Skip to content

Hello, I Am

OsenOsagie

I turn security requirements into clear controls, usable evidence, and confident decisions.

Biography

I am a cybersecurity governance, risk, and compliance practitioner focused on making security programs clearer, more accountable, and easier to operate.

My work connects policy, audit evidence, control frameworks, risk registers, and remediation planning. I like the point where a finding becomes a decision and documentation becomes something a team can actually use.

In these projects, I worked across ISO/IEC 27001, CIS Controls v8.1, NIST CSF 2.0, CIS RAM, HIPAA, PCI DSS, GDPR, incident response, vulnerability review, vendor risk, and business continuity.

Skills &Certifications

I group my skills by the work they support: governance, risk, compliance, documentation, operations readiness, and professional communication.

Governance

I build policies, standards, control expectations, and documentation that make security programs easier to own.

Security policy developmentPolicy reviewGovernance framework alignmentControl assessment

Risk Management

I connect cybersecurity risk to business impact, ownership, likelihood, and practical treatment options.

Risk assessmentRisk register developmentRisk treatment planningBusiness risk analysis

Compliance

I interpret framework expectations and prepare audit-friendly evidence, reports, and gap analysis outputs.

ISO 27001 alignmentNIST CSF mappingCIS ControlsCompliance gap analysis

Documentation

I write clear materials that help technical and non-technical stakeholders act with confidence.

Technical writingExecutive summariesProceduresReports

Security Operations Support

I support readiness through incident planning, vulnerability review, continuity planning, and vendor workflows.

Incident response planningVulnerability reviewBusiness continuity planningSecurity awareness

Professional Skills

I bring structure, communication, collaboration, and judgment to cybersecurity engagements.

Stakeholder communicationAnalytical thinkingPresentationProblem solving

ISC2 Certified in Cybersecurity (CC)

ISC2

Completed

2024

Google Cybersecurity Professional Certificate

Google Career Certificates

Completed

2024

ISO 27001 Lead Implementer

Professional Development Path

Planned

Future

CISA

ISACA

Planned

Future

Case studies

I organized each project around the same question: what did I need to clarify, what evidence or method did I use, and what changed because of the work?

Cybersecurity Governance cover
01

Policy Development & Review

Cybersecurity Governance

Objective: Develop, review, and align cybersecurity policies with organizational needs, compliance obligations, and industry standards.

Process: I moved from baseline research through inventory, gap analysis, drafting, peer review, and final delivery.

Result: Produced policy governance libraries grouped by baseline and compliance-specific needs. Delivered gap analysis findings with remediation recommendations. Updated standards for MFA, vendor onboarding, and current compliance expectations.

ISO 27001CIS ControlsNIST CSFHIPAAPCI DSSPolicy writing
Request Project
Internal Cybersecurity Assessment cover
02

Audit & Control Testing

Internal Cybersecurity Assessment

Objective: Conduct a comprehensive cybersecurity assessment and translate control gaps into business-focused recommendations.

Process: I scoped critical systems, mapped frameworks into one control view, gathered evidence, tested controls, ranked risk, and shaped the final report.

Result: Created an internal audit report with executive summary and technical appendix. Identified gaps such as limited log monitoring and backup RPO weaknesses. Prioritized remediation by business impact, likelihood, and compliance consequences.

Audit scopingEvidence reviewControl mappingRisk rankingRemediation planningExecutive reporting
Request Project
Risk Assessment cover
03

CIS RAM Methodology

Risk Assessment

Objective: Run a structured cybersecurity risk assessment covering assets, threats, vulnerabilities, scoring, and treatment planning.

Process: I converted risk discovery into a prioritized register with clear treatment paths across mitigation, transfer, acceptance, and avoidance.

Result: Built a risk register across data, systems, and business-process assets. Assessed threats including malware, phishing, insider misuse, and supply-chain attacks. Created a risk treatment plan that connected decisions to business context.

CIS RAMAsset inventoryThreat modelingRisk scoringTreatment planningRisk communication
Request Project
Third-Party Risk Assessment cover
04

Vendor Security Review

Third-Party Risk Assessment

Objective: Evaluate suppliers and third-party vendors for cybersecurity risk, control maturity, and onboarding readiness.

