Compliance Analyst It Auditor
Resume:
JOHN LUCAS, CISA
WASHINGTON DC *****
Tel: - +1-214-***-****; Email: aduf9s@r.postjobfree.com
IT AUDITOR/ IT COMPLIANCE ANALYST
PROFILE An experienced IT Auditor and Compliance Analyst entrusted with managing complex and multi-system application control, SOX, SSAE 18 (SOC 1, SOC 2 & SOC 3), ISO 27001, ITGC and PCI DSS projects and carry out assessment of the effectiveness of company internal controls concerning IT processes and systems to help ensure company’s IT compliance programs are achieved always
SKILLS HIGHLIGHTS
Extensive background in all stages of audits, including planning; study, evaluation, and testing of controls; reporting; and follow-up.
Good understanding of control frameworks such as COBIT, COSO, PCI DSS, NIST 800-53 and ISO 27001.
In-depth knowledge of Sarbanes-Oxley Act (SOX) and business processes.
Ability to use MS Office (Word, Access, Outlook, Excel, PowerPoint).
Excellent project management, teamwork, and leadership skills. Ability to deliver excellent value to clients and maintain effective client relationships.
Good analytical thinking, excellent communication and report writing skills.
WORK EXPERIENCE:
RSM US LLP AUG 2022- TILL DATE
ITGC INTERNAL AUDIT & CONTROLS
Coordinate IT related SOX compliance processes, assessing IT general controls in connection with program development, change management, computer operations, security, and configurations as well as vendor service providers
Perform and documents SOX walkthroughs and testing in accordance with the applicable frameworks.
Execute work programs to test operational effectiveness of key controls using a variety of approaches, including sampling, corroboration, observation and performance.
Summarize test results at the conclusion of testing and communicate to the process owners any control deficiencies and provide recommendations for remediation
Review control deficiency and compliance letters, with an eye on quality, thoroughness and accuracy for SSAE 18 (SOC 1 & SOC 2).
Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk, and develop remediation strategies.
Perform compliance reviews of management testing of internal controls to ensure compliance with the required SOX test plans and documentation requirements
Monitor the testing progress of process owners to ensure: timely completion, research the risk and impact of control findings, recommend remediation plans to management, develop timelines for re-testing, and ensure SOX documentation requirements are met.
BERKELEY LIGHTS FEB 2022 – JULY 2022
IT COMPLIANCE ANALYST
Assisted in the review and improvement of SOX Program methodology and practices, including innovation initiatives and maintenance of policies and procedures
Conducted security focused IT risk assessment, identify potential weaknesses and create value added, relevant solutions that address internal control needs and business requirements without sacrificing efficiency
Conducted testing of Sarbanes-Oxley (SOX) and Service Organization Control (SOC1 & SOC 2) SSAE 18 reviews using COBIT framework.
Tracked, monitored, and reported all Internal Risk Control Self Assessments (RCSA) in compliance with policies and standards
Performed IT general controls and application controls reviews and monitor segregation of duties and other key management controls.
Tracked and monitored audit findings and works with control owners / monitors to ensure remediation action plans are put in place and addressed in a timely manner
Evaluated all control deficiencies, identify root causes, develop strong remediation plans and monitor implementation for timely remediation of control weaknesses
Acted as the liaison between external / internal audit and control owners
Evaluated internal operational and procedural compliance.
Analyzed and update existing compliance policies and related documentation.
Communicated compliance policies and guidelines to Management and designated departments.
DELOITTE LLP (AUDIT, CONSULTING, ADVISORY SERVICES) MARCH 2019 – JAN 2022
IT AUDITOR & COMPLIANCE ANALYST
Prepared IT audit program to include access control, change management controls and application controls; and identify deficiencies in the design and operating effectiveness of control and provide recommendation.
Identified and communication IT audit findings to senior management and clients.
Maintained good working relationship with the clients to enhance customers’ satisfaction and work with client management and staff at all levels to perform audit service.
Performed all stages of audit planning, fieldwork, executive, reporting and follow up.
Prepare IT audit program to include access control, change management controls and application controls; and identify deficiencies in the design and operating effectiveness of control and provide recommendation.
Identified and communication IT audit findings to senior management and clients.
Maintained good working relationship with the clients to enhance customers’ satisfaction and work with client management and staff at all levels to perform audit service.
Performed tests to validate the Integrity and effectiveness of controls that are in place.
Reviewed and analyzed audit evidence, documented processes, and procedures
UNICORN CONSULTING LLCS SEPT 2015 – JANUARY 2019
IT AUDITOR
Reviewed of IT General Controls (ITGC) and various applications, databases, operating systems, and network devices
Performed and document audit activities in accordance with professional standards such as COBIT, COSO and SOX internal control frameworks Audit Project.
Handled of special projects such as Segregation of Duties (SOD) and SOX Compliance business challenge projects HIPAA and identify conflicts or inadequate internal controls and provide recommendations
Performed audit with IT general controls such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS) using, COBIT, ISO and NIST 800-53 frameworks.
Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations.
Audited, tested and implemented Enterprise Resource Planning Software: SAP, Oracle Financial and People soft.
Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and be responsible for developing and maintaining IT control metrics related to compliance activities.
Provided IT risk assessments and SAS 70 /SSAE18 and has conducted review of data centers, extranets, telecommunications, and intranets to access controls and ensure availability, accuracy, and security under all conditions.
SCANS GLOBAL LOGISTICS FEBRUARY 2013 TO AUGUST 2015
INTERNAL AUDITOR
Documented physical access controls to computer resources by evaluating existing environmental security, conditions, and available emergency procedures.
Reviewed and analyzed audit evidence, documented processes, and procedures.
Helped establish annual audit using risk assessment methodology.
Coordinated with various departments to create remediation plan for deficiencies found during audit.
Examined the audit trail to review access, user activities, and failed login/logout.
Established the control points for every phase of system implementation as defined by the SDLC methodology – end user buy-off, testing in development and not production environment, adequacy of testing etc.
Provided audit and compliance/consulting support for the Project Management team by ensuring compliance with defined standard and methodology – Project Initiation through go-live.
Ensured that all information systems, products, processes, and services meet the policies and standards of the organization
Recommended appropriate compensatory controls to mitigate any potential risk to system and application.
EDUCATION
Ladoke Akintola University of Technology: - MSc in Transport Management
Kwara State Polytechnic Ilorin; BSc in Mechanical Engineering
Certified Information System Auditor (CISA) – Certified
COMPUTER SKILLS:
Microsoft word, Excel, Share Point, Windows, and Visio
Contact this candidate