Lagos State, Nigeria
I help organizations design secure, compliant, and resilient technology environments. With over 10 years of experience across IT, cybersecurity, and Governance Risk & Compliance (GRC), I work with organizations to implement security frameworks, improve operational maturity, and align technology with regulatory requirements. My work spans across: • ISO 27001, ISO 20000, ISO 22301, ITIL, PCI DSS, NIST CSF • Cloud security (Azure, AWS, Microsoft 365) • Risk management and compliance programs (ISO 31000, COSO) • Security architecture and technical implementations I have worked with financial institutions, insurance companies, and enterprise organizations to design and implement governance frameworks that strengthen cybersecurity posture and operational resilience. Beyond consulting, I train professionals and organizations on cybersecurity, cloud governance, and risk management, helping teams move from theory to practical implementation. If you're building secure digital infrastructure, implementing compliance frameworks, or training your team on security and governance, let's connect.
Designing and implementing GRC (ISO 27032, 27001, 27017, 22301, 20000 PCIDSS) standards/frameworks, policies, and procedures to align with industry standards and regulatory requirements. Coordinating the execution of Management System Implementation (ISO 27001, 27032, 27035 27017, 22301, 20000, PCI-DSS) Accelerating the practical application of management systems and helping companies mature to level 4. Conducting comprehensive risk assessments to identify potential risks across various business functions and processes. Collaborating with cross-functional teams to establish risk tolerance levels and define risk mitigation strategies. Conducting regular compliance audits and assessments to ensure adherence to relevant regulations and internal policies. Assisting in developing and delivering training programs to increase security awareness and foster a culture of compliance. Providing expert guidance to clients on GRC best practices, addressing specific challenges, and enhancing organizational resilience. Evaluating existing risk management processes and recommended improvements to enhance efficiency and effectiveness. Leading the development and implementation of incident response plans, enabling swift and coordinated responses to security breaches and compliance incidents. Collaborating with legal teams to ensure alignment between GRC practices and contractual requirements. Conducting vendor risk assessments to evaluate the security posture of third-party partners and suppliers. Participating in regulatory and compliance-related projects, ensuring adherence to relevant laws and industry standards. Conducting GRC-related training sessions for internal stakeholders, increasing their understanding of risk management and compliance obligations.
Led a high-performing team of technical professionals responsible for Microsoft services and ITGRC. Provided mentorship, guidance, and support to ensure the team's success. Developed and executed strategies to achieve team goals and objectives, fostering a collaborative and results-driven culture. Oversaw the seamless implementation and management of Microsoft services within the organization. Successfully planned and executed projects related to Microsoft services and ITGRC, ensuring on-time delivery and adherence to budgets. Acted as a subject matter expert in Microsoft technologies, including Azure, Office 365, and related services. Stayed updated with the latest industry trends and best practices. Skillfully allocated resources, set priorities, and monitored project progress. Effectively mitigated risks and resolved project issues. Established and maintained ITGRC policies, procedures, and controls to ensure compliance with regulations and standards. Conducted risk assessments and devised effective mitigation strategies. Monitored and reported on compliance with ITGRC requirements.
Lead advisory on enterprise security program management and deliver expert IT/IS/ISO audits for client organizations. As a Senior Advisory professional at Tactful Consult, a leading ICT solutions provider and systems integrator specializing in Security & Compliance, Cloud Solutions, and IT Operations Management, I lead strategic governance, risk, and compliance (GRC) initiatives for clients across diverse industries. Key responsibilities and impact include: Managing and maturing the organization's enterprise security program, including policy development, risk assessment, controls implementation, and continuous monitoring to align with international best practices (ISO 27001, PCI-DSS, NDPA, and emerging frameworks). Conducting and leading comprehensive IT, information security (IS), and ISO-related audits for client organizations, identifying gaps, recommending remediation strategies, and supporting certification readiness. Providing expert advisory services on IT governance, cloud security posture, service assurance (leveraging ITIL v4 principles), and regulatory compliance in dynamic environments. Collaborating with executive stakeholders, audit teams, and technical delivery units to embed risk-aware decision-making and strengthen overall cyber resilience. Contributing to client engagements by delivering high-value assurance reviews, gap analyses, and tailored GRC roadmaps that drive business agility while mitigating regulatory and operational risks.in ISO 27001 compliance, cloud security, IT governance, and risk management to help businesses strengthen controls, achieve certifications, and maintain regulatory alignment.
Assisted in preparing for ITGRC audits, which may involve reviewing audit plans and objectives, gathering relevant documentation, and coordinating with the audit team. Evaluate the organization's IT governance framework, including the roles and responsibilities of IT stakeholders and decision-making processes. Examined IT policies, procedures, and controls to ensure they are well-documented and align with industry standards and regulatory requirements. Participated in compliance assessments to determine whether the organization's IT practices adhere to relevant laws, regulations, and industry standards. Assisted in identifying and assessing IT-related risks, including cybersecurity, data privacy, and operational risks. Gathered and compiled data related to IT systems, controls, and processes, ensuring that the data is accurate and complete. Conducted tests of IT controls to verify their effectiveness and identify any control deficiencies or weaknesses. Participated in the assessment of third-party vendors to ensure they meet ITGRC requirements and pose minimal risk to the organization. Assisted in assessing the organization's cybersecurity posture, including the effectiveness of security controls and incident response procedures.
Developed training programs and materials for technical topics based on the needs of the organization. Conducted training sessions for IT staff, employees, or external clients on technical subjects. Utilized various training methods, such as in-person workshops, webinars, e-learning, and documentation. Assessed the training needs of the target audience and evaluate the effectiveness of training programs. Collected feedback from trainees and make improvements to training materials and methods as needed. Collaborated with IT teams and managers to identify training needs and align training programs with organizational goals. Worked closely with the Technical Training Specialist to ensure that end-users and IT staff are properly trained and informed about the latest technologies and best practices.