CHIMA OGBONNA Mobile: 832-***-****

IT System Auditor Certified IT Professional Email: adzgyw@r.postjobfree.com

Linkedin: chima-ogbonna

Address: Houston, Texas 77083

I am CERTIFIED IT AUDITOR having over eight years of professional experience in IT risk advisory / IT audit field. I have worked on a corporate level with different organization on many audit and security assessment engagements.

Exceptional abilities with attention to detail, can independently perform technical IT audits including the following areas: testing of IT General Controls, IT Application Controls IT Governance Review IT & IS policies and procedures review.

I have worked in following areas User Access Management of IT -Understanding of IT Access to Programs and Data Joiners and Amendments - Leavers – Passwords. User Access Reviews, Super Users, Change Management - Authorization, Testing, and Approval of Changes - Promotion to Live - Emergency Changes Program Development - Project Management - Data Migration Computer Operations and Job Processes.

CORE COMPETENCIES.

Management and Understanding of IT

Change Management

Computer Operation

IT Controls Assurance

Information Systems Audit

IT System Security controls reviews

User Access Management

New user Joiner, Leaver, Revocation Testing & User administration

IT Audit Program Planning

Implementation of IT controls,

Application Controls Review

IT General Controls Testing

IT & IS policies and procedures

IT risk assessment

Information security assessment

IT Governance, GRC & Compliance

Plan internal audit procedures

Conduct training on security features

Cyber security Audit Covering Cyber

Preparing Audit Plan

Project management and team lead

Analytical Approach and Problem- Solving Skills

Creative Thinking, Flexible and approachable

Travel to client sites for audit purpose

Active Directory, OS, DB, Security Testing & Assessment

SOC1, SOC 2, SOX Agile/Scrum

PROFESSIONAL EXPERIENCE.

Senior Solution Consultant November, 2022-Present

Deloitte, Houston, Texas

Working on US Air Force account, helping clients to ensure IT audit readiness and uplift IT controls affecting material financial processes

Performing Team Lead responsibilities such as onboarding new team members, navigating workflow roadblocks, reviewing team members’ work products, and streamlining client IT processes/controls

Reviewing control descriptions, process narratives and testing strategies for reasonableness and accuracy. Make recommendations and implement updates to documentation.

Performing Control application testing for Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SSAE 18 Review, using COBIT and FISCAM frameworks.

Handling technical and business impacting aspects of Information Security Risk areas comprising of Audit / compliance, IT, Operational and Legal Risks.

Work with teams demonstrating the core team values and Adhere to the Policies and Practices of Client.

Execute strategies that support the continued maturity of the SOX ITGC program by managing process/ control reviews, detailed testing of IT controls to ensure risks are appropriately identified, associated audit procedures are applied, related controls are designed and operating effectively, and recommend mitigation of identified risks.

Create and maintain IT process and controls documentation to support regulatory and contractual requirements (risk control matrix, process flowcharts, controls mapping, test procedures, key application process documents).

Senior Associate: IT Auditor on Client Engagements July, 2022-October 2022

KPMG, Houston, Texas

Performed SOC1, SOC2 audits for IT service and Fund administration organizations. The scope of the engagement included testing of design and operating effectiveness of IT General Controls and Business Automated Controls.

Planned and executed the day-to-day activities of IT audit engagement for a variety of clients including testing

Evaluated the design and operating effectiveness of technology controls throughout business processes.

Utilized the BIG 4 smart audit methodologies and demonstrated the global values and behaviors when completing work and documenting conclusions.

Client interface for understanding the SOX IT General Controls as applicable to Application & Infrastructure operations

Conducted assessment of existing processes and aligning them to COBIT 2019 standard

Conducted TOE and TOD for ITGCs

Senior Consultant- IT Compliance June, 2020-June 2022

A-LIGN Compliance and Security, Inc, Houston, Texas

Prioritized assigned audit tasks and ensure accurate and timely completion with best quality delivery that meets management expectations deploying applicable frameworks and standards - COBIT, COSO, HIPPA, GDPR, ITIL and NIST.

Execute SOC 1, 2 and 3, SOC 1 TYPE 1, SOC 1 Type 2 and SSAE 18 reviews

Conduct Information Technology General Control testing - ITGCs testing, IT Application Controls testing (ITACs) and IT infrastructure audit - Network Device, Operating System and Databases per industry leading practices – COSO, COBIT, NIST, ISO etc.

Review risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans

Conduct audit to identify weaknesses in the existing control environment, and business processes, provide value adding recommendations to fix identified gaps to maintain IT control metrics per the compliance activities

Performed SOC1, SOC2 audits for IT service and Fund administration organizations. The scope of the engagement included testing of design and operating effectiveness of IT General Controls and Business Automated Controls.

Prepared policies such as Change Management, Access Management, IT Operations etc.

