Summary
Overview
Work History
Education
Skills
Certification
Work Availability
Software
Accomplishments
SAP Expertise
Timeline
OfficeManager
SAMUEL OMOTAYO

SAMUEL OMOTAYO

Toronto,ON

Summary

Detail-oriented team player with strong organizational skills. Ability to handle multiple projects simultaneously with a high degree of accuracy.

Years of experience as an accomplished Solution/Security Architect, with a proven record of managing and delivering multiple assignments on time and within budget. Have excellent analytical, communication, written and presentation skills.

Demonstrates accountability, makes timely and appropriate security decisions on programs and multiple domains. Develop and build relationships and partnerships across the organization that will foster digital platform initiatives.

Actively participates in the security industry through working group, white papers and speaking at industry recognized conferences. Motivate and collaborate to create a team environment and enable team-based fulfillment of control objectives.

Provides coaching, direction, and leadership support to team members to achieve partners, business, and customer results. Stay up to date on developing trends in technology within and outside of your direct sphere of influence.

Provide technical leadership to product and development teams with a focus on high uptime, supportable, scalable, and cost-efficient cloud infrastructure.

Research and Introduction of new enterprise platforms that will improve our ability to drive innovation through improved availability, lower cost, scalability, and operational efficiencies.

Overview

20
20
years of professional experience
8
8
Certificate
3
3
Languages

Work History

Associate Manager IT Advisory & Assurance Services

Justenergy
Houston, TX
04.2022 - 03.2024
  • Ensured compliance in an international environment of business risks, controls, testing methodologies as they relate to financial reporting assurance and Bill198/SOX controls.
  • Assisted or led in advisory and assurance activities related to IT process, infrastructure, ITGC (Information Technology General Controls), and pre and post implementation reviews in accordance with accepted professional standards.
  • Performed initial planning, setting objectives, coordination with stakeholders, work-paper review, evaluation and reporting including understanding the requirements of the control suite and financial statements obtaining adequate and relevant documentation to substantiate control conclusions
    interpret supporting documentation, and adequately documenting design and operating effectiveness reviews including SOC1 evaluations.
  • Identified and documents internal control deficiencies and remediation plans, including monitoring progress and status of remediation plans.
  • Prepared clear and concise work papers to applicable professional standards. Interacted with external auditors and business partners on resolution of identified control failures.
  • Participated in walkthrough and update business process flows. Ensured SOX risks, controls and other documentation remains current while initiating and executing continuous improvement activities, as needed.
  • Partnered with IT business staff to ensure full understanding of data flow, security policies and procedures, data integrity, physical and logical system security
  • Gathered ad-hoc information requests and participates in strategic initiatives for business process improvement activities.
  • Assisted with learning and development material creation for cross-functional risk and control initiatives.

Governance Risk & Compliance Lead.

Infosys - College of American Pathologists (CAP)
Chicago, IL
01.2020 - 02.2024
  • Guides the evaluation of current cybersecurity principals, processes, and controls, and leads the evaluation of new technology using existing standards and frameworks
    Regularly provides technical guidance and direction to support the business and its technical teams, contractors, and vendors.
  • Created, maintained, and matured a comprehensive cybersecurity reference architecture for products to address near-, mid-, and far-term known and unknown needs.
  • Leveraged multiple security methodologies and approaches, enabling engineering teams to build and deployed products that are secure by default.
  • Worked with stakeholders and senior leaders to recommend business modifications during periods of vulnerability.
  • Served as function-wide subject matter expert in one or more areas of focus. Participates in security assessment engagements for new and existing products through the conduct of threat modeling and technical risk assessment in partnership with other teams
  • Contributed to the engineering community as an advocate of firm-wide frameworks, tools, and practices of the Software Development Life Cycle.
  • Influenced peers and project decision-makers to consider the use and application of leading-edge technologies.
  • Identified the right data sources and their characteristics to inform the required security metrics.
    Worked with security and technology leaders to identify security and policy-based metrics that align with security controls and risk posture.
  • Developed policies and procedures to structure the metrics and reporting framework. Maintain a mapping of security metrics to threats, risks and governance requirements.
  • Determined how to display the business logic in a transparent manner, highlighting any data fidelity issues, allowing stakeholders to easily understand assumptions and known gaps.
  • Designed creative UI to report the posture data and convey complex information to technical and non-technical audiences.
  • Established and oversee a governance process to ensure metrics stay relevant and are being calculated correctly.

