Theo M.

Experience

• 

  Emirates

  Apr 2014 - Jun 2018

  Information Security Analyst

  • Conducted kick-off meeting, initial risk assessment, and categorization of information security system into Low, Moderate, and High systems centered on Confidentiality, Integrity, and Availability (CIA) of the information type referencing ISO 27001 Standards• Performed information security risk assessments and assisted with the internal auditing of information security processes.• Reviewed information systems security environments to include all aspects of physical, technical, and administrative security measures.• Monitored and evaluated the compliance of a system with Information Technology security requirements in accordance with Risk management framework.• Developed and maintained relationships with clients, and at times, handled specialized requests to resolve operational and processing issues.• Reported control deficiencies and provided recommendations to resolve deficiencies.• Involved during controls in Access Management, Change Management, SDLC, Business Continuity/Disaster Recovery, and Application-level controls.• Conducted risk assessments, implemented more efficient work procedures, created deadlines, and corrected inventory errors of various complexities. Show less

• 

  BYTEPATH

  Jul 2018 - Dec 2020

  Sr. Cyber Risk Specialist

  • Performed compliance testing, controls assessment, including the completion of work papers, summarization of test results and conclusion with root cause analysis for identified issues, and detailed remediation actions.• Tested efforts across all domains for IT General Controls, (PCI-DSS) Payment Card Industry, Data Privacy, and other compliance requirements as appropriate• Identified, collect, analyze, and report on compliance and control data to drive compliance initiatives and priorities.• Served as advisor and technology key controls subject matter expert; partnered with control owners to evaluate the design and effectiveness of the control environment.• Validated information security key controls to identify control risks, analyze root causes and trends in potential control weaknesses; suggest controls to meet compliance standards where applicable.• Gathered data, conducted analyses, and prepared related compliance reporting.• Worked with the businesses and product groups to identify issues and risks, and document and evaluate them appropriately within the GRC system.• Managed the identification of risk owners, the identification of risk remediation owners, followed up and tracked the remediation work, and kept the status of the work updated in the GRC systems.• Continually seek opportunities to improve the risk management process through regular review, measurement, and action• Assist in developing automated compliance tools and processes. Show less

• 

  Daakyi Consulting

  Jan 2021 - now

  GRC Lead

  • Provide compliance requirements, consultation, and advisement to the business and project leads around protection issues, risk management, and security compliance.• Assist with the development and ongoing management of the formal Cybersecurity Governance, Risk, and Compliance (GRC) Program.• Perform in-depth and comprehensive gap analysis to determine the root cause of process gaps and regulatory compliance failures.• Responsible for analyzing all vendors to determine Tier 1 through Tier 3 vendors.• Evaluate and update IT security policies, procedures, and standards to ensure alignment with applicable security control requirements.• Review guidelines related to IT 3rd party risk management and coordinate with various teams to ensure compliance with requirements.• Assign corrective action target dates for identified risks and verify timely completion and implementation to comply with regulatory requirements.• Escalate identified risk issues, challenges and trends to senior management and deliver risk-related documents for audit and regulatory exams.• Monitor and credibly challenge first-line business units that conduct potentially risky operations and scrutinize risk decisions made.• Develop and lead risk assessment projects to assess compliance with regulatory requirements, industry standards, and operating procedures.• Conduct security control assessments in the Risk Management Framework, including the development of security assessment plans and assessment reports compliant with NIST SP 800-53 rev 4, NIST SP 800-53A and NIST SP 800-37, and FIPS 199. Show less