Assessed Cloud Computing control testing availability, confidentiality, integrity, compatibility, encryption for control design adequacy and operating effectiveness.

Conducted cybersecurity control testing detective, preventive, corrective and compensating controls to determine appropriateness and control effectiveness.

Reviewed SOC 1 type II, SSAE 18 reports and perform SOC 1, 2, & 3, SOC1 type I control testing.

Tested IT General Controls (ITGCs) and IT Applications controls (ITAC) to verify design adequacy and operating effectiveness.

Exposed and familiarity with First, Second, and Third line of defense concepts and interactions.

Conducted IT infrastructure control testing of Servers, Active Directory, Databases and Operating Systems.

Developed testing procedures that adequately evaluate identified controls for design and operating effectiveness.

Senior IT Auditor April, 2019 – May 2020

CONTINENTAL LABORATORY, Houston, Texas

Evaluated business processes, anticipating requirements, uncovering areas for improvement, and developing and implementing solutions

Engaged closely with different support team on areas of improvement and set metrics to increase accuracy, completeness and/or consistency and implement solutions in process, policy, and overall operations.

Served as technical lead, Database Administrator for Oracle core databases supporting non E-Business Suite applications

Collaborated with different IT Leaders to document Internal Controls, by providing guidance on IT General Controls (ITGC) testing, also developed tools to support ITGC efforts including reports and communications in ensuring end to end management, design, definition, and delivery of IT control solutions.

Implemented & Documented IT controls including control objectives, controls, specific IT control activities to meet all control requirements.

Evaluated IT general controls (ITGC) including information security, change management, data center and physical security; disaster recovery and systems development life cycle (SDLC.

Provided controls guidance to IT and the business to facilitate operational effectiveness and ensure compliance requirements are met.

IT/IS Auditor April, 2015 – March 2019

Halliburton, Houston, Texas

Reviewed risks of key control deficiencies and effectiveness of overall control framework, and ensure management has effective and timely control remediation plans

Conducted audit to identify weaknesses in the existing control environment, and business processes, provide value adding recommendations to fix identified gaps to maintain IT control metrics per the compliance activities

Conducted cyber security audit, testing preventive, corrective, detective and compensating controls to determine the adequacy of the overall management control environment

Executed Information Security audit – Administration, Technical and Physical controls

Evaluated backup and recovery plans

Worked with the IT Audit Manager in preparing audit status reports for presentation to executive management and the company's Audit Committee

Engaged in entire IT Audit process from audit planning, execution, reporting and follow-up as needed, with assistance with special projects

Conducted Information Technology General Control testing - ITGCs testing, IT Application Controls testing (ITACs) and IT infrastructure audit - Network Device, Operating System and Databases per industry leading practices – COSO, COBIT, NIST, FFIEC, ISO etc.

Involved in the identifying, evaluation and documentation of key IT risks and controls throughout the organization, across multiple information technology platforms

Developed test procedures for new audit projects, to conduct a proper audit that add values to the enterprise

Served as a key lead resource and guide for Finance and IT in Mattel’s exciting new journey in moving the corporate Oracle EBS Financials to the cloud and modernizing the accompanying processes

Updated and maintain the recommendation remediation tracker to keep management abreast of the outstanding internal audit findings

Conducted pre and post implementation review of SDLC projects from time to time

Financial Analyst January, 2013 – March 2015

HSBC, New York, NY

Provided financial, investment advice and guidance to clients

Conducted extensive financial, industry, economic due diligence to evaluate risk, with high confidentiality

Ensured business and financial team’s understanding of product reviews and business processes.

Analyzed the feasibility studies and develop requirements for detailed definition for workflow.

Recommended potential products to customers and maintain customers record also participate in deals

Prepared product report by collecting and analyzing customer’s information and collaborating with senior bankers

Strategic customer relationship managements and creating confidential offering memoranda, fairness opinions.

Executed and coordinate requirements management and change analysis management process.

Effectively negotiated sales agreements and terms potential and existing clients.

EDUCATION

University Of Maryland Global Campus, Master of Science, Cybersecurity Technology (2022-03 -2023-09)

University of Calabar, Cross River State, Nigeria, Bachelor of Social Science, Accounting (1999 -2003)

CERTIFICATIONS

CISA (Certified Information Systems Auditor)

PMP (Project Management Professional)

SAA-CO2 (AWS Certified Solutions Architect Associate)

SYO-601 (CompTIA Security + Certified)

Secret Clearance

LANGUAGE SKILLS

English – Native

CISA CERTIFIED IT SYSTEM AUDITOR – IT CONSULTANT – IT SECURITY & COMPLIANCE

Technology Risk Analyst -IT Risk Management – IT Control Assurance – IT Governance – Project Management Professional

Contact this candidate