Senior Solution Architect

Collabera - Bank of America
Charlotte, NC
01.2019 - 06.2020
  • SAP Security| SAP GRC | SAP Identity Management
  • Performing security architect design and deploy security solutions that meet Business needs while ensuring proper control
  • Designing “best SAP Security practices” that accurately and efficiently utilize the existing SAP functionality and resources to provide a common Security framework across all systems
  • Providing guidance and hands on support to data governance groups to adapt a compliant security process within their area of SAP responsibility
  • Working with Security Team and Audit Groups to facilitate strong controls around end user/ system access
  • Produce relevant SOX / Ad-hoc Audit supporting reports as mandated by Security Framework and keep senior management updated on issues or breaches
  • Governing production support for existing security roles
  • Ensuring SAP landscapes are up to date with the latest security patches
  • Highlighting standard methodologies and constantly updating new capabilities to our SAP community
  • Communicating with the vendor ecosystem (SAP & SI Partners) and senior management during all stages of the transformation
  • Security Design, Develop, Enhance, Implement, and Test various SAP applications
  • Requirement Gathering for Security tasks involved for project implementation in various systems
  • Analyze the risk associated with the project implementation and secure the system
  • Remediate or mitigate the risk identified in collaboration with Business
  • Design and Development of Security roles of various SAP applications as per the standards processes and Controls
  • Work with Sarbanes-Oxley compliance and internal audit requirements for all systems
  • Review the applications that integrate with SAP and make sure the interface is secured
  • Support during cutover, Go live, Hyper care post implementation of the project
  • Knowledge transfer to the support team on the design and provide documentation.

Cloud Infrastructure Team Lead

TCS - Dupont Chemicals
Wilmington, DE
06.2015 - 06.2018
  • Guided the development, specification and communication of application or infrastructure architectures used by multiple business or application systems.
  • Provided extensive, in-depth, technical consultation to the clients, partners, and IT Management to develop plans and directions to assure the integration of corporate business area requirements.
  • Acted as cybersecurity expert for cloud migration projects/programs.
  • Led Cloud Security initiatives thorough understanding of decision process issues of technology choice, such as design, data security, client server communication, etc.
  • Partnered with Management in the building of new and on-going vendor relationships.
  • Evaluated and selects from existing and emerging technologies those options best fitting business/project needs.
  • Promoted sharing of expertise through consulting, presentations, and documentations, etc.
  • Experienced, functional expert with technical and/or business knowledge and functional expertise
    Carries out complex initiatives involving multiple disciplines and/or ambiguous projects.
  • Provides guidance to team members, fostering an environment that encourages employee participation, teamwork, and communication.

