Information Technology Access Management
Resume:
BIODUN ERINLE
Washington DC *****
Email: - ad0cja@r.postjobfree.com / Tel:- 240-***-****
SUMMARY
A Certified IT Audit professional and Financial Analyst with experience in conducting Risk Assessments, Audit Engagements, Testing Information Technology Controls, Developing Security Policy Procedures & Guidelines, with experience in applicable standard and frameworks, GDPR, SOX, SSAE18/SOC, PCI-DSS & ISO 27001/2.
SKILLS
Extensive background in all stages of audits, including planning; study, evaluation, and testing of controls; reporting; and follow-up.
ITGC · Access Control, Identity & Access Management (IAM)
Payment Card Industry Data Security Standard (PCI DSS)
ISO 27001 Lead Auditor · COSO · COBIT · SOC 1 · SOC 2 · Sarbanes-Oxley Act · Segregation of Duties
Financial Consulting
Organizational Management Principles
Variance Analysis
Expense and Revenue Analysis
Financial Modeling
Test Plans and Test Methodologies
EDUCATION AND CERTIFICATIONS
Olabisi Onabanjo University (NGR), Bachelor of Science in Economics
Chartered Institute of Management Accountants (CIMA) - CIMA (UK): Adv Dip in Management Accounting: Management Accounting
Institute of Chartered Accountants of Nigeria - ICAN (NGR): Associate Chartered Accountants (ACA): Accounting
Certified Information Systems Auditor (CISA): Auditing: ISACA - Cert No. 221733242
Project Management Professional (PMP): Project Management: Project Management Institute - Cert NO. 3251159
EXPERIENCE
TXPOINT CONSULTING, WASHINGTON DC. 03/2020- CURRENT
SENIOR IT AUDITOR
Review IT General Controls (ITGC) on various applications, Infrastructure, and other primary controls to identify deficiencies in their design and operating effectiveness of controls and provide appropriate recommendations.
Conduct internal SOX and PCI DSS annual audit readiness, Test of Segregation of Duties (SOD), SOC, and SSAE 18 review using COSO and COBIT frameworks, and communicated with the company's external auditors on IT general controls related matters and SOX test procedures.
Assist in the implementation and compliance review of Industry standards COBITS, NIST Framework, ISO or ITIL and HIPAA compliance.
Conduct or assist with internal security assessments, provide recommendations to mitigate risks, and manage resulting corrective action plans and projects.
Conduct technical risk assessments, privacy assessments and information security reviews on internal systems, applications and platforms providing security remediation advice and training to technical personnel.
Conduct general information technology processes of change management, recovery management, configuration management, operation management, risk management and testing of ITAC/ITGC controls.
Conduct Pre- and Post-System Development Life Cycle (SDLC) implementation review to evaluate design appropriateness and operating effectiveness of control.
Conducted automated audit control testing in general information technology environments such as SAP/ERP, ServiceNow, PeopleSoft, Hyperion, Oracle Financial.
Prepared Plan of Action and Milestones (POA&M) with identified weaknesses and suspense dates for each IS based on findings and recommendations from the SAR reports.
Review vendor SOC 1 and SOC II reports for appropriate ITGC and assisted applications in their review and analysis of exceptions and client's consideration.
Identified weaknesses of existing control systems and made suggestions for remediation.
Assisted in executing the annual general computer control work SOX 404 compliance effort including performing walkthrough procedures, as needed, testing automated control effectiveness, and reporting test results and interacting external auditors, and updating and maintaining documentation.
Facilitated successful internal and external audits through sound and thorough documentation.
Proficient with NIST SP 800-53 rev 4, 800-37,800-60, 800-115, FIPS 199, NIST SP 800-26
WEALTHYGENE, MD 05/2017 - 02/2020
IT AUDITOR
Tested IT general controls (ITGC), application controls and performed walkthroughs and detailed testing of controls to evaluate the design and operating effectiveness of controls.
Prepared audit scopes, report findings and present recommendations for improving data integrity and operations.
Participated in all phases of IT Audit - Planning, Fieldwork and Follow up using applicable framework.
Executed the day-to-day activities of IT controls assessment for systems including Access controls, Change Management controls and application controls.
Delivered findings, recommendations and follow up the remediation steps for all activities.
Assisted in efforts related to design and execution of IT SOX audit.
Performed IT risk assessments and audits of internal initiatives and critical third party/vendor relationships against criteria descending from industry standard information security frameworks and industry regulations, such as ISO/IEC 27001:2013, NIST SP 800-53, SSAE 18, NIST CSF, FERPA, SOX, PCI-DSS 3.2, and privacy regulations like GDPR and CCPA
Evaluated the design and effectiveness of technology controls throughout the business cycle.
Identified and communicated IT audit findings and mitigation strategies to senior management, technology leaders and the CISO.
Assisted in the development of risk treatment plans to address areas of strategic and tactical IT and information risks in both business operations and technology paradigms.
Assisted with the development and maintenance of information security policies and standards Supported development of and maintenance of an information security compliance and metrics program for consistent management reporting of risks to sensitive information and technology resources across enterprise.
Managed InfoSec programs POA&Ms including advising on remediation efforts Leveraging the existing Governance, Risk, and compliance (GRC) tool, Telos Xacta (or an alternative like CSAM or RSA Archer) to track and reconcile findings from assessments, audits, and vulnerability scans.
Monitored and verified data, investigated anomalies, and intervened on various processes for report generation.
Maintained confidential participant benefit information
Provides management planning and control information by collecting, analyzing, and summarizing participant benefit data and trends.
COZI - BLADENSBURG, MD 01/2016 - 04/2017
SENIOR FINANCIAL ANALYST
Prepared audit scopes, report findings, and presented recommendations about a weakness discovered during an audit project/audit engagement as well as Corrective Action Plan (CAP) and Notice of Findings & Recommendation (NFR)
Performed walkthroughs of controls and evaluated operating effectiveness of controls.
Performed internal and external IT risk assessments; conducted gap analysis against industry standards and provided recommendations on mitigation options.
Analyzed financial data to identify trends, patterns, and strategies.
Verified documented and requested disbursements to facilitate payments.
Improved revenue stream by identifying new areas for growth and development.
Created financial models to assess opportunities.
Utilized statistical, economic and financial principles and techniques to prepare reports and other requests.
Supported projects and analyses to drive consistency and accuracy within financial models.
Established financial policies and procedures to set standards for compliance.
Summarized financial information to clearly relay concepts and drive understanding of non-financial leaders.
Prioritized and expedited assigned work to meet changing business circumstances.
Evaluated financial records for accuracy and conformance to regulations.
Analyzed processes to identify gaps that can improve profit margins and established benchmarks for financial processes.
Tracked current financial data to alert stakeholders in case of deviation.
Provided guidance in buying or selling stocks, making investments, and generating funds.
Studied industry-specific research and available data to predict trends.
Created written reports that enable management teams to make strategic decisions to meet business goals.
Prepared documentation for startups and small businesses to get funding.
PROFESSIONAL MEMBERSHIP
Chartered Institute of Management Accountants (CIMA)
Information Systems Audit and Control Association (ISACA)
Project Management Institute (PMI)
Institute of Chartered Accountants of Nigeria (ICAN)
COMPUTER SKILLS
Microsoft words, Excel, Share Point, Visio, Audit Management System, and Audit Command Language (ACL).
Contact this candidate