Kom-Abasi OKON
Cambridge,ON
Summary
Information technology specialist with 10+ years serving diverse industries from Digital Banking to FinTech, Telecommunications to Insurance, Education to Consulting firms (Deloitte, KPMG, IBM, EY), understanding change management and software development processes, complex IT architecture and security measures and tools, designing cyber security frameworks, policies, SOPs, improving and automating vulnerability and patch management, cybersecurity asset management, change and incident management, overhauling Identity and Access administration (IAM/PAM), cybersecurity operations in Agile DevOps/environments and leading complex cybersecurity projects and scrum teams. Possessing this broad experience and securing organizations’ cyber infrastructure and digital assets necessitates providing management and leadership with guidance and expert advice on matters of cybersecurity as well as leading a team of emotionally intelligent professionals, articulating business-impacting risks, providing guidance, and aligning with business goals, successfully collaborating with leading consulting and government regulators to deliver stellar technology solutions and conduct audits for financial as well as medical service providers across continents. As a team player and a servant-leader, these are integral to the provision of positive change to organizations.
Overview
14
14
years of professional experience
Work History
Information Technology Business Analyst
EXPEDIER INC.
04.2023 - Current
- Selection and implementation of required certifications – ISO, PCI DSS - based on business and regulatory requirements and frameworks, providing support to internal and external teams
- Improve and enhance access management workflow, understanding access requirement and developing reference guides
- Developed and improved cyber security roadmap for digital financial transactions and entities, development of security architecture solutions.
- Led workshops aimed at increasing employee proficiency in key software applications, resulting in higher productivity levels overall.
- Managed projects from inception through completion, consistently delivering on-time and within budget constraints.
- Streamlined operations with the implementation of custom IT systems tailored to company objectives.
- Implemented security measures to safeguard sensitive information while maintaining compliance with regulatory requirements.
- Served as an integral team member on large-scale IT initiatives by contributing valuable insights gleaned from years of industry experience.
Information Security Manager
MoMo Digital Bank
02.2022 - Current
- Developed and reviewed account provisioning and end user playbooks/SOPs, Policies, budget, security tools, system administration and monitoring, threat and vulnerability management, security documentation, patch management, penetration testing, and cloud security
- Selection and implementation of security technologies, tools, solutions, vendors, controls based on the NIST, OWASP, CIS, PCI DSS and ISO 27001 standard, regulations/Cybersecurity framework
- Grew, trained and matured a team of developers, ensuring proficiency in secure coding, previously non-existent
- Improving the onboarding of end points on EDR (SOC) and AV for security monitoring to 100% MOM
- Improving SAAS development and deployment by 25%, partnering with business teams and stakeholders to perform penetration test/code scans (Static and Dynamic- SAST, DAST, VAPT tools) to support agile development using project/technical requirements, identifying security gaps, recommending controls
- Directed a holistic overhaul of cybersecurity protocols across multi-site operations, reducing security incidents by 58% through the strategic deployment of advanced threat detection tools, root cause analysis evaluations and rigorous staff training and awareness programs
- Prepare and/or deliver IT Security threat, vulnerability and/or risk briefings to steering committee and the Board
- Collect, collate, analyze and disseminate public domain information related to network computer threats and vulnerabilities, security incidents and incident responses
- Develop tailor-made scripts for system and database scans, analyze scan results to identify vulnerabilities, assess associated risks and impacts, propose solutions, and estimate the effort needed for remediation actions
- Spearheaded the development and enforcement of comprehensive security operations and protocols, resulting in a 68% reduction in security breaches over 18 months, mirrored across 15+ international company locations by utilizing encryption, endpoint security, and continuous monitoring strategies.
Information Technology Business Analyst
FSDH MERCHANT BANK
04.2021 - 01.2022
- Conducted periodic reviews of system security logs and perform access audits based on incidents or governance routine reviews, as part of improving the cybersecurity GRC
- Automated daily business reviews using data warehousing technologies to ensure adequate reporting to relevant stakeholders as required, improving TAT for business units by 23%
- Handled user awareness and training to enforce security best practices organization wide
- Configured workflows for auto provisioning, prepared scripts to detect and remove stale, orphaned, duplicate accounts
- Conduct assessments on departmental solutions and provide a risk and impact-based observations.
