Ukamaka Martha Ilukwe
• Brooklyn. NY ***** • 347-***-**** • ad1m37@r.postjobfree.com
OBJECTIVE
Accomplished IT auditor and information assurance professional with over 3 years of experience in information systems audit, security controls, risk management, and vulnerability remediation. Highly skilled in working both autonomously and as part of a team, consistently achieving project goals and deadlines. Expert in providing in-depth risk evaluations and pragmatic recommendations by identifying vulnerabilities in financial information systems, while adhering to stringent industry standards and regulatory compliance requirements, ultimately protecting an organization's valuable data and assets.
FUNCTIONAL AREAS OF EXPERTISE
SAS 70/SOC/SSAE 18
IT Infrastructure Audit
FISCAM/FISMA Audit
Financial Statement Audit Support
EU GDPR
SAP System audit
ISO 27001
HIPAA
Audit and Assurance
Access Control and Segregation of Duty
Automatic and Manual controls
Enterprise Risk Management (ERM
Audit Readiness
OMB Circular A-123 Audit
ITGC’s Dependencies
Integrated Audit
Access provisioning and Deprovisioning
Assessment & Authorization
NIST SP 800-53/53A
SAP System Audit and SQL Database
ITGC and IT Dependencies
Risk, threat and fraud detection
EXPERIENCE
IT Auditor Take 2 Consulting Washington, Dc Dec 2021-Present
Conducted comprehensive reviews of information technology general computer controls (ITGCs) surrounding computer operations, change management, logical security, and other areas critical to an organization's IT infrastructure. Reviewed ITGCs through walkthroughs, testing design effectiveness and assessing operational effectiveness of controls.
Reviewed and tested business process controls and IT general controls for SSAE16 reports. Collaborated with clients to identify control objectives, assess risk, plan and execute control testing, and document IT General, Application, and Business Process controls.
Assisted senior and executive management in engagement planning, including budget creation and scheduling. Conducted regular updates to the Information System Security policy, while reporting internal control issues to management and recommending comprehensive solutions to mitigate associated risks.
Managed system audits in a variety of computing platforms, including Windows, and conducted SOC 1 and SOC 2 reporting. Tested and evaluated the effectiveness and adequacy of General Computer controls on the organization's policies and procedures.
Advised and counseled business units' senior management regarding security system development initiation. Collaborated with Governance, Cybersecurity, Risk, and Compliance Frameworks (NIST, ISO 27001, and Critical Security Controls) to develop and implement effective control solutions.
Assisted in IT management by identifying gaps between policy and process, developing recommendations to remediate control weaknesses, and being responsible for developing and maintaining IT control metrics related to compliance activities.
Performed internal audit co-sourcing engagement by working with the internal audit department of the company to identify and test the operating effectiveness of IT General Controls. Prepared work-papers and reported all identified issues to the internal audit department.
Developed and executed comprehensive audit scopes, which involved carefully planning and structuring each audit to ensure that all relevant areas were thoroughly examined. Using a range of techniques, I analyzed data sets and identified areas of potential risk, enabling me to prepare detailed reports that highlighted opportunities for improving data integrity and operational efficiency.
I expertly performed audits by utilizing industry-standard frameworks and guidelines to rigorously test critical technical business processes, including SDLC, logical access controls, change management, and computer operation. My comprehensive analysis uncovered potential vulnerabilities or inefficiencies, allowing me to provide thoughtful recommendations for improving these processes.
Conducted IT risk assessments and developed internal audit project plans for clients using COBIT5 framework. Provided ITGC and application controls documentation, assessment, gap identification, testing, and remediation plans in compliance with Sarbanes-Oxley 404 compliance.
Conducted security assessments and tests, identified vulnerabilities, and recommended solutions to mitigate risks; utilized various tools such as Nessus, Burp Suite, and OpenVAS to identify vulnerabilities; worked with technical teams to implement security controls and remediate vulnerabilities; developed security incident response plans; conducted post-incident reviews.
Conducted security risk assessments, developed compliance frameworks, and managed security incidents; developed compliance frameworks based on industry standards such as NIST, ISO 27001, and CIS Controls; provided guidance to technical teams on implementing security measures to address identified risks and vulnerabilities; worked with stakeholders to develop a risk-based approach to compliance; managed security incidents.
