IT Larry Adetunji

Tel: 347-***-**** Email: adzquc@r.postjobfree.com:blank

SUMMARY

Experienced IT Auditor skilled in conducting audits for commercial clients using frameworks like COSO, COBIT, PCI DSS, NIST 800-53, and ISO 27001. Possess in-depth expertise in Sarbanes-Oxley Act (SOX), HIPAA, Risk Assessment, IT General Controls (ITGC), SOC1 & SOC2 SSAE18 attestation, and ERP security assessments. Played a pivotal role at T-Mobile, contributing to the achievement of 85% of their Internal Control Objectives by ensuring the effective design and operation of internal controls in alignment with company policy and procedures.

SKILLS HIGHLIGHTS

Extensive background in all stages of audits, including planning; study, evaluation, and testing of controls; reporting; and follow-up.

Good understanding of control frameworks such as COBIT, COSO, PCI DSS, NIST 800-53, and ISO 27001.

In-depth knowledge of the Sarbanes-Oxley Act (SOX) and business processes.

Ability to use MS Office (Word, Access, Outlook, Excel, PowerPoint, Power-Bi).

Excellent project management, teamwork, and leadership skills. Ability to deliver excellent value to clients and maintain effective client relationships.

Good analytical thinking, excellent communication, and report-writing skills.

PROFESSIONAL EXPERIENCE

T-Mobile May 2022 – PRESENT

IT Compliance auditor

Prepared audit programs to include access control, change management controls, and application controls, including cloud security controls; identified control design and operating effectiveness deficiencies and provided recommendations.

Reviewed IT General Controls (ITGC) on various applications, databases, operating systems, and network devices, including cloud environments. Assisted in all stages of the auditing process, including planning, fieldwork/execution/risk assessment, reporting, and follow-up.

Performed risk analysis/look back analysis for active and inactive users where appropriate.

Developed audit plans and programs to evaluate control areas on projects such as financial statement audit, SOX 404 testing, and SAS 70/SSAE 18, including cloud security assessments.

Collaborated with cross-functional teams to ensure that PCI DSS requirements were integrated into business processes, systems, and applications, including cloud-based systems.

Designed, implemented, and maintained policies, procedures, and standards to support SOC 1 and SOC 2 compliance, including cloud security measures.

Investigated and resolved security incidents, including data breaches, and recommended corrective actions to prevent a recurrence, including enhancements to cloud security controls.

Developed and maintained relationships with stakeholders, including vendors, merchants, and payment processors, to ensure ongoing compliance with PCI DSS requirements, including cloud security.

Conducted client interviews to determine the security posture of the systems in scope and assisted in completing the Security Assessment Plan using NIST SP 800-53A. Performed security control assessor (SCA) role as part of the Assessment and Authorization process, including analysis requirements, reviewing, reporting, and documentation. Conducted security control assessments based on NIST SP 800-53 Rev. 4, and NIST 800-37 Rev.1, including cloud security assessments.

Maintained up-to-date knowledge of industry regulations and standards, including PCI DSS, SOC 1 and SOC 2, and provided guidance and training to internal teams, including cloud security awareness.

Conducted comprehensive audit of OKTA identity and access management system, ensuring adherence to security best practices and compliance standards. Reviewed configurations, permissions, and authentication protocols to identify potential vulnerabilities and gaps in access control

Provided regular reporting and updates to management on the status of PCI DSS compliance efforts and progress toward achieving compliance, including cloud security compliance.

Stayed up-to-date on changes to SOC 1 and SOC 2 regulations and guidelines and ensured that the organization remained compliant, including cloud security considerations.

BANK OF NEW YORK MELLON JANUARY 2020 - JUNE 2022

SR. IT AUDITOR

Conducted IT audits for Bank of New York Mellon, including cloud and IT infrastructure audits.

Developed audit programs covering access control, change management controls, and application controls, identifying deficiencies in control design and operating effectiveness.

Performed reviews of IT general controls and application controls, ensuring segregation of duties and monitoring key management controls.

Conducted risk assessments and SAS 70/SSAE18 audits, assessing data centers, extranets, telecommunications, and intranets for access controls and ensuring availability, accuracy, and security.

Experienced in system audits, and testing controls relevant to Audit/SSAE-18 readiness efforts.

Executed risk-based audits, such as SOX and PCI compliance testing, ERP systems audits, IT general controls (ITGCs), IT application controls (ITACs), SDLC audits, SOC I and II reviews, IT infrastructure audits, disaster recovery assessments, and policy/procedure evaluations.