- Offered input for complex documents to support client-ready final versions.
- Oversaw document development across project workstreams to create internal control statements per compliance and regulatory standards.
- Collaborated with upper management to drive strategy and implement new processes.
- Analyzed existing systems and databases and recommended enhancements to solve business needs
- Performed internal system acceptance to deliver well-tested enhancements and meet business requirements.
Information Technology Business Analyst
FIRST BANK OF NIGERIA
01.2021 - 04.2021
- Collaborated with the information security team in reviewing vulnerabilities across servers/applications in use by the Bank and reporting to Steerco/management
- Designed KPIs and metrics for all IT, Security vendors and service providers, enforcing the SLOs and SLAs in line with NDAs, and applying penalties where breached
- Conducted user acceptance tests/assessments with all relevant stakeholders to ensure that applications perform up to development specifications and provide risk and impact-based observations
- Directed the integration of advanced threat detection systems into the existing IT infrastructure, safeguarding sensitive data across 500+ national branches and reducing system exposures by 33%.
- Enhanced system functionality for increased efficiency through detailed analysis of user needs and software capabilities.
- Continuously researched emerging IT trends to stay current with industry developments and recommend innovative solutions for business challenges.
- Served as an integral team member on large-scale IT initiatives by contributing valuable insights gleaned from years of industry experience.
- Improved business processes by analyzing system requirements and implementing IT solutions.
- Reduced costs with thorough evaluation of existing systems and implementation of cost-effective upgrades.
- Facilitated seamless integration of new technologies into existing infrastructure, minimizing disruption to daily operations.
- Assisted in the selection and acquisition of suitable hardware/software tools based on the needs of the organization.
- Optimized workflow by identifying bottlenecks and recommending process improvements, driving greater productivity.
- Collaborated with cross-functional teams to deliver comprehensive IT solutions, resulting in improved organizational performance.
- Maintained strong relationships with vendors and stakeholders, fostering a cooperative environment for project success.
- Maximized end-user satisfaction through diligent troubleshooting, ensuring timely resolution of technical issues.
- Developed high-quality documentation, providing clear guidance for future system enhancements and maintenance.
Information Security Engineer
FIDELITY BANK PLC
07.2015 - 12.2020
- Improved process of user access management using previous experience in database administration resolving audit exceptions around improper user administration and profile management
- Delivered privilege access management project – Thycotic to improve Admin user access management on Bank’s endpoints
- Regular reviews to enforce least privilege principle in user administration
- Conducted on-site assessments and analysis of user access logs for privilege creep and escalation
- Managed user lifecycle for Entrust MFA including integrations to CBA and other applications, enforcing non-repudiation
- Lead vulnerability management, ensuring 100% MoM compliance with patching KPIs across Banks’ servers and all endpoints, reducing cyber risks.
- Collaborating with security operations team in triaging and closing security incidents based on SLA.
- Collaborated with cross-functional teams to align security protocols with business objectives.
- Represented company's technical security interests to partners to provide bi-directional flow of technical information and best practices in information security.
- Implemented multi-factor authentication processes for enhanced access control and user management.
- Created detailed reports for executive leadership, clearly communicating complex technical findings in accessible manner.
- Streamlined patch management processes to ensure timely updates and reduce system vulnerabilities.
- Led penetration testing exercises to proactively identify vulnerabilities before they could be exploited by malicious actors.
- Contributed to developing company-wide security policies, fostering adherence across all departments.
- Performed and reviewed technical security assessments of applications and infrastructure to identify points of vulnerability and non-compliance with established information security standards and recommend mitigation strategies.
- Performed risk and vulnerability assessments and provided results and recommendations to senior management.
Information Technology Business Analyst
Royal Exchange Insurance
08.2010 - 07.2015
- Improved business processes by analyzing system requirements and implementing IT solutions.
