It Auditor Change Management

Mmesoma Ojimba

Dallas, TX ***** 469-***-****

*********@*****.*** [Website]

Experienced IT Auditor / Risk Analyst with over 5 years of focus on improving business compliance, workflow, and processes through detailed audits and optimization recommendations. Successful track record of fully evaluating information, structures, and procedures and initiating corrective actions.

Work Experience

IT Auditor Jan 2021 - Present

State Farm [Location]

● Prepare IT audit program to include access control, change management controls; and application controls; and identify deficiencies in the design and operating effectiveness of control and provide recommendation.

● Review of IT General Controls (ITGC) and various applications, databases and operating systems.

● Implemented, tested, and maintained security incident response team and implemented Multifactor Authentication (MFA) for AWS root accounts, including password rotation policies.

● Secured and improved IT operations surrounding a FFIEC rework of corporate policies and procedures, BCP, TOE, RFT, application access controls, POA&Ms, eGRC, OWASP top ten, SSAE-18 audit compliance, SailPoint, SOX, PCI, COBiT 5, and IT governance, security/risk assessments including Confidential and FAIR.

● Lead execution of the audit process and participate in audits to perform control testing or provide subject matter knowledge/skills, in accordance with policy.

● Perform compliance IT audits in accordance with COSO and COBIT internal control framework.

● Review audit programs and risk assessments, and subsequently conduct testing for IT-related audits i.e. infrastructure, systems development, change management, applications, security in accordance with the annual audit plan.

● Update existing and draft new SOX process flow documentation, for revisions related to IT application controls.

● Reduce risk and improve consistency and efficiency of IT Marketing related processes by bringing a systematic and disciplined approach to the effectiveness of risk management, control, and governance processes including.

IT Audit/Risk Assessment Sep 2018 - Dec 2020

Amazon [Location]

● Provided ongoing assessment of the risk profile through regular monitoring and status reporting of risk issues and initiatives.

● Execute front line controls, self-assurance, and risk assessment activities (ad hoc controls review, business process management (BPM), risk control self-assessment (RCSA), and independent risk and audit activities as directed.

● Provided project management support in tracking and coordinating the execution of policy and standards control testing activities.

● Identified risks and controls in business processes and participated in the department's semi-annual risk assessment process for dedicated portfolio.

● Train/educate internal business sponsors on VRM policy, expectations, and risk management best practices and promote risk awareness opportunities to enable business lines to effectively interact with Vendor Risk Management.

● Monitored risk limits and tolerances to identify threshold breaches and escalate any limit breaches for review and validation.

● Continuously monitor control compliance and prevalent risk environment to ensure that exposures are kept at acceptable levels.

● Provided guidance and input regarding all corporate financial/compliance systems implementations to ensure the appropriate internal controls over financial reporting from an IT perspective are in place.

IT Auditor Apr 2016 - Aug 2018

One Financial [Location]

● Performed Sarbanes Oxley (SOX) and PCI DSS compliance audit, testing primary controls - ITGCs and Interface for design appropriateness and operating effectiveness in compliance with SEC regulations.

● Conducted walkthrough and testing of controls-Information Technology General Controls (ITGC) and IT Application Controls (ITACs) to establish design adequacy and operating effectiveness of controls.

● Utilized data analytics tools such as Audit Command Language (ACL), IDEA, TeamMate and MS excel to test, analyze and verify whether information system internal controls are effective, sufficient and appropriate.

● Responsible for developing and administering application security for global SAP environments to ensure all application modules are functional and secure and work closely with the Internal Audit, Business, SAP Functional support and basis teams in implementing GRC Access Control.

● Assisted in engagements which may include Development Integration Testing Component/Feature Testing, System Integration Testing (SIT), User Acceptance Testing (UAT) and Production Acceptance Testing (PAT) .

● Conducted various categories/classes of IT audit projects, perform report assessment of other form of attestation engagement SAS, 70/SSAE18 SOC and audit readiness to identify and correct internal control weakness.

● Evaluated the adequacy and effectiveness of the client's internal controls using a risk-based methodology developed from professional auditing standards and frameworks, such as COBIT and COSO.

Core Skills

COBIT, SOC 2, FISMA, FISCAM, COSO, SOX, HIPAA, GDPR, ITIL, NIST, FFIEC, IPPE, OCC, PCAOB, Circular-123, AICPA, HITRUST, Window Server, PeopleSoft, UNIX, LINUX, Network Systems, Windows Operating System, Microsoft Office Suite, Salesforce, SIEM, Firewall, Teammate, Microsoft Dynamics, NetSuite, ERP, Azure, Audit Command Language, SAP, Azure cloud, AWS, Oracle, Jira, IDEAL, Dynamic legacy, Randomizer., problem solve, Contextual Decision Making, capital markets, operations management, banking operations, Key Risk Indicator, Project Risk Analysis Model, Risk Governance

Education

Imo State University Present

Bachelor of Science Computer Science

Certificates

Certified Scrum Master (CSM)

CISA

Contact this candidate