Profiles search
Anietie Umoh, CISSP, CISA, PMP, ITIL 4, GCLD
Leader Information Security Assurance at Meta | Veteran
McLean, VA, United States
Details
Experience:
2022 : Present
Meta
Leader Information Security Assurance
I lead a team of experienced professionals (senior auditors, consultants, etc.) to perform high and very high-risk infrastructure, cybersecurity, and governance engagements including evaluating design and operating effectiveness of critical processes and supporting technologies. I have extensive experience leveraging industry standards (e.g., NIST, ISO, ITIL) to assess all aspects of the audit phases and performing annual planning to develop risk-based plans.
I also have experience leading reviews over the following processes and technologies : asset management, change and release management, data center operations, physical security, network management, operating systems management, middleware management, cloud management, containerization management, Application Programming Interface management, end user devices management, architecture management, business resiliency, Data Loss Prevention, Virtual Desktop Interface, Virtual Private Network, Identity and Access Management.
I am passionate about people development and always look forward to supporting junior staff to reach their potential through coaching and mentoring. Over the last two years I have led a new cost-effective “try before you buy” talent management program to address hiring challenges by onboarding and training IT audit consultants over a 24-month period which resulted in the audit division meeting its staffing goals and achieving significant savings.
Experience includes regularly sharing audit status and results to audit senior leadership (VPs, SVPs) and regulators. Additionally, I have established strong partnership with the first and second lines of defense (e.g., through regular business and risk monitoring activities).
2020 : 2022
Freddie Mac
IT Audit Senior Manager
I was responsible for leading IT Infrastructure audits (e.g., UNIX, Windows, Database, Desktop, Web system, Performance and Capacity, Collaboration tools, etc.) and ongoing monitoring (Information Security and IAM). I supervised and performed risk-based testing of design and operating effectiveness of IT controls to provide reasonable assurance to management. I also served as the Internal Audit Division Privacy Champion for a period of 2 years and was responsible for regularly assessing the division's compliance to corporate standards, tracking the PII inventory, and updating the privacy plan annually. Performed quality reviews of assigned work products and monitored project plans to ensure projects were complete timely and to expectations. Coach and mentor staff and senior level auditors as well as peer review work product. Develop detailed work plans, schedules, project estimates, and resource plans for managing audit team annual budget and schedule.
Experience using industry standards such as COBIT, NIST, ISO, and ITIL for audit planning and execution.
Knowledge of Sarbanes-Oxley.
2015 : 2020
Freddie Mac
IT Audit Manager
Responsible for leading a team of four information system auditors to execute information security and IT program management engagements in accordance with Institute of Internal Auditors (IIA) standards.
Develop detailed work plans, schedules, project estimates, resource plans, and status reports for managing audit team annual budget and schedule.
Manage, develop, train, and mentor staff on projects and evaluate individual performance for each engagement.
Established the Corporate Internal Audit balanced scorecard to evaluate the department performance and alignment with the corporate strategy.
Assists Lockheed Martin business elements in addressing information security control weaknesses and risk retirement in the areas of account management, asset management, vulnerability remediation, risk and opportunity management, program baseline management, change management, network security, and logging and monitoring.
Present audit plan, audit schedule, audit results and risks/opportunities on a monthly and quarterly basis to the audit department senior management (VP, Director, & Sr. Managers).
2014 : 2015
Lockheed Martin
IT Audit Lead
Expert at performing information security audits using a risk based audit approach to assess the effectiveness and efficiency of IT controls for operating systems (UNIX/LINUX, Windows), networks (routers, switches, and firewalls), physical security, logging and monitoring, asset management and change management.
Expert at assessing cyber security and cloud computing risks.
Received personal commendation from the Lockheed Martin Audit VP and Chief Privacy Officer (CPO) for enhancements to the international records management organizational framework, command media, and training material that addressed risks and opportunities identified during an assessment of Lockheed Martin international records management practices.
Ensured audit plan adequately covered critical corporate IT risks while chairing the IT Risk Board and leading the IT audit planning process for a period of 12 months.
Presented emerging IT risks, Audit Plan Gap Analysis results and Assurance Map results on a quarterly basis to the audit department management (VP, Director, & Sr. Managers).
Ensured business process corrective actions addressed issue root causes and prevented reoccurrence.
Increased audit efficiency by creating an IT risk management process and co-authoring IT auditor guidance documents used as training tools that significantly reduced the learning curve for new auditors.
Taught several courses covering a wide range of audit topics to new members of the Business Leadership Program.
2012 : 2014
Lockheed Martin
Senior IT Auditor
Meta
Leader Information Security Assurance
I lead a team of experienced professionals (senior auditors, consultants, etc.) to perform high and very high-risk infrastructure, cybersecurity, and governance engagements including evaluating design and operating effectiveness of critical processes and supporting technologies. I have extensive experience leveraging industry standards (e.g., NIST, ISO, ITIL) to assess all aspects of the audit phases and performing annual planning to develop risk-based plans.
