Risk Analyst It Auditor
Resume:
Professional Summary
Experience
Contact
Affiliations
ISACA
Hi, I'm Akin Mohammed.
Results-driven and highly motivated Third Party Risk Analyst and security assessor. Bringing proven skills in administering vendor risk management programs, and very deep knowledge in Audit and Result- Oriented IT Snr. Third-Party Risk Analyst professional with more than 8 years of experience in performing IT Audit, Vendor/third-Party Risk assessments, and Security Control assessments. Application Controls
(ITGC,) SAS70/SSAE18 attestation. Security Control assessment with deep knowledge of HITRUST, Standardized Information Gathering (SIG) ISO 270001, SSAE 18 (SOC 1, SOC 2), NIST 800-53, NIST 800-37, NIST 800
-137, PCI-DSS to achieve Security, Privacy, Confidentiality, Processing Integrity, Availability of Information Systems.
**********@*****.***
Bowie, MD 20724
The ISACA community is
guided by our Purpose and
Promise, which define the
essence of who we are and
what we do. Our Purpose is
the reason we exist—to help
business technology
professionals and their
enterprises around the world
realize the positive potential
of technology. Our Promise is
how we, as an organization
and individuals, deliver on our
Purpose: inspiring confidence
that enables innovation
through technology. Our
work, and the work of the
professional community we
support, has never been more
important.
THIRD PARTY RISK ANALYST Oct 2019 - Current
TD Bank
Developed short-term goals and long-term strategic plans to improve risk control and mitigation
Analyzed portfolios and identified risk factors, facilitating the reduction of delinquencies on new volumes and recommending risk-averse underwriting strategies
Promoted enterprise-level risk management practices and helped instill strong culture focused on protective policies and procedures
Instituted contingency plans, ensuring business continuity through cross-training, documentation, and data backups Encouraged stakeholders to approach assessments analytically and offer unique insights to bring new understanding to risk management programs
Engaged with collections, risk, and fraud teams, collaborating on the implementation of collection strategies
Administer assessment questionnaires to our vendors Review key vendor-provided documentation such as SSAE18 SOC2 Type-2 report, Penetration testing report
Act as a remediation analyst to work with vendors in remediating findings discovered from the virtual online assessment Carry out various types of vendor assessments such as virtual/onsite risk assessments for our vendors depending on triage information from the vendor management office Perform data loss prevention assessment of our data at the vendor site
A
A
K
I
N
M
O
H
A
M
M
E
D
CISA - Certified Information
System Auditor - Certified IT
Auditor, ISACA.
Act as a peer-to-peer review for another colleague to ensure all findings are accurate and well defined
Working with the vendors to ensure risks discovered are remediated within the time frame as stipulated
Ability to determine vendor risk tier based on service provided and access to data elements.
THIRD PARTY VENDOR RISK ANALYST Jul 2017 - Aug 2019 M&T Bank
Reviewed and validate all controls at the vendor site to endure data confidentiality
Assesses operational fitness of assigned third parties through due diligence reviews
Conducted security audits to identify vulnerabilities Recommend improvements in security systems and procedures Design and constantly upgrade suppliers questionnaire to ensure all areas of new threat signatures discovered are covered Reviewed all essentials security policies and procedures documentation
Escalated issues of 3rd party vendor's non-compliance with the vendor risk management office(VMO)
Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure the protection of data at the vendor sites Facilitated remediation for any third-party related operational issues as needed
Provides ongoing monitoring for third-party risk due diligence Worked with e-GRC tools such as ProcessUnity, service now to ensure secured and prompt communication of findings and deployments of questionnaires to the vendor and to track vendor progress on remediation
Provide detailed reports of assessments to business owners and the vendor management office
Reviewed violations of computer security procedures and developed mitigation plans
Performed risk analyses to identify appropriate security countermeasures
Carried out day-day-day duties accurately and efficiently Demonstrated respect, friendliness, and willingness to help wherever needed
Maintained energy and enthusiasm in a fast-paced environment. IT AUDITOR May 2016 - Jun 2017
Verizon
Assessment of IT General Controls (ITGC) such as Access control, Change
Management, IT operations, Disaster recovery, and job scheduling
Education
Developed audit plan and programs to evaluate control areas on projects such as financial statements performed an audit Performed walk-through and detailed testing of controls to determine if controls are properly designed and operating effectively
Reviewed internal policies and procedures and existing laws, rules, and regulations to determine applicable compliance and the adequacy of underlying internal controls
Documented control weaknesses related to testing exceptions and assisted in preparing draft audit reports to communicate findings and recommendations to senior management
Reviewed Corrective Action Plan (CAP; Validates remediation control and follow-up on the remediation process
Strong background in all stages of the auditing process, including planning, fieldwork/ execution/risk assessment, reporting, and follow up
Reviewed internal policies and procedures and existing laws and regulations to determine applicable compliance and the adequacy of underlying internal controls
Tracked project and team member performance closely to quickly intervene in mistakes or delays
Maintained industry knowledge through continuing education, training, and monitoring of industry publications
Performed strategic planning, execution, and finalization of audits
Developed an auditing program to address risks and evaluate regulatory requirements
Gathered and analyzed financial data to determine improvement efforts
Produced and reviewed audit reports for submission to the inspector general and advised on audit recommendations and internal controls
Established internal control systems by updating audit programs Managed internal controls and assessed risks of the technology network by performing ng information system audit. BACHELOR OF SCIENCE - COMPUTER SCIENCE
Aug 2006
University of Manchester, United Kingdom
Contact this candidate