Esther Towobola

Logo

Information Security Manager
Location: United Kingdom


Esther Towobola
Senior Governance, Risk & Compliance (GRC) Consultant
British Nationality | Available Immediately

Professional Summary

Highly skilled Senior GRC Consultant with experience designing and managing compliance policies and cybersecurity frameworks. Expertise in NIST, ISO 27001, GDPR, and emerging AI governance (ISO 42001). Certified Information Systems Auditor (CISA) with a proven track record of leading enterprise-wide compliance programs, risk management strategies, and stakeholder engagement. Passionate about advancing cybersecurity governance and driving organizational resilience in dynamic, regulated environments.

Core Competencies

•                          Governance, Risk, and Compliance (GRC) Frameworks

•                          Cybersecurity Policy Development & Implementation

•                          Risk Assessment & Mitigation

•                          Regulatory Compliance: GDPR, ISO 27001, ISO 42001

•                          AI Governance & Data Protection

•                          Internal & External Audit Coordination

•                          Stakeholder Collaboration & Executive Reporting

•                          Leadership & Team Development

•                          Tools: Vanta, Omnea, OneTrust, ServiceNow

•                          Languages: English (Fluent)

Professional Experience

Information Security Lead
VEED (AI SaaS Company) – United Kingdom | 12/2024 – 05/2025

Managed end-to-end vendor security questionnaires and customer security/privacy reviews.
Reviewed SOC 2 reports and Data Processing Agreements (DPAs), optimizing vendor onboarding processes.
Implemented ISO 42001 standards for AI compliance, enhancing data security and governance.
Developed company-wide AI ethics documentation ensuring partner compliance.
Trained sales teams on security protocols, improving organizational awareness.
Maintained AI-driven automation tools and customer Trust Centre for efficient response management.
GRC Consultant
FincSelect (Fintech Client) Remote | 02/2023 – 01/2025

Led Third-Party Supplier risk management with thorough due diligence and screening.
Developed and managed GRC programs aligned with NIST, ISO 27001, GDPR standards.
Achieved ISO 27001 certification through successful implementation.
Directed enterprise-wide security audits and controls improvement initiatives.
Presented executive reports on risk posture and compliance metrics to senior leadership.
Risk & Compliance Project Team Lead
Chipper Cash (Fintech Company) Remote | 09/2021 – 01/2023

Led First Line of Defence team; advised stakeholders on compliance and risk management.
Developed compliance workflows, reviewed policies for regulatory alignment.
Managed compliance projects and trained analysts, increasing process efficiency.
Earlier Experience (Summary)

Banking Institutions – United Kingdom | 06/2008 – 09/2021
Held progressively responsible roles including Senior Compliance Consultant, Senior File Reviewer, Financial Crime Compliance Consultant, Risk & Quality Consultant, and Due Diligence Consultant. Key achievements include drafting detailed investigation reports, managing financial crime prevention initiatives, leading FCA review projects, conducting GDPR repapering post-Brexit, and delivering successful internal audits.

Certifications

•                          Certified Information Systems Auditor (CISA)

•                          ISO 27001 Lead Auditor

•                          Diploma in Certified Information Systems Security Professional (CISSP 2019)

•                          CompTIA Security+

•                          OneTrust: GRC Professional, Privacy Professional, Third-Party Risk Management

 

  • IT/Technology
  • Updated 8 months ago

Only Employers can view Contact Details. Request Access