NANA PREMPEH
ad3mgu@r.postjobfree.com
Knowledge and experience in management controls and information systems.
Knowledge and experience with Local Third Risk Management, Business Relationship Managers.
Detailed understanding of International Standards on Auditing (ISA).
Detailed knowledge of Risk identification and Assessment.
Thorough knowledge of Corporate Finance and Root cause analysis.
A clear understanding of independent audit reports (SOX, SOC1, SOC2, ISO Cert, PCI DSS/AOC reports, SCA reports.
Knowledge of the following frameworks/compliance regimes; CIS Controls, NIST, PCI, SOX, CCPA/CPRA, ISO 27001/27002 and GDPR compliance.
General Information Technology Controls (GITC), GDPR, CCPA, NIST.
Financial Planning and Budgeting.
Detailed understanding of IT Audit, Project Auditing, and Accounting.
Attentiveness to detail, ability to manage multiple tasks and meet deadlines.
Abreast with accounting policies and standards (IFRS/US GAAP)
Basic knowledge of internal controls, audit
Data Entry Skills and General Math Skills.
Expertise in financial statement analysis, financial ratios, risk assessment, and account reconciliation.
SKILLS
MS Excel Service Now SAP SAGE ERP
MS Access One Trust IDEA (Data analysis software) BW Analyzer
MS PowerPoint Prevalent E-Audit HighRadius
MS Word True Sites CaseWare
EXPERIENCE
OCTOBER 2020 – TO DATE
SENIOR THIRD PARTY RISK ANALYST, Russell Stover
Assist with various Third-Party Risk Management program initiatives working closely with the Third-Party Risk Management Leads.
Assist in setting strategy to build and manage the client's Third-Party Risk Management Program framework (NIST, GDPR, CCPA), including policy, procedure, tooling, governance, due diligence, ongoing monitoring, reporting, and education & awareness.
Perform risk and control assessments for all third-party service providers to evaluate the effectiveness of the control systems.
Design, implement, and manage risk assessment questionnaires and continuous monitoring strategies to identify and respond to changes to risk posture at third parties and communicate to relationship owners.
Identify and analyze risk and communicate necessary findings.
Monitors and update system alerts to/from third-party relationship owners to ensure that their relationships, contracts, and action plans are current and meet Program requirements.
Strong understanding of Cybersecurity and Risk Control frameworks and their adoption in the Supplier management domain
Experience in Vendor risk management, Outsourcing risk management, Technology Risk, Incident report, system security, Information Security, or an IT Audit role.
Creates, recommends, and facilitates the approval of the Third-Party Risk Management Framework and related policies/standards for the company.
Responsible for all quantitative and qualitative analyses in the appraisal report.
Propose/maintain SOX Framework control changes (i.e., additions/deletions/modifications) and participate in the change management process
Review third-party independent documents (SOX, SOC 1 SOC 2, ISO Cert, PCI AOC report, SCA reports).
Responsible for developing and maintaining the risk-based TPRM processes and methodologies aligned to regulatory and applicable policies, programs, standards, and expectations.
AUGUST 2018 – JAN 2020
THIRD-PARTY RISK ANALYST, Blount International
I performed business analysis to ensure alignment of TPRM functions with overall organizational and enterprise risk frameworks.
Performed Vendor Review requests and understood the vendor entity's environment.
Evaluate the information gathered and its security policies to complete the initial review.
Identified, reviewed, and validated all controls associated with the vendor to ensure data confidentiality.
Proactively identify issues, opportunities, implement positive change, and process improvements
Implementing SOX/Privilege Access controls.
Assist in providing SOX technical research to identify updates, guidance, and interpretation of the regulations.
Performed risk and control assessments for all third-party service providers to evaluate the effectiveness of the control systems.
I Conducted risk assessments based on agreed-upon procedure guidelines.
Reviewed all essential security policies and procedures documentation.
Stay in charge of the TPRM Policy and risk framework for Third Party Arrangements.
Develops Third Party Risk Management standards and tools that align with industry practices and ensure effective processes to identify, measure, manage, monitor, and report on Third Party risks.
Stay informed, gather and relay information related to risk management.
Assist in developing written procedures to ensure the risk assessment compliance manual is appropriately followed.
MAY 2017 – JUNE 2018
SENIOR DATA ANALYST, State Street Corporation
Monitors, reviews, and validates all daily work to ensure accurate, timely calculations and processing.
Coordinates and supervises work efforts when multiple Associates are needed to complete work.
Works with individuals on the teams and client operations to ensure seamless processing according to fund accounting policies.
Accounts for all activity in an accurate and timely manner and maintains all required controls to ensure overall accuracy.
Supports the review and validation of data as needed.
Supports the preparation and review of monthly/quarterly control reports and assists in timely and accurate resolution of discrepancies.
Prepares and verifies information for various projects and special requests that arise
Research and resolved complex exceptions and issues to management as required.
Covers different supervisory functions when necessary and maintains records in support of audits.
Responsible for identifying any unusual or potentially suspicious transaction activity and must report or escalate under corporate policy and guidelines detailed in relevant operating procedures.
Prepared reconciliation for various accounts
manage and balance suspense accounts.
SENIOR ASSOCIATE – AUDIT ASSURANCE AND COMPLIANCE KPMG
Coordinate the planning, risk assessment, testing, and timely completion of audit engagements.
Perform extensive credit Analysis with financial sectors such as banks by reviewing the loans portfolio
Ensure that the audit team works efficiently and effectively to complete the audit in time and avoid budget overruns.
To identify and assess the risks of material misstatement of the financial statements due to fraud.
Implementing SOX/Privilege Access controls.
Analyzing auditor or management reported issues and determining of SOX findings
As an IT auditor, I monitored IT systems to ensure they followed policies and practices.
I evaluate technology, manage staff, identify controls, keep records, and monitor IT systems.
As an IT auditor, I compiled a vast array of data into a coherent report for the audit committee.
Obtain an understanding of the internal controls concerning those assertions subject to fraud and ensure those controls are designed effectively.
To obtain sufficient appropriate audit evidence regarding the assessed risks of material misstatement due to fraud through designing and implementing appropriate responses.
Respond appropriately to fraud or suspected fraud identified during the audit and communicate fraud or suspected fraud to those charged with governance.
EDUCATION AND QUALIFICATIONS
JANUARY 2022
CISA
COMPTIA SECURITY+
ICCTF – RANSOMWARE SPECIALIST
SCRUM MASTER 1
AUGUST 2022 – TO DATE
CYBERSECURITY CERTIFICATE, JOHNSON COUNTY COMMUNITY COLLEGE
AUGUST 2005 – MAY 2009
BA BUSINESS STUDIES, WISCONSIN UNIVERSITY COLLEGE