MICHEAL D. OVUEDE

IT Auditor Risk Management & Controls Specialist GRC

346-***-****

Personal Summary

ad3l1f@r.postjobfree.com

A senior GRC Professional/IT auditor with years of experience in planning and executing end-to-end IT Audit engagements, Risk Management and development of security policies. I have strong expertise in SOX ITGC testing, SOC reporting, and ISO 27001 audits to ensure compliance with industry standards and best practices. I have gained relevant knowledge in testing IT Internal Controls over financial reporting (ICFR) and Security Compliance review, Risk Assessment, Project Management, and stakeholder management

Houston, TX

Micheal Ovuede

Certification & Training

Tools, Frameworks & Techniques

CISA (Certified)

CRISC (Certified)

CISM (Certified)

CompTIA Security+

Cisco CCENT

Risk Control Self-Assessment

OneTrust GRC Administration

KnowBe4, OneTrust GRC

Microsoft Excel, Word

Database Management (Oracle, MSSQL, MySQL)

Security Controls Testing

Stakeholder Management

Active Directory

JIRA ServiceDesk

AuditBoard

IT Audit Reporting

Team Building

Auditing

Antivirus Solutions

ISO 27001/2, NIST-CSF, GDPR,

HIPAA, SOC 2, CIS CSC, COBIT 5

ITGC, ITAC & ELC

Internal Control Testing

Risk Documentation

Vulnerability Scanning

RiskRhino

Work Experience

Consultant, IT Audit and GRC Dec. 2021 – Present

Cigna – United States (Contract)

Supported GRC operations by assessing third-party risks, assisting with ISO 27001 Implementation and other compliance activities.

Maintained a comprehensive global security risk register, identifying and evaluating potential risks and their impact on our operations.

Conducted assessments of third-party vendors and partners to ensure they met organisational security and compliance standards.

Supported the development and maintenance of security related policies.

Collaborated with business customers to translate information security risks and requirements into business terms.

Facilitated risk discussions, provided guidance, and promoted risk-aware decision-making to management.

Independently reviewed contractual agreements and requirements related to information security and information technology-related compliance. Identified gaps and developed strategies to meet contractual obligations.

Supported the implementation and maintenance of a global GRC framework and tool.

Conducted risk assessments to identify, evaluate, and prioritize information security risks. Developed risk mitigation strategies and worked with stakeholders to implement controls and measures.

Led the SOX (Sarbanes-Oxley) 404 audit's IT control section, which includes the ITGCs (IT General Controls), ITACs (IT Application Controls), and IPEs (Information Produced by the Entity).

Performed IT audit reviews to identify risks and WCGWs, tested IT Application Controls and ITGCs, and evaluating the operating effectiveness of controls implemented within the IT control environment.

IT Auditor, GRC Analyst Jul. 2017 to Aug. 2021

United Apartment Group – United States

Supported the development, implementation, and monitoring of data confidentiality, system integrity, system reliability, recovery methods and procedures.

Utilized the risk assessment process to continuously detect new internal and external risks, vulnerabilities, and apply the results to produce recommendations for mitigating control.

Consulted with systems technology staff members, business unit staff and provided guidance in the definition of the appropriate security architecture and technical requirements necessary to address information security needs.

Created and disseminated a PCI Best Practice Manual and built a PCI database to track and report on all the in-scope departments.

Designed third-party risk management playbooks and procedures to implement management approved policies on contracting and vendor engagement with the organisation.

Coordinated with Control owners and external auditors to guarantee that all SOX documentation, including narratives, risk control matrices, and process diagrams, is reliable and up to date.

Effectively tested management controls covering User Access Reviews, Privilege access management, Access Administration (Joiners, Movers, and leavers), User Identification and Authentication, Change management and Segregation of Duties (SOD), Job Processing, Backup and Disaster Recovery, Incident management, Data Security controls and IT Automated Controls.

Coordinated SOX IT Audit review covering access to programs and data, change management, program development and computer operations, and tested SOX IT controls through review of entity-level controls (ELC), IT Application controls (ITAC) and IT General Control (ITGC).

IT Auditor, Risk & Control Analyst Nov. 2016 to Apr. 2017

SafePro Services – United Kingdom

Leveraged security compliance such as NIST, ISO, and CSA CCM requirements to deliver on risk management and security assessment program and treat risks through controls design and implement.

Verified control design and test approaches to ensure appropriateness and risks are identified and prepared clear, concise, and consistent documentation to adequately support all controls, testing, conclusions, and findings.

Presented audit findings to various management levels (from business unit to enterprise-level), along with any concerns and suggestions for improvement or appropriate measures as needed.

Reviewed financial resources to evaluate internal controls over faculty incentives and merit-based fringe benefits which are processed and paid in accordance with departmental plans, state salary caps, and University rules and regulations.

Established incident response playbooks in alignment with the incident response plan, and benchmarking Information Security Policy with frameworks e.g., ISO 27001, SOC 2, CIS CSC, NIST and HITRUST.

Planned and executed independent security audits and assessment to evaluate risk mitigation measures and control effectiveness.

Performed internal audit reviews related to IT controls testing, information security compliance evaluation, systems post-implementation review, and controls related to IT governance, management, and operations.

IT Service Desk Specialist Aug. 2015 to Oct. 2016

Amazon Energy – Lagos, Nigeria

Provided first point of contact for system related issues or queries that come into the helpdesk via different channels (e.g., email)

Supported installation of bespoke applications and hardware on client computer systems.

Created new user accounts on Active Directory and Exchange servers.

Managed the build, administration, distribution, and support of devices ensuring that all asset lists are accurate.

Ensured all support calls are answered and correctly logged in accordance with policies and procedures.

Logged call details onto call management and ticketing systems such as Remedy, ITSM.

Analysed service requests and progress them to the next stage following company policy and processes.

Prioritized incidents based on impact and Service level Agreements.

Customer Relationship Analyst Nov. 2013 to May. 2015

Power Holding Company of Nigeria (PHCN) – Lagos, Nigeria

Engaged and managed existing and potentials clients while promptly responding to all enquiries, to reduce turn-around-time, increase customer satisfaction, retention, and brand recognition.

Provided personalized service to all clients and responded to requests and queries.

Escalating queries where necessary and contributing towards the overall sales performance of the store.

Keeping accurate and up to date records of interactions with customer accounts.

Reviewed the SLAs with clients and ensures KPI alignment that affects the customer service delivery.

Created positive working relationships with other department sales and operations.

Worked with customer service delivery team and Account Team to prioritize and plan customer engagements and programs, driving outcomes to improve the performance, and business capabilities of the prioritized workloads.

Enabled successful roll-out of the firm’s product/service to large enterprise customers and multinationals, including sharing and developing relevant creative assets.

Academic Background

Western Delta University, Nigeria

Bachelor of Science

References

Available on Request

Contact this candidate