Information Systems Grc Analyst

JAMES ABANG O

TEXAS, USA 862-***-**** ************@*****.***

Profile Summary

Professional Information Systems Auditor & GRC Analyst with 7 years’ experience managing and executing IT audits in large corporations and complex IT environments. Managing enterprise-wide Governance, Risk & Compliance function, and strong ability to quickly gain knowledge of changing business and system environments.

Proven experience identifying problems and developing solutions (via core audit knowledge, conceptual and analytical thinking) as well as established experience managing time, resources and projects. Proficient in MS Office applications including Word, Excel, PowerPoint etc.

Passionate about continually learning the latest trends, technologies, and security challenges within the business environment, persistent with an ever-changing threat landscape, eager to contribute to team and organizational success through hard work and tenacity. Able to easily translate business requirements into technical solutions and vice versa.

Demonstrated understanding of compliance standards and proven experience keeping up to date with industry regulatory changes and professional standards.

Skills

● Experienced in executing IT audits in a large and complex IT & business environment.

● Experienced in environments with technical compliance practices, common IT/Tech regulatory frameworks and laws such as NIST, GDPR, CCPA, ISO, SOC 1 & 2, SOX, PCI-DSS, COBIT, CIS20, PIPEDA, etc.

● Experienced with auditing/consulting and business process improvements.

● Excellent understanding of business and IT processes.

● Able to conduct audit research, technical interviews, write audit reports and provide regular updates to internal management and clients.

● Experienced auditing public companies.

● Able to evaluate and communicate control results, best practices, and risks to stakeholders.

● Knowledge of Audit assurance, governance and control frameworks such as COBIT, NIST, ITIL and ISO, Service Organization Controls (SOC) Reporting standards sufficient to interpret and apply IT risk and control concepts.

● Experienced with GRC platforms (ServiceNow, Logic Gate, etc.)

● Able to work independently and as part of a team, managing multiple priorities within tight deadlines.

● Able to easily translate business requirements into technical solutions and vice versa.

● Excellent verbal and written communication, facilitation, and interpersonal skills

● SQL proficiency

● Good understanding of Cloud environments.

Work History

GRC Analyst 05/2021 to Current

FEDEX

Managing the IT General Controls Program

Providing oversight, risk analysis and interpretation for regulations where the company operates

Leading collaborative risk-based IT audits and concluding whether risks are appropriately managed through the existence of effective control or other techniques.

Supporting the stakeholders in determining the appropriate treatment for identified risks, identifying appropriate action plans for risk remediation.

Conducting SOX, SOC 1, SOC 2, PCI-DSS gap analysis, readiness assessment and remediation plans.

Acting as subject matter expertise (SME) in relevant risk areas and business functions.

Point of contact for all compliance and regulatory audits

Identifying IT control design, operating gaps and providing recommendations for remediation.

Leading enterprise-wide vulnerability management program

Tracking security posture and maintaining the highest possible score on third-party cybersecurity rating

Collaborating with cross-functional teams to implement controls and remediate control deficiencies against established deliverables and timelines.

Identifying key risks and controls, controls optimization, including the configuration of controls within business processes and the IT environment.

Managing Third parties Security Risk Assessment Program

Conducting employee security awareness training for new hires

Defining and documenting business process responsibilities and ownership of the controls in the GRC tool.

IT Auditor 05/2018 to 04/2021

Walmart

Performed risk assessment of IT environments, including general IT controls and automated application controls within information technology systems and underlying infrastructure.

Monitored changes in business processes, information systems, management, and operations, and coordinated with functional staff to ensure the RCM (Risk Control Matrix) is up to date and appropriately reflected in scope of work.

Assessed business risks and evaluated the effectiveness of control levels.

Coordinated internal and external audits, including providing evidence of compliance.

Assisted in building Information Security Risk Management practices, creating, and maintaining risk registers.

Developed and supported ongoing Business Continuity Planning discovery and assessment.

Supported Security Operations, Engineering and Architecture Leads where necessary.

Conducted readiness assessments against ISO27001, SOC2, and collaborated with cross-functional teams to implement controls, policies, and procedures as required.

IT Auditor 06/2016 to 03/2018

Geico Insurance

Executed IT audits, focusing on network security, data management, and application controls.

Conducted audits of IT systems and processes to ensure compliance with internal policies and regulatory requirements

Collaborated with cross-functional teams to assess risks and control weaknesses, providing actionable recommendations.

Conducted internal audit reviews on multiple systems.

Develop audit plans and executed testing procedures to evaluate IT controls and data integrity.

Prepared reports and presentations for management, highlighting audit findings and risk exposure.

Education

University of Maryland Global Campus, Adelphi Maryland

M.Sc. IT Information Assurance

Certifications

Certified Information Systems Auditor (CISA)

Contact this candidate