Ayokunle Adaralegbe

Experience: NIST, CIS, ISO 27001, CE+, GRC, Qualys, Application and Infrastructure Vulnerability
Assessment, Rapid 7Insight, Cervantes, Nessus IQ, Axonios, and Proficient in GRC platforms, SIEM
tools, and risk assessment software. Standards: In-depth knowledge of
(BCMS),
Environment: Unix, Window
• Lead the identification of application risk using threat modeling approach and developed control
deficiency remediation working with IT and various stakeholders; Cyber Security Co-ordination: Participate in various Stakeholder meetings and work to develop
an enterprise cybersecurity culture. Vulnerability Assessment: Oversee regular vulnerability scans, penetration testing, and threat
analysis across all IT assets, including cloud environments Continuous Threat Management (CTEM): Implement and maintain a CTEM framework
to provide continuous visibility into the organisations threat exposure, enabling proactive risk
reduction
• Drafted and implemented information Security Policies aligned with ISO 27001 standard
• Provide C-level advisory and guidance on cybersecurity initiatives covering technology,
processes and compliance
• Conduct Control self-Assessment, identified control deficiencies. designed control and provided
control assurances.
• Designed and implemented Cyber Security framework using NIST Cyber Security Framework
and CIS controls.
• Expertise: Designed and implemented enterprise-wide Information Security Management
Systems (ISMS) aligned with ISO
• Policy Development: Authored comprehensive information security policies, procedures, and
guidelines to safeguard critical assets.
• Awareness Programs: Conducted training sessions to enhance organizational cybersecurity
culture and reduce human error risks.
• Incident Management: Led response teams to mitigate security breaches and implemented
robust incident response frameworks.
• Threat Analysis: Monitored and analysed emerging cyber threats to proactively strengthen
defenses.
• Stakeholder Engagement: Act as a trusted advisor to the business, explaining technical
vulnerabilities in non-technical terms and advocating for the importance of implementing
security measures,
• Risk Management: Analyse findings to prioritise vulnerabilities based on risk level, business
impact, and potential exploitation.
• Risk Assessment: Conducted comprehensive risk assessments using
methodologies.
• Risk Treatment Plans: Developed tailored risk treatment strategies to mitigate identified
vulnerabilities.
• Risk Analytics: Utilized NIST frameworks to quantify risks and prioritize mitigation efforts

Experience: NIST, CIS, ISO 27001, CE+, Vulnerability Assessment, Penetration testing, GRC, Qualys,
Nmap, Nessus, OWASP for Application security assessment. and Proficient in GRC platforms, SIEM
tools, and risk assessment software. Standards: In-depth knowledge of
(BCMS),
Environment: Unix, Window,
• Holding responsibility for defining strategy and governing principles for IS, data privacy and risk
management.
• Reviewing solutions for Department of Work and Pension, public facing, government digital
services in line with needs.
• Working closely with senior business and technical stakeholders to define the vision and drive
strategy for maturing the companys information security risk posture.
• Reviewed ISMS scope, updated ISMS policies and procedures and prepared statement of
applicability in readiness for recertification audit,
• Providing supplier and Third party risk assurance and carrying out daily vendor risk
assessments in line with government agencies security contract requirement prior to
onboarding.
• Developing and maintaining Maximus UK Security Strategy aligned to both UK business and
Corporate objectives.

Experience: NIST, CIS, ISO 27001, CE+, GRC, Qualys, Application and Infrastructure Vulnerability
Assessment, Nessus IQ, and Proficient in GRC platforms, SIEM tools, and risk assessment software.
Standards: In-depth knowledge of ISO
Environment: Unix, Window.

• Expertise: Designed and implemented enterprise-wide Information Security Management
Systems (ISMS) aligned with ISO
• Policy Development: Authored comprehensive information security policies, procedures,
and guidelines to safeguard critical assets.
• Awareness Programs: Conducted training sessions to enhance organizational cybersecurity
culture and reduce human error risks.
• Incident Management: Led response teams to mitigate security breaches and implemented
robust incident response frameworks.
• Threat Analysis: Monitored and analysed emerging cyber threats to proactively strengthen
defenses.
• ISMS Leadership: Spearheaded ISMS governance frameworks to ensure alignment with
organizational objectives and ISOtandards.
• Stakeholder Engagement: Collaborated with C-suite executives and board members to
communicate security risks and governance strategies.
• Audit Readiness: Prepared organizations for internal and external ISMS audits, ensuring
100% compliance readiness.
• Policy Enforcement: Established accountability mechanisms to enforce governance policies
across departments.
• Continuous Improvement: Implemented PDCA (Plan-Do-Check-Act) cycles to refine
governance processes continually.
• Stakeholder Engagement: Act as a trusted advisor to the business, explaining technical
vulnerabilities in non-technical terms and advocating for the importance of implementing
security measures,
• Risk Management: Analyse findings to prioritise vulnerabilities based on risk level, business
impact, and potential exploitation.
• Risk Assessment: Conducted comprehensive risk assessments using ISO27005 and
ISO31000 methodologies.
• Risk Treatment Plans: Developed tailored risk treatment strategies to mitigate identified
vulnerabilities.
• Risk Analytics: Utilized NIST frameworks to quantify risks and prioritize mitigation efforts.
• Third-Party Risk: Managed vendor and third-party risks by enforcing stringent contractual
security obligations.