OMOTAYO

SALAKO

ad5bjd@r.postjobfree.com

214-***-****

Forney, TX 75126

SUMMARY

Detail oriented Information Technology Auditor, risk, and compliance analyst with years of experience in designing and implementing IT audit programs, overseeing IT operations, identifying, and resolving complex issues, while analyzing and ensuring IT compliance across remote environments. Extensive background leading professional firm in the field of internal/external IT audit, IT Risk and Compliance with a clear understanding of Risk management, Industry standards, and training in various Cybersecurity and audit tools. Creative problem-solver with exceptional leadership, communication, relationship-building, strategic planning, time management, system integration and analytical skills that thrives in a challenging, fast-paced working environment.

TOOLS & FRAMEWORKS

●Microsoft Office/ Dynamics/ SQL

●Salesforce/ Penetration Testing

●Teammate/ Metric Stream/ Oracle Database/Firewalls/Vulnerability Scanning

●NetSuite/ Active Directory/ Azure/ Ideal

●Archer GRC/ SharePoint/ ServiceNow

●Metric stream/ AWS/ ADP

●Oracle/ Jira/ IDEAL/ Oracle

●COBIT/ SOC 2/ SOC 123

●COSO/ SOX/ NIST SP 800-53

●ISO-27000/ ISO-27001/ PCI Compliance

●HIPAA/ GDPR/ ITIL/ NIST/ OCC

●UNIX/ LINUX/ Network Systems/ Windows OS

WORK EXPERIENCE

SENIOR IT AUDITOR/RISK ANALYST 05/2022 to Current

Wells Fargo Financial - Dallas, TX

●Identify control gaps and potential remediation steps; Champion and & assist process re-design and coordination of remediation efforts.

●Perform walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively (TOD and TOE)

●Perform IT General Controls (ITGCs) and IT Application controls (ITAC) testing to establish design adequacy and operating effectiveness.

●Evaluate and monitor control processes for SOX compliance and company requirements.

●Evaluate automated systems controls including authentication and authorization, and other controls to support privacy and security of sensitive data.

●Perform RCSA testing ensuring all enterprise risk management objectives are fulfilled in a timely manner.

●Execute SOX control testing procedures in accordance with corporate standard Perform population sampling using randomizer, judgmental or purposive sampling.

●Identify and manage anticipated resistance and prepare risk mitigation procedures.

●Build strong and positive relationships with management.

●Perform follow-up activities on remediation efforts for control deficiencies identified.

●Prepare workpapers in accordance with Internal Audit standards.

●Evaluate system effectiveness using knowledge of business processes and generally accepted auditing techniques.

●Prepare and deliver oral and written presentations to all levels of management.

●Prepare formal written reports, expressing opinions on the adequacy and effectiveness of the system and the efficiency with which activities are carried out.

●Analyze the adequacy of the corrective action taken or planned to improve deficient conditions.

●Identify emerging issues and recommend solutions to IT Audit & Compliance using NIST. Proficient in RCSA (Risk Control Self-Assessment) testing and validation techniques, including risk identification, assessment, and mitigation strategies.

●Skilled in using RCSA tools such as Archer, MetricStream, and SAP GRC to perform testing and validation tasks.

● Experienced in developing test cases and test suites for RCSA systems, and in analyzing and interpreting test results.

●Familiar with RCSA standards and best practices, including ISO 31000, and NIST.

● Able to collaborate effectively with risk management teams, auditors, and other stakeholders to ensure the quality and accuracy of RCSA systems.

●Familiar with BURM standards and best practices, including COSO, ISO 31000, and NIST.

●Able to collaborate effectively with business unit leaders, risk management teams, and other stakeholders to ensure the quality and accuracy of BURM systems.

●IT risk assessment and document the system security keys controls.

●Communicate and facilitate the requirements for security risk assessments for both customs developed and third-party applications.

INTERNAL IT AUDITOR/ 12/2019 to 05/2022

Capital One Auto Finance - Dallas, TX

●Performed IT General Controls (ITGCs) and IT Application controls (ITAC) testing to establish design adequacy and operating effectiveness.

●Performed IT General Controls (ITGCs) and IT Application controls (ITAC) testing to establish design adequacy and operating effectiveness.

●Performed audit readiness for SOC 1/SSAE 18, COBIT, COSO, ITIL, NIST and ISO 27001 IT governance frameworks in audit execution.

●Reviewed post and pre SDLC project implementation during change management controls testing within an in-house-developed-system.

●Conducted Sarbanes-Oxley (SOX) and Payment Card Industry Data Security Standards (PCI DSS) Compliance audit to meet the annual regulatory requirements.

●Performed RCSA testing ensuring all enterprise risk management objectives are fulfilled in a timely manner.

● Proficient in First Line of Defense testing and validation techniques, including ontology debugging, consistency checking, and reasoning-based validation.

●Experienced in developing test cases and test suites for First Line of Defense systems, and in analyzing and interpreting test results.

●Evaluated IT Infrastructure control around Network Devices, Servers, Databases, Operating Systems.

●Worked with Financial Compliance and Internal Audit on enhancements to IT Compliance, SOX audit and other areas related to compliance and controls to provide continuous improvement and value to the business.

●Evaluated policies and procedures to ensure appropriate internal controls surrounding information systems are maintained.

●Developed a detailed understanding of business processes, policies, standards, procedures, risks, and controls in information systems and prepare narratives and walkthroughs to document the detail understanding of controls in place to mitigate identified risks.

●Communicated and tracked remediation plans with vendors and IT teams and where applicable recommended mitigating/compensating controls.

IT RISK & COMPLIANCE ANALYST 08/2017 to 12/2019

Coca-Cola - Dallas, Tx

●Able to collaborate effectively with domain experts, developers, and other stakeholders to ensure the quality and accuracy of First Line of Defense systems.

●Performed data collection and analysis in support of risk management project activities.

●Developed spreadsheets and reports which summarize risk exposure.

●Identified, reviewed, assessed, and documented risk management and control issues in assigned business processes.

●Collaborated with various business units across the firm to develop controls and strategies which address risk.

●Assisted with the preparation of risk mitigation plans for strengthening the effectiveness of controls in assigned business processes.

●Performed routine compliance oversight by monitoring Vendor Compliance with state and federal standards as part of third-party risk management.

●Assisted with the development and execution of key operational risk management activities, including evaluation, reporting, and root-cause analysis of internal loss events; analysis of loss events that have occurred at other firms to evaluate internal preparedness if similar events were to occur.

●Captured, evaluated, and reported key risks, mitigated strategies, and risk metrics across the enterprise; facilitation and evaluation of risk and control self-assessments (RCSAs) completed by core business lines.

●Recommended improvements in compliance processes as well as operational policies, practices, and corrective action plans, as appropriate, to address deficiencies and align with regulatory standards.

●Created detailed reports on compliance activities informing management of results, trends, risks, and deficiencies.

EDUCATION AND TRAINING

University Of Lagos

Bachelor Business Administration

Yaba College of Technology - Lagos, Nigeria, Nigeria

Associate degree

Food Science

CERTIFICATIONS

●Certified Information Systems Auditor (CISA) 2023

●Certified Scrum Master - (CSM)

●Understanding Risk Management - (Training 2017)

Contact this candidate