DAVID AKINLAJA, ITILv*, CISA

IT AUDITOR

Dallas, TX.

Tel: 817-***-**** Email: acx4dm@r.postjobfree.com

PROFESSIONAL EXPERIENCE

Santander Consumer USA June 2016 – Date

GRC Analyst III (Risk analyst)

Ensures all IT policy and procedures are documented and updated according to SCUSA regulatory standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository / system of record up-to-date as defined by the IT Governance program

Reviews IT artifacts for completeness and satisfaction for the delivery of quality services regarding important issues /priorities, and deadline-sensitive information

Identify key risk indicators, and employ risk management metrics in alignment with the set risk appetite

Identify and evaluate root cause analysis, prepare metrics report and meet with management for remediation

Engages with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs

Analyzes business problems using software, analytical tools and techniques, business process and technical knowledge and to general common sense formulate solutions

Maintains all versions and version control for all IT GRC program documentation and pipeline with a thorough understanding of the processes and communicates the status

Coordinates various eGRC repository system improvement projects and activities to enhance the system of record and maintain effective process controls

Organizes and leads IT GRC-related meetings and prepares meeting agendas

Develops and maintains risk register and designs self-assessments to help identify risks

Assist with issues management and follow-up on risk events

Prioritize compliance risks and ensure they are mitigated to the appropriate level

HP (Hewlett – Packard), USA Feb 2015 – Dec 2015

Cyber Security & Risk management Consultant (Telecommute)

Create a system security plan for HP’s top 200 applications using eRisk Manager (an Archer eGRC tool)

Register new systems; Guide and assist the business with audit prep

Update and maintain eGRC application with system identification, owner/contact information, status, general description/purpose, system security plans, applicable compliance, etc.

Provide reporting/metrics on inventory of systems and status of security plan’s for all.

Review network diagrams for proper labeling and completeness.

Document application security controls.

Contact perspective internal teams to assist in determining level of interaction with other systems.

Determine which regulatory and/or compliance requirements apply to the specific system.

Work with HIPAA and PCI teams to scope assessments and update system security plans.

Recommended an Industry best practice in the areas of User Access, SOD and Change management.

Ensures information security assessments, vulnerability scans and internal penetration testing are performed to ensure that information systems are adequately protected to meet security requirements.

Identify major applications and supporting systems/applications.

Coordinates and executes projects and ensured security risks/vulnerabilities are identified, communicated and remediated.

Ensure that information systems are adequately protected to meet security requirements.

Notify the System Security Plan Manager when plans are ready for review.

Inform business members of applicable responsibilities under HIPAA, PCI, SOX, etc.

Assists in maintaining SharePoint repository for policies and procedures, SLAs and other compliance or technology documentations.

Schedule and Preside over various skype meeting sessions

Meet with plan owners and SMEs across the globe (US, ASIA, EUROPE, et al) to deliberate on mitigating the identified risks

Recommended process improvements and possible remedy to security issues.

Aviall (a Boeing Company) May 2014 – Nov 2014

Sr IT Compliance Auditor Irving, TX.

Plans, manages and executes the ITGC audit functions using ISO 27001 audit guidelines.

Reviews and tests other important IT controls such as incident management, change management, segregation of duties, data integrity, etc.

Performs 100% users’ review within SAP to ascertain proper authorization and segregation of duties.

Executed different transaction codes such as SUIM, SA 38, SE 16, SCC4 within SAP environment, for audit purpose.

Execute various T-codes and authorization objects for Audit and Compliance purpose within SAP system.

Recommended an Industry best practice in the areas of User Access, SOD and Change management.

Perform a review of Aviall Network controls as relating to LAN, WAN, Firewalls, Routers, Switches, etc

Ensures information security assessments, vulnerability scans and internal penetration testing are performed to ensure that information systems are adequately protected to meet security requirements.

Evaluates the adequacy of the key controls in UNIX operating system, and also in Applications – SAP, Lawson etc.

Coordinates and executes projects and ensured security risks/vulnerabilities are identified, communicated and remediated.

Reviews Aviall disaster recovery document – DR plan, Business Impact Analysis (BIA), annual testing, site adequacy, etc., to validate disaster recovery readiness.

