IT Audit/compliance/Third party vendor/vulnerability / Risk analyst

Davies Oziegbe ******.********@*****.*** Cell 469-***-****

PROFESSIONAL SUMMARY

IT Audit, Agile, Compliance and Regulatory professional with experience in identification of vulnerabilities and remediation of key risks for clients across different industries. Reporting and communicating to senior management on the identified risks and opportunities to monitor the control environment as required, with a strong knowledge of policies, processes and regulations with available tools to test the IT General controls of any large organization.

• Audit Reporting

• Vulnerability Scanning

• Compliance & Regulatory Analysis

• Agile methodology/Scrum

• IT General Control

• IT Audit

• Third Party Risk Management

• ACL Data Analysis

• Application Control

• IT Risk Assessments/report

• Change Management

Applications & Tools: AD Audit, Active Directory/ GPO Policies, Excel (pivot tables, vLookups, Spreadsheet),Powerpoint (Reporting),Microsoft word, Team Mate,Acl (data analysis), Servicenow, Remedy and Jira

Operating Systems: Unix/Linux, Windows

Regulations: SOX, GLBA, PCI-DSS, HIPAA, HITRUST,FFIEC

Vulnerability tools: Nessus,Nmap

Standards: ISO 27001, ISO 27005, ISO 8583, COBIT 5,COSO, NIST 800-50,800-30,800-53,800-137,800-18,800-122

Mar 2018– Present

SWANSTON CONSULTING, TX

IT Audit / Compliance Analyst

Manage internal audit using COSO framework in financial environment using SOX framework

Use of NESSUS tools for scanning of network for quarterly vulnerability assessments.

Use of Nmap in Linux environment to identify open ports

Perform both the integrated audits and IT audits relating to financial,Trading management systems within Investment Management (IM0 / Wealth Management spaces and financial reporting

Documented and tracked the timeline of events that occurred in the process to resolution for each of the incidents managed in support of post mortem/root cause analysis.

Ensure Application control and ITGC of financial regulatory reporting (SOX ) are tested, documented and monitored through the course of the year

Conduct risk assessments and business impact analysis to mitigate the risk of information loss and determine gaps in Information security processes and procedures.

Involved in risk assessments on PCI DSS, HIPAA, SOX and GLBA standards. Also conduct SOX, PCI and HIPAA Compliance Readiness reviews, IT Risk Assessments and business process control assurance.

Establish and maintain working relationship with business to provide guidance on security measures around business processes.

Prepare formal written audit report and supporting work papers that document testing and conclusion of the adequacy of control

Design and ensure implementation of approved access control measures to the different application support teams, third party vendors on and offshore.

Liaise with business operations to proactively assess security policy compliance and monitor risks.

Coordinate and perform compliance audits in accordance with information protection, data analysis for data asset and threat provision under the Gramm-Leach-Billey and Sarbanes Oxley Acts

Coordinate external/3rd party audits, including PCI DSS, change management,Incident Response Planning, and Business Process Improvement reviews.

Perform IT audit walkthrough using Agile/scrum methodology

Write IT policies, Risk assessment report and conduct third party vendor assessment in a financial environment using SSAE 18 report

CHECKPOINT SOFTWARES, Irving, TX Nov 2017 - Feb 2018 Technical Advisor - firewalls

Independently identify, troubleshoot, document, replicate customer’s network security and vpn in an enterprise environment R77.30 and R80.10 checkpoint firewall using Siebel ticketing system

Managing and monitoring firewall management server in an enterprise environment

Log monitoring in R77.30 and R80.10 checkpoint firewall

Troubleshoot TCP/IP network using relevant protocols in linux and window environments

Responsible for providing support in Checkpoint R77.30 and R80.10 software environment

Assessed and analysed the risks and exposures for several types of network architecture system designs (WAN/LAN),management server, internet, vpn and wireless(802.11)telephony, ensuring data is sent through secure protocols to protect critical company assets and resources

Troubleshoot and resolve network connection issues focusing on network diagnostic

Escalate complex network problems in accordance with internal processes

COLINK LLC, Dallas, TX Jan 2015 – Nov 2017 IT Risk Analyst

Updates System Security Plans (SSP) Using NIST 800-18 as a guide to develop SSP, Risk Assessments and Incident Response Plans

Provide services as security control assessor (SCA), an integral part of the Assessment & Authorization process that includes A&A scanning, documentation, reporting and requirements analysis

Monitor Security Controls leveraging NIST 800-137 in order to perform periodic vulnerability scanning and test portions of applicable security controls annually

Review and document contingency plans (CP), privacy impact assessments (PIA) and risk assessment (RA) documents per NIST 800 guidelines for various agencies

Perform Continuous Monitoring (CONMON)NIST 800-137 tasks for the purpose of identifying & reporting new findings to clients via vulnerability assessment reports.

