Halima Laro
adc2wr@r.postjobfree.com, 972-***-****
Dynamic IT professional with 5 years of experience, proficient in analyzing potential risk and compliance concerns with management. Competent in IT best practices, IT Audits and implementing security controls. Willing to relocate.
Computer Applications & Skills
Microsoft Office suite, Oracle, NetSuite, Archer GRC, RSAM, Confluence, ServiceNow, Security standards and frameworks. (SOX, PCI, NIST, HIPAA, CCPA, GDPR, NYDFS, ITIL)
EXPERIENCE
Bank of America - IT Security Specialist GRC (Contract) : June 2019 – Present.
●Utilize technical and business knowledge to perform detailed mapping, drive engagement with control owners.
● Consult with GIS team members to validate Control decomposition in Confluence
● Surface potential gaps between GIS Controls and regulatory/policy requirements.
● Validate alignments are accurate when GIS policy language is updated or changed to ensure coverage is maintained.
● Responsible for delivering results to control owners and conversations about remediation of identified gaps and assist in other Controls Governance activities as assigned.
● Utilize GIS Controls Inventory in Confluence and ROCK
● Provide a report on the statues of control inventory mapping and publish validated control alignment in the system of record (RSAM)
●Assisted in creating and enforcing information security policies, standards and regulations
●Ensured effective IT controls are in place to meet operational and compliance requirements
●Knowledge and Data mapping of various regulatory and industry standards
●Provided oversight of policies and procedures and ensure they remain current and comply with regulatory laws and standards
●Reviewed security policies and insured adherence throughout the environment
●Assisted in audit readiness
Ernst & Young, LLP - Risk Advisory Associate/IT Auditor: November 2018 – June 2019- Contract
●Worked with the engagement team to document the business processes dependent on information.
●Engaged in kick off and exit meetings with business partners
●Competent in all stages of an audit. (Planning, fieldwork/execution, reporting and recommendation/follow-up)
●Collaborated with clients to perform analysis through walkthroughs and examination of policy and process documentation of internal controls and SOX audits.
●Tested Control design assessment and operating effectiveness.
● Tracked status of audit evidence while collaborating with process owners to answer questions.
●Met with clients, and IT Governance Team, to develop remediation plans in response to client findings
●Assisted with the execution of privacy assessments to understand compliance risks, identified opportunities for improvement, and proposed remediation
●Discussed finding from audits and present the results to the relevant individual.
●Ability to translate control deficiencies into action plans.
Vistra Energy- IT Compliance Analyst (GRC & Audit): May 2015 – November 2018
●Utilized GRC tool to monitor internal controls were in compliance. (Archer eGRC)
●Coordinated PCI, SOX audit walkthroughs and testing requirements.
●Conducted in IT risk assessment, documentation and noted key issues
●Participated in appropriate audit programs to test the control risks identified and subsequently evaluate the control design.
●Involved in maintaining Privacy and Security Governance programs.
●Used ServiceNow as a ticketing and requests system.
●Participated in design assessment testing & operative effectiveness testing of controls under access management and change management.
●Identified control gaps, and also propose a solution and recommendation as needed.
●Monitored and created SIEM reports with Splunk
●Maintained compliance with identity and access management (IAM) controls.
●Assisted in provisioning and deprovisioning users access accounts.
EDUCATION
Texas A&M University- Commerce - Bachelors of Science
CISA- Attaining July 2020