- Maximized end-user satisfaction through diligent troubleshooting, ensuring timely resolution of technical issues.
- Enhanced interfaces to promote better functionality for users.
- Analyzed existing systems and databases and recommended enhancements to solve business needs
- Developed diagrams to describe and lay out logical operational steps.
Education
Bachelor of Engineering Technology - Computer Engineering
University of Uyo
Skills
- ServiceNow Jira Power BI
- User Acceptance Testing Functional specifications
- IT Infrastructure
- Requirements Gathering Business process modeling
- Information Security
- Application design System Validation Design
- Stakeholder Management Customer Support
- Use Case Analysis IT Performance Reports
- Technical Writing Project Documentation
- Systems Analysis Technical Analysis
- User Awareness: Cofense, Ironscales
- Digital collaboration: Teams, sharepoint
- Cloud Administration: AAD, Ansible
- DevSecOps: Puppet
- SDLC: Software development life cycle
- OS: RHEL, Linux, Windows Server
- Database Administration: SQL, Oracle, MongoDB
- Asset management: Lansweeper, Nmap, ITOP, ITAM
- Database security: CIS, ISO, NIST
- Technology Operations (IT-OPs): Budgeting, talent recruitment
- Incident & Change management: ServiceNow
- Agile/Project management: Scrum, Jira
- DAM: Imperva, SQL Developer, Oracle forms
- Network Security: IDS, IPS, Web filtering
- Firewall Security: F5, Palo Alto, Fortinet
- Regulatory requirements: PIPEDA, SOX, HIPAA
- UTM/Threat Intelligence: Digital shadows, Intsights CTI
- Risk assessment, management, and mitigation: NIST, ISO 27001
- Security frameworks: ISO, ENISA, ISA-62443, COBIT, ITIL, PCI DSS, HIPAA, PIPEDA
- Identity and Access Management IAM: SSO, Entrust, AD, LDAPS, MFA, Audits, Access matrix
- Security Triage/SOC/Sec-OPs: SentinelOne, SIEM, ArcSight, SOAR, eDR, CrowdStrike
- Endpoint security: MDM, eDR/xDR, AV, MAM, MDATP, EOP, ATA, AV, Data Encryption
- Privilege Access Management (PAM): RBAC, BeyondTrust, Thycotic, CyberArk
- Vulnerability management: Qualys, Nessus, Coalfire, Rapid7, SCCM, PDQ Deploy
- Oracle SQL developer
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Accomplishments
- Awarded as best supporting back-office staff for the year
- Eliminated audit exceptions in identity and access management by process improvement for access de-provisioning and self-audit
- Introduced "hall-of-shame" for those who do not comply with clear desk and clear screen, thereby ultimately increasing compliance
Timeline
Information Technology Business Analyst
EXPEDIER INC.
04.2023 - Current
Information Security Manager
MoMo Digital Bank
02.2022 - Current
Information Technology Business Analyst
FSDH MERCHANT BANK
04.2021 - 01.2022
Information Technology Business Analyst
FIRST BANK OF NIGERIA
01.2021 - 04.2021
Information Security Engineer
FIDELITY BANK PLC
07.2015 - 12.2020
Information Technology Business Analyst
Royal Exchange Insurance
08.2010 - 07.2015
Bachelor of Engineering Technology - Computer Engineering
University of Uyo
Similar Profiles
Scott HuntScott Hunt
Volunteer at Family BusinessVolunteer at Family Business
Daviaan MajorDaviaan Major
Laborer at No Worries ServicesLaborer at No Worries Services
Matteo LeoneMatteo Leone
Vice President, Events at Ontario Student Trustees AssociationVice President, Events at Ontario Student Trustees Association
Josh ResendesJosh Resendes
Industrial Cleaner at Atlas SolutionsIndustrial Cleaner at Atlas Solutions
Nichole RomanowskiNichole Romanowski
Information Technology Business Analyst at Wells FargoInformation Technology Business Analyst at Wells Fargo