Michael Ojo

Houston, Texas 832-***-****

Email: ad1p2x@r.postjobfree.com

Senior IT Auditor

Professional Summary

Proficient IT Compliance with over six years of related experience in information security principles and compliance, internal controls, IT Risk management, IT General, and Application Control Testing. Work performed has included internal control testing (SOX), HIPAA Compliance reviews, walkthrough, audit readiness, follow-up, and test of controls.

Seasoned with firsthand experience in implementing various functions in IT Audit Engagements, Information Security Risk Assessments, Project Management, Project Planning, and Cross-functional Collaborations. Skilled in assessing PCI DSS compliance, identifying non-compliance issues, and implementing remediation measures. Skilled in leveraging technical knowledge in the implementation of productivity tools and sophisticated business tools, including Archer compliance tool, to foster productivity.

I have extensive knowledge of compliance laws, rules, regulations, risks, and typologies, and I am confident in my ability to identify industry best practices and share insights with the teams on a regular basis.

Competencies.

IT Audit Threat Identification Information Security Control Auditing Vulnerability Assessment Technical Skills Operational Risk Strong Communication Skills Knowledge of Relevant Laws and Regulations Project Management Skills Research Skills IT Security Policies Governance, Risk, and Compliance IT Risk Engagement FedRAMP NIST 800-53A NIST CSF ISO 27001 Effective Report Writing Skills Policy Management Audit Reporting Information Security Risk Assessment Information Crosschecking Risk Management Framework Change Management Risk Mitigation Sarbanes-Oxley (SOX) Compliance PCI-DSS ServiceNow Archer Microsoft Office Suite Problem-Solving Skills Cross-functional Collaborations NIST SP 800-37, SP 800-60, SP 800- 53 Rev 4, SP 800-18, SP 800-53A, SP 800-137, SP 800-115

Professional History

Snr. IT Auditor Frontier Inc. CPA & Consultants Sep. 2020 – Present

Participate in Sarbanes-Oxley (SOX) and General IT audits to identify and assess the adequacy of internal controls.

Extract and compile data for audit testing using standard software such as Microsoft Access, Excel, or audit software.

Finalize audit reports, incorporating management responses; communicate audit results and recommendations to IT Management, up to and including the CIO.

Assess, evaluate, and make recommendations regarding the adequacy of the security/ IT controls for the client's environment and business objectives.

Develop policies, procedures, and processes based on audit findings and/ or compliance framework requirements.

Evaluate IT Compliance gaps and work with management to recommend solutions to improve policies, procedures, efficiency of controls by using applicable frameworks, COSO, COBIT, PCI DSS and HIPAA.

Perform audit with IT general controls such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS)

Perform application controls assessment in retail banking and Insurance industry by checking authorization control, interface control, computation control and data validity check.

Evaluate segregation of duties over application security involving the company's ERP systems (PeopleSoft, and Oracle Financials).

Perform the execution and delivery of audit assignments to ensure that business and technology risks are identified, evaluated, and appropriately managed in alignment with the annual audit plan.

Evaluate key information security risks including confidentiality, integrity, and availability of technology components through review of security operational processes, such as vulnerability management, penetration testing, security logging and monitoring, security incident response, and defense in depth strategies.

Crosswalk controls across multiple security compliance frameworks and regulation to foster adoption and identify gaps.

perform risk advisement and remediation follow-up across the organization technology.

Obtain and analyze information for evidence of security violations, deficiencies in internal controls, or lack of compliance with laws.

Prepare work papers to clearly support the audit conclusion in accordance with internal auditing standards.

Communicate the results of audit/projects to ERS leaders and collaborate to develop action plans addressing identified risk/process gaps.

Support PCI assessment activities, in partnership with Information Security team.

Ensure compliance with procedures and policies that protect the assets of the organization.

Assist management in planning and conducting complex IT audit and consulting projects, including the preparation of an objective risk-based assessment and audit approach.

