Isioma Morakinyo
Toronto
Summary
Results-driven Governance, Risk, and Compliance (GRC) Business Analyst with over 7 years of experience in cybersecurity governance, third-party risk management, and regulatory compliance. Expert in configuring ServiceNow GRC modules (IRM, SIR, SecOps, TPRM, VR) to build risk registers, automate workflows, and deliver data-driven reports, aligning with ISO 27001, NIST CSF, GDPR, CCPA, and SOC2 frameworks. Proven leader in third-party risk management, leveraging tools like ServiceNow TPRM and FAIR-TAM to quantify risks and enhance vendor compliance. Proficient in Jira ticket triage and configuration, integrating Jira with ServiceNow for seamless GRC workflows, and creating dashboards to track risk management progression. Skilled in Agile/Scrum, leading cross-functional teams to implement GRC solutions, with familiarity in addressing AI-related risks such as LLM security.
Overview
9
9
years of professional experience
1
1
Certification
Work History
GRC Business Analyst
Royal Bank of Canada
03.2023 - Current
- Led third-party risk reviews for HSBC Canada acquisition, using ServiceNow TPRM to identify vendor control gaps, analyze pen test results, and track remediation, ensuring compliance with ISO 27001 and GDPR.
- Triaged 150+ monthly Jira tickets for cybersecurity controls (e.g., NIST AC-1 for access policies, AC-2 for account management), using filters and labels to route tickets to IAM and incident response teams, reducing misrouting by 25% and resolution time by 20%.
- Configured Jira-to-ServiceNow integration using APIs and webhooks, automating ticket creation for vulnerabilities and policy violations in ServiceNow GRC (IRM, SIR), reducing manual effort by 30% and improving data sync by 40%.
- Built ServiceNow and Jira dashboards to track risk remediation progress, displaying metrics like open tickets by severity and compliance status for NIST/ISO 27001 controls, improving audit readiness by 95%.
- Applied FAIR-aligned methodologies to quantify vendor risks, presenting actionable reports to senior leadership, enhancing audit readiness.
- Designed risk tracking processes for Threat and Risk Assessments (TRAs) using ServiceNow IRM, meeting ISO 27001 and SOX requirements, reducing compliance gaps by 20%.
- Collaborated with Legal and Procurement to embed security and privacy clauses in vendor contracts, aligning with GDPR and CCPA requirements.
Senior Business Analyst
Economical Insurance
03.2019 - 03.2023
- Configured ServiceNow GRC (TPRM, VR, IRM) to manage vendor and cybersecurity risks for Guidewire implementation, designing automated workflows with Flow Designer to support risk treatment plans, reducing manual effort by 30%
- Developed Confluence documentation for GRC processes, creating risk registers, TRA guides, and vendor compliance playbooks, improving stakeholder alignment by 25% and ensuring ISO 27001/SOC2 compliance.
- Triaged 50+ JSM tickets monthly for compliance and cybersecurity issues, using filters and confluence-based process guides to route to risk and IT teams, improving triage efficiency by 15%.
- Created ServiceNow dashboards to monitor TRA and vendor risk metrics, tracking open vulnerabilities and compliance status, reducing open risks by 15% in six months and supporting audit readiness.
Senior Business Analyst
Gore Mutual Insurance
08.2017 - 03.2019
- Facilitated TRA workshops and gap analyses to support regulatory system enhancements, ensuring timely risk closure.
- Conducted vendor risk assessments during system enhancements, reviewing audit reports and penetration test results to ensure compliance with ISO 27001.
- Developed Excel-based risk assessment matrices to improve policy and claims processes, aligning with industry standards.
- Used Confluence to document risk processes and collaborated with technical teams to maintain data integrity and compliance with cybersecurity frameworks.
Business Analyst
Freedom Mobile (Formerly Wind Mobile)
09.2016 - 08.2017
- Triaged Jira tickets for system launch risks, using prioritization rules to route issues to technical teams, improving resolution efficiency by 10%.
- Supported system launches by conducting readiness testing and resolving risks using Jira and Confluence.
- Contributed to incident management and process documentation, improving system performance.
Education
Postgraduate Diploma - Business Analysis & Process Management
Sheridan College
Mississauga, ONBachelor of Arts - International Development
York University
Toronto, ONSkills
- GRC Tools: ServiceNow GRC (IRM, SIR, TPRM, VR, SecOps); RSA Archer; Safe Security; FAIR-TAM
- Frameworks: ISO 27001, NIST CSF, SOX, GDPR, CCPA, SOC2, ISO 27002
- Risk Management: Threat and Risk Assessment (TRA), Risk Registers, Enterprise Risk Management (ERM), Privacy Risk Assessments
- Compliance: Policy Review, Audit Support, CISO Metrics, SOC Reporting
- Governance: Cybersecurity Metrics, TRA Reporting, Process Optimization, Vendor Contract Negotiation
- Tools: Flow Designer, Zip, Excel Risk Matrices, Jira (Ticket Triage, Configuration, Integration), Confluence, MS Office Suite
- Methodologies: Agile/Scrum, Project Management (PMP)
Languages
English
Full Professional
Certification
- Project Management Professional (PMP)
- Certified Information Systems Auditor (CISA)
- Professional Scrum Master (PSM), Scrum.org
- Professional Product Owner (PSPO), Scrum.org
Timeline
GRC Business Analyst
Royal Bank of Canada
03.2023 - Current
Senior Business Analyst
Economical Insurance
03.2019 - 03.2023
Senior Business Analyst
Gore Mutual Insurance
08.2017 - 03.2019
Business Analyst
Freedom Mobile (Formerly Wind Mobile)
09.2016 - 08.2017
Postgraduate Diploma - Business Analysis & Process Management
Sheridan College
Bachelor of Arts - International Development
York University
Additional Information
- Eligible to work in Canada without sponsorship
- Available for remote or hybrid work in Toronto, completing RBC contract in [Month/Year]
- Knowledgeable in AI security risks, including prompt injection and data privacy challenges in large-scale data environments