KINGSLEY O. ONUKWUGHA CISA, Security +
Professional Summary
●
●
●
●
●
●
●
●
●
Dynamic and goal-oriented Cybersecurity Analyst – GRC with over 6 years of experience delivering secure, compliant, and
resilient security environments across financial and consulting sectors.
Skilled in aligning security controls with frameworks such as NIST CSF, ISO/IEC 27001/27002, SOC 2, SOX COBIT, and
privacy regulations including PIPEDA, GDPR, and HIPAA.
Proficient in SIEM operations, incident response, risk assessments, third-party vendor evaluations, and audit support.
Experienced in cloud and hybrid
Proven experience supporting SOX / ICOFR engagements, IT General Controls (ITGC) testing, enterprise risk
assessments, and control design and operating effectiveness evaluations
Strong working knowledge and practical application of COSO Internal Control Framework, COBIT, NIST Cybersecurity
Framework (CSF), and ISO/IEC 27001 to assess control maturity and regulatory alignment
Demonstrated ability to plan and execute audit fieldwork, develop high-quality workpapers, and prepare clear, executiveready reports with actionable remediation recommendations
Experience advising and collaborating with client stakeholders, management, and cross-functional teams to strengthen
governance and risk management practices
Proven capability to review and mentor junior professionals, ensuring quality, consistency, and adherence to professional
standards
Certified Information Systems Auditor (CISA) with a strong client-service mindset and commitment to delivering insightdriven, practical solutions
● Relevant Tech Skills and Tools
.
❖
Client Advisory & Stakeholder Management
❖
ServiceNow IRM / Archer
❖
Enterprise IT Governance Strategy
❖
Security Architecture & Design
❖
SOX / ICOFR Oversight & Quality Review
❖
Cloud Security (IAM, Defender)
❖
Risk-Based Control Design & Governance
❖
Vulnerability & Patch Governance
❖
Audit Planning & Scoping
❖
Endpoint Detection & Response
❖
Third-Party Risk Governance
❖
Threat Detection & Response
❖
Policy & Framework Development
❖
Data Privacy & Protection
❖
Cross-Functional Leadership & Mentoring
❖
Business Continuity
❖
Executive Risk Reporting
❖
Security Metrics & Dashboards
❖
NIST / COBIT / COSO Program Alignment
❖
Secure Configuration Controls
Education and Certifications
. Certified Information Systems Auditor (CISA) with ISACA
. CompTIA Security+
. Certified In Cybersecurity
. Diploma in Cybersecurity, AMB College Calgary Alberta, Canada
Relevant Work Experience
Senior – GRC Analyst (Oak Cyber shield) | Canada |
●
●
●
●
Oct 2025 – Present
Supported and executed internal audit, IT audit, and IT General Controls (ITGC) test engagements across multiple client
environments, including planning, fieldwork, and reporting phases.
Performed IT maturity assessment to evaluate and support business segments IT programs.
Performed SOX / ICOFR-style control design and operating effectiveness testing, identifying control deficiencies and
supporting remediation tracking
Conducted enterprise, IT, and cybersecurity risk assessments aligned with COSO, COBIT, and NIST CSF, documenting
inherent risk, control effectiveness, and residual risk
●
●
●
●
●
●
●
●
●
Collected, validated, and analyzed audit evidence, ensuring accuracy, completeness, and compliance with audit standards
and client requirements
Executed third-party and vendor risk assessments (TPRM), evaluating security, privacy, and operational controls against
contractual and regulatory expectations
Supported ISO/IEC 27001-aligned compliance readiness activities, including control mapping, documentation review, and
gap analysis
Prepared executive-ready audit reports, risk summaries, and remediation action plans for client stakeholders
Collaborated closely with client IT, security, and business teams to communicate findings and support timely remediation.
Reviewed junior analysts’ workpapers, provided feedback, and ensured quality and consistency of engagement deliverable.
Contributed to risk governance and control oversight, including assessment planning and remediation tracking
Supported regulatory examinations and audits by coordinating documentation, walkthroughs, and responses.
Reviewed and enhanced policies, procedures, and governance frameworks to improve control
Security Analyst -GRC (Expertedge Consulting Group | Canada| 2023 – Sept 2025)
●
●
●
●
●
●
●
●
●
●
Designed and implemented secure network architectures by incorporating segmentation, micro segmentation, DDoS
protection, and zero trust based policies within relationship workflow and access to resources.
Ensure IAM, MFA, and PAM configurations align with corporate security policies and regulatory requirements and
conduct periodic access reviews, privileged account audits, and risk assessments to ensure compliance
Assured access security and reduced unauthorized access attempts by implementing least privilege access control,
password rotation, vaulting, and automated credential management
Monitor networks, firewalls and IT systems using security tools for security breaches, threats, or irregularities.
Supported Incident response efforts through log analysis, evidence gathering, and executing remediation tasks.
Supported disaster recovery and business continuity practices by implementing resilient cloud platforms for critical
infrastructures, regular data backups, creating & updating run books, and training.
Performed business impact analyses (BIA) and supported business continuity and operational resilience initiatives.
Assisted with vendor and third-party risk assessments, reviewing operational, IT, and security controls.
Developed and maintained policies, procedures, and governance documentation to support audit readiness.
Coordinated with internal and external auditors during examinations, walkthroughs, and evidence requests
Risk Management & Compliance Analyst (Access Bank | Nigeria |2012 – 2019)
●
●
●
●
●
●
●
●
●
Assessed vendor risk management processes across the organization resulting in 15% reduction in potential risks
to ensure compliance with project delivery goals, safety standards, and energy goals.
Strengthened vendor risk management practices by developing risk mitigation plans and improving vendor
performance.
Aligned vendor risk management practices with organization goals by executing in-depth reviews of vendor risk
profiles, improving transparency and communication, and reducing vendor-related incidents.
Advised client stakeholders on risk posture, control maturity, and remediation priorities, translating technical findings
into business-focused insights
Reviewed enterprise, IT, and cybersecurity risk assessments, ensuring consistency with COSO, COBIT, and NIST
CSF
Oversaw third-party and vendor risk assessments, validating control evaluations and remediation plans
Reviewed audit workpapers, findings, and reports to ensure quality, consistency, and professional standards
compliance
Supported management and senior stakeholders in enterprise risk management and internal audit programs
Contributed to risk governance and control oversight, including assessment planning and remediation tracking
Business Analyst (UBA | Nigeria | 2019 – 2022)
●
●
●
●
●
●
Maintained and implemented Secure coding standards based on Secure SDLC framework and methodology like
OWASP Software assurance maturity model (SAMM), Microsoft security development lifecycle
Acted as liaison between cybersecurity teams and business stakeholders.
Supported UAT and security testing for IT deployments.
I identified control gaps and supported mitigation efforts.
Contributed to documentation and process improvements.
Achieved secure codes and automation by writing/refactoring, reviewing, and modifying CI/CD scripts like Ansible
playbooks, Jenkins pipeline scripts, Kubernetes manifest files using Helm, Docker file, and Bash Shell Script.
●
Ensured 100% of all documentation was created and updated including design, development, and deployment
documentation.
