DAVID ASANTE

**C KENNEBEC ST. WORCESTER, MA. ****6 · 774-***-****

adzz2x@r.postjobfree.com · www.linkedin.com/in/DasanteResume · SUMMARY

I am an Audit professional, IT General Controls and Information Security specialist with nine years of experience in testing Internal Controls, and IT Controls Frameworks in the development of the company's security program, policies, and standards with emphasis on delivering solutions to meet business objectives. Knowledgeable in ISO 27000 and NIST SP 800 frameworks and I do have passion for solving complex problems. I am an astute team player, a great communicator, with strong analytical skills, often exceeding expectations with a track record of displaying enthusiasm to succeed while maintaining trusting relationships with internal and external stakeholders.

AREA OF EXPERTISE

IT General Controls and Application Controls Testing

Audit Management Software – TeamMate AM and TeamMate+

Finance Management Software – Nautilus and DNA

Regulatory Compliance (CRF 21, GxP, GMP, GLP, GDocP)

Security Information Management associated applications: ServiceNow, Veeva Vault/Veeva QMS, ValGenesis, Maximo

Experience with SOC 1 AND SOC 2 Reporting

Experience in Excel.

Professional knowledge with data analytics tools

Professional knowledge of COBIT Frameworks

EXPERIENCE

MAY 2023 – SEPTEMBER 2023 (CONTRACT, JC AUTOMATION) IT QUALITY AND LAB SYSTEMS ENGINEER, BRISTOL MYERS SQUIBB

(BMS – DEVENS)

• IT experience in deploying and supporting Quality/Scientific Systems including Analytical Instruments in the Manufacturing, Quality Control (QC), PCR, Genetics, and other labs for the Cell Therapy Facility such as the Sepax for cell processing, the CryoMed Controlled Rate Freezers (CRF) for sample preparation, the Cellometer K2, powered by the matrix software, the Flow Cytometer, the PerkinElmer EnVision plate reader, PCR instruments: Bio-Rad for micro-plate processing/incubator, the PCR 7500 Fast for analyzing samples and various Laboratory desktop applications used in GxP environments. 2

• Knowledge and familiarity in MS office 365, Citrix, Windows Desktop, Windows Server, Group Policy, TCP/IP Networks, Server Virtualization, RDP, Backup and Restore.

• Utilizing various IT tools such as windows NTFS permissions, Active Directory, and Group Policies to implement and deploy systems to minimize data integrity risk.

• Developing and executing CS, CSV, CSVP, Work Practices/Work Instructions

(WP/WI), Standard Operating Procedures (SOP), List, and Risk Assessment according to regulatory authorities for GxP computer systems to support commercial and development activities.

• Configuring and Qualifying System Applications utilizing the Computerized Systems Validation (CSV) and Software Development Lifecycle (SDLC).

• Restoring computers using supplied OS and imagine. Installing applicable enterprise applications for corporate standard anti-virus and related tools.

• Maintenance of processes and documentation for Qualification, Execution and Deviations.

• ISO Grade 8 and 7 gowning.

• Regulatory Compliance – CRF 21, GxP, GMP, GLP, GDoP.

• Vendors: Pre-Qualification (PQ), Operation Qualification (OQ), Preventetive Maintenance (PM), Support Solution Lifecycle Management and Application Lifecycle Management.

• Proficient working with Information Technology Laboratory processes in ServiceNow to execute Incident Management, Change Management, Problem Management, Asset and Configuration Management Database (CMDB).

• Experience utilizing Veeva Vault/Veeva QMS, ValGenesis and Maximo JUNE 2023 – AUGUST 2023

AUDIT OFFICER, CAMBRIDGE SAVINGS BANK

• Performing segments of financial and operational compliance and follow-up audits of all bank operations, including retail banking, deposit operations, lending, pension trust, information systems and accounting, as well as any bank subsidiaries or affiliates.

• Analyzing and documenting process flows (i.e., flow charts, narratives, and matrices), to assist in the identification of control deficiencies as well as to assist in the development of test plans.

