Florence Oladebo
Governance, Risk & Compliance (GRC) & IT Audit Professional
Transforming organizational security through expert risk management, compliance excellence, and actionable audit insights.
Get In Touch
About Me:
Certified Excellence in Risk & Compliance
I am a dedicated GRC Analyst and IT Audit professional with over 5 years of experience in cybersecurity governance, technology risk management, internal controls, and regulatory compliance. My background includes working in both Big Four and non–Big Four environments, performing ITGC testing, risk assessments, SOC 2 and ISO 27001 readiness reviews, and policy development. I bring strong expertise in aligning organizational processes with industry frameworks including NIST 800-53, SOC 2, ISO 27001, and SOX 404. Known for my analytical approach, clear documentation, and ability to partner with technical and business stakeholders, I deliver practical, audit-ready solutions that strengthen control environments and support secure, compliant operations.
Multi-Framework Expertise
NIST, ISO, SOC 2, SOX, COBIT, PCI DSS, CIS, HIPPA, COSO.
Business-Focused Solutions
Practical risk management approaches
Education & Certifications
B.Sc. Computer Science - University Of Lagos
COMPTIA - Security+
ISO 27001 - Lead Auditor
Core Competencies & Technical Skills
1
Governance & Risk Management
Expert in developing and maintaining comprehensive risk registers, strategic mitigation plans, and enterprise policy frameworks. Proficient in risk quantification methodologies and control design across operational, financial, and technology domains.
  • Enterprise risk assessment & monitoring
  • Policy development & governance frameworks
  • Third-party risk management
2
IT Audit & Compliance
Deep expertise in conducting audits and assessments against leading frameworks including NIST SP 800-53, ISO 27001, SOX, GDPR, SOC and PCI DSS. Skilled in control testing, evidence collection, and compliance validation methodologies.
  • Control assessment & testing
  • Compliance gap analysis
  • Audit program development
3
Tools & Technologies
Advanced proficiency in creating Excel-based risk dashboards, utilizing GRC platforms for continuous monitoring, and leveraging audit management software for efficient workflow and documentation management across complex audit engagements.
  • ServiceNow
  • OneTrust GRC
  • Microsoft Defender
  • Archer GRC
  • Qualys
  • Microsoft Office Suite
  • Jira
  • KnowBe4
4
Core Competencies
Highly skilled in IT Security & Compliance, with expertise spanning Risk Management, Third-Party Vendor Risk Assessments, and Vulnerability Management. Experienced in supporting SOC 2 audits, PCI DSS compliance, and enterprise-wide Incident Response processes. Strong command of Access Management, IT General Controls (ITGCs), and end-to end Audit & Control Testing. Adept at policy development, process improvement, and ensuring, and ensuring alignment with evolving regulatory requirements. Known for effective stakeholder collaboration, clear communication, and delivering actionable insights that strengthen organizational security and governance.
SOX 404 IT General Controls (ITGC) Framework Implementation
Led a critical SOX 404 ITGC implementation for FLOTECH, a leading technology company. This involved a comprehensive assessment of existing controls, identifying significant gaps, and designing and deploying new SOX 404 compliant controls across their entire IT infrastructure. The project ensured regulatory adherence and strengthened the overall control environment.

Project Scope
Project: ITGC Framework SOX 404 Implementation
Client: FLOTECH
Industry: Technology/Software
Frameworks: SOX 404, COSO Framework, IT General Controls
01
Assessment & Scoping
Defined project scope, stakeholder interviews, and initial control identification.
02
Control Documentation
Developed detailed documentation for all relevant ITGCs and processes.
03
Gap Analysis
Identified deficiencies and control gaps against SOX 404 and COSO requirements.
04
Control Design & Implementation
Designed and implemented new controls to address identified gaps effectively.
05
Testing & Validation
Conducted thorough testing to ensure operational effectiveness of controls.
06
Compliance Reporting
Generated comprehensive reports for management and external auditors.
Featured Project: Comprehensive Risk Assessment (NIST 800-30 Rev.1)
Comprehensive Risk Assessment using NIST 800-30 Rev.1
Conducted a detailed risk assessment for a client, applying the comprehensive methodology outlined in NIST SP 800-30 Revision 1. This project identified, analyzed, and evaluated organizational risks stemming from various threat sources and vulnerabilities, providing a robust foundation for risk management decisions.
The assessment systematically identified critical assets, potential threat actors, and existing vulnerabilities across IT infrastructure, applications, and operational processes. It focused on determining the likelihood of adverse events and their potential impact, leading to a prioritized understanding of organizational risk exposure.