Principal Technology Consultant

SAP AMERICA Inc.
09.2008 - 01.2014
  • Audited information technology (IT), platforms, and operating procedures in accordance with established standards for efficiency, accuracy, security, and risk mitigation.
  • Interprets federal, state and/or international regulations as they apply to information systems, platforms, and IT operating processes, practices, and procedures.
  • Evaluated IT infrastructure in terms of risk to the organization and established controls to mitigate loss.
  • Planed audits, analyzed audit results and tests auditing programs.
  • Reviewed, corrected, and contributed to SAP Security and GRC training documents.
  • Participated in developing and testing SAP Security Professional Certifications: P_ADMSEC_731 & C_ADMSEC_731
  • Contributed to GRC focus Group, strategy, controls, processes, development, and service delivery.
  • Demonstrated skill set knowledge in various scenarios; GRC Risk Management Train the Trainer, presenter to various global and internal customers at SAP GRC Focus Group Meeting.
  • Configured best practices security model within the portal environment and documentation of implementation and execution.
  • Delivery of guides for development guidelines and administration for the existing environment
  • Developed SAP Security strategic landscape and Security architecture designs and methodologies to support client implementations, as well as upgrade paths and content validations.
  • Technical Lead for various successful SAP Security and GRC implementation projects, delivered on time and on budget.
  • Subject matter expert for various tangential technical components.
  • Responsible for pilot integration BusinessObjects suite (Explorer, Xcelsius, and Crystal Reports) integration with Access Control 5.3
  • Led and completed Access Control 5.3 Best Practices project end-to-end.
  • Responsible for collation and revision of change management process and procedures involving testing scripts and transport migration across landscapes.
  • Assisted customers and partners in implementation of Access Control and empowered SAP Consultants in the field with a better understanding of the GRC AC suite.
  • Participated in several go lives as well as emergency technical resource in escalated situations.
  • Collaborated with SAP AGS development and Support team to resolve customer issues in an expedited fashion.
  • Assisted GRC presales unit as a technical liaison within sales cycle with customers (conduct technical presentations & respond to RFP’s).
  • Collaborated with Solution Management and Quality Management in several initiatives (validation, testing) to ensure the quality of Access Control.
  • Managed and presented “Implementation Guidance for GRC v10.0” workshop to partners.
  • Advised customers, partners, and consultants on clearest architectural approach for IdM integration to AC5.x.
  • Provided support for Partners (Deloitte, PWC, KPMG, and E&Y) during implementation of Access Control.
  • Provided functional / technical delivery of SAP Netweaver Identity Management solutions to clients as an individual contributor or team collaborator based on guidance/ direction from team leadership.
  • Assisted with developing SAP Netweaver Identity Management Road maps, strategies, solutions, Architecture documents and implementation plan.
  • Provided consulting service to the stakeholder in the integration of SAP GRC and custom-developed applications into the enterprise identity and access management system to provide enterprise-wide single sign-on solution to all agency applications.
  • Provided consulting service to integrate physical access management into the identity and access management system to provide comprehensive management of physical and logical security.
  • Performing gap analysis of technical solutions and business processes.
  • Performing gap analysis of technical solutions and business processes.
  • Design business and technical processes to support identity and access management needs.tity and access management..
  • Design business and technical processes to support identity and access management needs
  • Achievements:
  • Recipient of over 12+ Peer-to-Peer Recognition Awards granted from consulting peers as well as Consulting Engagement Managers for professional and technical excellence
  • Provided software solutions to major SAP software defects used to patching GRC, SAP Security and SAP NW IdM 7.1; these resulted in savings customers millions of dollars in work around and troubleshooting effort
  • Successfully created material and trained consultants and trainers
  • Delivered multiple GRC300 classes to partners, customers, and internal consultants
  • Developed, configured Rapid Deployment Solution (RDS) of GRC Risk Management component for SAP Engineering Solution Division simplifying a yearlong GRC implementation to 4 weeks.

Senior SAP Security Consultant

Accenture Inc
01.2005 - 01.2008
  • Provide risk guidance for IT and business projects, including the evaluation and recommendation of technical controls for IAM
  • Help identify and create policies, procedures, processes, and standards for IAM
  • Contributed to the IT Security Identity and Access Management strategy and roadmap that is aligned to Enterprise Architecture’s adopted methodology, approach, and other strategic plans
  • Ensured SOX compliance and performed quarterly SOX control evidence collection, validation, and certification
  • Led and participated in IT Security IAM initiatives and projects as a subject matter expert in IAM
  • Built User/Role Matrix for creating custom roles for business users as required for business unit
  • Worked with team in defining and developing security procedures for change management
  • Reviewed the existing security roles for critical and sensitive authorizations
  • Created new custom roles and maintained existing Roles, authorizations for functional and other users
  • Validated current SAP security policies and assisted the internal audit department
  • Documented the role/transaction matrix, after interacting with Business Process Experts
  • Provided End User support during testing of modules, Unit, and Integration testing in Q/A systems
  • Achievements:
  • Recipient of multiple Performance Award for Diligence.

