Management Information Technology
Resume:
OLANIPEKUN, FUNMILAYO JANET.
**** ***** **** ***, *********, Texas 76002 214-***-**** *********.**********@*****.***
OBJECTIVE:
A highly motivated, result driven, team oriented and resourceful internal I.T/ I.S Audit subject matter
professional. Equipped with strong industry methodological, analytical, problem solving and
communication skills. Seeking to deploy my wealth of unique interpersonal and organizational skills,
knowledge and industry standard expertise towards the attainment of an organization and Client’s IT
success and business objectives.
Technical Skills:
Disaster Recovery & Business Continuity testing/compliance review; SOX Controls, HIPPA Privacy and
Security Rules, SDLC-Security & Control Compliance- Initiation through go-live phases; Firewall
Security tools, Network monitoring and Protection Systems, PCI-DSS Compliance, Project
Management, Change Management, Incident management and Problem management; Microsoft Office,
PowerPoint Access and Excel, Microsoft Visio, CISA and PCI-DSS Certification in progress and
Knowledge of PCI-DSS:
• Professional understanding of the PCI standards; PTS DSS, PA DSS, PCI DSS, PIN SECURITY
and P2PE
• Professional experience in IT Audit
• Keen understanding and experience with the storage, transmission and the processing of
cardholder data
• Authorization, clearing and settlement processes,
• Adherence and compliance with ethics and the codes of professional responsibility,
• Expertise with the entire PCI DSS Version 3.1 requirements, covering both compliance and
testing procedures,
• Internal controls over Cardholder data environments,
• Assessment and review of any compensating controls
Professional Experience:
Xigma Consulting, Mansfield, TX January 2011 – April.2015
Clients:
Royal Inns and Hotels Ltd., Dallas, TX, January 2013 –April. 2015.
IT Audit Consultant
• Conducted full review of the organization’s Disaster Recovery readiness – Business Impact
Analysis (BIA), DR plan, Call Tree and annual test, Warm, Hot or Cold site adequacy, critical
processes and application listing and ranking etc.
• Analyze impact on, and risk to, essential business function or information systems to
identify acceptable recovery time periods and resource requirements.
• Attend professional meetings, read literature, and participate in training or other
educational offerings to keep abreast of new developments and technology related to
disaster recovery and business continuity.
• Conduct or oversee contingency plan integration and operations.
• Create business continuity and disaster recovery budgets.
• Create or administer training and awareness presentations or materials.
• Develop emergency management plans for recovery decision making and
communications, continuity of critical departmental processes, or temporary shut-down
of non-critical departments to ensure continuity of operations and governance.
• Reviewed the adequacy of application development environment – Ensure clearly segregated
environment and strict control against unauthorized access and changes in the Production
environment;
• Measured the adequacy of quality of IT Service delivery through the review of key control in
Incident Management (Help Desk), SLA, Problem, Release and Change Management;
• Conducted risks/controls assessments to facilitate the development of both the audit scope and
control testing plans;
• Developed risk based IT Audit program and conducted system and application audit evaluation
based on COBIT standard;
• Reviewed the adequacy of project adopted project management methodology for compliance
with industry standard SDLC;
• Reviewed, documented, evaluated and tested the adequacy of general controls in mainframe,
mid-range and client/server environment networks;
• For critical business applications and systems (ERP, Web applications, Firewall, Network,
Operating Systems, Remote access connectivity devices etc.), reviewed the adequacy of critical
controls such as Logical Access control, Audit log events, Data integrity/security, Segregation of
duties, Incident, Problem and Change control, Incident management, Release management etc.
to mitigate any potential risk;
• Reviewed the adequacy of data integrity controls with focus on application control procedures
that are designed and implemented to ensure transactions are completed and accurately fed and
properly processed by the applications;
• Reviewed the adequacy of IT general control procedures and processes to ensure it addressed
information system organization objectives, administration practices, system development,
maintenance procedures, system software, hardware controls, security controls, change
management, computer operations, environmental protection/detection, backup and recovery;
• Communicated and interacted with all levels of management on audit issues and
managed audit engagements from entrance through closing conferences.
