Ade

Senior Security & Risk Analyst (GRC / Cloud Security) - Shopify - Calgary, AB

(2024-03)

Conducted deep-dive risk assessments and threat modeling across SaaS platforms and internal applications, identifying control gaps in authentication flows, API security, and cloud configurations, leading to remediation of high-risk findings across multiple systems.
Strengthened IAM governance by enforcing RBAC policies, implementing MFA across critical systems, and running quarterly access certification campaigns, reducing excessive privilege exposure and orphaned accounts.
Worked closely with cloud engineering teams to identify and remediate AWS & Azure misconfigurations (IAM roles, public exposure, logging gaps) using Security Hub, GuardDuty, CloudTrail, and Microsoft Defender for Cloud.
Mapped and validated controls against NIST CSF, ISO 27001 Annex A, and SOC 2 TSC, supporting audit preparation and reducing compliance gaps identified during internal reviews.
Partnered with DevOps teams to integrate security checks into CI/CD pipelines, including secrets scanning, dependency checks, and infrastructure validation, improving early-stage vulnerability detection.
Performed third-party/vendor risk assessments, reviewing security questionnaires, control evidence, and architecture diagrams to evaluate vendor security posture before onboarding.
Built and refined SIEM dashboards and alert use cases (Splunk, Azure Sentinel), improving visibility into authentication anomalies, privilege escalation attempts, and suspicious login patterns.
Acted as a bridge between security and business teams, translating risks into clear remediation actions aligned with operational priorities.
Delivered targeted security awareness sessions focused on phishing, credential hygiene, and secure access practices, improving internal security adoption.

Cybersecurity Analyst (GRC & Cloud Security) - TaraSpan Inc.

(2022-09 - 2024-02)

Owned the end-to-end vulnerability management lifecycle, including scanning, CVSS prioritization, and coordination with infrastructure teams to remediate vulnerabilities across servers and cloud resources.
Monitored security events using Splunk and Azure Sentinel, tuning correlation rules and investigating alerts related to unauthorized access attempts, suspicious logins, and anomalous behavior.
Conducted control mapping and gap analysis against SOC 2 and ISO 27001, identifying missing controls and supporting remediation planning with engineering teams.
Strengthened IAM processes by implementing structured access reviews, improving onboarding/offboarding controls, and enforcing least privilege across applications and cloud platforms.
Supported incident response investigations, performing log analysis and root cause identification, and documenting lessons learned to improve detection and response workflows.
Assessed AWS and Azure environments for security misconfigurations (e.g., open ports, weak IAM policies, missing logging) and worked with teams to remediate them.
Developed and maintained security policies, procedures, and control documentation, ensuring consistency across audit and compliance requirements.
Assisted in internal and external audits by preparing evidence artifacts, control documentation, and remediation tracking reports.

Information Security Analyst - Appnovation Technologies

(2020-05 - 2022-08)

Performed application and infrastructure risk assessments, identifying vulnerabilities in authentication mechanisms, data flows, and access controls.
Supported AWS and Azure security implementations, focusing on IAM configuration, encryption policies, logging (CloudTrail), and monitoring controls.
Collaborated with development teams to integrate secure SDLC practices, including code review checkpoints and security validation before deployment.
Managed user access lifecycle (provisioning, de-provisioning, access reviews), ensuring compliance with least privilege and segregation of duties.
Conducted log analysis and anomaly detection, identifying potential threats and escalating incidents for further investigation.
Contributed to incident response activities, supporting containment and remediation aligned with NIST 800-61 guidelines.
Assisted in developing security policies and control frameworks, improving governance and compliance posture.
Prepared audit documentation and worked with stakeholders to address audit findings and control deficiencies.

Business Systems Analyst (Security-Focused) - Hootsuite

(2018-06 - 2020-04)

Embedded security and compliance requirements into system implementations, ensuring alignment with internal security policies and external standards.
Conducted process risk assessments and control evaluations, identifying gaps in workflows and recommending mitigation strategies.
Worked with IT/security teams to enforce data protection, access control, and encryption standards across systems.
Supported GRC activities by maintaining risk registers, control documentation, and compliance reports.
Facilitated cross-functional workshops to align business processes with security and compliance requirements.
Performed vendor risk assessments, evaluating third-party security practices before system integrations.
Improved documentation standards using Jira and Confluence, ensuring traceability for audits and implementations.

Business Systems Specialist (Security & Governance Support) - Cleanserve Integrated Oil & Energy Solutions

(2016-04 - 2018-05)

Implemented and monitored security controls for enterprise systems, focusing on access control, data protection, and system integrity.
Conducted operational risk assessments, identifying gaps and supporting remediation activities.
Managed user access provisioning and periodic reviews, ensuring appropriate access levels.
Supported development of IT governance frameworks, policies, and business continuity plans.
Assisted in audit preparation by maintaining security documentation and evidence repositories.

Business Systems Analyst - Siji Dosekun Partnership

(2010-11 - 2016-03)

Gathered and documented business and system requirements, ensuring security and data governance considerations were included.
Supported secure system implementations and process improvements with embedded controls.
Collaborated with IT teams to ensure system reliability, compliance, and data protection standards.

Hire this person

About

Experience

Education

Skills

Reviews

Similar people near Calgary, Alberta

Theodorah Ikharo

Fariha Rahman

Tony Adenipekun

Leslie Mangabat

Abegael Reballos

Janice Gonzales

Other similar people

Theodorah Ikharo

Fariha Rahman

Nomakha Thabethe

Grace Susan

Abolanle Deko

Rana Khan

Related