Senior IT Auditor

BlackBerry Inc
01.2004 - 01.2005
  • Responsible for supporting the Director of Internal Audit in auditing, evaluating, and verifying procedures and internal controls for information technology.
  • Responsible for assessing compliance with related laws, regulations, operating policies, and procedures.
  • Analyzed and documented all information systems and related controls and developed an appropriate audit program to test the controls identified.
  • Prepared draft audit reports in good form, with recommendations, appraisals, or analyses that will assist the area manager with the proper discharge of responsibilities.
  • Evaluated the adequacy of the security and processing controls as they related to each audit, and the effectiveness of general computer controls in effect in the IT environment.
  • Reviewed the means of safeguarding information assets and monitoring of ongoing performance metrics established by the IT and Security Departments.
  • Assisted in the Annual and Quarterly SOX 404 Security Validations, performing segregation of duties (SoD), critical action (CA), critical permission (CP) analysis, and remediation using SAP GRC AC.
  • Presented audit findings or other relevant information to Senior Management on the effectiveness and adequacy of risk management, governance, and internal control procedures.
  • Conducted initiative to establish and support the company's SOX compliance framework including performing risk assessment, documenting walkthrough, and conducting tests of design and operational effectiveness for key IT systems and databases controls.
  • Reviewed and evaluated adequacy and effectiveness of internal controls for key technology areas.
  • Identify, document, and map systems and technology controls.
  • Assessed new processes, systems, databases, or changes to existing processes to identify financial and operational risks before launch, providing recommendations for improvement.
  • Advocated for continuous improvement in our system of internal controls.
  • Evaluated current control design effectiveness and recommended best in class controls, driving change throughout the processes.
  • Developed, enhanced, and led the roll out of enterprise-wide leading practice control guidance to ensure Trane Technologies meets Sarbanes Oxley Act requirements.
  • Managed the SOX scoping and risk assessment process by collaborating with cross-functional teams to stay up to date on significant changes internally and externally that may have an impact on the design and/or operating effectiveness of controls.
  • Proactively assessed and enhanced the SOX scoping and risk assessment process.
  • Drove projects to reduce the number of manual controls, work with IT and other teams to achieve automated controls and ITGCs over systems as needed.
  • Evaluated & supported the evaluation of control deficiencies, recommended remediation controls and drove the execution of remediation partnering with key business & functional stakeholders.
  • Prepared executive management and Audit Committee materials highlighting overall SOX progress, results, trends, and legislative updates.
  • Maintained on-going communication with internal and external auditors including alignment on SOX planning, walkthrough/testing, audit requests, and deficiency evaluation.
  • Provided leadership to business compliance representatives in the execution of internal control related assessments and control deficiency remediation.
  • Developed & enhanced control related policies and procedures for the organization.
  • Designed, implemented, and maintained the Standards of Internal Control for the organization, ensuring we stay up to date with regulatory and business changes.
  • Assisted in the solutions to mitigate significant control concerns of the company including developing enterprise-wide controls/processes if appropriate, working with and reviewing the control improvements of the business units and/or specific functions s to ensure they mitigate any significant control concerns.
  • Partnered closely with the business units & key functional leaders to assist them in implementing the Enterprise Sarbanes Oxley process.
  • Partnered with members of the external auditor team to ensure alignment on internal control assessments and efficiencies by leveraging and sharing lessons between the groups to drive overall improvements in the control environment.
  • Developed structured and systematic training programs to enhance the control environment and culture within the organization.

Education

MBA - Information Systems

Vrije Universiteit Brussels
Brussels, BE

BSc - Economics

University of Jos
Jos, NG

Skills

  • Third-Party Risk Management
  • Cybersecurity Risk Management
  • Vulnerability Risk Management
  • Governance, Risk & Compliance
  • Role and Authorization Concept
  • Segregation of Duty & Collusion
  • Workflow & Automation
  • Regulatory and Compliance
  • Vulnerability Management
  • Assessing Compliance Risk
  • Privacy and Confidentiality
  • Application & Data Security
  • Cybersecurity Frameworks
  • Risk Management Assessments
  • Technical Architecture Diagrams
  • Security Strategy/Approach Document