• Performing analysis of controls, identifying areas of exposure, and recommending changes in procedures/processing to reduce risk, with limited supervision.

• Assist in developing and maintaining audit engagement planning, audit objectives and programs for activities under review.

• Prepare audit work papers and documentation detailing work performed in a clear and concise format.

• Report results of audit work performed to Internal Audit Management and prepare audit reports comment sheets as necessary.

• Verifying compliance to key controls by inquiry, observation, or examination of documents.

• Managing the completion of assigned audit tasks within budgeted time frames allocated. In-addition record hours worked on audit tasks and refer to Audit Manager for proper Time Control.

• Establishing and maintaining effective working relationships with all Team members and the various departments.

3

• Performing additional duties as required.

JULY 2019 – JUNE 2023

IT AUDITOR, TECHFOCUS LLC

• Implementation and management of SOC-2 Type II, GLBA, CSA STAR Level 2, GDPR, PCI DSS and ISO 27001 controls.

• Summarize and analyze data obtained for evidence of deficiencies in controls, duplication of effort, fraud, or lack of compliance with laws, government regulations and management policies or procedures.

• Providing clear, concise, and appropriate documentation of work performed, as well as issues and observations identified.

• Performing engagement level risk assessments of IT platforms and functions.

• Assists with the development of corporate, divisional, and functional internal audit plans in compliance with Sarbanes-Oxley 404 (SOX) and with the development/evaluation/update of divisional risk and control matrices.

• Staying abreast of emerging issues involving IT Audit, changes in technology, and evolving cybersecurity laws and regulations that could impact the organization.

• Evaluates both SOX and Operational Controls for effectiveness and compliance with corporate and divisional policies.

• Participate in business and departmental projects that require analytical and risk assessment.

MARCH 2014 – JUNE 2019

INTERNAL AUDITOR - CONTROLS ASSURANCE, NATIONAL HEALTH INSURANCE AUTHORITY - GHANA

• Executing all aspects of the audit process including planning, risk assessment, controls identification, client coordination, fieldwork, data analysis, work paper documentation, reporting, and remediation validation, with direction from Team Lead.

• Identifying and defining the root causes of control issues, reviewing, and evaluating the adequacy of internal controls, and compliance with IT security policies and procedures. Provided recommended solutions to the identified internal control concerns.

• Experience in documenting the narratives of the system description for SOC 1 reports.

• Conduct assurance reviews and audits to evaluate the design and effectiveness of controls with specific focus on IT General Controls.

• Identify risks and evaluate internal controls relevant to IT processes.

• Provide first level of detail review of work paper documentation to ensure audit testing work papers are documented in a consistent and high-quality manner while executing project tasks in adherence to established timelines.

• Tracking and reporting project status and milestones to project leadership and/or management.

• Experience in testing Information Security Controls at the application, operating system, and database layers including logical access, change management, operations, and information security controls considerations. 4

• Provide guidance to new audit team members on the audit functions for testing and reporting.

AUGUST 2011 – MARCH 2014

COMPLIANCE COORDINATOR/SECURITY AND AUTHENTICATION OFFICER, NATIONAL HEALTH INSURANCE AUTHORITY - GHANA

• Monitored the development of legislation and regulation in both National and District venues.

• Developed and implemented Compliance Training Programs to ensure company- wide compliance.

• Prepared frequent reports documenting efficiency of operating compliance processes, legislative and regulatory updates.

• Conducted compliance audits and examination of company data.

• Researched regulatory and legislative information, provided updates and adjusted compliance processes when necessary.

• Compiled, processed, and reviewed company sales and financial information to ensure end-to-end compliance.

• Developed accurate and complete work papers that adequately support the work performed in accordance with departmental standards. EDUCATION

JUNE 2011

BSC. MATHEMATICS AND STATISTICS, UNIVERSITY OF CAPE COAST JUNE 2006

HIGH SCHOOL DIPLOMA – GENERAL SCIENCE, ST. AUGUSTINE’S COLLEGE

SKILLS

• Capable of responding effectively to queries

and taking ownership of requests to conclusion

and within the designated time frames.

