Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

KENNETH UBANI

Ontario,Canada

Summary

Cybersecurity SME with extensive experience in internal control design, vulnerability management, risk assessment, and third-party/vendor risk governance. Proven expertise in business continuity planning, disaster recovery, change management, SOX 404 compliance, SOC reporting, and secure application/system audits. Adept in secure system development life cycle (SDLC), agile methodologies, and information systems auditing. Brings hands-on experience with the development, deployment, and evaluation of cybersecurity solutions, along with a strong grasp of evolving regulatory frameworks, and IT compliance standards. Highly collaborative and effective in cross-functional team environments.

Overview

11
11
years of professional experience
1
1
Certification

Work History

Cybersecurity Consultant

McDonald’s Restaurant of Canada
Toronto, ON
05.2022 - Current
  • Reviewed and updated over 35 cybersecurity policies, ensuring compliance with NIST SP 800-53, ISO 27001, SOX.
  • Conducted third-party risk assessments for vendors, utilizing Shared Assessments SIG and reviewing relevant reports.
  • Assessed vendor risk questionnaires and coordinated with Legal, Procurement, and Privacy to determine risk scores.
  • Maintained vendor risk documentation in SharePoint, ensuring version control and timely updates.
  • Executed due diligence reviews on vendor documentation to identify weaknesses and communicated risks to stakeholders.
  • Drafted and presented detailed vendor risk assessment reports with findings and mitigation recommendations.
  • Reviewed vendor purchase requisitions, identifying those requiring enhanced due diligence based on risk factors.
  • Acted as Subject Matter Expert for Third-Party Risk Management program, advising on vendor risk and security policies.

Vulnerability Management Analyst

RONA INC
Etobicoke, ON
10.2020 - 05.2022
  • Executed end-to-end vulnerability management lifecycle, encompassing asset discovery, scanning, risk analysis, and remediation coordination using Nessus, Qualys, and Tenable.io.
  • Conducted daily reviews of infrastructure scan results, validating findings and assessing severity based on CVSS scores and business impact.
  • Collaborated with asset owners and technical teams to perform risk assessments on critical systems, assigning remediation timelines based on vulnerability criticality.
  • Generated and distributed vulnerability notifications to SMEs and system owners, facilitating timely triage within established SLAs.
  • Engaged with global cross-functional teams including penetration testers and security architects to validate and close high-risk vulnerabilities.
  • Delivered actionable vulnerability assessment reports and dashboards via Power BI and Excel, enhancing visibility for senior leadership.
  • Supported threat intelligence activities by cataloging Indicators of Compromise (IOCs) to improve proactive detection strategies.
  • Planned social engineering simulations to evaluate user awareness and coordinate targeted training based on engagement metrics.

Security Consultant – Identity and Access Management (IAM)

CWG Plc
Lagos, Nigeria
10.2016 - 09.2020
  • Designed and implemented access controls aligned with IAM best practices, ensuring secure user lifecycle management across enterprise systems.
  • Maintained and updated IAM policies and procedures to comply with ISO 27001, NIST SP 800-53, and SOX.
  • Conducted periodic access reviews using IGA tools such as SailPoint, reducing audit findings by over 30%.
  • Performed metadata validation during application onboarding, ensuring accurate mapping for over 100 critical systems.
  • Led access reconciliation to ensure consistency between system entitlements and IGA repositories.
  • Developed IAM governance metrics, tracking KRIs and KCIs, reporting via security dashboards to stakeholders.
  • Supported internal audits by preparing evidence artifacts and control narratives for compliance checks.
  • Assessed risks associated with elevated privileges and orphan accounts, continuously evaluating access vulnerabilities.

Security Support Analyst

CWG Plc
Lagos, Nigeria
09.2014 - 10.2016
  • Managed daily enterprise security operations by responding to user-reported incidents regarding access and system alerts across Windows environments.
  • Investigated and triaged security events using EDR, application control systems, and SIEM platforms, escalating high-risk issues as needed.
  • Participated in endpoint, server, and storage device deployment and patching; tracked vulnerability compliance with asset management tools.
  • Executed access management via Active Directory and Microsoft 365, including account provisioning and permission audits.
  • Performed identity-related tasks, troubleshooting authentication issues while monitoring access logs and managing secure password vaults.
  • Assisted in issuance, deployment, and renewal of PKI certificates to support system authentication and secure communications.
  • Supported antivirus rollout and endpoint hardening based on internal configurations, ensuring data protection measures were effective.
  • Created and maintained documentation and SOPs to standardize workflows, enhancing ITIL-based responses to recurring issues.

Education

MBA - Information Technology

University of Cumbria
UK
06-2025

Postgraduate Certificate - Cybersecurity Analytics

Mohawk College
Canada
04-2025

Diploma - Computer Science

Rivers State Polytechnic
Nigeria
07-2009

Skills

  • Risk assessment and management
  • Cybersecurity compliance and frameworks
  • Vulnerability management and assessment
  • Incident response and recovery
  • Third-party risk oversight
  • Project management methodologies
  • Endpoint security solutions
  • Identity and access management
  • Compliance with PCI DSS and GDPR
  • ISO 27001 certification adherence
  • Privacy regulation expertise
  • Phishing prevention strategies
  • Patch management processes
  • Security information and event management (SIEM)
  • Physical security measures
  • Risk assessment
  • Cybersecurity compliance
  • Vulnerability management
  • Third-party risk management
  • Technical documentation
  • Effective communication
  • Project management
  • Access control
  • Endpoint security
  • Security policy development
  • NIST frameworks
  • SIEM management
  • HIPAA compliance
  • PCI DSS compliance
  • Identity management
  • Firewall management
  • Compliance management
  • Configuration management
  • Vulnerability assessment
  • GDPR compliance
  • ISO 27001 compliance
  • Privacy regulations
  • Cybersecurity frameworks
  • Phishing prevention
  • Patch management
  • Compliance auditing
  • Mobile device security
  • Security information and event management

Certification

  • Certified Information Systems Auditor (ISACA)
  • Certified Ethical Hacker version (EC-Counsil)
  • Certified in Cybersecurity – (ISC)²
  • CompTIA Security+, Network+, A+
  • Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900)
  • Microsoft Certified: Azure Fundamentals (AZ-900)
  • AWS Certified Cloud Practitioner
  • PRINCE2 Foundation – Project Management
  • ITIL v4 Foundation – IT Service Management

Timeline

Cybersecurity Consultant

McDonald’s Restaurant of Canada
05.2022 - Current

Vulnerability Management Analyst

RONA INC
10.2020 - 05.2022

Security Consultant – Identity and Access Management (IAM)

CWG Plc
10.2016 - 09.2020

Security Support Analyst

CWG Plc
09.2014 - 10.2016

MBA - Information Technology

University of Cumbria

Postgraduate Certificate - Cybersecurity Analytics

Mohawk College

Diploma - Computer Science

Rivers State Polytechnic

Similar Profiles

CREATE PROFILE
KENNETH UBANI