Serve as a technical advisor on IT aspects of financial and operational audits.

Audit IT operations within departments to verify computing controls are designed and operating effectively; prepare and submit clear, concise, and insightful reports.

Conduct IT compliance testing to assess risk, evaluate internal controls, safeguard assets, and analyze IT controls supporting financial reporting and operating procedures.

Review areas identified for improvement by staff and by self, and, in conjunction with IT Compliance management, developed viable business solutions to mitigate the risk.

Demonstrate strong project management and execution skills, including prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.

Collaborate with management and senior leadership to improve internal controls and processes.

Proactively communicate issues with colleagues and obtain agreement on audit findings and practical recommendations with control owners prior to presentation to management.

Utilize a data-first audit approach, technology audit tools, and Computer Assisted Auditing Techniques (CAAT) to perform advanced analysis.

IT Auditor Frontier Inc. CPA & Consultants July 2018 – Sep. 2020

Serves as a project team member in the GRC Implementations, SOX remediation team while identifying the overall IT landscape in relation to the interface controls for the client.

Determined if any controls cover the interface control deficiencies identified and propose new remedies to address the risk identified.

Conducted assessments over different systems to ensure and validate information moving from one system to another is complete and accurate. Performed data analysis to critically analyze and segregate the data to better comprehend and present such information to client management.

Assesses the ITGCs using best practices and audit guidelines incompliance with NIST 800-53, COSO, and COBIT standards.

Performed analysis of information security standards, such as ISO 27001:2013, and ensured the organization's adherence to these standards.

Evaluated effectiveness and adequacy of information security controls.

Auditing principles including audit planning, risk assessments, development of risks and controls matrices, processes and controls design assessments, controls operating effectiveness testing, transactional testing, and reporting activities.

Conducted regular internal audits of IT systems and processes to ensure ongoing compliance, resulting in a 98% success rate in meeting regulatory requirements.

Conducted regular reviews and reporting to assess compliance with security requirements and standards.

Collaborated with cross-functional teams, including IT, Legal, and Cyber Security to ensure alignment with business objectives.

Conducted audits, identified vulnerabilities, recommended remediation measures, and ensured PCI DSS compliance.

Performed IT general control testing in accordance with Sarbanes-Oxley (SOX) requirements.

Worked with process owners and external auditors to manage and execute controls testing.

As an individual contributor, developed audit programs and risk assessments, and subsequently conducted testing for IT-related audits.

Prepared comprehensive, well-written, audit work papers documenting the test steps performed, audit results and recommendations.

Staff IT Auditor Central Bank of Nigeria Dec. 2016 – July 2018

Conducted audits to assess effectiveness of controls, accuracy of financial systems and efficiency of operations within the Bank.

Prepared comprehensive workpapers for each area audited, including detailed process narratives.

Assisted in summarizing audit exceptions, procedural violations, and internal control weaknesses and makes recommendations to resolve issues.

Assisted the Bank’s independent auditors and regulatory examiners in their respective examinations.

Regularly exercises discretion and judgement in the performance of essential job functions.

Developed recommendations for audit findings, focusing on strengthening internal controls, quality, and efficiency.

Assisted in annual Sarbanes-Oxley SOX 404 testing including process documentation, testing execution, issue follow-up, and External Audit assistance.

Reviewed and interpreted organizational data, processes, policies, and procedures to assess their effectiveness and compliance with management expectations, regulatory requirements, and leading practices.

Execute audit program steps and documents results in compliance with Internal Audit Department policies and procedures and professional standards.

Carried out assurance and consulting engagements (collectively, audits) designed to add value and improve the effectiveness of the Bank's operations.

Education

BSc Computer Science

Ladoke Akintola University June 2007

MSc Finance

Ladoke Akintola University May 2019

Certifications

ISACA - Certified Information Systems Auditor (CISA)

ISACA - Certified in Risk and Information Systems Control (CRISC)

Contact this candidate