Sr IT Auditor/ Risk Analyst
Resume:
Cyrus Mukisa
Farmers Branch, TX *****
adjerb@r.postjobfree.com
CAREER BACKGROUND
An experienced professional with a successful career in Banking/Financial Services, and Business, Administration/Management, IT Audit, Compliance Cyber Risk with 8+ years’ experience in performing IT Audit, Compliance and Risk Assessment for Commercial and Government Clients using the applicable frameworks; COSO, COBIT, PCI DSS and NIST 800-53. In-depth knowledge of Sarbanes-Oxley Act (SOX), OMB Circular A-123, FISMA, FISCAM, IT General Controls (ITGC), SAP, IDEA, SSAE 16(formerly SAS 70) attestation and ERP security assessments. In-depth accounting knowledge, Audit Planning and documentation, fieldwork, review, oversight, policy management, business resilience, execution, Reporting and data analysis, Time Management, people management, client relationship, system integration, strategic exploration, Project Management, data analysis, Program Implementation, Strong oral and written skills, MS Office Proficiency.
Dynamic, organized, highly motivated, enthusiastic, creative systematic, problem solver, multi-talented, great sense of humor, detail oriented, thrives in a challenging, fast-paced working environment and team player.
EXPERIENCE
Sr IT Auditor/Risk 09/2019 to Present
Genpact
● Design, implement, and oversee execution of the IT controls program including periodic control testing of design and operation effectiveness sufficient to meet regulatory requirements and to satisfaction of internal/external auditors. Cyrus Mukisa
● Perform risk assessments, identify IT controls for significant processes, develop test procedures for SOX readiness. Assist with the development of IT policies and procedures necessary to mitigate risk assessment and risk report exposures.
● Evaluate/interpret SOX IT Audit, PCI DSS and Privacy requirements and provide guidance to process and control owners on the objective / intent of the requirements.
● Led IT Implementation and testing of internal controls over financial reporting: Sarbanes Oxley Act (SOX), performs Walkthroughs of controls and evaluates operating effectiveness of controls.
● Identify control gaps and potential remediation steps; Champion and & assist process re-design and coordination of remediation efforts.
● Involved in conducting ITGCs testing, and IT application Control testing, audit readiness, attestation engagements, Infrastructure audit, compliance, and risk assessment.
● Manage and perform individual Risk & Assurance projects as part of the overall audit plan.
● Assign testing responsibilities to other project members, and monitor the audit communicating progress, obstacles, and issues to management on an as-needed basis.
●
Sr IT Auditor/Compliance Jan 2019 to
08/2019
Data Struma
● Assisted with IT-related aspects of vendor risk management program functions such as risk assessments, due diligence documentation reviews, control testing, contract reviews.
● Provided ongoing guidance, support and IT control and compliance status reporting to the company to build awareness and promote a progressive and sustainable compliance Organizational Capability.
● Verify user and system security configurations for compliance with internal and external requirements; Collect and maintain appropriate evidence and supporting documentation.
Cyrus Mukisa
● Assisted management in designing and implementing IT General & application controls including user access reviews, monitoring, change management & IT operations for IT systems.
● Assisted management understand and remediate any control deficiencies and control gaps related to IT application and general controls.
● Evaluate IT general controls (ITGC) including information security, change management, data center and physical security; disaster recovery and systems development life cycle (SDLC).
● Identify internal control weaknesses and recommend remediation to strengthen control environment.
Operational Risk 01/2016 to 12/2018
Amazon
● Coordinated with internal and external parties in risk management across various areas including financial reporting, stress testing, controls, policy and procedure documentation, governance and reporting activities, and regulatory compliance.
● Oversee and challenge the front line across all operational risk routines including – To plan, identify and assess, control, and mitigate, test, validate, monitor, and report.
● Designed and developed the most complex testing strategies, methodologies, and analyses; evaluates the adequacy and effectiveness of policies, procedures, processes, systems, and internal controls.
● Planning, organizing, and executing ITCG Reviews in accordance with the requirements of United Healthcare to document the control environment and identify control gaps.
● Identify operational risk issues and may participate in the development of risk ratings.
● Successfully reviewed and challenged significant operational risk program execution, including, but not limited to, external fraud, information risk management, safety and physical security, transaction processing and execution, third-party risk management and various risk assessment policies and programs.
● Conducted risk evaluation by examining related risk, key controls and developing appropriate audit measures to test control identified. IT Auditor 01/2015 to 01/2016
Cyrus Mukisa
RIG HealthCare
● Prepared comprehensive, well-written, audit work papers documenting the test steps performed, audit results and recommendations.
● Assisted in preparing draft audit reports and communicating audit observations to management.
● Assisted in the development and implementation of a continuous monitoring program for IT compliance and automation of manual processes.
● Review audit programs and risk assessments, and subsequently conduct testing for IT-related audits (i.e., infrastructure, systems development, change management, applications, security) in accordance with the annual audit plan.
● Prepared IT Audit program to include Access control, change management control Operations Control and application controls Identified deficiencies in the design and operating effectiveness of controls and provided recommendations for different clients.
IT Risk/Compliance 02/2012-12/2014
Centenary Bank
● Maintained knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures, and issues, and assist in ensuring the organization remains compliant with such laws and regulations.
● Reduce risk and improve consistency and efficiency of IT Marketing related processes by bringing a systematic and disciplined approach to the effectiveness of risk management, control, and governance processes.
● Demonstrate an understanding as to when to escalate issues identified with manager (e.g., identification of potential audit issues requiring further review/analysis or obstacles that affects my ability to complete audit testing, etc.).
● Conducted assessments of business unit exposures, identifying risks, evaluating their potential impact, and reviewing the strengths and weaknesses of the firm's existing controls.
Cyrus Mukisa
● Coordinated with internal and external parties in risk management across various areas including financial reporting, ITGC testing, controls, policy and procedure documentation, governance and reporting activities, and regulatory compliance.
● Develop and maintain Third Party Oversight Plan validation process to ensure all monitoring and oversight activities identified are being performed and address documented third party risks. Influence Engagement Management Team and First line of Defense & Subject Matter Experts (SMEs) as applicable to resolve issues and strengthen internal controls.
EDUCATION AND CERTIFICATION:
Bachelor of Business Administration- Makerere University, Jan 2014 Certified Information System Auditor (2020)
Completed
Certified in Risk & information System Control (2020) in process Cyrus Mukisa
Contact this candidate