Process: I identified vendors, built assessment questionnaires, reviewed security documentation, scored risk, and shaped monitoring recommendations.

Result: Delivered a third-party risk assessment report and vendor rating matrix. Recommended contractual controls, remediation requests, and ongoing monitoring steps. Created an onboarding and monitoring framework for repeatable vendor reviews.

TPRMISO 27001NIST CSFSOC reportsVendor scoringSupply chain security
Request Project
Incident Response Program cover
05

Playbooks & Tabletop Exercise

Incident Response Program

Objective: Develop an incident response capability and validate the response workflow through tabletop exercises.

Process: I created incident response policy, built phishing, ransomware, and insider-threat playbooks, facilitated a tabletop, and captured lessons learned.

Result: Delivered an incident response plan with scenario-specific playbooks. Produced an after-action report that translated exercise observations into improvements. Strengthened crisis coordination, documentation, and escalation readiness.

IR planningTabletop exercisePhishing playbookRansomware playbookLessons learnedCrisis management
Request Project
Cybersecurity Awareness Training cover
06

Human-Centered Security

Cybersecurity Awareness Training

Objective: Improve organizational security awareness through structured training materials, sessions, and learning evaluation.

Process: I assessed training needs, developed presentations, posters, and quizzes, delivered sessions, and evaluated learning outcomes.

Result: Built awareness content focused on practical, everyday cyber risk. Supported safer user behavior through structured education and assessment. Strengthened public speaking, training delivery, and security communication skills.

Needs assessmentTraining designQuizzesSecurity awarenessUser behaviorFacilitation
Request Project
Vulnerability Assessment cover
07

Remediation Strategy

Vulnerability Assessment

Objective: Review vulnerability findings and prioritize remediation activity according to severity, exposure, and operational impact.

Process: I analyzed penetration testing reports, categorized findings, developed remediation strategy, and tracked progress across fixes.

Result: Created a vulnerability register with critical, high, medium, and low findings. Defined remediation actions including patching, configuration hardening, and segmentation. Improved the path from technical finding to tracked security improvement.

Pen test reviewVulnerability registerPatchingConfiguration hardeningNetwork segmentationRemediation tracking
Request Project
Framework Review & Mapping cover
08

Control Alignment

Framework Review & Mapping

Objective: Compare major cybersecurity frameworks and recommend adoption strategies that fit governance and control needs.

Process: I studied ISO/IEC 27001, CIS Controls v8.1, and NIST CSF 2.0, then cross-mapped common control expectations into recommendations.

Result: Built a control mapping matrix across leading cybersecurity frameworks. Reduced duplicate control language by grouping overlapping expectations. Produced recommendations for framework adoption and implementation strategy.

ISO 27001CIS ControlsNIST CSFControl mappingFramework comparisonGovernance strategy
Request Project
Business Continuity & Disaster Recovery cover
09

BC/DR Planning

Business Continuity & Disaster Recovery

Objective: Develop business continuity and disaster recovery capabilities aligned to critical business operations and recovery targets.

Process: I conducted business impact analysis, identified RTO and RPO needs, designed recovery strategies, built a BC/DR plan, and recommended exercises.

Result: Documented critical business functions and recovery expectations. Recommended backup, alternate-site, cloud recovery, and simulation strategies. Connected IT recovery planning to operational resilience and business priorities.

BIARTORPOBackup strategyRecovery simulationOperational resilience
Request Project

Resume Summary

My resume gives the shorter version: governance-first cybersecurity support across policy development, internal audit, risk assessment, control mapping, compliance awareness, technical documentation, and executive communication.

Download Resume
Stock image of a cybersecurity dashboard on a laptop

What PeopleNotice

Osen makes security expectations easier to understand. Her work connects controls, evidence, and ownership in a way teams can act on.

Security Program Reviewer

GRC portfolio review

The strongest signal in her case studies is communication. She explains risk without losing the business context behind it.

Cybersecurity Mentor

Professional feedback

Her portfolio makes the audit trail feel practical. I can see how each artifact supports the next decision.

Risk Program Lead

Portfolio review

Let's Connect