Halima Laro

adc2wr@r.postjobfree.com, 972-***-****

Dynamic IT professional with 5 years of experience, proficient in analyzing potential risk and compliance concerns with management. Competent in IT best practices, IT Audits and implementing security controls. Willing to relocate.

Computer Applications & Skills

Microsoft Office suite, Oracle, NetSuite, Archer GRC, RSAM, Confluence, ServiceNow, Security standards and frameworks. (SOX, PCI, NIST, HIPAA, CCPA, GDPR, NYDFS, ITIL)

EXPERIENCE

Bank of America - IT Security Specialist GRC (Contract) : June 2019 – Present.

●Utilize technical and business knowledge to perform detailed mapping, drive engagement with control owners.

● Consult with GIS team members to validate Control decomposition in Confluence

● Surface potential gaps between GIS Controls and regulatory/policy requirements.

● Validate alignments are accurate when GIS policy language is updated or changed to ensure coverage is maintained.

● Responsible for delivering results to control owners and conversations about remediation of identified gaps and assist in other Controls Governance activities as assigned.

● Utilize GIS Controls Inventory in Confluence and ROCK

● Provide a report on the statues of control inventory mapping and publish validated control alignment in the system of record (RSAM)

●Assisted in creating and enforcing information security policies, standards and regulations

●Ensured effective IT controls are in place to meet operational and compliance requirements

●Knowledge and Data mapping of various regulatory and industry standards

●Provided oversight of policies and procedures and ensure they remain current and comply with regulatory laws and standards

●Reviewed security policies and insured adherence throughout the environment

●Assisted in audit readiness

Ernst & Young, LLP - Risk Advisory Associate/IT Auditor: November 2018 – June 2019- Contract

●Worked with the engagement team to document the business processes dependent on information.

●Engaged in kick off and exit meetings with business partners

●Competent in all stages of an audit. (Planning, fieldwork/execution, reporting and recommendation/follow-up)

●Collaborated with clients to perform analysis through walkthroughs and examination of policy and process documentation of internal controls and SOX audits.

●Tested Control design assessment and operating effectiveness.

● Tracked status of audit evidence while collaborating with process owners to answer questions.

●Met with clients, and IT Governance Team, to develop remediation plans in response to client findings

●Assisted with the execution of privacy assessments to understand compliance risks, identified opportunities for improvement, and proposed remediation

●Discussed finding from audits and present the results to the relevant individual.

●Ability to translate control deficiencies into action plans.

Vistra Energy- IT Compliance Analyst (GRC & Audit): May 2015 – November 2018

●Utilized GRC tool to monitor internal controls were in compliance. (Archer eGRC)

●Coordinated PCI, SOX audit walkthroughs and testing requirements.

●Conducted in IT risk assessment, documentation and noted key issues

●Participated in appropriate audit programs to test the control risks identified and subsequently evaluate the control design.

●Involved in maintaining Privacy and Security Governance programs.

●Used ServiceNow as a ticketing and requests system.

●Participated in design assessment testing & operative effectiveness testing of controls under access management and change management.

●Identified control gaps, and also propose a solution and recommendation as needed.

●Monitored and created SIEM reports with Splunk

●Maintained compliance with identity and access management (IAM) controls.

●Assisted in provisioning and deprovisioning users access accounts.

EDUCATION

Texas A&M University- Commerce - Bachelors of Science

CISA- Attaining July 2020

Contact this candidate