Compliance Analyst Risk Management

Henderson, NV ***** • *********@*****.*** • 775-***-**** • linkedin.com

ESTHER OSHIN

Audit & Compliance Analyst

PROFESSIONAL SUMMARY

Audit & Compliance Analyst with over 7 years of experience in IT governance and risk management, specializing in SOX compliance and IT General Controls. Demonstrates a strong command of frameworks like COBIT and COSO, with a proven track record in enhancing data security and operational efficiency. Adept at identifying vulnerabilities and implementing robust solutions, utilizing skills in data analytics and system security to drive organizational improvements.

EMPLOYMENT HISTORY

AUDIT & COMPLIANCE ANALYST Jun 2023 - Present

Elevate

Execute rigorous control self-testing programs, ensuring effective mitigation of IT and security risks within established policies and risk limits.

Partner with IT teams to optimize user provisioning processes and evaluate authentication mechanisms, strengthening overall access control systems.

Deliver impactful audit reports outlining key findings and actionable recommendations, driving improvements in change management and IT control processes.

Execute IT controls audits, ensuring SOX 404 compliance and testing internal controls in access, change management, and segregation of duties.

Contribute to developing streamlined audit methodologies and best practices, enhancing efficiency in IT controls and application testing procedures.

Manage and execute internal, information technology audits and rigorous control self-testing programs to ensure controls are designed adequately and working effectively to mitigate information technology and security risks within agreed policies, procedures, standards and risk limits.

Conduct and document audits of governance structures and internal controls, testing key processes in risk management and compliance frameworks.

Conduct various categories/classes of IT audit projects, perform report assessment of other forms of attestation engagement (SAS, 70/SSAE18 SOC) and audit readiness to identify and correct internal control weaknesses.

SOX IT AUDIT Jan 2021 - May 2023

Cal Tech Services

Evaluated user authentication processes, authorization protocols, and role-based access controls to identify potential risks and vulnerabilities

Collaborated with IT teams to assess the effectiveness of change management procedures and evaluate their impact on system security

Helped execute SOX audit programs, including risk assessment, control testing, and documentation review, performed Test of Design (TOD) and Test of Operating Effectiveness (TOE) for ITGCs, and adequately documented results.

Identified control deficiencies and provided actionable recommendations, significantly enhancing the overall control environment and operational efficiency.

Developed refined audit methodologies to address evolving technology trends and emerging security risks, improving overall audit effectiveness.

Engaged in regular communication with business units to understand their needs and challenges, tailoring audit approaches accordingly.

Conducted comprehensive risk assessments, emphasizing IT and system controls, to enhance Cal Tech Services' operational security and efficiency.

Reviewed current internal processes in conducting internal control reviews, Cal Tech Services Internal Control Framework compliance, risk management, corporate governance, and ethics and conducted an ITCG Risk assessment of all Cal Tech Service entities.

Worked closely with management and Internal Audit to ensure appropriate coverage of SOX design and testing, including consideration for Entity-Level and Information Technology General Controls (ITGC).

Executed SOX audit programs, performing thorough Tests of Design and Operating Effectiveness for IT General Controls with meticulous documentation.

ASSOCIATE RISK AND COMPLIANCE ANALYST Sep 2017 - Dec 2020

First Bank of Nigeria

Assessed control gaps and recommended remediation steps, while actively participating in process re-design and coordinating remediation efforts.

Ensured proper identification and mitigation of risks while achieving regulatory compliance through oversight of assigned control tasks

Monitored risk exposures, maintaining acceptable levels and advising on mitigation strategies to safeguard the bank's financial stability and reputation.

Supported risk management for a specific line of business by identifying, assessing, mitigating, measuring, and aggregating key risks, adhering to industry best practices and established processes.

Identified control gaps, proposed remediation steps, and actively participated in process redesign to enhance regulatory compliance and risk management.

Streamlined internal control testing processes, improving efficiency and accuracy in SOX documentation while collaborating with cross-functional teams and audit partners.

Executed RCSA for Finance processes, mapping workflows and pinpointing risks, leading to substantial improvements in control frameworks.

Served as a front-line liaison, providing guidance on policy interpretation and facilitating enterprise risk initiatives across the organization.

Actively participated in process redesign efforts, implementing novel approaches to address control weaknesses and enhance the overall compliance framework.

EDUCATION

BACHELOR OF SCIENCE, ENTREPRENEURIAL AND BUSINESS MANAGEMENT Dec 2018

National Open UniversityLagos

CERTIFICATIONS

CERTIFIED SCRUM MASTER (CSM) Jan 2024

Scrum Alliance

CERTIFIED INFORMATION SYSTEM AUDITOR (CISA) Jan 2024

ISACA

SKILLS

SOFTWARE: MICROSOFT OFFICE SUITE SALESFORCE SIEM INTRUSION DETECTION SYSTEMS FIREWALL TEAMMATE METRIC STREAM MICROSOFT DYNAMICS NETSUITE ERP ACTIVE DIRECTORY AZURE MICROSOFT DYNAMICS, FRAMEWORK: COBIT SOC 2 SOC 123 FISMA FISCAM COSO SOX HIPAA GDPR ITIL NIST FFIEC IPPE OCC PCAOB CIRCULAR- 123 AICPA SOX NIST CSF NIST RMF HITRUST, Audit Methodologies, Control Self-Testing, Risk Mitigation, System Security, Operational Efficiency, Incident Response, Data Analytics, Threat Intelligence, IT Governance, Business Continuity, Network Security, Cloud Security, Cybersecurity, Risk Assessment, Audit Reporting, Process Improvement, Compliance Management, IT Strategy, Quality Assurance, Incident Management, Regulatory Compliance, Security Auditing, Change Control.

Contact this candidate