Folashade Ademola
$40/hr
PCI DSS, SWIFT, NIST ISO 27001, ISO 22301, ISO 20000 implementation and compliance management.
- Reply rate:
- -
- Availability:
- Full-time (40 hrs/wk)
- Age:
- 34 years old
- Location:
- Dubai, Uae, Dubai, United Arab Emirates
- Experience:
- 10 years
FOLASHADE BERNICE ADEMOLA
-
|-
EDUCATION
Masters of Science (MSc.) in Cybersecurity
New York University, New York, USA
Bachelors of Science (BSc.) in Computer Science
Lagos State University, Lagos
| Dubai, UAE
- 2024
- 2014
CERTIFICATIONS
●
●
●
●
●
●
●
●
●
●
●
●
●
●
CSX-F - Cyber security Fundamentals Certificate (ISACA, USA)
Exemplar Global Certified - ISO 27001:2013 ISMS Lead Auditor.
ISO 27001:2013 ISMS Lead Implementer – PECB Information Security Management Systems Certified
ISO 27001:2013 ISMS Lead Auditor - PECB Information Security Management System Certified
ISO 20000:2011 ISMS Lead Implementer – PECB IT Service Management System Certified
ISO 20000:2011 ISMS Lead Auditor - PECB IT Service Management System Certified
CCSA - Checkpoint Certified Security Administrator.
CCSE - Checkpoint Certified Security Expert.
SSWB - Six Sigma White Belt Certification
BPMN 2.0 –Business Process Modelling Certified, Signavio, and Bizagi
Oracle Cloud Infrastructure Certified Operations Associate
Oracle Cloud Infrastructure Certified Architect Professional
CDPSE - Certified Data Privacy Solutions Engineer - ISACA
CISA - Certified Information Systems Auditor - ISACA
TRAININGS ATTENDED
●
●
●
●
●
●
●
●
●
●
CISA – Certified Information Systems Auditor Training - PAC, Dubai.
NDG Linux - Cisco Networking Academy Linux Training - PAC, Dubai.
Stanford University – Introduction to IoT – Internet of Things.
ECIH - EC Council Incident Handler Training.
SSYB - Lean Six Sigma Yellow Belt Training.
Privacy law and Data Protection Training
GDPR – General Data Protection Regulation Intro
Prince 2 Foundation Project Management Training.
US DHS – Cyber-security Basics for Industrial Control Systems & Operations security.
Project Management Foundation + Microsoft Project Training - by Microsoft.
ACHIEVEMENTS/PROJECTS
●
●
●
●
●
●
IMS - Integrated Management Systems implementation for Gulf Data Hub - Dubai
○ provided implementation support for multiple ISO standards concurrently; which included ISO 22301
BCMS, ISO 27001 ISMS, ISO 20000 ITMS; as well as incorporating for ISO 9001 QMS, ISO14001
EMS, and ISO 45001 OH&SMS (formerly OHSAS 18001) standards certification.
○ developed and delivered required documentation for the IMS certification audit.
GDPR compliance and review: for a multinational security group’s office in Dubai
○ provided support for EU GDPR compliance engagement through gap audit of processes and systems.
Led and assisted in achieving three (3) successful ISO standards Compliance implementation and
certifications for a Telco/ISP (i.e.21st Century Technologies) within 8 months, including:
○ PCI DSS implementation and certification.
○ ISO 27001 Information Security Management Systems (ISMS), and
○ ISO 20000 Information Technology Service Management Systems (ITSMS) Standards.
ISO 27001 Implementation for Coronation Merchant Bank
○ supported client in the achievement of the ISO 27001 certification.
ISO 27001 implementation for Sterling Bank
○ implementation support for ISO 27001 Information Security Management System
ISO 20000 implementation for Union Bank Nigeria
○ implementation advisory and support for ISO 20000 IT Service Management.
●
Led and coordinated the implementation and certification of Abu Dhabi Islamic Bank(ADIB) for PCI DSS
Issuer within 12 months with 52 applications and over 15,000 assets in scope.
● ISO 27001 gap assessment and control implementation for Securrency Solutions Technologies Limited
with policy, procedure and risk assessment inclusive.
○ Perform third-party assessment for all contractors, vendors before contractual engagement and
subsequently to ensure expected levels of service are met continually.
PROFESSIONAL WORK EXPERIENCE
Cybersecurity Compliance Specialist
Securrency Solutions Technologies Limited, Abu Dhabi, UAE
January, 2022 - Date
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Manage the development and implementation of information security policies, procedures, guidelines in
accordance with ISO 27001, PCI DSS, NIST CSF.
Perform process, control reviews and provide recommendations on the inclusion of information security
on internal processes such as vendor, third-party relationships and management.
Document and implement vendor and and third-party standard operating procedures, policies.
Conduct vendor-based third party risk assessment reviews; identify, track and remediate technology and
business-related risks.
Collaborate with information security leadership to develop, maintain and monitor the information security
strategy and corresponding objectives and initiatives.
Oversaw the development of security system architecture strategy and specifications for security of
systems with access to sensitive data.
Provide advisory on application development and acquisition projects to ensure security requirements and
controls are included and implemented as planned.