Developed comprehensive audit plans and conducted testing of general computer controls, including information security, business continuity planning, and relationships with outsourced vendors.

Designed IT audit programs for business process reviews, system implementations, and application reviews.

Led audit procedures, including interviews, evidence review, analysis, and detailed documentation in well-supported work papers.

Supported audit reporting and issue remediation, tracking the status of open issues and addressing IT-related findings.

NCR CORPORATION NOVEMBER 2017 – DECEMBER 2019

IT AUDITOR

Performed and documented audit activities in accordance with professional standards such as COBIT, COSO, PCI, and SOX internal control frameworks.

Performed audit with IT general controls such as access control, change management, IT operations, disaster recovery, and platform reviews (Windows and UNIX OS) using COBIT, ISO, and NIST 800-53 frameworks.

Performed and supervised Statement on Auditing Standards Number 70 (SAS 70) Audits, now known as Statement on Standards for Attestation Engagements Number 16 Service Organizations Controls (SSAE 18 SOC I, II, and III) Audits.

Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations.

Audited, tested, and implement Enterprise Resource Planning Software: SAP, Oracle Financial, and People soft.

Coordinated IT-related SOX compliance processes, assessing IT general controls in connection with program development, change management, computer operations, security, and configurations as well as vendor service providers

Assisted IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses, and being responsible for developing and maintaining IT control metrics related to compliance activities.

Conducted IT audit fieldwork and walkthrough of controls, perform detailed testing, analysis of controls, validations, and creation of clear and accurate documentation of workflows in IT process and report of test results and except.

Administered computer-aided audit tests (CAAT) to analyze data using Audit Control Language (ACL), IDEA, and other data analytical tools.

Reviewed IT General Controls (ITGC) and various applications, databases, and operating systems.

STERLING BANK PLC APRIL 2015 – SEPTEMBER 2017 INTERNAL CONTROL AUDITOR

Conduct comprehensive internal audits, reviews, and inquiries to ensure PCAOB programs and operations are efficient and effective, and uphold the highest standards of integrity, while actively detecting and preventing instances of waste, fraud, and abuse.

Take a lead role in various stages of the audit process, including planning, risk assessment, test work, reporting, and wrap-up, ensuring meticulous adherence to Sterling Bank standards, and internal policies, and maintaining an unwavering commitment to professionalism and independence.

Develop meticulous test plans, execute testing, and diligently document results in detailed work papers, facilitating insightful discussions with Sterling Bank management and clients when necessary.

Conduct in-depth interviews and thoroughly review process documentation provided by key stakeholders, enabling a comprehensive understanding of organizational processes and potential areas for improvement.

Skillfully draft audit report findings and recommendations, conveying complex information in a clear and concise manner, backed by solid documentary evidence, both digital and non-digital.

Utilize a range of analytical tools, manual and digital, to gather, process, and analyze data, ensuring thorough and accurate assessments of the audit population and sample selections.

Thoughtfully assess identified issues and present well-crafted remediation recommendations to senior leadership and stakeholders.

Maintain meticulous and comprehensive work papers to support audit work and conclusions, demonstrating a strong commitment to detail and accountability.

Play an active role in fostering a culture of continuous process improvement and contribute to training initiatives within the department, promoting ongoing professional development.

Facilitate audit follow-up activities to verify the successful implementation of corrective actions outlined in previous Sterling Bank audit reports.

Undertake special projects and investigative work as assigned, showcasing adaptability and a strong problem-solving mindset.

Stay abreast of emerging accounting and auditing developments, ensuring up-to-date knowledge of industry best practices and internal auditing trends to consistently deliver exceptional performance.

Demonstrates versatility and dedication to excellence, willing to perform additional duties as required to support team objectives and organizational success.

APPLICATIONS/TOOLS

MS Office, Teams, Zoom, SailPoint, ServiceNow, OKTA, Jira, Audit Board, Power-Bi, RSA Archer, AWS Security Hub, Azure Windows Defender, AWS IAM, Azure AD, Cloud trail, Cloud Watch, and Share Drive, AWS Audit Manager.

EDUCATION AND CERTIFICATIONS

Bachelor of Science Degree, Accounting, Osun State Polytechnic

Associate of Science Degree, Accounting, Osun State College of Technology

Certified Information Systems Auditor (CISA)

Certified in Risk and Information System Control (CRISC)

CompTIA Security+ Certification

Scrum Master

Contact this candidate