Applied Risk Management Framework (RMF) Using NIST 800-37 as guide to System Life Cycle Approach for Security and Privacy.

Applying NIST 800-53 for Security and Privacy Controls. Also applying NIST 800-50 for Security Awareness and Training Program

Ensured security controls were implemented correctly, executed per design and provided appropriate results

Experienced with CSAM for assessments and uploading artifacts in security documents

Performed testing, QA, and reported defects and exceptions.

Review cyber security controls, authentication mechanisms, remote access, protocols, applications, networks, operating systems, servers and all other relevant aspects of securing IT operations for corporate and client data

Assist with Security and IS management, the Legal department, Fraud department, Human Resources and law enforcement agencies to manage security vulnerabilities or inquiries.

OMNIGREAT TRAINING AND CONSULTING, MN Jul 2013 - Jan 2015

IT Security Analyst

Performed vulnerability assessments using client provided security compliance scans and POA&M

Leveraged analysis results to identify and resolve anomalies with validation script, facilitating close out of findings to meet ATO due dates

Reviewed and processed manual security artifacts provided by system engineers via IV&V efforts

Developed dashboard tracker to manage received artifacts using approved Open Source Tools

Utilized Splunk machine learning capabilities to analyze logs, research incidents, and provide feedback to management (Non-Prod)

Assist Information Security Engineer with complex risk decisions and provide advice and guidance where required.

Conduct meetings, interview control owners, generate documentation request lists, evaluate documentation and prepare recommendations for improvement.

Demonstrates advance understanding of organization's Information Security, Cyber Security and Business Continuity Management to clients during onsite visit, speaking on conference calls, email responses and completing client’s questionnaire

Develop and manage the Information Security delivery of the Vendor Risk Assessment program.

Develop infrastructure and IT Process assessments for use across the organization's computing environment.

Document risk issues in the designated risk register

Engage with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the IT Governance and Risk Management programs

PROFICIENT RESOURCES INC, Dallas TX Jul 2011-Jul 2013

IT Auditor

Conduct test on IT General controls (Access control,, change management control,operational control, system development life cycle) and Application control

Assisted in writing Test Plans, Test Cases and participated in User Acceptance Testing.

Compliance attestation testing of financially significant applications for Change and Logical Access controls

Conducted security assessments to determine the effectives of planned and implemented security controls.

Assist with the planning and scoping of IT Audits including performance of walk-throughs and preparation of work programs.

Assist in developing processes, tools and techniques to enhance the performance of technical network security

Developed maps, workflow diagrams and flowcharts of current and future business processes.

Ensured preventative and predictive maintenance programs are developed /established and functioning efficiently to support operation requirements.

Evaluated client’s key IT processes such as change management, systems development, computer / data Centre operations and managing security at database, network and application layers.

Facilitated Change management Process from Request for Change (RFC) to implementation and review.

Assist or perform all system of information system Audits such as software applications, databases,networks, data security and IT frameworks

Organized meetings with system owners prior to assessment schedules.

Performed all aspect of verification including feature testing, functional testing, unit testing, regression, load and performance testing.

Performed systems security evaluations, audits, and server logging reviews to verify secure operations.

Reviewing internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls.

EDUCATION:

Mahatma Gandhi University, INDIA

Bachelor of Science (Honours), Information Technology

University of South Africa,RSA

Certificate, Project Management

• Cisco Certified Network Associate CCNA

• Cisco Certified Network Associate Security CCNA SECURITY

• Cisco Certified Network Professional CCNP SECURITY

• CompTIA A+

• CompTIA Network+

• ITIL V3

Pending ISACA Certifications

• CRISC

• CISA

• CISM

Contact this candidate