Tolu Atere
Glasgow,United Kingdom
Summary
Experienced professional with a strong background in Information Security Control Testing and comprehensive knowledge of ISO 27001, NIST CSF, SOC 2, and GDPR. Proven expertise in audit-ready evidence gathering and validation, risk assessment and treatment tracking, exception management, and documentation. Adept at conducting periodic user access reviews, automating evidence collation processes, and delivering compliance and risk reporting. Skilled in stakeholder coordination across IT, legal, and audit functions, third-party risk assurance, and GRC tooling including ZenGRC, OneTrust, and Archer. Proficient in Power BI, Excel, MS 365, Google Workspace with a solid foundation in project management and analytical forecasting. Committed to ethical integrity with strong stakeholder communication abilities and vendor relationship building experience. Career goals include advancing within the field of information security to drive organisational excellence through robust compliance frameworks.
Analytical professional with experience in risk assessment and management. Capable of identifying potential threats and implementing strategic solutions to mitigate risks. Skilled in data analysis, financial modelling, and regulatory compliance to enhance organisational security and performance.
Overview
1
1
Certification
11
11
years of professional experience
Work history
GRC Lead & Third-Party Risk Analyst
Smartsafe Consulting and Technology
United Kingdom
2025.01 - 2026.06
- Executed information security control testing across ISO 27001, NIST CSF, SOC 2, and ISO 22301 frameworks, producing evidence-based, repeatable, and audit-ready results that contributed to 25% year-on-year reduction in audit findings and non-conformities.
- Designed and maintained automated evidence collation processes using ZenGRC, OneTrust, and Archer GRC platforms, reducing manual effort by 40% and improving consistency of assurance activities across control domains.
- Drove exception management processes end-to-end, ensuring all exceptions were clearly documented, time-bound, risk assessed, and reviewed appropriately by relevant stakeholders.
- Coordinated and supported periodic user access reviews, working with system owners to validate access rights, remediate identified gaps, and retain structured audit-ready evidence packs.
- Supported risk reduction initiatives through tracking, coordination, and timely follow-up of agreed risk treatment plans, maintaining live risk registers and escalating overdue items to senior leadership.
- Produced clear, accurate compliance and risk reports for internal stakeholders, auditors, and customer assurance activities using Power BI and Excel dashboards, providing real-time visibility of KPIs to CISO-level governance forums.
- Acted as central coordination point between IT, Digital transformation, Procurement, Legal, Sales, Service Desk, Internal Audit, and external third parties for all risk and compliance-related matters.
- Collaborated directly with IT Audit teams to implement and validate controls aligned to ISO 27001 and NIST CSF, translating audit findings into practical remediation actions and tracking closure.
- Led cyber governance oversight in second line of defence model, ensuring independent risk challenge, control assurance, and continuous compliance monitoring.
- Shaped and matured GRC capability, developing full policy and procedure documentation suite and implementing scalable governance frameworks.
Counter Fraud, Compliance & Controls Analyst
Department for Work and Pensions
Glasgow
2023.01 - 2026.06
- Performed evidence-based control testing and verification across 50 cases monthly, scrutinising documentation to validate compliance with regulatory requirements and directly supporting audit readiness.
- Applied risk and compliance frameworks to assess control effectiveness, identify gaps, and implement corrective actions, improving case accuracy and decision integrity by over 20%.
- Coordinated with cross-functional compliance and audit teams to strengthen risk management processes, share intelligence, and maintain consistent regulatory adherence across operational procedures.
- Managed high-volume assurance workloads under pressure, consistently meeting tight deadlines and performance targets while maintaining accurate and complete compliance records.
Customer Operations & Risk Analyst
AnywhereWorks
United Kingdom
2022.01 - 2023.01
- Analysed operational datasets to identify process risk indicators and improvement opportunities, producing governance reporting inputs that supported post-incident reviews and operational risk monitoring.
- Coordinated cross-functional data analysis and process improvement projects, improving operational efficiency by 20% and delivering actionable risk-reduction recommendations to senior stakeholders.
Finance & GRC Analyst
Access Bank PLC
Benin
2015.01 - 2021.01
- Delivered GRC and internal control activities within regulated banking environment, performing governance gap analysis and supporting internal and external audits and regulatory reviews.
- Partnered with IT Audit teams to assess control design and effectiveness, translating findings into practical, operational improvements within complex, regulated environment.
- Built Power BI compliance and risk dashboards enabling CISO-level visibility of KPIs, regulatory indicators, and real-time control performance.
- Delivered process improvement initiatives, increasing operational efficiency by 20% and improving control quality by 45%.
Education
BSc. - Political Science
University of Lagos
MSc. - Human Resource Management
University of the West of Scotland
Skills
- Compliance & Risk Reporting
- Stakeholder Coordination (IT, Legal, Audit)
- Third-Party Risk Assurance
- Power BI Excel MS 365 Google Workspace
- Project management
- Analytical forecasting
- Ethical integrity
- Knowledge of ISO standards
- Stakeholder communication
- Vendor relationship building
- Contract management
- Data analysis tools
- Cloud-Based solution knowledge
- Problem-solving
- Strategic planning
Certification
ISO 27001 Lead Implementer
Accomplishments
- Reduced manual assurance effort by 40% by designing and implementing automated evidence collation workflows in ZenGRC and OneTrust, improving consistency and repeatability of control testing cycles.
- Decreased third-party supplier risk exposure by 25% through a structured risk-scoring and assurance methodology, enabling proactive identification of high-risk vendors and accelerated risk treatment tracking.
- Contributed to a 25% year-on-year reduction in audit findings by maintaining audit-ready evidence standards, coordinating cross-functional inputs, and driving timely remediation of agreed risk treatments.
- Successfully led ISO 27001, SOC 2, and ISO 22301 compliance programmes end-to-end, maintaining 100% alignment of governance artefacts and continuous audit readiness.
- Enhanced control effectiveness by 45% through root-cause analysis of control failures and corrective improvements aligned to ISO 27001 and NIST CSF frameworks.
Timeline
GRC Lead & Third-Party Risk Analyst
Smartsafe Consulting and Technology
2025.01 - 2026.06
Counter Fraud, Compliance & Controls Analyst
Department for Work and Pensions
2023.01 - 2026.06
Customer Operations & Risk Analyst
AnywhereWorks
2022.01 - 2023.01
Finance & GRC Analyst
Access Bank PLC
2015.01 - 2021.01
BSc. - Political Science
University of Lagos
MSc. - Human Resource Management
University of the West of Scotland