I also have experience leading reviews over the following processes and technologies : asset management, change and release management, data center operations, physical security, network management, operating systems management, middleware management, cloud management, containerization management, Application Programming Interface management, end user devices management, architecture management, business resiliency, Data Loss Prevention, Virtual Desktop Interface, Virtual Private Network, Identity and Access Management.
I am passionate about people development and always look forward to supporting junior staff to reach their potential through coaching and mentoring. Over the last two years I have led a new cost-effective “try before you buy” talent management program to address hiring challenges by onboarding and training IT audit consultants over a 24-month period which resulted in the audit division meeting its staffing goals and achieving significant savings.
Experience includes regularly sharing audit status and results to audit senior leadership (VPs, SVPs) and regulators. Additionally, I have established strong partnership with the first and second lines of defense (e.g., through regular business and risk monitoring activities).
2020 : 2022
Freddie Mac
IT Audit Senior Manager
I was responsible for leading IT Infrastructure audits (e.g., UNIX, Windows, Database, Desktop, Web system, Performance and Capacity, Collaboration tools, etc.) and ongoing monitoring (Information Security and IAM). I supervised and performed risk-based testing of design and operating effectiveness of IT controls to provide reasonable assurance to management. I also served as the Internal Audit Division Privacy Champion for a period of 2 years and was responsible for regularly assessing the division's compliance to corporate standards, tracking the PII inventory, and updating the privacy plan annually. Performed quality reviews of assigned work products and monitored project plans to ensure projects were complete timely and to expectations. Coach and mentor staff and senior level auditors as well as peer review work product. Develop detailed work plans, schedules, project estimates, and resource plans for managing audit team annual budget and schedule.
Experience using industry standards such as COBIT, NIST, ISO, and ITIL for audit planning and execution.
Knowledge of Sarbanes-Oxley.
2015 : 2020
Freddie Mac
IT Audit Manager
Responsible for leading a team of four information system auditors to execute information security and IT program management engagements in accordance with Institute of Internal Auditors (IIA) standards.
Develop detailed work plans, schedules, project estimates, resource plans, and status reports for managing audit team annual budget and schedule.
Manage, develop, train, and mentor staff on projects and evaluate individual performance for each engagement.
Established the Corporate Internal Audit balanced scorecard to evaluate the department performance and alignment with the corporate strategy.
Assists Lockheed Martin business elements in addressing information security control weaknesses and risk retirement in the areas of account management, asset management, vulnerability remediation, risk and opportunity management, program baseline management, change management, network security, and logging and monitoring.
Present audit plan, audit schedule, audit results and risks/opportunities on a monthly and quarterly basis to the audit department senior management (VP, Director, & Sr. Managers).
2014 : 2015
Lockheed Martin
IT Audit Lead
Expert at performing information security audits using a risk based audit approach to assess the effectiveness and efficiency of IT controls for operating systems (UNIX/LINUX, Windows), networks (routers, switches, and firewalls), physical security, logging and monitoring, asset management and change management.
Expert at assessing cyber security and cloud computing risks.
Received personal commendation from the Lockheed Martin Audit VP and Chief Privacy Officer (CPO) for enhancements to the international records management organizational framework, command media, and training material that addressed risks and opportunities identified during an assessment of Lockheed Martin international records management practices.
Ensured audit plan adequately covered critical corporate IT risks while chairing the IT Risk Board and leading the IT audit planning process for a period of 12 months.
Presented emerging IT risks, Audit Plan Gap Analysis results and Assurance Map results on a quarterly basis to the audit department management (VP, Director, & Sr. Managers).
Ensured business process corrective actions addressed issue root causes and prevented reoccurrence.
Increased audit efficiency by creating an IT risk management process and co-authoring IT auditor guidance documents used as training tools that significantly reduced the learning curve for new auditors.
Taught several courses covering a wide range of audit topics to new members of the Business Leadership Program.
2012 : 2014
Lockheed Martin
Senior IT Auditor
Company:
Meta
About
Accomplished cybersecurity risk and assurance leader with 15+ years of experience in risk assessment, risk-based reviews, and systems engineering with multiple Fortune 100 companies, including six years in financial services industry. Proven track record leveraging industry standards (e.g., NIST, ISO, ITIL) to lead over 40+ cybersecurity and Information Technology (IT) infrastructure reviews (audits, design reviews, advisory reviews, etc.). Excellent communicator with strong learning agility. Passionate about talent management including recruiting, coaching, and mentoring junior staff.
Prior to working in cybersecurity risk management and assurance, I was a systems engineer responsible for developing complex technologies. I am also honored to have honorably served in the United States Marine Corps (USMC) .
My core competencies include Governance of Enterprise IT, cyber risk management, IT General Controls (ITGC), Sarbanes Oxley (SOX), staff supervision & training, executive communication, report writing, infrastructure auditing, cybersecurity auditing, audit planning, board reporting, project management, budgeting & forecasting, recruiting, privacy, regulatory compliance. I also have extensive experience leading assessments over key IT processes (asset management, change & release management, SDLC, patch management, etc.) and technologies (cloud, containerization, network, operating systems, middleware, etc.).
Profile Photo
