JAMES FASAWE, CISA
Washington, DC *****
E-MAIL: ad1638@r.postjobfree.com
PHONE: 240-***-****
LinkedIn: www.linkedin.com/in/james-fasawe-cisa-99a538246/
INFORMATION TECHNOLOGY AUDITOR/ I.T CCOMPLIANCE ANALYST
PROFILE
IT Compliance Analyst / IT Auditor with expertise in risk and compliance IT frameworks, including COSO, COBIT, Sarbanes-Oxley Act, SSAE 18, ITIL,PII, PCI-DSS, HIPAA,FISCAM, ISO 27001, Nist cybersecurity framework. Proven track record in conducting risk-based audits, assess controls, and providing valuable recommendations. Skilled in Risk management, I.T compliance analyst, RFP security assessment review analyst, change management / access control and policy adherence.
QUALIFICATION HIGHLIGHTS
• IT Regulatory compliance analyst. IT risk and vulnerability manager.
• Extensive experience in all audit stages, from planning to reporting, including control testing and follow-up.
• Identity Access Management / Access review and authorization procedures.
• Strong understanding of control frameworks such as SAP GRC, COBIT, COSO
• Perform Sarbanes-Oxley Act (SOX) compliance and SOC reports.
• Excellent skills in MS Office, Word, Excel, Outlook, ServiceNow, OneTrust, Confluence, PowerPoint, and information /data analysis.
• Proven project manager, teamwork, and leadership capabilities, delivering value to clients.
• Analytical thinker with exceptional communication and report writing skills.
PROFESSIONAL EXPERIENCE:
VERTEX INC 1/2023 - Present
I.T COMPLIANCE ANALYST / RFP ANALYST
• Collaborate with various departments to provide advice / assistance on risk and IT compliance related issues.
• Perform IT Security, data and Privacy Controls Assessments using NIST Framework.
• Evaluate Third party /vendor Risk assessment policy and standardized information gathering (SIG) assessment review.
• Monitor, approve, assign and categorize change requests through ServiceNow and other tools.
• Respond to vendor questionnaires regarding security controls, Risk assessment, Data and Personal information privacy policies.
• Perform IT general controls and application controls reviews and monitor segregation of duties.
• Assess the effectiveness of security controls to determine if controls are properly designed and operating effectively.
• Review and execute system and organization controls (SOC compliance audits).
• Review and assisted in remediating penetration testing vulnerabilities.
• In depth knowledge of performing assessment of IT General Controls (ITGC) such as access Control, Change management and IT operations.
• Monitor and review SIEM tools and assist in vulnerability remediation.
• Evaluate data integrity controls and PII privacy standards review.
• Assist in the preparation of IT reports and documentation for compliance activities and governance.
• Ensure that security improvement actions are evaluated, validated and implemented as required.
JP MORGAN 12/2021 - 12/2022
IT AUDITOR
• Performed assessment of IT General Controls (ITGC) such as Access Control, Change management, IT operations, Disaster recovery and Job Scheduling..
• Communicated audit findings and presented recommendations for improvement of data integrity and operations to the auditee.
• Perform Sarbanes-Oxley (SOX) and PCI DSS compliance audits, utilizing frameworks.
• Provide IT security support and evaluation to development teams in order to integrate information security throughout the System Life Cycle Development of major and minor application releases.
• Conducted risk assessments and participated in IT controls assessments.
• Document deficiencies, developed recommendations, and prepared audit reports.
• Participated in SAP Transaction Code testing for security and access management.
• Monitor and categorize change requests through ServiceNow and other tools.
UPS 03/2018 - 11/2021
RISK ANALYST / IT AUDIT ANALYST
• Assesses the level of risk, develop and recommend appropriate mitigation counter measures in operational and non-operational situations.
• Assessed IT General Controls (ITGCs) including Access Control, Change Management, and more.
• Reviewed and approved Requests for Proposals (RFPs) and proposal documents.
• Ensure compliance from internal and external perspectives, conducts assessment of threats and vulnerabilities.
• Ensure that security improvement actions are evaluated, validated and implemented as required.
• Collaborated and provide input to the risk management framework.
• Evaluated Change Management Control processes, Disaster Recovery Plans, and Business Continuity Plans.
• contribute to the maintenance of accurate and up to date records related to risk management and compliance activities.
CREST CONSULTING 06/2017 - 02/2018
IT AUDITOR / COMPLIANCE ANALYST
• Participate in the design and execution of compliance training programs for employees to enhance awareness and understanding social engineering attacks.
• Developed audit plans and programs, and executed IT audit projects.
• Review internal policies, laws, and regulations for compliance.
• Assess the level of risk, develop and recommend appropriate mitigation counter measures operational and non-operational situations.
• Communicate with external auditors on general I.T controls.
•Assist in the preparation of reports and documentation for management and compliance activities.
• Evaluate Change Management Control processes and Disaster Recovery Plans.
EDUCATION & CERTIFICATION
MS in progress University of Maryland Global campus, Maryland
Bachelor of Technology Federal University of Technology, NGR
Certified Information Systems Auditor (CISA) ISACA
COMPUTER SKILLS: Microsoft Word, Excel, ServiceNow, Salesforce,Confluence, OneTrust,
SharePoint, SAP, UNIX, Mainframe, Windows
PROFESSIONAL AFFILIATIONS: ISACA, Institute of Internal Auditors