Certification

  • CISSP®- 95840 - Certified Information Systems Security Professional - 2008
  • CISA®- 0863847 - Certified Information Systems Auditor - 2008
  • CISM®- 117084 - Certified Information Security Manager 2008
  • CRISC® - 1115701 - Certified in Risk and Information Systems Control - 2011
  • SAP Certified Technology Professional®- 01822093- 2009
  • SAP BusinessObject Access Control®- 01822093 - 2013

Work Availability

monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse

Software

ERP: SAP, Oracle, Archer, OneTrust, Securityscorecard, ServiceNow

Business Tool: Access, Excel, PowerPoint, Visio, JIRA

Cloud: AWS, Azure, GCP

DB: HANA, Oracle, Tableau, PowerBI

Security: SSO, IdM, ADFS, SAML, AD

Vulnerability Tool: Tenable, Nessuss, SolarWinds, Nessus, Sophos EndPoint

Accomplishments

  • Turned around at risk $84 million cloud migration project with a major industrial vertical client, rebuilding trust by educating the client’s migration teams on the pitfalls of untested cloud migrations ¾ attaining zero error during multiple dry runs and final migration. Developed an IT risk management program to manage risk from the point of Identification to Mitigation.
  • Joined forces with the business and technology stakeholders at a healthcare customer to migrate the on-premise legacy healthcare application to a cloud-based distributed system (One Trust, Legacy ITSM tool to ServiceNow, Spreadsheet Risk Register to One Trust Risk Register).
  • Achieved Sarbanes Oxley (SOX) certification for BlackBerry.
  • Recipient of multiple SAP Performance Award for Diligence.
  • Achieved HIPAA Certification readiness for CAP.
  • Achieved PCI Certification readiness for BestBuy.

SAP Expertise

  • SAP S/4HANA
  • SAP Ariba
  • SAP Datasphere
  • SAP Multi Bank Connectivity (MBC)
  • SAP BTP Workzone/(Embedded Fiori)
  • SAP Analytics Cloud (SAC)
  • SAP Identity Authentication (IAS)
  • SAP GRC - Access Control
  • SAP Business Information
  • SAP Fiori, BPC, CRM, SRM, ECC
  • SAP Risk Management
  • SAP Fraud Management
  • SAP Business Application Studio
  • SAP Integration Suite
  • SAP Build Process Automation
  • Solution Manager / Possibly Cloud ALM

Timeline

Associate Manager IT Advisory & Assurance Services

Justenergy
04.2022 - 03.2024

Governance Risk & Compliance Lead.

Infosys - College of American Pathologists (CAP)
01.2020 - 02.2024

Senior Solution Architect

Collabera - Bank of America
01.2019 - 06.2020

Cloud Infrastructure Team Lead

TCS - Dupont Chemicals
06.2015 - 06.2018

Principal Technology Consultant

SAP AMERICA Inc.
09.2008 - 01.2014

Senior SAP Security Consultant

Accenture Inc
01.2005 - 01.2008

Senior IT Auditor

BlackBerry Inc
01.2004 - 01.2005

MBA - Information Systems

Vrije Universiteit Brussels

BSc - Economics

University of Jos
  • CISSP®- 95840 - Certified Information Systems Security Professional - 2008
  • CISA®- 0863847 - Certified Information Systems Auditor - 2008
  • CISM®- 117084 - Certified Information Security Manager 2008
  • CRISC® - 1115701 - Certified in Risk and Information Systems Control - 2011
  • SAP Certified Technology Professional®- 01822093- 2009
  • SAP BusinessObject Access Control®- 01822093 - 2013

Similar Profiles

  • Abraha Kahsay

    Abraha KahsayAbraha Kahsay

    General Labour at BVGlazing SystemsGeneral Labour at BVGlazing Systems

    View Profile
  • Matthew Flemming

    Matthew FlemmingMatthew Flemming

    Head of Retail at ZWILLING J.A. Henckels Canada Ltd.Head of Retail at ZWILLING J.A. Henckels Canada Ltd.

    View Profile
  • Nadine Castonguay

    Nadine CastonguayNadine Castonguay

    Project Manager at Verita GlobalProject Manager at Verita Global

    View Profile
SAMUEL OMOTAYO