Aishat B Ojo

346-***-**** adu683@r.postjobfree.com

IT RISK AND COMPLIANCE ANALYST have well documented experience in standards, procedures and guidelines for multiple platforms and diverse environments. I am knowledgeable in NIST’s special publications and well versed with technyupologies including cloud computing, network devices and database. I function well under stress and can work with little to no supervision. I am hardworking, focused and a wonderful team player. I am experienced in risk mitigation and cost reduction strategies and planning strategies to enhance financial positions. I focus on delivering high-quality results and producing exceptional work.

A Certified Information Security Audit (CISA), Certified in CompTIA Security+ professional, with significant years of project management consulting, analysis, implementation of the security controls and IT auditing experience, focusing on Governance Risk and Compliance (GRC).

Skills

Detailed oriented, strong written and oral communication skills.

Outstanding level of integrity and hard work with expertise in Business continuity planning and Incident management, Network and Application vulnerability assessment, Security solutions architecture.

Strong technical knowledge and vast Experience of frameworks and standards such as FIPS and NIST SP 800 – series, NIST CSF, ISO-27001, FISMA, CIS 20, NIST RMF, FedRAMP, HIPAA, PCI-DSS, SOC2, SOX

Hands on experience with auditing platforms, Microsoft windows, AWS

GCR Tools (ServiceNow, RSA Archer, Tugboat Logic, JupiterOne, Jira & Confluence LockPath Keylight)

MS Suite (Word, Excel, PowerPoint, Visio), G Suite (Docs, Sheets, Slides, Forms)

Experienced mentor, team player, proficient analytical and problem-solving skills

Ability to work on self-managed projects and coordinate multiple projects while meeting deadlines

GAAP guidelines

Risk management

Reporting and documentation

Professional Certifications

CompTIA Security +

Certified Information Security Audit (CISA)

Report generation

Risk aversion recommendations

Compliance standards

Process evaluation

Experience:

JP Morgan

Senior IT Risk and Compliance Analyst – Remote TX April 2020 to Current

Developed risk-based audit programs, update and maintain the company’s information Security policies and procedures based on standards and framework. Evaluated controls deficiencies and recommended practical and sustainable solutions.

Execute compliance and certification audit projects such as PCI-DSS, SOC 1 & 2, CIS 20, ISO-27001 gather Compliance evidence and work with stakeholders to remediate internal control weakness.

Developed, reviewed, and updated Information System Security Policies, System Security Plans (SSP), and Security Baselines in accordance with NIST SP 800-18, and NIST SP 800-53 towards FedRamp compliance, strengthened enterprise cyber security and improved regulatory compliance.

Assess completed questionnaire and supporting field work materials to ensure completed and meet organizations expectations.

Performed badge access review, user access review (UAR)

Effectively liaised with management to provide guidance regarding controls, and fraud risk assessments.

Ensured all control deficiencies are identified and corrected by working with IT operations.

Ensured preventative and predictive maintenance programs are developed /established and functioning efficiently to support operation requirements.

Ensured the documentation of existing controls, and established effective control tests.

Evaluated client’s key IT processes such as change management, systems development, computer / data Centre operations and managing security at database, network and application layers.

Participate in agile SDLC to adequately redefine security checkpoints IN SDLC and effectively integrate risks assessment throughout all phases of the SDLC.

Dell Technology Company

IT Auditor – Remote TX December 2017 - March 2020

Benchmarking controls to COSO/COBIT/ITIL frameworks to confirm adequacy of controls.

Assessed control effectiveness of IT and business processes for various clients, covering a wide range of platforms/ applications.

Performed various IT audits for clients, including development of risk and controls matrix, audit procedures, execution of testing and communication of findings to key stakeholders.

Handled special projects such as segregation of duties (SOD) and SOX compliance business challenge projects, PCI DSS, HIPAA.

Conducted IT security audits, including verification of compliance with corporate encryption policies.

Conducted meeting with senior members of staff to review processes and better understand business needs.

Performed Tests of Design (TODs), Tests of Effectiveness (TOEs) of Key defined control activities and tested for Audit Readiness.

Conducted and supervised all aspects of the end-to-end IT audit process to include engagement planning, coordination, scope determination, risk and control identification, design of audit program procedures, testing, and evaluation and analysis of results.

Evaluated the adequacy and effectiveness of the client’s internal controls using a risk-based methodology developed from professional auditing standards.

Maintained a good working relationship with clients to enhance customer satisfaction and work with client management and staff at all levels to perform audit services.

Contributed to the team in all stages of audits, including planning, study, evaluation, and testing of controls reporting, and follow-up.

Education:

Bachelor of Science (BSc): Microbiology

Contact this candidate