JAMES FASAWE, CISA

Washington, DC *****

E-MAIL: ad1638@r.postjobfree.com

PHONE: 240-***-****

LinkedIn: www.linkedin.com/in/james-fasawe-cisa-99a538246/

INFORMATION TECHNOLOGY AUDITOR/ I.T CCOMPLIANCE ANALYST

PROFILE

IT Compliance Analyst / IT Auditor with expertise in risk and compliance IT frameworks, including COSO, COBIT, Sarbanes-Oxley Act, SSAE 18, ITIL,PII, PCI-DSS, HIPAA,FISCAM, ISO 27001, Nist cybersecurity framework. Proven track record in conducting risk-based audits, assess controls, and providing valuable recommendations. Skilled in Risk management, I.T compliance analyst, RFP security assessment review analyst, change management / access control and policy adherence.

QUALIFICATION HIGHLIGHTS

• IT Regulatory compliance analyst. IT risk and vulnerability manager.

• Extensive experience in all audit stages, from planning to reporting, including control testing and follow-up.

• Identity Access Management / Access review and authorization procedures.

• Strong understanding of control frameworks such as SAP GRC, COBIT, COSO

• Perform Sarbanes-Oxley Act (SOX) compliance and SOC reports.

• Excellent skills in MS Office, Word, Excel, Outlook, ServiceNow, OneTrust, Confluence, PowerPoint, and information /data analysis.

• Proven project manager, teamwork, and leadership capabilities, delivering value to clients.

• Analytical thinker with exceptional communication and report writing skills.

PROFESSIONAL EXPERIENCE:

VERTEX INC 1/2023 - Present

I.T COMPLIANCE ANALYST / RFP ANALYST

• Collaborate with various departments to provide advice / assistance on risk and IT compliance related issues.

• Perform IT Security, data and Privacy Controls Assessments using NIST Framework.

• Evaluate Third party /vendor Risk assessment policy and standardized information gathering (SIG) assessment review.

• Monitor, approve, assign and categorize change requests through ServiceNow and other tools.

• Respond to vendor questionnaires regarding security controls, Risk assessment, Data and Personal information privacy policies.

• Perform IT general controls and application controls reviews and monitor segregation of duties.

• Assess the effectiveness of security controls to determine if controls are properly designed and operating effectively.

• Review and execute system and organization controls (SOC compliance audits).

• Review and assisted in remediating penetration testing vulnerabilities.

• In depth knowledge of performing assessment of IT General Controls (ITGC) such as access Control, Change management and IT operations.

• Monitor and review SIEM tools and assist in vulnerability remediation.

• Evaluate data integrity controls and PII privacy standards review.

• Assist in the preparation of IT reports and documentation for compliance activities and governance.

• Ensure that security improvement actions are evaluated, validated and implemented as required.

JP MORGAN 12/2021 - 12/2022

IT AUDITOR

• Performed assessment of IT General Controls (ITGC) such as Access Control, Change management, IT operations, Disaster recovery and Job Scheduling..

• Communicated audit findings and presented recommendations for improvement of data integrity and operations to the auditee.

• Perform Sarbanes-Oxley (SOX) and PCI DSS compliance audits, utilizing frameworks.

• Provide IT security support and evaluation to development teams in order to integrate information security throughout the System Life Cycle Development of major and minor application releases.

• Conducted risk assessments and participated in IT controls assessments.

• Document deficiencies, developed recommendations, and prepared audit reports.

• Participated in SAP Transaction Code testing for security and access management.

• Monitor and categorize change requests through ServiceNow and other tools.

UPS 03/2018 - 11/2021

RISK ANALYST / IT AUDIT ANALYST

• Assesses the level of risk, develop and recommend appropriate mitigation counter measures in operational and non-operational situations.

• Assessed IT General Controls (ITGCs) including Access Control, Change Management, and more.

• Reviewed and approved Requests for Proposals (RFPs) and proposal documents.

• Ensure compliance from internal and external perspectives, conducts assessment of threats and vulnerabilities.

• Ensure that security improvement actions are evaluated, validated and implemented as required.

• Collaborated and provide input to the risk management framework.

• Evaluated Change Management Control processes, Disaster Recovery Plans, and Business Continuity Plans.

• contribute to the maintenance of accurate and up to date records related to risk management and compliance activities.

CREST CONSULTING 06/2017 - 02/2018

IT AUDITOR / COMPLIANCE ANALYST

• Participate in the design and execution of compliance training programs for employees to enhance awareness and understanding social engineering attacks.

• Developed audit plans and programs, and executed IT audit projects.

• Review internal policies, laws, and regulations for compliance.

• Assess the level of risk, develop and recommend appropriate mitigation counter measures operational and non-operational situations.

• Communicate with external auditors on general I.T controls.

•Assist in the preparation of reports and documentation for management and compliance activities.

• Evaluate Change Management Control processes and Disaster Recovery Plans.

EDUCATION & CERTIFICATION

MS in progress University of Maryland Global campus, Maryland

Bachelor of Technology Federal University of Technology, NGR

Certified Information Systems Auditor (CISA) ISACA

COMPUTER SKILLS: Microsoft Word, Excel, ServiceNow, Salesforce,Confluence, OneTrust,

SharePoint, SAP, UNIX, Mainframe, Windows

PROFESSIONAL AFFILIATIONS: ISACA, Institute of Internal Auditors

Contact this candidate