Post Job Free
Sign in

Security It

Location:
Huntingtown, MD
Posted:
December 15, 2020

Contact this candidate

Resume:

FOLA ASHAOLU, CISA, CICA, CSM

Huntingtown, Maryland.

TEL: 540-***-****; Email: ************@*******.***

IT AUDITOR

An IT Auditor with years’ of experience and skills performing Audit, Risk Assessments, Security Assessments, Risk Identification, IT General Controls, Application Controls, SSAE 18 Attestation engagement, SOX Audit and IT Infrastructure engagements for various clients across the industries using the applicable frameworks like, COSO, COBIT, PCI-DSS, HIPAA, ISO 27001.

BROAD SKILLSETS

COSO, COBIT, Sarbanes-Oxley Act, SSAE 18, Confidentiality, Integrity, Availability, Access Control, Audit and Accountability, ITIL, PCI-DSS, HIPAA, ISO 27001, General Computer Controls, Application Control, Testing, Compliance Testing, Risk Assessment, Change Management, Security Maintenance, Contingency Planning; Policies and Procedures.

CERTIFICATIONS

●Certified Information Systems Auditor (CISA).

●Amazon Web Services (AWS) - Certified Solutions Architect.

●Certified Internal Control Auditor (CICA).

●Certified Scrum Master (CSM).

WORK EXPERIENCE

Synergy Technologies, MD. APRIL 2020 – PRESENT

JOB TITLE: - IT AUDITOR

• Assisted with quarterly system continuous monitoring including testing of IT controls to assess the design and operating effectiveness, identification and reporting of findings, identification of existing control and reporting of planned Course of Action Plans (CAPs)

• Helped update IT security policies, procedures, standards, and guidelines according to department and federal requirements.

• Extensive experience in performing audit with IT general controls (ITGC) such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS).

• Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and be responsible for developing and maintaining IT control metrics related to compliance activities.

• Evaluated IT and business processes for effectiveness and efficiency, through obtaining an understanding of and documenting key business processes and internal controls

• Reviewed internal policies and procedures and existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls

• Performed IT general controls such as access control, change management, IT operations, disaster recovery and platform reviews (Window and UNIX OS)

• Participated in all phases of IT Audit – Planning, Fieldwork and Follow up using applicable framework.

• Performed Audit of IT Infrastructure and applicable Database- Operating System, UNIX, Mainframe, SQL, Oracle and DB2.

• Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management.

• Actively participate in conducting information technology (IT) controls audit and review related compliance with section 404 of the Sarbanes-Oxley Act, and test the adequacy of internal controls in the following areas: Information Access, Change Management, Information Technology Operations, and Segregation of Duties.

• Evaluated Change Management Control processes, Disaster Recovery Plans, and Business Continuity Plans.

EZEK CONSULTING LLC, MD. JAN 2019 – MAR 2020

JOB TITLE: - IT AUDITOR

• Tested ITGC and application controls, performed walkthroughs and detailed testing of controls to evaluate the design and operating effectiveness of controls.

• Conducted testing of Sarbanes-Oxley (SOX) and Non-Sarbanes-Oxley (Non-Sox) in key IT General Controls areas such as Access Control, Change Management Control, Operations and Maintenance, Logging and Monitoring.

• Performed compliance monitoring process of applications, platforms and components before deployment to production in the following areas Cloud, Configuration Management, Data Management, Data Security, Technical Resiliency and Recovery, Third Party and Vulnerability Management.

• Communicated effectively with Stakeholders for resolution of risks issues and reviewed the Corrective Action Plan in preparation for final review.

• Reviewed controls and compliance against requirements, validates controls and identifies gaps, exceptions, and issues.

• Documented disposition and finalizes assessment, communicated outcomes to stakeholders on remediation plans.

• Prepared audit scopes, report findings and presented recommendations for improving data integrity and operations.

• Participated in all phases of IT Audit – Planning, Fieldwork and Follow up using applicable framework.

• Worked with the internal audit department of the company to identify and test operating effectiveness of IT General Controls.

• Prepared work-papers and reported all identified issues to the internal audit department and tested and evaluated effectiveness of SOX control activities.

• Responsible for tracking and monitoring IT remediation efforts.

• Responsible for Communicated remediation plans to business owners/technology owners/project managers after preparing the Production Readiness Review deck before an asset is deployed to production.

• Worked with the standard owners and stakeholders for corrective action plan after identifying gaps during a review project.

INSIGHT GLOBAL FEB 2015 – DEC 2018

JOB TITLE: - IT AUDITOR

• Helped Conducted IT controls and risk assessment to identify system threats, vulnerabilities and risks.

• Worked with the IT security team to gather evidence, develop test plans, testing procedures and document test results.

• Coordinated with IT department and external auditors during SOX IT testing to identify corrective action plans.

• Helped in coordinating IT related SOX compliance processes, assessing IT general controls in connection with program development, change management, computer operations, security and configurations as well as vendor service providers

• Performed walkthroughs and detailed testing of controls to evaluate the design and operating effectiveness of controls in federal government agencies.

• Assisted with quarterly system continuous monitoring including testing of IT controls to assess the design and operating effectiveness, identification and reporting of findings, identification of existing control.

• Helped update IT security policies, procedures, standards, and guidelines according to department and federal requirements.

• Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and be responsible for developing and maintaining IT control metrics related to compliance activities.

• Identify weaknesses in the system and create action plan to prevent security breaches

• Ability to perform special reviews of audits advisory services as requested by management.

• Advance knowledge of Planning internal audit procedures.

• Documented control weaknesses and related testing exceptions including relevant controls in ERP (SAP) business Processes.

EDUCATION

• Lagos State University; Bachelor of Arts in History and International studies

• Obafemi Awolowo University, NGR; Diploma in Computer Information and Technology.

COMPUTER SKILLS: - Microsoft words, Excel and Share Point Based System

PROFESSIONAL AFFILIATIONS:

• Information Systems Audit and Control Association (ISACA)

•Institute of Internal Control

•Amazon Web Services.



Contact this candidate