Lead and maintain the information security risk assessment process, including the reporting and oversight
of treatment efforts to address non-compliant findings.
Correspond with external contractors and vendors on information security requests for comments,
questionnaires, before and during contractual engagement.
Serve as advisory to project committees to ensure that risk assessments are conducted and relevant risks
are reported to the business units.
Provide leadership with metrics and progress reports on the success of the security program.
Perform audit of Azure cloud resources; track and report non-compliant policies till closure.
Coordinate the SOC 2 Type 2 project and control implementation till issue of compliance report.
Spearheaded gap assessment engagements for ISO 27001 with various process heads/managers and
business units.
Follow-up with and ensure timely closure of gaps promptly after identification of root cause and
appropriate corrective actions with stakeholders.
Develop training content for security awareness training programs and emailers.
Conduct cybersecurity awareness training sessions.
Support phishing simulation exercises.
Consultant (Contract) – Information Security Risk & Compliance
ADIB Bank, Abu Dhabi, UAE
January, 2020 - December, 2021
●
●
●
●
●
●
●
●
●
Contracted as subject matter expert (SME) and supporting the Head of Information Security Governance
and Risk Management, as well as the Head of Information Assurance and Compliance.
Serving as project coordinator and providing technical supervision for the Bank’s implementation of a new
PCI DSS (Card Payment Issuer) compliance certification project and maintenance of existing PCI DSS
(Card Payment acquirer) compliance certification.
Facilitating gap assessment engagements with various process heads/managers or application owners.
Follow-up with and ensure timely closure of identified gaps promptly after identification of root cause and
appropriate corrective actions.
Supporting and providing advisory for industry and regulatory compliance requirements including for,
SWIFT, UAE Central Bank, PCI DSS, cybersecurity controls requirements.
Providing training on payment card security and best practices; and content for security awareness
training programs.
Ensuring security of new application onboarding and application environment change, through security
reviews, third-party security assessments, designing and developing best-practises based guidelines.
Prepare and document compliance reporting, policies and procedures in accordance with global risk
management frameworks/standards such as PCI DSS, NIST CSF, ISO 27001.
Obtained and reviewed evidence including snapshots of applications, servers and database security
configurations to ensure compliance to minimum security baseline and best practices.
●
●
Conduct and report monthly security posture and compliance checks based on PCI DSS, UAE-NESA,
SWIFT, and ADIB bank security policy.
Follow-up, continuous monitoring of implemented policies, procedures across the bank.
IS Risk & Compliance Project Manager
Digital Encode Limited
November, 2018 – December, 2019.
●
●
●
●
●
Spearheaded and led implementation and internalisation of ISO 27001, and ISO 20000 standards for
various client organisations including financial institutions and Telco.
Managed 4 specialists/consultants team members; provided technical and project guidance, and
mentoring.
Coordinated documentation, maintenance, update of all ISO 27001, ISO 22301, ISO 20000 and PCI DSS
documentation for clients as part of the Managed Security Service Provider contractual agreement.
Ensure conformance to organisational information security policies and compliance with data protection
requirements, e.g. Ghana Data Protection Act, UK-DPA, and EU GDPR.
Corresponded with Senior management and stakeholders at all levels within various organisations to
obtain support and ensure successful implementation of the information security management systems.
Consultant – IS Risk & Compliance
Digital Encode Limited
February, 2014 – November, 2018.
●
●
●
●
●
●
●
●
●
●
●
●
●
●
Advised clients on the use of technology to enhance their business objectives, overcome internal, external
and process-related information risks, while improving the effectiveness and efficiency of information
systems within their organisation.
Led and coordinated implementation and internalisation of ISO 27001, and ISO 20000 standards for a
Telco/ISP (i.e. 21st Century Technologies)
Maintenance of all ISO 27001, ISO 22301, ISO 20000 and PCI DSS documentation.
Ensure conformance to organisational information security policies and compliance with data protection
requirements, e.g. Ghana Data Protection Act, UK-DPA, and EU GDPR.
Advised clients on and provided guidance relating to privacy, lawful processing, PII (Personal Identifiable
Information), data protection by design, and the General Data Protection Regulation.
Follow-up to ensure compliance with security and privacy controls implemented in order to fulfil data
protection requirements; provide guidance on data protection roles.
Preparation of audit report and implementation process update to management.
Organised, arranged and conducted assessment activities, internal audit, security awareness and
management review meetings.
Nonconformity and Corrective Action Reports documentation and evaluation.
Designed and developed the risk assessment and risk treatment; maintained risk register and ensured
tracking till closure identified risks and vulnerabilities. Perform firewall software configuration,
setup/upgrade.
Recommend appropriate security gateway and software solutions for network and device protection.
Manage network threats: determine appropriate security features and functions.
Checkpoint firewall implementation; firewall rule-set configuration; review audit logs and rule-set
Vulnerability assessment and security posture review.
PERSONAL SKILLS
●
●
●
●
●
●
Knowledge of IT architectures and Information Security standards.
Good communication, multitasking and leadership skills.
Ability to find ways to improve business processes.
Ability to learn processes and systems quickly.
Proven ability to communicate and work with people at every level within an organisation.
Confidence and assertiveness.
LANGUAGES
English
French (Basic)
REFERENCES
Available of Request
