Henry Ikang

Email: ad3bp0@r.postjobfree.com LinkedIn: www.linkedin.com/in/henry-i-29b75b211

Summary

Dedicated Information Technology Auditor with 8 years of progressive experience in conducting Risk Control Self-Assessment (RCSA) engagements for diverse organizations. Proven expertise in operational, financial, internal control, and core technology audits, encompassing risk assessment and management, ITGC, and application controls testing. Adept at leading various IT audit compliance projects, including Sarbanes-Oxley (SOX), HITRUST, and SSAE 16 / SOC reviews, utilizing frameworks such as COSO, COBIT, and FISCAM. Skilled in facilitating RCSA workshops, collaborating with stakeholders, and achieving consistent full-cycle audit closure ahead of deadlines. Equipped with valuable Big 4 experience.

Education and Certifications

Certified Information Systems Auditor (CISA).

Certified in Entrepreneurial Management – Pan-Atlantic University, Nigeria.

BSc in Digital Audio Engineering (Major) and Information Technology (Minor) – Kingdom Audio College, Nigeria (Affiliate of the Audio Engineering Society, USA).

Diploma in Accounting – The Polytechnic, Calabar, Nigeria.

Knowledge, Skills, and Abilities

Security Frameworks and ISMS: ISO 27001/27002/22301, NIST-800-53A, PCI DSS, HIPAA, HITRUST, ITIL, ITGC, COBIT, Regulation SCI, NY DFS

Analytical and Compliance Metric Tools: ACL, IDEA, TraceCSO, KRISP, StandardFusion, RSA Archer

Risk and Control Self-Assessment (RCSA) Lifecycle Audits

Network Technology: Windows, UNIX/Linux OSes, Active Directory, Firewalls, Routers

Working knowledge of Cloud Computing

Business Process Mapping: Visio, Aris

GRC Tools: ServiceNow, Archer, SAP, TeamMate+

Data Reporting: Excel, Power BI, Tableau

Third Party Risk Management (TPRM)

Project Management: Working under pressure, meeting deadlines.

Knowledge of Generally Accepted Accounting Principles (GAAP).

Possession of designated level of professional skill and/or knowledge in assigned area(s), and the ability to keep current with developments and trends.

Professional Experience

Robert Half (Client: Norwegian Cruise Line)

Senior IT Auditor/ SOX Analyst September 2023 – January 2023

Conducted a roll-forward SOX audit of key business applications and ITGCs in Access Management and Change Management.

Assisted in facilitating User Access Review (UAR) with IT Compliance.

Participated in meetings with PwC to understand process changes among key SOX controls especially after migration to AWS. PwC relied on my team’s documentation for regulatory compliance.

Met with vendors (3rd party) to verify product/service information, as well as confirm that level of access aligned with agreed policies and standards.

Reviewed Key Spreadsheet Reports (KSRs) for financial reporting.

Used ServiceNow to verify CHG and INC tickets as supporting documentation for SOX testing.

Working knowledge of server migration from on-prem to AWS (cloud).

Working knowledge of SOXHUB/AuditBoard.

Apex Systems (Client: Santander Bank)

Senior IT Auditor/ SOC Analyst June 2022 - July 2023

Led end-to-end walkthroughs, reviewed supporting documentation for control design, pulled evidence out of ServiceNow, and performed SOC 2 – Type 1 & 2 audits on key IT processes in Vulnerability Management, Patch Management, Privileged Access Management, and Identity Access Management. Also participated in RCSA process workshops and monitored remediation efforts for controls with self-identified findings.

Performed operating effectiveness test of existing controls.

Performed ISO 27001 Risk Assessment: Participated in the annual RCSA workshops with process owners and effectively mapped risks to internal controls and relevant standards.

Collaborated with Second Line of Defense (SLoD) for risk and control workshops, effective challenges, and adherence testing. Reviewed standards and procedures of in-scope processes with SLoD for NY DFS and other financial regulatory compliance.

Proficiently used Business Continuity in the Cloud (BCiC) portal to conduct ISO 22301 assessment on Business Continuity Management.

Employed KRISP for risk compliance analysis.

Created closure decks and concluded SOC 1/SOC 2 reporting to process owners and other key stakeholders, summarizing the results of each process tested during the year, and discussing remediation efforts where applicable with the stakeholders.

Working knowledge of the GRC tool, Heracles.

Robert Half (Client: NERC)

Senior Internal Auditor May 2022 - June 2022

Performed an Asset Management audit of physical and virtual network devices, servers, and applications.

Visited the data center to take inventory of physical assets and to confirm the status of these devices as described by the control owners.

Created design adequacy and operating effectiveness workpapers from scratch to support testing (Asset Management audit was being conducted with the client for the first time)

Reported test results, observations, and made suggestions in an internal memo.

SSi People (Client: Deloitte)

SOX Auditor/ Risk Assessment Analyst June 2021 - April 2022

Conducted a Regulation SCI audit of Privileged Access Management controls for Credit Suisse.

Coordinated end-to-end walkthroughs covering crucial IT and business processes.

Performed SOX testing of business applications and ITGCs for Visa and First Republic Bank.

Assisted in preparing SOC 1 – types 1&2 reporting.

Applied expertise in Decommissioning, Patch Management, and Production Acceptance risk assessments: Evaluated adequacy of design and operational effectiveness of existing controls (SOC 2 – Type 1 & 2).

Self-served queries into ServiceNow to pull data for testing with verified completeness and accuracy.

Examined asset class controls for Desktop, Business, and Infrastructure applications.

Deep System Solution (Clients: PwC, Ciox Health, N3 Results)

Compliance and SOX Analyst August 2017 - May 2021

Assisted in preparing the annual SOX Compliance Plan for ITGCs and Business Applications

Assisted in developing and maintaining information security policies and procedures.

Responsible for ensuring that regulatory compliance controls and other relevant information were updated, accurate, and complete in the SharePoint folder.

Managed all phases of audits: risk assessment workshops, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation.

Attended follow-up meetings on remediation plans for self-identified findings to ensure full compliance and timeliness within the mitigation period. Kept record of RP extensions where necessary.

Collaborated with Second Line of Defense (SLoD) for re-performance testing, ensuring procedural and regulatory compliance.

Performed SOC 1/2 – Types I & II, encompassing comprehensive risk-based assessments.

Aligned audit activities with standards such as HIPAA, PCI DSS, and NIST Cybersecurity Framework. Also reviewed audit methodologies and procedures of client for compliance and smarter testing.

Conducted Identity Access Management controls testing.

Suggested duplicative controls which shared similar evidence to be merged, or that the “less key” control be archived or downgraded to a standard control.

Elevated significant risk and loss exposures to appropriate management tiers.

Reviewed critical technology areas including operating systems, networks, application processing environments, and information/cybersecurity.

Contact this candidate