• Qualys Certified Specialist Certifications:

vulnerability and configuration scanning and

mitigation.

• Ability to plan, schedule, run and mitigate

vulnerability and configuration scans.

• Competence and attention to detail in

performing tasked activities.

• The ability to communicate and work effectively

with all facets of the corporation and the

expertise in communicating with Management.

• Demonstrated success working in a team

environment.

• Mature, self-motivated, adaptable and an

effective team player.

• The ability to manage changing

prioritizations effectively while ensuring

timely delivery.

• Excellent knowledge of all Microsoft Office

packages, with particular emphasis on

Microsoft Excel and PowerPoint

• Knowledge of, and experience with

regulatory compliance

• Data Analytics

• Basic understanding of bank operations.

• Strong analytical, critical thinking, problem-

solving, and organizational skills.

5

• Commitment to security training and earning

corresponding certifications.

• Foundational level of knowledge and

experience with administering enterprise-level

Information Technology systems including

networks, virtualization, cloud, operating

systems, email, storage, databases, etc.

• Ability to work well under deadlines in a

changing environment and complete

multiple projects effectively and

concurrently.

CERTIFICATIONS

CERTIFIED INFORMATION SYSTEMS AUDITOR – CISA (BY ISACA) PCI COMPLIANCE

QUALYS

Issued Jan 2023

Hands-on lab exercises aimed at:

• Ensuring networks and payment systems comply with the Payment Card Industry Data Security Standards (PCI DSS).

• Protecting cardholder data.

• Maintaining a secure network.

• Implement strong access control measures.

• Regularly monitoring and testing networks.

• Maintaining an information security policy.

POLICY COMPLIANCE

QUALYS

Issued Dec 2022

Hands-on lab exercises aimed at:

• Identifying steps for adding hosts to your policy compliance subscription.

• Ensuring the Qualys control library is understood.

• Constructing a user defined control (UDC).

• understanding the different ways to build a policy.

• Performing a compliance and configuration assessment scan.

• Constructing a compliance report.

VULNERABILITY MANAGEMENT DETECTION & RESPONSE

QUALYS

Issued Nov 2022

• Hands-On Lab experience utilizing core Qualys Sensors and core Vulnerability Management, Detection and Response (VMDR) Functionality.

• Creation of an effective Vulnerability Management (VM) Program.

• Scanning complex Network of devices.

• Built a reporting program that impacts security decisions.

• Patch management: Accelerated vulnerability remediation for all IT Assets, 6

INTRODUCTION TO CYBER SECURITY

SIMPLILEARN

Issued Nov 2022

Credential ID 3900455

• Identifying Threat Actors’ Attacks and their corresponding Mitigation.

• Implementing Security Policies and Procedures

• Risk Management utilizing Network Security Assessment and Automated Questionnaires.

• Developing an Incident Management and Response Systems.

• Implementing Business Continuity and Disaster Recovery. GOOGLE DATA ANALYTICS MODULE 3 - PREPARE DATA FOR EXPLORATION

• Best practices for managing data and keeping it secure.

• Utilizing Spreadsheets and SQL with databases and data sets.

• Identifying data types and formats. Structured and Unstructured data.

• Accessing databases, extracting, filtering, and sorting the data they contain.

• Exploration of variety of real-world business scenarios to support an understanding of questioning and decision making.

• Examining key ideas associated with Structured Thinking and how they help Analysts better understand problems and develop solutions.

• Practical key analytical skills – data cleaning, data analysis and data visualization

• Conducting analytical thinking self-assessment.

• Strategies for managing stakeholder expectations. VOLUNTEERING

Leader of the In-Touch Group, PIWC Worcester: Annual winter clothes donation to the Homeless Shelter at 25 Queen St, Worcester, MA 01610 since 2019.

Contact this candidate