developed various security documentation and presentations for different audiences, use cases, processes, architectures and best practices across different projects and platforms.
  • Managed numerous projects, balancing business, and security needs. Collaborated with stakeholders to bolster organization's security.
  • Assessed emerging risks through ongoing research and monitoring of industry trends, proactively addressing potential threats before they materialized into significant issues.

Senior Consultant, Technology Risk Consulting

KPMG
12.2016 - 04.2020
  • Effectively spearheaded the execution of numerous cybersecurity projects, catering to both public and private sector establishments throughout Canada.
  • Conducted effective business process reviews, performed threat risk assessments, and evaluated security controls; based on ISO27001/ISO27002, PCI DSS, COBIT, COSO and NIST SP 800-53, to determine the organization’s security posture, cyber weaknesses, and provided appropriate mitigation strategies.
  • Managed a team of highly skilled consultants to deliver on control assessment, cyber risk & technology advisory services.
  • Oversaw the provision of IT Risk and Compliance services, which involved evaluating IT General Controls, and automated/application controls (embedded in ERP systems - SAP, Microsoft Dynamics, and Oracle Financials). Ensured compliance with Sarbanes-Oxley (SOX), and PCAOB.
  • As part of performing audits/reviews/risk assessments, identified significant risk factors, created detail reports outlining the findings, and proposed suitable remedial actions.
  • Conducted business continuity and disaster recovery audit of clients’ business including SCADA systems of big energy companies.
  • Sought to unravel clients’ primary cyber obstacles faced, through consultations and recommended feasible and cost-effective measure to address or resolve their cybersecurity concerns.
  • Covered both internal and external IT audits. Established audit scopes and objectives, created standard audit programs.
  • Managed the delivery of Service Organization Controls (SOC 1 & SOC 2) attestation for service organizations based on the relevant standards (CSAE 3416 & SSAE 18).

Senior Systems Security Analyst

Rhythtex Consulting
01.2014 - 07.2016
  • Reviewed application security and ensured separation of duties as well as compliance with business requirements.
  • Conducted comprehensive IT risk assessments covering the solution design, implementation and operation of the enterprise business applications and database to ensure that all key risks items were identified, and appropriate controls recommended and implemented in line with best practice.
  • Conducted PCI DSS (Payment Card Industry Data Security Standard) assessments in compliance with the 12 requirements of PCI for financial services including banks and electronic payments.
  • Worked with the security frameworks (NIST, ISO27001, COBIT, COSO), and conducted SOX compliance audits.
  • Managed team of IT professionals coordinated between in-house and client teams.
  • Performed post implementation review to ensure successful change was carried out as approved and without negative impact on existing systems.
  • Involved in the development and implementation of policies and procedures.
  • Applied System Development Life Cycle (SDLC) methodologies across acquisition of new systems.
  • Utilized Business process mapping; diagrams and flow charts to gain understanding of processes, people, and controls.
  • Followed up with clients to remediate risk findings.
  • Conducted vulnerability scans of clients’ network infrastructures, suggested risk mitigation controls.
  • Created and managed security incident response plans, ensuring swift and efficient organizational reactions to security incidents.
  • Involved in complete audit lifecycle, overseeing strategic planning, team development, reporting, evaluations, risk mitigation, and business development.
  • Experience in process mapping, documenting flowcharting, and narratives.

Systems Security Analyst

Rhythtex Consulting
01.2010 - 12.2013
  • Determined feasibility of new systems, drove enhancement of existing systems, and delivered system design in line with user needs.
  • Examined product paper from IT stakeholders, conducted vulnerability assessments of clients’ network infrastructures, and made risk mitigation recommendations.
  • Reviewed system controls, compiled reports on security breaches and its damage.
  • Provided training to clients on audit, controls, and security of UNIX operating system.
  • Ensured alignment of business functions with IT processes, drove efficiency, and investigated latest IT security trends.
  • Conducted back-up operations to ensure safety of computer files, rolled out source code management process, and recommended appropriate controls.
  • Compiled reports by utilizing SQL, ACL, and Excel. Monitored databases and tracked unauthorized changes.
  • Reviewed existing security architecture for improvements that aligned with evolving business needs while minimizing risk exposure.

Education

Bachelor of Technology - Computer Science

Federal University of Technology - Owerri
Nigeria

Skills

  • Cybersecurity Assessment
  • Enterprise Risk Management
  • Threat Modelling
  • Vulnerability Management
  • Governance Risk and Compliance (GRC)
  • IT Security & Infrastructure
  • Cloud Security
  • Cybersecurity Awareness

Certification

  • Certified Information System Security Professional (CISSP)
  • Certified Cloud Security Professional (CCSP)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Security Manager (CISM)
  • Certified in Risk and Information Systems Control (CRISC)
  • Cisco Certified Network Associate (CCNA) - Expired

Timeline

Sr, Cybersecurity Risk Advisor

Rogers Communications
04.2023 - Current

Sr Cybersecurity Risk Analyst

Shaw Communications
07.2021 - 04.2023

Senior Consultant, Technology Risk Consulting

KPMG
12.2016 - 04.2020

Senior Systems Security Analyst

Rhythtex Consulting
01.2014 - 07.2016

Systems Security Analyst

Rhythtex Consulting
01.2010 - 12.2013

Bachelor of Technology - Computer Science

Federal University of Technology - Owerri

Similar Profiles

  • Rutika Tawde

    Rutika TawdeRutika Tawde

    Manager - Business Controls at Rogers Communications Inc. (Rogers Bank)Manager - Business Controls at Rogers Communications Inc. (Rogers Bank)

  • Syed Rizvi

    Syed RizviSyed Rizvi

    Sales Representative at Rogers CommunicationsSales Representative at Rogers Communications

  • Gurkamal Singh

    Gurkamal SinghGurkamal Singh

    Sales Representative at Rogers Communications Inc.Sales Representative at Rogers Communications Inc.

  • LAKSHITA MAKKAR

    LAKSHITA MAKKARLAKSHITA MAKKAR

    Customer Support Specialist at Rogers CommunicationsCustomer Support Specialist at Rogers Communications

  • JULIE LANGLOIS

    JULIE LANGLOISJULIE LANGLOIS

    MEDICAL OFFICE ASSISTANT at West Springs MedicalMEDICAL OFFICE ASSISTANT at West Springs Medical

CREATE PROFILE
Ekele Etumeahu