Methodology & Key Insights
My approach meticulously followed the NIST 800-30 Rev.1 framework, incorporating preparation, threat analysis, vulnerability identification, likelihood and impact determination, and risk calculation. This structured methodology ensured consistency, repeatability, and a clear understanding of each risk component.
This case study demonstrates my capability to apply industry-standard risk assessment frameworks, provide actionable risk insights, and support strategic decision-making for enhancing organizational security posture.
1
Preparation
Define scope, identify assets, gather data for assessment
2
Risk Identification
Identify threat sources, vulnerabilities, and predisposing conditions
3
Risk Analysis
Determine likelihood, impact, and calculate risk levels
4
Recommendations & Reporting
Develop recommendations, document findings, and communicate results
Asset Identification
Complete - All critical data systems and processes mapped
Threat Source Analysis
Moderate Risk - Insider threats and targeted cyberattacks identified
Vulnerability Assessment
Identified - Key weaknesses in access controls and patching cycles
Risk Level Determination
High Risk - Several critical risks require immediate mitigation
GRC/IT AUDIT Documentation Showcase
Enterprise-Ready GRC Resources
Developed comprehensive, customizable policies, procedures, and compliance checklists meticulously aligned with industry standards including NIST, ISO 27001, SOC 2, and regulatory requirements. These templates accelerate governance program implementation while ensuring regulatory alignment.
Vendor Security Questionnaire
  • Pre-built templates for vendor risk assessment
  • Automated scoring and risk stratification
  • Comprehensive coverage of security domains
ITGCs Framework SOX 404
  • Ready-to-implement IT General Controls
  • SOX 404 compliance mapping
  • Documentation for audit readiness
Control Mapping
  • Cross-walks for NIST, ISO 27001, SOC 2
  • Automated control inheritance documentation
  • Alignment with regulatory requirements
Audit Prep
  • Checklists for pre-audit readiness
  • Evidence collection guidance
  • Templates for auditor requests
Risk Register
  • Dynamic risk identification & tracking
  • Impact and likelihood analysis tools
  • Action plan management
Policies
  • Comprehensive security policy library
  • Includes Risk Management Policy, Data Protection Policy, IS System Policy, Compliance Monitoring Policy.
Streamlined Compliance & Audit Preparation
This collection of GRC documentations serve as a direct demonstration of my hands-on experience and deep expertise in Governance, Risk, and Compliance, as well as IT Audit. These battle-tested resources, developed and refined for enterprise clients across diverse sectors, showcase a robust understanding and practical application of multiple compliance frameworks (NIST, ISO 27001, SOC 2) and audit methodologies. I am prepared to immediately leverage this proven capability to drive effective governance and audit initiatives within your organization.
Testimonials & Endorsements
"An exceptional auditor who bridges technical rigor with business insight. Florence's ability to translate complex compliance requirements into actionable strategies helped our organization strengthen its security posture while maintaining operational efficiency. Her attention to detail and clear communication style made the audit process smooth and productive."
— Former Manager
"Florence delivered a comprehensive risk assessment that transformed our compliance posture. Her systematic approach to identifying control gaps, combined with practical remediation recommendations, enabled us to achieve SOC 2 certification ahead of schedule. She's a trusted advisor who understands both technical requirements and business objectives."
— IT Director
"Florence's clear, actionable reports helped our board understand cybersecurity risks in business terms. Her risk visualization dashboards and executive summaries made complex compliance frameworks accessible to non-technical stakeholders. Her professionalism and expertise significantly elevated our governance program."
— Compliance Officer
15+
Audit Engagements
Successfully completed
100%
Client Satisfaction
Positive feedback rate
Let's Connect
Interested in Collaborating?
I'm actively seeking opportunities to contribute to forward-thinking organizations that value robust governance, proactive risk management, and excellence in IT audit practices. Whether you need compliance expertise, audit program development, or strategic GRC guidance, I'm ready to help strengthen your security posture.
Let's discuss how my skills and experience can support your team's success. I'm available for full-time positions, contract engagements, and consulting projects focused on GRC transformation and audit excellence.
Email
Oladeboflorence1@gmail.com
LinkedIn
linkedin.com/in/florenceoladebo
Thank you for reviewing my portfolio. I look forward to contributing my GRC and IT audit expertise to your organization's success. Together, we can build resilient security programs that protect assets, ensure compliance, and enable business growth.
© 2024 Florence Oladebo | GRC • Cybersecurity • IT Audit