Information Technology Risk Assessment
Resume:
PROFESSIONAL PROFILE
Highly proficient and experienced IT Auditor entrusted with managing complex and multi-system application controls. Knowledgeable in applicable regulations and framework such as COBIT, COSO required by SEC for SOX compliance as well as experience in testing Information Technology General Controls (ITGCs). Knowledgeable in IT Compliance, Risk assessment and Third-Party engagements.
HIGHLIGHTS
•Extensive background in all stages of audits, including planning; study, evaluation, and testing of controls; reporting; and follow-up.
• Good understanding of control frameworks such as COBIT, COSO, PCI DSS, NIST 800-53, HIPAA and ISO 27001.
• In-depth knowledge of Sarbanes-Oxley Act (SOX) and business processes.
• Excellent project management, teamwork, and leadership skills. Ability to deliver excellent value to clients and maintain effective client relationships.
• Good analytical thinking, excellent communication and report writing skills.
• Excellent in managing multiple distributed agile teams working together to deliver a functional and stable product in a short time frame.
• Effective in collaborating, facilitating, leading, and coaching multiple Scrum teams.
• Excellent skills in facilitating and conducting scrum events such as sprint planning, demo, Retrospectives, daily stand-up
PROFESSIONAL EXPERIENCE
WOW Inc. Houston, Texas(remote)
IT Audit Analyst Nov 2023 – Present
i.Prepared IT audit program to include access control, change management controls and application controls; and identify deficiencies in the design and operating effectiveness of control and provide recommendation.
ii.Design and conduct independent, objective assurance and consulting activities using leading practice standards designed to add value and improve the operations of the organization.
iii.Perform annual development of the risk assessment methodology and compilation of the information technology risk assessment and provides recommendations for audits and consulting projects that should be included in the audit plan.
iv.Liaison with IT business partners to ensure full understanding of IT support and governance functions, data flow and integrity processes, system security architecture and processes, and IT Strategic Plans
v.Identified and communicated IT audit findings to senior management and clients.
vi.Maintain good working relationships with business partners to facilitate Audit engagements.
vii.Perform all stages of audit planning, fieldwork, executive, reporting and follow up.
viii.Conducted testing of Sarbanes-Oxley (SOX) and Service Organization Control (SOC) SSAE 18 Review, using COBIT and NIST 800-53 frameworks.
ix.Participated in team kick-off meetings and drew up audit plans.
x.Review of IT General Controls (ITGC) and various applications, databases, operating systems, and network devices
xi.Conduct risk-based audits, design and detailed testing, report findings, and present recommendations for improvement of company’s IT controls environment.
xii.Perform IT General Controls (ITGCs) and IT Application Controls (ITAC) for design adequacy and operating effectiveness.
xiii.Test various IT infrastructure controls within - Databases, Network devices and Operating Systems.
xiv.Perform assessment of IT internal controls as part of financial statement audit, Internal and operational audits, and Audit readiness.
xv.Perform access management review of provisioning, de-provisioning, certification of user access.
Wells Fargo Bank Dallas, Texas
Compliance Analyst Feb 2022 – Nov 2023
i.Perform oversight on adherence to regulatory and internal policy within the organization.
ii.Draft compliance report on result of compliance efforts to management
iii.Collaborate, develop, and periodically review all compliance related activities to improve its effectiveness and to mitigate risk associated with people, processes, and tools.
iv.Reporting on a regular basis to management the results of internal audits documented
v.Respond to audit requests from third party vendors and government agencies and act as primary liaison.
vi.Identify potential areas of compliance vulnerability and risk and provide general guidance on how to avoid or deal with similar situations in the future.
vii.Acts as privacy officer for the organization.
viii.Review contract obligations (seeking the advice of legal counsel, where appropriate) that may contain referral and payment issues that could violate the anti-Kickback statutes, as well as the physician self-referral prohibition and any other legal or regulatory requirements.
ix.Ensured compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; recommending opportunities to strengthen the internal control structure.
