OBED ODONKOR

Jessup, Maryland. ***** Tel. 301-***-****

Email: ad2mb5@r.postjobfree.com

Career Objective:

Detailed-oriented IT Auditor/ Security Analyst with over 7 years of experience performing audits using SOX, COBIT, SSAE 18 /SOC, HIPPA, ISO, PCI, FISCAM, FISMA, and NIST publications. An accomplished and focused professional with a diverse skill set, which encompasses Audits and Review, systems security and risk management, security controls assessment and testing, audit support, and security metrics and documentation development.

Core Proficiencies:

Perform Comprehensive security control assessment and write a review of management, operational, and technical security control for audited applications and information systems.

Experience performing ITGC and application control testing.

Experience in Risk Management Framework (RMF) processes.

Develop and support the Assessment and Authorization (A&A) security processes, packages, and documents per Information Assurance (IA) Controls and obtain authorization to operate the system.

Develop/ Review System Security Plan, Security Assessment Report, Privacy Impact Analysis and Contingency plan.

Development and management of Plan of action and milestone (POA&M).

Risk assessment and mitigation.

Working knowledge of NIST publications including 800-53 and 53A, SP 800-37, FIPS 199, SP 800-60, SP 800-30, 63, 64,137, FIPS 140,199, 200 and FEDRAMP, etc.

Experience with ISO 2700, 27001, HIPPA, PCI SSD FISCAM, FISMA, and Sans-20 security controls.

Information Assurance, System Development Life Cycle (SDLC), and Security testing.

Review vulnerability scan results and ensure risks are assessed and evaluated.

Computer Skills:

Experience working with MS Office Suite, ACL, IDEA, MS SharePoint, Power BI, SQL Database, Azure DevOps Splunk, XACTA, Nessus, EnCase, Wireshark, Snort, Teammate, CSAM, ServiceNow, and RSA Archer.

Education:

University of Maryland Global Campus,

Master of Science

Information Technology – Information Assurance

University of Education, Winneba - Ghana

Bachelor of Arts

Certifications:

CISA

CompTIA Security+

Certified Authorization Professional (CAP)

CISSP – In progress

Work Experience:

IT Auditor

General Motors, Detroit, MI. - (Fasttek Global) April 2021 - Present

Execute risk-based audit and test ITGC and application controls using SOX, COSO, COBIT, HIPPA, PCI DSS, ISO, SSAE18, FISCAM, FISMA, NIST 800-53, and cyber security frameworks.

Conduct walkthroughs and detail testing of Information Technology General Control (ITGC) and application controls such as access control, change management, IT operations, disaster recovery, and platform reviews (Windows and UNIX OS).

Examine the design and operating effectiveness of security controls within IT systems based on agreed scoping and test plans to determine if controls are implemented correctly, operating as intended, and meeting security requirements, using the three basic methods of assessment - Examine, Interview, and Test (EIT).

Conduct SOX and PCI DSS Compliance audits in compliance with regulatory requirements.

Execute various categories of IT audit projects including infrastructure testing and pre-implementation reviews.

Assist in the development and review of service auditor reports (SOC 1, 2 & 3) for compliance.

Led the team to develop detailed test steps, and audit programs, and perform all stages of the audit, including planning; fieldwork/execution; reporting; and follow-up.

Prepare audit reports detailing results of audits, documented control weaknesses, and related testing exceptions, and provide written recommendations for noted exceptions.

Engage with external auditors and consultants in facilitating the testing process; ensure efforts are not duplicated.

Prepare audit documentation including test plans, testing procedures, scope documents, flow charts, narratives, risk control matrices, documenting test results in the SAR, and audit reports.

Updated Provided by Client (PBC)/ request lists, Issues Logs including Observations/Exceptions list, drafted audit findings and reports for manager’s review.

Prepare, supervise, and track remediation activities in the Plan of Action and Milestones (POA&M)/ Management Action Plan (MAP) to Support remediation of security weaknesses discovered to mitigate vulnerabilities found in systems for closure.

