KEVIN AMOAH, CISA, CRISC, CISM, CAP

adukm8@r.postjobfree.com 336-***-****

PROFESSIONAL

SUMMARY

Adaptable Senior IT Consultant with 9 years’ experience in Risk Management Framework (RMF) using FISMA / NIST guidance. Experienced in system categorization, control selection and implementation, assessment and authorization, auditing, and evaluation of GSS (General Support System) and MA (Major applications). Progressively complex experience in the development, integration, and implementation of cyber security and program protection standards for networking, computers, and custom application development. Management of business continuity planning/ disaster recovery and information security to ensure that controls surrounding processes are adequate. Develop, build & implement tools to analyze data to improve audit efficiency and effectiveness, Conduct audits or lead audit teams in operational and infrastructure audits.

SKILLS

CERTFICATIONS

TECHNOLOGY

SUMMARY

Troubleshooting and Diagnostics

Traceability Compliance

Performance Optimization

Systems Architecture Analysis

Leadership

Analytical abilities

Creativity

Project management

Certified Information Systems Auditor (CISA)

Certified in Risk and Information Systems Control (CRISC)

Certified Information Security Manager (CISM)

Certified Authorization Professional (CAP)

Actively studying to become a Certified Information System Security Professional (CISSP)

Security Technologies: Retina Network Security, Nessus, Anti-Virus Tools, IBM Guardium, QRadar, Tanium, PowerBI, Open Pages, ServiceNow, Archer, Qvidian, JIRA, RACF, Teammate

Systems: Unix-Based Systems and Windows

Software: Microsoft Tools (Word, Excel, PowerPoint, PowerShell, Visio) WORK

HISTORY

Sr. Integrated Auditor / AVP First Citizens Bank, NC 04/2022 – Current

Led process understanding meetings with business auditors

Documented technological summaries for business applications

Directed the evaluation of internal controls, ensured compliance with regulatory requirements including Sarbanes-Oxley, and identifies business risks

Determined appropriate audit scope by assessing significant risks and controls for business applications

Provide expertise through knowledge in area of work, and lead project efforts.

Updated process flowcharts, risks, and controls, and accounts for the impact of technology on the control environment.

Conducts special projects and assists with external audits as needed.

Performs the annual SOX 404 scoping exercise to determine if there are any changes to IT data centers, applications or related processes which should be considered to determine what is in scope for SOX 404 purposes.

Senior IT Auditor II MetLife, NC 09/2019 – 04/2022

Collaborate with audit clients to identify process, risk, and controls in scope for infrastructure reviews. These reviews include systems such as z/OS, mainframe middleware, Windows, IBMi, and Linux.

Evaluate control design and operating effectiveness to assess whether controls are working as expected, focusing on security configuration.

Provide weekly updates to Auditor-in-Charge and client using an AGILE mindset to quickly bring forth potential gaps and overall audit status.

Partner with clients to manage identified issues to closure.

S-Ox testing and role-based access reviews using SailPoint

Led project to update and modernize the Global Technology Audit Intranet

Review architectural diagrams and assisted with updates to ensure it met business objectives

IT Audit and Risk Sec. Consultant MetLife, NC 12/2018 - 09/2019

Platform certification testing for Windows, Active Directory, HP-UX and Solaris (Oracle).

Termination testing for Windows, Active Directory, HP-UX, and Solaris

(Oracle).

Conducted Security assessment review for change control management, assessing risk impact of proposed change, and recommending action for approval.

Provide a logical approach to information security risk and compliance issue identification, assessment, mitigation, and remediation.

Increased data collection accuracy scores by acquiring and analyzing security information to reduce errors.

Performed a quality assurance review of audit evidence provided to external auditors and made recommendation to ensure completeness and timeliness of responses to audit requests.

Assisted in SOC2 remediation after findings were reported

Managed team share point site and created Mainframe Procedure Manual to guide new users.

Extensive experience in IT auditing with emphasis on commercial public companies and federal government departments using ITGC, Application Controls COSO, COBIT, ISO 27001.

IT Compliance Analyst HILANS Consulting Inc, MD 01/2014 – 12/2018

Perform vulnerability assessments and scans to identify residual risk and determine corrective actions to mitigate known vulnerabilities in order to limit impact.

Conduct Plan of Action and Milestones (POA&M) reviews, oversight and reporting as well as Privacy Impact Assessments.

Compile data to complete Residual Risk Report and to insert contents into the POA&M.

Documents include System Categorization Worksheets (SCW), System Security Plan, Risk Assessments, Contingency Plans, and testing, FIPS 199, System Control Test & Evaluation (SCT&E), Annual and quarterly security documentation and review testing, ATO certifications and re- certifications, Memoranda of understanding (MOU), Interconnection agreements.

Create standard templates documents for required security assessment and authorization, including risk assessments, security plans, security assessment plans/reports, contingency plans, and security authorization packages.

Assisted with Request for Information (RFI/RFP) for potential suppliers of goods or services.

Create, review, and update Standard Operating Procedures (SOP) on an annual basis

Develop, review, and update Certification and Accreditation (C&A) packages and Authority to Operate (ATO) documentation for systems hosted and owned by the organization.

Developed Security Assessment Report (SAR) detailing the results of the assessment along with Plan of Action & Milestones (POA&M).

Created standard templates for required security assessment and authorization documents; Risk Assessment (RA), System Security Plan

(SSP), Contingency Plan (CP) and Security Plan (SP). EDUCATION North Carolina Central University, Durham, NC 05/2016 Bachelor of Science: Biological and Biomedical Sciences

Conducted kick off meetings using the approved IT security framework, FIPS 199/NIST 800-60 to categorize information and information system.

Analyzed and updated BIA, ISCP, ISCP Tests, SSP, RA, PTA, ST&E, and POA&M's.

Contact this candidate