ABG Consulting Houston, Texas
IT Audit Analyst Feb 2018 – Dec 2021
i.Participate in all phases of audit/compliance testing – planning, fieldwork, reporting and follow-up.
ii.Perform post-implementation review of management's work, assessing the design adequacy and the operating effectiveness of the SDLC phases, identifying risks and gaps in the implementations, cascading issues, and recommendations to appropriate stakeholders.
iii.Perform Logical Access, Change Management, IT Operations, SDLC, Business Continuity, back up & Disaster Recovery testing.
iv.Executed ITGC’s and application controls as part of audit readiness for annual Regulatory testing.
v.Documented control gaps and offer value added recommendations to resolve issues.
vi.Prepared audit scopes reported findings and presented recommendations for improving data integrity and operations.
vii.Accomplished compliance work requirements by training, assigning, scheduling, guiding auditors.
viii.Prepared for Audit by researching materials, formulating a plan of action.
ix.Ensured compliance with regulations and controls by examining and analyzing records, reports, operating practices, and documentation; recommending opportunities to strengthen the internal control structure.
x.Verified assets and liabilities by comparing items to documentation.
xi.Communicate audit progress and findings by preparing reports, providing information in meetings.
xii.Supported external auditors by coordinating information requirements.
Deloitte NIGERIA Lagos, Nigeria
Compliance associate Oct 2013 – Oct 2016
i.Supported the deployment of Red Hat Enterprise Linux 6 servers for corporate clients.
ii.I used Access Control Lists to manage permissions on files and directories.
iii.I managed users and groups in a RHEL 6 and 7 enterprise network.
iv.Used Remote Desktop and Virtual Private Network Appliances for Server Configuration
v.Worked with management to plan organizational needs.
vi.Coordinates with project team members, prepares and implements schedules, project plans, and status reports for assigned responsibilities.
vii.Implemented changes to the organization's compliance program and communicated any changes in policies or procedures with other departments/projects within the organization.
viii.Monitored and documented progress towards the successful and timely implementation of the project's compliance program.
ix.Participates in the execution of audits at the firm's affiliate locations which included all phases of the audit- planning, Fieldwork, Reporting and follow-up.
x.Identify and evaluate risks and provide recommendations to the executive management during reviews of the System Development Life Cycle (SDLC).
xi.Executes audit readiness to identify and correct internal control weakness in order to comply with regulatory requirements.
xii.Produced report that clearly documented the audit work performed, which met or exceeded the division standards while adhering to schedules and deadlines.
xiii.Performed Walkthroughs of controls and evaluated operating effectiveness of controls.
xiv.Performed and supervised IT General Controls (ITGC) and Application Controls (ITAC) audits over Applications and Databases, Enterprise Resource Planning applications for compliance.
xv.Performed assessment of IT internal controls as part of financial statement audit, Internal and Operational audits, Attestation engagement, and Audit readiness.
xvi.Coordinated secure systems and applications during PCI/DSS audit engagement.
xvii.Developed, updated, and assessed internal policies and procedures to ensure they reflect current business and regulatory requirements.
xviii.Kept IT Controls up to date as changes impact on the controls including establishing operational efficiencies and complete quarterly IT controls assessments.
xix.Participated in all areas of audit engagement including planning, organizing, scoping, and pre-audit research.
xx.Recommended improvements in policies, procedures, internal controls, and worked with department personnel to establish the appropriate internal controls to safeguard company assets.
AXA Mansard Insurance Abuja, Nigeria
GS Project Manager June 2009 – July 2013
i.Responsible for leading large, complex IT and/or business-related projects involving multi-disciplinary teams, monitoring projects being managed in other divisions, making recommendations on financial and HR deployment to support organizational plans, and maintaining the system development life cycle methodology.
ii.Consulted with management and review projects proposals to determine goals, time frame, funding limitations, and procedures for accomplishing project, staffing requirements, and allotment of resources.
iii.Overseeing the project management process- project goals, plans, budgeting, scope definition, negotiating project commitments and business & technical requirement documentation, process scheduling
iv.Worked cross-functionally with field engineers, development, quality assurance, product management, marketing, operations, business development, and professional services through network build out / Project Lifecycle
v.Utilized Project Leading management methodology and activities in the development and execution of project plans, schedules, budgets, control points, risk assessment and monitoring, resource allocation and status reporting.
vi.Responsible for detecting potential issues and implementing solutions when issues threaten to delay the timeline or impact budget or business operations.
vii.Identified creative ways to improve team members own skill set and is supportive of others’ growth.
viii.Coordinated all project meetings, following up with action points and ensuring all team members deliver on their responsibilities.
ix.Developed and ensured implementation of customer training to ensure smooth transition between projects completion and handover.
x.KYC Compliance review.
EDUCATION
Higher National Diploma (Banking & finance) June 2008
CERTIFICATIONS
Certified Information Systems Auditor (CISA) In View
Certified In Cybersecurity In View
References are available on request.
Contact this candidate