Samuel S.A. Blankson CEH
Houston, TX *****
Tel:832-***-**** Email:*************@*****.***
Summary:
I am a self-motivated, result and detail-oriented IT Auditor with exceptional knowledge of Information Technology General Controls (ITGCs) and IT Application Controls testing, risk-based audit, SOX Compliance, PCCI DSS and Infrastructure testing and many more. Highly experienced in IT Risk and Security Assessments for Cloud base and Non-cloud base applications and their underlying infrastructure.
Highly proficient in managing multiple client requirements such as SOX, PCI-DSS, HIPAA and Third-Party Risk Assessment (SOC report) as well as assisting business development activities across various business areas; Expert of knowledge of Security Controls, BCP/DRP, ISO 27001, NIST and COBIT5 framework.
Core Competencies:
Expert knowledge in:
Archer GRC tool
ServiceNow
CyberArk
Business Process Improvement/Issue Management
Controls Design and Testing
Project Management & Change Management (SDLC)
ITGCs & Application Controls
Infrastructure Audit (Database, O/S, Network etc.),
ERP Systems Audit (SAP)
PCI-DSS, SOX and HIPAA compliance testing
SOC report review
Risk Management Frameworks – NIST, COBIT, COSO
Infrastructure Audit (database, O/S, Network etc.), ERP Systems Audit (SAP)
Very Proficient with MS Office suite (PowerPoint, Excel)
Education/Certification
Diploma in Marketing - International School of Aviation
CISA In-Review
CISSP In-Review
CERTIFIED ETHICAL HACKER
Professional Experiences
System Security Analysts
Risk Specialist – Control Tester January 2018- Present
HEB
Independently assess the effectiveness of controls and determined the potential impact of any control failure and the corrective actions required
Participated in the execution of SOX IT Audit in domain of Logical Access and Change Management controls
Review of the segregation of duties to determine users’ privileges are appropriately assigned in accordance to their duties and responsibilities
Perform review to ensure testing functions and development activities in Change Management/SDLC are reasonably segregated to address risks that may occur due to unauthorized changes to production
Perform testing to validate that data entries to key fields are validated for accuracy
Assessed IT General Controls; specifically, Logical Access Control, Change Management Control, Job Scheduling and Monitoring Control
Assesses management process for managing Operating System software changes and maintenance to ensure all changes to company information assets are properly authorized and documented in accordance with defined standards
Conducted review of the Network Management environment to determine compliance with the established procedures for Network monitoring
Document and track SOX testing findings, including the collection and organization of audit evidence
Provide full Guidance to businesses through remediation period from date of filing SOX issue in Archer GRC system to closing of the issue
IT Risk Consultant September 2016- January 2018
APTIVE ENVIRONMENT
Developed and maintained relationships with clients, and at times, handled specialized requests to resolve operational and processing issues
Conducted technical audits of IT infrastructure controls, including operating systems, databases, network services, IT operations and disaster recovery
Reported control deficiencies and provided recommendations to resolve deficiencies.
Performed ITGCs and application controls for internal testing
Involved during controls in Access Management, Change Management, SDLC, Business Continuity/Disaster Recovery, and Application level controls
Conducted risk assessments, implemented more efficient work procedures, created deadlines, and correct inventory errors of various complexities.
Entry Level Security Analyst February 2016- August 2016
CAPITAL ONE
Assisted with the assembling and testing compliance with SOX 404, framework analysis and reviewing report.
Assisted with the testing of Contingency plans and Updating SSP and POA&M.
Analyzed and defined security requirements for a variety of IT issues.
Performed risk analysis that also included risk assessments.
Developed, analyzed and implemented security specifications in line with NIST and FISMA.
Gathered, analyzed and organized technical information about systems, existing security products and ongoing programs.