• Access control – ensure that industry standards “strong password algorithm” is being deployed on
network and business application. Ensure access privileges and permission are on a need-to-know
basis.
• Conducts and coordinates risk analysis and risk assessments on existing and proposed systems,
documents findings, and recommends risk mitigation strategies;
• Reviewed the adequacy of critical controls such as Access control, Audit log events, Data
integrity/security, Segregation of duties, Change control, Quality Assurance testing, Incident
management, Release management etc. to mitigate any potential risk;
• Conducted continuous audit of SOD in critical applications to ensure unique profiles were created
based on user roles, information accessed on need to know basis among others;
• Conducted periodic SOX 404 compliance audit and tracked audit exceptions to
remediation/closure.
Client: Super Pro Processing Corp., Irving, TX, January 2012 - November 2012
PCI Compliance Auditor
• Knowledge of end to end processing, transmission and storage of credit card information in
adherence to PCI DSS standards;
• Ensure the customer’s privacy is maintained at all times by protecting the PAN information in the
custody of the Organization, as well as conduct privacy compliance reviews;
• Ensure all PCI compliance element exceptions are bought to the attention of senior management
for immediate resolution;
• Conducts detailed review of all 12 PCI DSS control elements covering wired and wireless
Networks, Security policies and procedures, Firewall, Access Controls, Security Awareness
Programs, Vulnerability analysis, Penetration testing and SOD amongst others;
• Through data analysis and interview with information technology and business units, identified
all PCI/PII related applications and systems that processes, transmits and stores credit/ debit card
and PII information;
• Through data gathering and analysis, conduct a revalidation of the organization’s compliance
level as defined by the credit card issuing organization guidelines (VISA, Master card etc.).
Client: SKG Pharmaceutical Limited, Atlanta GA, January 2011- December
2011
IT Controls and Compliance Auditor
• Identified and evaluated complex business and technology risks, internal controls which mitigate
risks, and the identification of related opportunities for internal control improvement;
• Access control - ensure that industry standard “strong password algorithm" is being deployed on
network and business application. Ensure access privileges and permissions are on a need-to-
know basis.
• Conducted General Computer control (GCC) and SSAE 16 audit at client engagements;
• Conducted risks/controls assessments to facilitate development of both audit work programs and
test plans;
• Reviewed, documented, evaluated and tested the adequacy of general controls.
• Developed risk based IT Audit program and conducted system and application audit evaluation
based on COBIT standard;
• Reviewed the adequacy of projects, adopted project management methodology for compliance
with industry standard SDLC;
• Provided consulting services to project teams by ensuring key IT Security and Audit controls
were considered in requirement definition and design;
• Reviewed key IT controls such as Logical Access control, Segregation of Duties (SoD), Physical
security, and adherence to defined Backup strategy, Authentication/Authorization/Identification,
Auditing etc.
• Establish, maintain, or –test call trees to ensure appropriate communication during
disaster.
• Identify opportunities for strategic improvement or mitigation of business interruption
and other risks caused by business, regulatory, or industry- specific change initiatives.
• Interpret government regulations and applicable codes to ensure compliance.
• Review existing disaster recovery, crisis management, or business continuity plans.
• Write reports to summarize testing activities, including descriptions of goals, planning,
scheduling, execution, results, analysis, conclusions, and recommendations.
• Design or implement products and services to mitigate risk or facilitate use of
technology- based tools and methods. Prepare reports summarizing operational results,
financial performance, or accomplishments of specified objectives, goals, or plans.
• Develop disaster recovery plan for physical locations with critical assets such as data
centers.
• Maintain and update organization information technology applications and network
systems blueprints.
INDUSTRY CERTIFICATION;
CISA- In Progress.
Education:
St. Anthony Information Technology School, Jan 2001-Dec2002
B.S., Biochemistry, Adekunle Ajasin University, Nigeria, 2006
Texan Software Solution, Dallas, TX
Business Analysis, Feb 2012- May 2012
Tarrant County College Arlington, TX
Information Technology, Aug 2012- Present
Xigma Consulting Inc., Dallas, TX
I.T Auditing and Controls Dec. 2011- Apr 2012
Contact this candidate