PETER BOAMPONG
Worcester, MA 774-***-****
ad3u3y@r.postjobfree.com
www.linkedin.com/in/peter-boampong-36b732139
IT AUDITOR AND COMPLIANCE OFFICER
Results-oriented, dedicated IT Auditor with demonstrated proficiency in leadership, and cross-functional teamwork, driving the successful completion of projects with tight budgets and timelines.
Effective Leadership and Project Management: Demonstrated leadership abilities, steering the implementation of security controls and patch management initiatives to enhance operational resilience.
Collaborative Multifunctional Teamwork: Leveraged a positive learning attitude to foster productive collaboration and ensure the collective success of projects such as audits on entity-level controls, applications, and projects.
Proficiency under Pressure: Exhibited exceptional capacity to perform in stressful situations, leading time-sensitive control testing across intricate business cycles and supporting end-to-end internal IT audits.
KEY SKILLS
IT Auditing
Cybersecurity Framework (CSF)
COSO/COBIT Frameworks
Linux, Windows
Tableau
Sarbanes-Oxley (SOX) Testing
Business Processes Auditing
SAP S/4 HANA
IT General Controls
NIST Risk Management Framework
ORACLE SQL
Cloud Security/Architecture
PROFESSIONAL EXPERIENCE
IT AUDITOR: TechFocus LLC. – Marlborough, MA (Partial Remote) June 2017 to Present
Complete end-to-end internal IT audits, supporting daily audit activities for clients including service and organization controls (SOC) audits and real-time readiness assessments across multiple industries. Complete business process walkthroughs, prepare risk and control matrices (RCM) and design effectiveness assessments (DEA) and conduct operating effectiveness testing (OET). Support cyber readiness audits, identify and report on material deficiencies or weaknesses in disaster recovery, business continuity, operational risk, incident management, and vendor risk. Prepare Security Assessment Plans (SAP) during Security Assessments, leveraging the applicable NIST SPs to guide the Security Assessment Team. Leverage the applicable NIST SPs including the NIST SP 800-18 Rev1 and NIST SP 80053A Rev5 to develop test procedures. Review available documentation (PBC) to validate the adequacy of implemented controls and their operating effectiveness.
Key Contributions
Enabled team's recovery from turnover-induced setbacks by leading timely preparation and testing of controls across complex business cycles, fostering a more equitable workload distribution in the process.
Drove the successful completion of a second audit within budget and established deadlines by skillfully leading a team of novice control testers, ensuring timely achievement of collective goals.
INFORMATION SECURITY OFFICER: FAI Systems & Technologies – Accra, Ghana April 2013 to June 2017
Identified security risks, determined the causes of security violations, and worked with appropriate partners to provide prompt responses to the identified risks.
Served as the primary contact person for issue solving by finding the root cause, suggesting resolution options, coordinating until final resolution, and preparing draft post-mortem following resolution.
Successfully configured, maintained, and optimized the Wazuh deployment to ensure real-time threat detection and response. Conducted in-depth analysis of security alerts, leveraging log analysis and visualization techniques that relied on the ELK Stack integration of Wazuh to identify potential security incidents. Effectively investigated and documented security incidents. Conducted comprehensive vulnerability assessments using Wazuh, leveraging its vulnerability detection capabilities to identify and prioritize potential weaknesses in the organization's IT environment. Assisted in incident response activities by employing automated response actions, ensuring swift containment and mitigation of security threats. Monitored and ensured compliance with industry standards and regulations by providing pre-packaged rule sets and reports for specific industry standards and regulations, such as ISO 27001 benchmarks, thus maintaining the organization's adherence to security and compliance requirements.
Key Contributions
Achieved a significant reduction in attacks following a series of security breaches by utilizing the approved SIEM tool to collect, aggregate, and analyze data from company applications, devices, servers, and users.
Addressed identified vulnerabilities that posed a threat to the business by leading the establishment of a patch management program, transitioning the company from a reactive to a proactive approach.
EDUCATION
EXECUTIVE M.B.A., MARKETING: Kwame Nkrumah University of Science &Technology (KNUST), Ghana
Work Authorization Status – Green Card Holder
Certifications:
Certified Information Systems Auditor (CISA) - Certified
Certified Information Security Manager (CISM) - Certified
Recent Professional Development:
The Future of Cloud Threat Detection, Investigation & Response, ISACA
Strong IT Controls: Your IT Risk Program's Strategic Advantage, AuditBoard
The Evolution of SOX: Building a Mature Program, AuditBoard
Building an Effective Risk Management Program, AuditBoard
Compliance as a Catalyst for Reducing Risk, ISACA
Professional Affiliations:
Member, ISACA-Rhode Island Chapter