Information Security Document Control
Resume:
ADENRELE OLUFEMI
BLADENSBURG MD *****
I am an IT Auditor and Security Analyst with experience in assessment of ITGC internal controls as part of financial statement audit, Internal and operational audits, Attestation engagement, and Audit readiness. I have conducted IT audit projects such as compliance testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC-1 and SOC-2) SSAE 18 Reviews, using COBIT and FISCAM frameworks.
WORK EXPERIENCE
IT Security and Compliance
Rainbow Optimum Technology June 2019 – Present
●Lead the planning, execution, and reporting of Information Technology Audits covering the areas of technology infrastructure, information security, business applications system, and significant projects
●Performed privileged access reviews for Application, Database, Server Level, Active Directory, UNIX, and physical access to Data Centers.
●Working knowledge of authentication and access control – RBAC (Role-based-access-control), Active Directory security groups and Application roles
●Tested and review ITGC controls, develop gap analysis including remediation plan, and participated in continues monitoring and improvement effort.
●Performed walk through with Process Owners and Business Owners and document control
●Performed day to day audit responsibilities based on risk and control processes by continuous monitoring and risk mitigation and escalations accordingly.
●Performed the review and update of policies & procedures, as it regards to work paper documentation standards
●Performed SOX compliance assessment including Privilege Access and Annual User Access reviews
●Assisted with PCI compliance to obtain annual certification
●Assisted and tracked open remediation items from SOX and PCI assessments to ensure timely completion
●Worked closely with both the Internal and External audit teams to assist with SOX audits
●Provided written reports on a weekly and ad hoc basis for Information Security leadership
●Assessed financial business processes and a wide variety of technologies including Windows Servers, Active Directory, Databases, Applications, Network devices, etc.
●Reviewed user accounts and service accounts access to business-critical systems for appropriateness and for compliance.
●Helped in updating IT security policies, procedures, standards and guidelines according to departmental and compliance requirement.
●Conducting application software risk assessments and providing recommendations to ensure
confidentiality, integrity and availability of the new systems.
●Ensured users and system support personnel have the required authorization and need-to-know; have been indoctrinated; and are familiar with internal security practices before access to the IT System.
IT Auditor
Absoforce Solutions - Laurel, MD Aug. 2016 – June 2019
●Assessment of IT internal controls as part of financial statement audit, Internal and operational audits, Attestation engagement, and Audit readiness.
●Conduct testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SSAE 18 Review, using COBIT and FISCAM frameworks.
●Reviewing IT General Controls (ITGC) and various Applications, Databases and Operating systems.
●Performed the Management of software development lifecycle using agile and scrum.
●Document control weaknesses and related testing exceptions.
●Identifying and communicating IT audit findings to senior management and client.
●Documenting work completed by preparing work papers.
●Maintaining a good working relationship with clients to enhance customer satisfaction and work with client management and staff at all levels to perform audit services.
●Performing all stages of audit, including planning; fieldwork/execution; reporting; and follow-up.
●Handling special projects such as Segregation of Duties (SOD) and SOX Compliance business challenge projects, PCI DSS, HIPAA and identify conflicts or inadequate internal controls and provide recommendations
●Strong knowledge in the field of risk management and compliance to efficiently work on frameworks including related regulatory compliance requirements including NIST, COBIT 5, ISO 27001, SOC1/2, Cyber Security, IT Infrastructure and Archer experience.
IT Auditor
Synergy IT Audit & Financial Services – Lanham, MD Jan. 2014 – July 2016
●Performed IT general controls testing for Sarbanes-Oxley 404 compliance in public companies, OMB A-123 in government agencies, and Service Organization Control (SOC) reports in compliance/SSAE16
●Served clients in Information Technology Control Assurance engagements assisting with identification of risks, controls, and testing methodology to ensure proper operation.
●Conducted IT controls risk assessments that included reviewing organizational policies, standards and procedures and provided advice on their adequacy and accuracy.
●Updated contingency plan and conducted contingency plan test.
●Tested and evaluated the design and operating effectiveness of IT general and application level controls.
●Participated in all stages of the audits including: researching, planning, scheduling, collecting, sorting, and summarizing data, completion, and drafting audit reports.
●Audited client systems in support of financial audits and internal audit functions
●Assessed financial business processes and a wide variety of technologies including Windows Servers, Active Directory, Databases, Applications, Network devices, etc.
●Identifies and communicates control gaps and provides commendations/business process improvement opportunities to Internal Audit (IA) and senior management through the use of written reports and presentations.
EDUCATION
●Bachelor of Banking and Finance (2009)
SKILLS
●Frameworks: COBIT 5, ISO, ITIL, FISMA, NIST, PCI DSS, HIPAA
●Networking: LAN, WAN, VPN, Firewalls, IDS, IPS
●Computer: Advanced proficiency with Microsoft Office including, Word, Excel, Outlook, Publisher, PowerPoint, SQL, ACL, SAP, and JIRA
●Interpersonal: Effective Communication, Team-work, Meeting facilitation, Presentations, Leadership etc.
CERTIFICATIONS
●CompTIA Security+ (2018)
●IoT in 5G (2019)
●AWS-SAP (2020)
●CISA – Certified Information Systems Auditor (2020)
Contact this candidate