Information Control

FOLAKE UKPE

**** ******* ******, ******** **.

Telephone- 571-***-****

E-mail- **********@*****.***

IT AUDITOR

Experienced IT Auditor / Analyst with in-depth knowledge of COSO, COBIT, Sarbanes-Oxley Act, SSAE 16, Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, ITIL, PCI-DSS, HIPAA, ISO 27001, General Computer Controls, Application Control, Testing, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Contingency Planning; Policies and Procedures, NIST 800-53 and NIST SP 800-37. WORK EXPERIENCE

UNICORN CONSULTING SERVICES, DC 11/2017 - PRESENT

IT AUDITOR

• Performed assessment of IT General Controls (ITGC) such as Access Control, Change Management, IT operations, Disaster recovery and Job Scheduling.

• Evaluate segregation of duties over application security involving the company's ERP systems (SAP, PeopleSoft, and Oracle Financials) and execute audit strategy

• Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by the information Systems Audit Control Association (ISACA)

• Provides IT risk assessments and SAS 70 /SSAE18 and has conducted review of data centers, extranets, telecommunications and intranets to access controls and ensure availability, accuracy and security under all conditions

• Assisted in IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and responsible for developing and maintaining IT control metrics related to compliance activities. Strong background in all stages of the auditing process, including planning, fieldwork/execution /risk assessment, reporting and follow up

• Developed audit plans and programs to evaluate control areas on projects such as financial statement audit, SOX testing, SAS 70/SSAE 18.

• Conducted Sarbanes Oxley (SOX) testing in all the IT General Controls within the audit scope, to test their strength, effectiveness, and also weaknesses in their control environment

• Performed walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively

• Created final audit reports, and oversee implementation of corrective action plans, while maintaining communication with all levels of management

• Excellent organizational skills and the ability to prioritize multiple tasks, projects and assignments

• Communicates with the company's external auditors on general computer control related matters and SOX test procedures

EZEK SYSTEMS INC. VA 06/2015 – 10/2017

IT Audit Associates

• Performing audit with IT general controls such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS)

• Performs internal and external IT risk assessments; conducted gap analysis against industry standards, and provided recommendations on mitigation options

• Evaluated IT and business processes for effectiveness and efficiency, through obtaining an understanding of and documenting key business processes and internal controls

• Reviewed internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls

• Performed IT general controls such as access control, change management, IT operations, disaster recovery and platform reviews (Window and UNIX OS)

• Participated in all phases of IT Audit – Planning, Fieldwork and Follow up using applicable framework.

• Performed Audit of IT Infrastructure and applicable Database- Operating System, UNIX, Mainframe, SQL, Oracle and DB2.

• Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management.

• Actively participate in conducting information technology (IT) controls audit and review related compliance with section 404 of the Sarbanes-Oxley Act, and test the adequacy of internal controls in the following areas: Information Access, Change Management, Information Technology Operations, and Segregation of Duties.

• Evaluated Change Management Control processes, Disaster Recovery Plans, and Business Continuity Plans.

• Tested compliance with company policies and procedures to ensure it conforms to industry standards and applicable such as ISO and ITIL frameworks. EDUCATION

Cybersoft Technologies, DC: - Information Technology Training The Polytechnic Ibadan, Oyo State, NGR- BSc in Accountancy The Federal Polytechnic, Zamfara State, NGR – Associate Degree in Accountancy CISA – In Progress

COMPUTER SKILLS

MS Office Word, Excel, PowerPoint, Access, Outlook and Visio PROFESSIONAL AFFILIATIONS

Information Systems Audit Control Association (ISACA) REFERENCE AVAILBLE UPON REQUEST

Contact this candidate