Works with Boeing Auditors and external auditors from Deloitte, to remediate audit findings/exceptions

Assists management in the identification and assessment of technology related risks in compliance with the SOX 404.

Reviews IT controls in compliance with the Payment Card Industry Data Standard Security policy (PCI DSS v 3.0).

Spectra Energy Nov 2013 – Apr 2014

Senior IT Audit Consultant (contract) Houston, TX.

Planned, managed and executed the ITGC audit functions using best practice audit guidelines in compliance with COSO and COBIT Standards.

Established IT compliance framework covering IT platform applications, processes and procedures to ensure compliance with industry standards and best practices.

Evaluated the adequacy of the key controls operating systems (UNIX & Windows) and also in Spectra Energy’s ERP applications - HYPERION, SAP, ORACLE FINANCIALS, LINK, CORPTAX

Reviewed and tested users’ access control – physical access relating to server room or data center, and logical access control relating various applications, operating systems, database, networks and Active Directory.

Reviewed and tested other important IT controls such as incident management, change management, segregation of duties, data integrity, etc.

Reviewed organizational IT policies, standards, procedures and provides advice on their adequacy, accuracy and compliance with government guidelines and regulatory requirements.

Executed different transaction codes such as SUIM, SA 38, SE 16, SCC4 within SAP environment, for audit purpose.

Recommended process improvements on vulnerabilities tracking and possible remedy to security issues.

Worked closely with management (IT Directors, Managers, etc.); over IT audit findings, compliance issues, recommendations, management’s response and implementation.

Assists management in the identification and assessment of technology related risks in compliance with the SOX 404.

Chesapeake Nov 2011 – Nov 2013

Sr IT Compliance Auditor Oklahoma City, OK.

Plans, manages and executes the ITGC audit functions using ISO 27001/2 audit guidelines.

Performed integrated Audit using Archer (an eGRC audit tool)

Reviews and tests other important IT controls such as incident management, change management, segregation of duties, data integrity, etc.

Evaluates the adequacy of the key controls in UNIX operating system, and also in Applications – SAP, Enersia, Artesia, Phire, Cherwell, Hyperion, PeopleSoft, etc.

Performs 100% users’ review within Artesia and Enersia applications to ascertain proper authorization and segregation of duties.

Works with Chesapeake Internal Audit and external auditors from PWC to remediate audit findings/exceptions.

Ensures information security assessments, vulnerability scans and internal penetration testing are performed to ensure that information systems are adequately protected to meet security requirements.

Reviews Chesapeake Energy’s disaster recovery document – DR plan, Business Impact Analysis (BIA), annual testing, site adequacy, etc., to validate disaster recovery readiness.

Assists in maintaining SharePoint repository for policies and procedures, SLAs and other compliance or technology documentations.

Assists management in the identification and assessment of technology related risks in compliance with the SOX 404.

Reports on the adequacy of risk-based controls; evaluating technology and business related controls for integrated Prepared documentation/report of audit and communicate exceptions to the management

Xigma Consulting Oct 2007–Oct 2011

IT Auditor (Lead) Dallas, TX.

Participated in audit engagements at different client site from different industries like Financial, Manufacturing, Airline and Health care industry.

Planned, managed and executed the IT audit functions using best practice audit guidelines.

Performed audit in compliance with COSO, COBIT, ISO and SANS standards.

Prepared audit programs for review by managers and evaluating results and findings upon completion of audit

Performed SOX 404 and SSAE 16 audit (formerly SAS70)

Reviewed/ Assessed IT controls in compliance with the Payment Card Industry Data Standard Security (PCI DSS 1.2.1 & 2.0) policy.

Reviewed/ Assessed IT controls in compliance with the HIPAA, NIST, FFIEC and other industry standard policy.

Perform audit using tools such as Archer and TeamMate

Functioned as a Lead/Senior Auditor

EDUCATION/ CERTIFICATION

Bachelor of Science in Physics July, 2006

Obafemi Awolowo University, Nigeria

CISA (Certified) Dec, 2014

Reference will be provided upon request

Contact this candidate