It Auditor Risk Analyst
Resume:
YOMI OLA, CISA
Tel: 443-***-****. Email: **********@*****.***
Washington DC 20010
Professional Profile:
Performance-driven security risk management professional with experience performing IT Audit/Compliance with special interest in Information System Audit / IT Compliance/Third Party Risk Management. With knowledge of SSAE (SOC 1, SOC 2), NIST, SIG, PCI-DSS, ISO 27001 to achieve Confidentiality, Integrity, Availability of Information Systems. Knowledge of Access Control Audit, Compliance Testing, Risk Management and Remediation, Change Management, Security Maintenance, Policies, Procedures, and Incident Response.
Work Experience:
Third Party Risk Analyst October 2021- Present
Synchrony Bank
Conduct all tiers of third-party security assessments to validate appropriate controls are in place and manage, monitor and track third party compliance
Document and communicate with business and IT regarding security risks and deficiencies.
Assess the adequacy of a vendor's security program to safeguard data, and ensure proper evidence is gathered to facilitate timely closure of remediation plans.
Focus on developing and improving security processes, assisting in metrics development, both within the technology and business organizations.
Serve as advisors to the business by ensuring an ongoing awareness of identified risks.
Utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed.
Evaluate and assess supplier criticality and review changes in scale and scope of services contracted with supplier for material impact.
Provides detailed reports of assessments to business owners and the vendor management office.
Work as a remediation analyst to ensure all gaps discovered during the assessment are remediated or mitigated timely.
Plan and conducts security risk assessments for all third-party vendors/suppliers.
Experience with e-GRC tools such as RSA Archer to ensure secured and prompt communication of findings and deployments of questionnaire to the vendor and to track vendor progress on remediation.
Work with as vendor oversight to ensure adequate tier-in of our vendors based on the level of data they have access to.
Escalate issues of 3rd party vendor’s non-compliance to the vendor risk management office (VMO)
Perform continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sit.
•Conduct onsite and virtual risk assessment to continuously determine the control effectiveness.
•Design and constantly upgrading suppliers’ questionnaires to ensure all areas of new threat signatures discovered are covered.
•Develop methodology of risk ranking vendors and streamlined level of effort for each assessment.
•Ensure third party relationship adhere to company’s policies, procedures and compliant with regulatory guidelines and industry best practices.
•Reviewed corrective action plan (cap; validates remediation control and follow-up on the remediation process.
.
American International Group (AIG) December 2017 – September 2021
Third Party Risk Assessor
●Performed advisory and challenge functions regarding the TPRM program to the business units (first line)
●Validated that business units (first line) are executing the TPRM program requirements effectively.
●Reviewed third party risk assessments for conformance to program objectives and methodology.
●Assisted in researching, reviewing, developing, and maintaining TPRM policies and standards that comply with federal and state regulatory laws.
●Effectively monitored the tracking of issues, gaps, and exceptions and mitigation plans as they relate to third party risks to ensure timely resolution.
●Tracked and analyzed risk metrics to understand the BCD Travel's overall third-party risk exposure.
●Prepared third party portfolio reporting of risk and performance to senior executives.
●Ensured timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds.
●Evaluated the TPRM program to identify optimization opportunities and provide recommendations for process improvement.
●Performed business analysis to ensure alignment of TPRM functions with overall organizational and enterprise risk frameworks.
●Evaluated control libraries and identify when controls need to be refreshed or added.
●Served as TPRM subject matter expert to first line, providing risk management guidance as needed.
●Performed testing of controls for all phases of the TPRM lifecycle; identify and evaluate deficiencies and assist with quarterly reporting on test results and issue trends.
Procter & Gamble (P&G)
IT Auditor January 2015 – November 2017
Plan and define audit project scope, objectives, identify significant risk areas and develop appropriate audit plan based on results of risk assessment, leveraging frameworks and standards such as COBIT, NIST Cybersecurity Framework and ISO 27001.
Identify ways to make the finishing of audit scope efficient and innovative.
Perform walkthrough procedures and detailed testing of IT General Controls (ITGCs) related to logical access, change management and computer operations to determine their operating effectiveness and make recommendations where controls are determined to be insufficient.
Prepare comprehensive, well-written, audit work papers documenting the test steps performed and accompanying evidence, audit results and recommendations.
Review client’s business continuity plan (BCP) and disaster recovery testing results to ascertain the suitability and appropriateness of the BCP in resuming business operations in the event of a disaster.
Performs compliance testing related to Sarbanes-Oxley (SOX 404) by assessing IT controls such as change management, access controls, data backup and recovery and vendor risk management.
Conduct client’s third-party vendor due diligence by reviewing service provider’s Service Organization Control (SOC) 1 and 2 reports and validating the appropriateness of internal control design and operating effectiveness.
Effectively communicates audit issues and related recommendations in both technical and non-technical terms to senior auditors and/or IT audit management and propose sound recommendations for remediating audit findings.
Manage the follow-up activities for remediation of issues identified and communicated to management to ensure timely resolution and risk mitigation.
Develops and maintains effective business relationships and partnerships with audit clients to ensure mutual understanding of audit scope, procedures, reporting progress, and advise on internal control matters.
EDUCATION:
Moshood Abiola Polytechnic (Nigeria) B.Sc. Accounting.
CERTIFICATIONS:
Certified Information Systems Auditor (CISA)
Contact this candidate