Performed risk assessments regularly and ensured measures raised in assessments were implemented following the risk profile, and root causes of risks were fully addressed.

Develop, Review, and update system security plans (SSP), risk assessment reports (RAR), Contingency plans, policy and procedure documentation, security control assessment plans (SCAP), change control procedures, plan of actions and milestones (POA&M), and remediation plans.

IT Sox Auditor/ Risk and Compliance Analyst

Baldwin Risk Partners (BRP) Tampa, Florida. – (MSI), Oct. 2019 – March 2021

Performed Comprehensive security control assessment at Millennial Specialty Insurance (MSI) and wrote a review of management, operational, and technical security control for audited applications and information systems.

Reviewed Technical Security Controls and provided implementation responses as to if/how the Systems are currently meeting the requirements.

Conducted audit readiness to reduce control weaknesses.

Examine the design and operating effectiveness of security/ SOX controls within IT systems and Ensure customers are complying with security policies and procedures.

Develop test plan, and testing procedures and document test results/ findings in the security assessment report (SAR) and make recommendations for noted exceptions.

Perform risk assessments regularly; ensure measures raised in assessments were implemented per the risk profile, and root causes of risks are fully addressed following NIST 800-30 and NIST 800-37.

Prepared, supervised, and tracked remediation activities in the Plan of Action and Milestones (POA&M)/ Management Action Plan (MAP) to Support remediation to mitigate vulnerabilities through the review of POA&M with identified weaknesses, timelines, milestones, and point of contact for each IS based on findings and recommendations from the SAR for closure.

Responsible for reviewing and updating/editing security documents (i.e., Security Plans, RTM, SAR, Contingency Plan, Contingency Plan Test, Risk Assessment, etc.)

Conduct reviews of various security scan reports from Nessus, WebInspect, and Splunk tools and document findings in the vulnerability assessment reports.

IT Auditor/ Security Analyst

Lambda IT Consult, Burlington, MA Sept. 2016 – Oct. 2019

Tested the Information Technology General Control (ITGC) and application controls using FISCAM, FISMA, SOX, COSO, COBIT, SSAE18, and NIST 800-53.

Assisted with walkthroughs and detailed testing of controls to examine the design and operating effectiveness of control within the IT system based on agreed scoping and test plans.

Performed risk-based audits with IT general controls (ITGC) such as access control, change management, IT operations, disaster recovery, and platform reviews (Windows and UNIX OS).

Conducted general computer and application control reviews per GAO’s FISCAM methodology.

Prepare audit documentation including scope documents, flow charts, narratives, risk control matrices, test results, and audit reports.

Determined security controls effectiveness i.e., controls implemented correctly, operating as intended, and meeting security requirements, using the three basic methods of assessment - examine, interview, and test.

Prepared audit reports detailing the results of audits and delivered written recommendations.

Updated provided by the client (PBC) lists, issues logs including observations/exceptions lists, drafted audit findings, and reports, for manager’s review.

Performed SOC 1, 2, and 3 and reviewed SOC 1 Type 2 report. Executed PCI DSS and HIPAA audits to ensure compliance.

Worked with SOX, ISO, HIPAA, and COSO team members in determining the status of open deficiencies, and remedial action plans, and adjusting the plan accordingly.

Reviewed System Security Plan (SSP), risk assessment reports (RAR), privacy impact assessments (PIA), policy and procedure documentation, security control assessment plan (SCAP), change control procedures, plan of actions, and milestones (POA&M), and remediation plans.

Prepare, supervise, and track remediation activities in the Plan of Action and Milestones (POA&M)/ Management Action Plan (MAP) to Support remediation to mitigate vulnerabilities through the review of POA&M with identified weaknesses, timelines, milestones, and point of contact for each IS based on findings and recommendations from the SAR for closure.

Review and assemble different authorization packages and manage Assessment and Authorization (A&A) tasks, including FIPS 199 categorization, selection of controls, implementation, testing, security controls testing, ongoing continuous monitoring, and vulnerability assessment.

Ensure customers are complying with security policies and procedures following NIST 800-53 and NIST 800-53A

Contact this candidate