Conducted training sessions to improve security awareness among end-users and stakeholders; developed and maintained security awareness and training programs for employees; conducted regular phishing simulations; worked with stakeholders to develop policies and procedures for onboarding and offboarding employees, contractors, and vendors; conducted regular reviews of access privileges.
Team Lead, Clearing/internal control Wema Bank Plc Lagos, Nigeria May 2015 – Nov. 2021
Plan for audit engagement by creating test plan or audit program from applicable audit framework and tailored to the internal control environment of the client.
Conduct audit readiness of internal audit departments to reduce the number of audit findings before their external auditors arrive to audit their financial statements.
Perform walkthrough of controls to determine if controls are properly designed and detailed testing of multiple samples to determine if the controls designed are consistently and accurately followed for all the transactions processed.
Project Management skills: Ability to use status and budget tracker to track audit engagement and inform both the team leaders and managements on the progress of the project.
Conducted comprehensive testing of IT General Controls (ITGC), IT Application Controls, and Infrastructure components, including databases and operating systems, by leveraging a variety of audit frameworks to ensure robust security, compliance, and optimal performance of the IT environment and transfer platforms used by the branches and clearing department.
Conduct exit meeting with client and senior management to present audit findings with related risk statements and recommendations.
Conduct follow up on Action Items audit findings by reviewing the client’s corrective action plan to determine if the control weaknesses have been corrected.
Act as client audit liaison officer to external auditors by responding to their notice of finding and recommendation.
Supervise and review the work of IT audit staff throughout the audit engagement.
Perform detailed testing on SAP system using relevant transaction codes to test controls such as change management, privileged IT functions, new and terminated users, password settings and other relevant functionalities.
Facilitate control self-assessment by explaining key audit processes to system stakeholders and non-technical staff.
Works closely with the Audit Team Leader to perform/develop the audit planning, scoping, and fieldwork execution strategy and strong Knowledge of internal accounting controls and professional standards and regulations (GAAP, GAAS,) and Review the adequacy of administrative controls; Policies,Procedures,guidelines and standards.
Foreign funds transfer officer Wema Bank Plc Lagos, Nigeria April 2014– May 2015
Transfer of foreign currency to offshore accounts
Review of PTA and BTA documentations for payment and ensuring compliance with the required standard.
Deal with enquiries from both local and international banks on foreign transfer
Issue foreign drafts and ensure payment as soon as they are presented to the receiving bank.
Collated daily transfer swifts to ascertain successful payments on all foreign transfers done for the day and reverse failed payments as it pertains a customer.
Liaise with treasury team on all FX allocations for customers with local accounts who has requested for foreign transfers.
Evaluated source documents to locate information needed for each data entry field.
Organized, sorted and checked input data against original documents.
Authorized all foreign school fees payment.
Customer service Officer Wema Bank Plc Lagos, Nigeria March 2011– April 2015
Conducted inquiries on customer care issues.
Educated customers on products and services that the bank offers.
Facilitated account opening and Data collection.
Followed up with background checks and record keeping as may be required.
Cross-selling of services to clientele
Established good relationship with clients through excellent interpersonal skills.
Support sales representatives inestablishing new relationships with clients and upgrading existing service.
EDUCATION
History and International Studies Enugu, Nigeria. 2003 – 2007
CERTIFICATIONS
Certified Information System Auditor (CISA)
CompTIA Security+ CE
Chartered Institute for IT (BCS)
AFRI hub Universal Mandatory IT Training (Computer Fundamentals)
TECHNICAL SKILLS & TOOLS
Carbon Black, and Crowdstrike
VMware Site Recovery Manager.
The ISO 31000 standard, and the COSO ERM framework
Nessus, OpenVAS, Nmap, Burp Suite, Metasploit, Wireshark
Microsoft Baseline Security Analyzer (MBSA)
encryption software (VeraCrypt, BitLocker)
Galvanize High Bond, Resolver, Netwrix Auditor
Infogix Assure, CaseWare IDEA
The NIST Cybersecurity Frameworks
IT Systems Maintenance
IT Systems Operations
IT Systems Support
Enterprise IT Governance
IT Benefits Realization
IT Governance
IT Governance Framework
IT Governance Principals
IT Resource Optimization
IT Risk Optimization
Strategic IT Management
IT Control Maintenance
IT Risk Assessment