GRC Analyst
Resume:
Dolly Omonije, CISA
Houston, TX (***) ***- **** *************@*****.***
GRC/ Compliance Analyst
Results-driven Compliance/GRC analyst with over 5 years of experience in information security and exceptional knowledge of the NIST 800 series, HITRUST CSF, HIPAA, ISO 27001, and PCI DSS. Experience in TPRM process optimization, vendor security reviews, and risk mitigation. Good knowledge of governance risk and controls implementation related to various industry standards/compliance. Excellent abilities and experience in evaluating and implementing internal controls procedures to ensure efficiency and risk mitigation. Personal objectives are to protect the information system by using acquired skills acquired to help achieve the Enterprise-wide goal to maintain Confidentiality, Integrity, and Availability. Built in-depth experience using PCI DSS, COBIT, ITGC and COSO frameworks and has also performed SOX Compliance Audit, SSAE 18, and ITGC Audit to deliver value-added solutions that resolve key business challenges and improve team productivity.
EDUCATION
Industrial and Labor Relations -BSC
CERTIFICATIONS
Certified Information Systems Auditor (CISA)
Scrum Master
Primavera P6 Professional Project Management
SKILS: Business Continuity Plan, Risk Identification and Mitigation, Good communication skills, multi-tasking skills, Audit Preparation, Risk Assessment, HITRUST/HIPPA/NIST/ISO 27001, Problem-solving, Critical thinking, Third Party/Vendor security risk management, Information Security, Risk Analysis, Documentation, Analytical thinking. PROFESSIONAL EXPERIENCE
GRC Analyst – Cyber Governance
Lockheed Martin, Moorestown NJ 09/2020 - Present
Support internal controls review, updated, and ensured proper controls implementation with effective evidence in place.
Collaborate with various teams and control owners to ensure policies and procedures are met.
Perform internal security controls testing, in preparation of Computer Task Group internal and external audits activi- ties
Assist in the successful completion of SOX/ITGC/ Controls and PCI including facilitating identification and remedia- tion of any risk and/or compliance findings.
Respond to security questionnaires inquiries
Review audit reports such as SOC1,2 and developed corrective action plans.
Review policies documents such as DRP, IRP, assess controls policies to ensure accuracy.
Support HITRUST compliance activities for Computer Task Group and ensure compliance.
Assist in the creation of security testing processes to ensure compliance with PCI, NIST and Privacy regulations.
Participate in firm wide and other department projects / initiatives as a GRC representative / subject matter expert to provide GRC guidance and interpretation of rules, regulations, risks, and best practices. Performed procedural assessments for a variety of clients (including large, public, and private corporations and non-profits)
Experienced in ITGC Controls (Access Management, Change Management, and Computer operations) auditing and Sarbanes-Oxley-Section 404 for both attest and internal clients on various applications/databases.
Serve as both external/internal business process and IT auditor, focusing on automated application controls, user ac- cess security, basis security, segregation of duties, and configurable SAP controls.
Performed SAP role remediation, analyzed segregation of duty for conflicts, and aided in conflict resolution within SAP GRC.
Examined internal controls and procedures, assessed risks, and provided recommendations to enhance financial trans- parency and reduce potential financial irregularities. Third Party Compliance Analyst
Accenture, Moorestown NJ 02/2019 - 09/2020
Conduct categorization/scoping of new vendors/suppliers.
Perform Third-Party risk assessments for all new vendors and reassessment for existing vendors.
Assess vendors SIG responses and support documentation to validate vendor appropriate implementation of infor- mation security controls.
Analyze vendor evidence such as SOC, vulnerability scans and penetration test reports to identify gaps or exceptions.
Plan and execute onsite/virtual risk assessments for third party vendors focusing on compliance with regulations, poli- cies, and internal controls.
Monitor, and tracked TPRM life-cycle activities (identify, due diligence, risk assessment contract negotiation, ongoing monitoring, and termination).
Identify gaps and create a risk treatment plan/corrective action plan to track gap remediation process as well as providing recommendations.
Communicate with control owners to mitigate risks identified during internal and external audits activities.
Escalate unresolved issues with suppliers to upper management, for problem resolution.
Perform periodic vendor risk assessment to make sure vendor controls are properly implemented to ensure confidenti- ality, integrity, availability, and privacy throughout the contract
Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our risk management processes.
Implement risk-based review of current and prospective vendors which includes, but not limited to, score card criteria development for automating assessments
Analyze vendors processes to determine deficiencies within their controls that could violate applicable law, regula- tion, framework or internal policies and procedures.
Assist in the development, review, implementation and maintenance of policies, procedures, standards, and guidelines in accordance with applicable regulations including ISO 27001, NIST, HIPAA and PCI DSS.
Help support various parts of the company to adopt a common risk management process, this may include joining other Security GRC projects (e.g., Third Party Risk Management, M&A Due Diligence, Risk & Compliance Assess- ments) or other projects adjacent to our Security GRC program objectives. IT Auditor
Globacom, International 07/2017 – 01/2019
Prepared audit scope, reported findings, and presented recommendations for improving data integrity and internal controls. Plan and execute the day-to-day activities of IT audit engagements including performing procedures to col- lect and analyze data to detect deficient IT controls or noncompliance with laws and standards.
Reviewed IT General Controls (ITGC) and various applications, databases, and operating systems.
Assessed IT control environments and IT procedures implemented by the auditee to maintain the integrity of pro- grams, processing, and data.
Ensured audit tasks are completed accurately and within established time frames.
Designed and performs tests of controls.
Conducts inquiries of auditee personnel to gain an understanding of IT processes and controls and can clearly docu- ment that understanding.
Reviewed key controls and systems based on SOC reporting requirements and discussed testing approached with in- ternal Audit management.
Understood assigned clients’ objectives as well as their regulatory and risk management environment
Developed strong working relationships and communicates effectively with clients
Settled priorities, and ensured daily coordination among the project team, and monitored progress against schedules, budgets, project/task deliverables, and status reporting.
Reviewed and tested for segregation of duties (SOD) and accessing control in application to ensure compliance with SOX.
Coordinated with IT department and external auditors to plan annual Sarbanes Oxley (SOX) IT Testing.
Ensured audit tasks are completed accurately and on time using applicable frameworks such as COBIT.
Obtained and analyzed data as a basis for reviewing the adequacy, effectiveness, and efficiency of systems and pro- cesses.
Led IT general controls (ITGC) audits over Access Management, Change Management, Computer Operations, Gov- ernance, SDLC, etc.
Maintained the level of technical competency and professional care required for the completion of assignments in ac- cordance with auditing standards and related control techniques.
Evaluated processes and controls for compliance with relevant existing or proposed laws and regulations, established policies, plans, and procedures.
Assessed internal controls’ design adequacy to mitigate financial, operational, and compliance risks and to test their operating effectiveness.
Prepared audit reports and recommends improvements to IT controls and operational processes.
Delivered oral and written presentations during and at the conclusion of audits.
Presented findings, risk analyses, and recommendations to executive leadership.
Stayed abreast of new technology, emerging risk areas, and related control techniques.
Participated in pre-and post-implementation control reviews of major system development proposals.
Appraised the adequacy of corrective actions taken to remediate deficiencies identified during audits.
Contact this candidate