IT Auditor

ADEJUWON ADESANYA

Professional Summary

A result oriented and IT Risk and Compliance analyst with plus 5 years track record of effectively identifying, evaluating, and mitigating a wide range of risk. Proficient in risk modeling, data analysis, regulatory compliance, risk reporting, vendor risk management, security and compliance testing, ITGC, Risk assessment. Leveraging applicable legal and regulatory compliance standards and frameworks such as COBIT, COSO, FFIEC, ITIL, NIST, SOC, SOX, ISO 27001/2, PCI DSS, GDPR control assessment. Hands on experience using IT GRC/IRM platforms like Oracle, Archer, Metric Stream. Jira, One Trust, Service Now.

Work History

Charles Schwab - Senior IT Audit/Risk

09/2021 - 11/2024

• Perform compliance IT audits in accordance with COSO and COBIT internal control framework and performed SDLC pre and post implementation reviews, identified control deficiencies and provided recommendations to fix it. Conducted Business Continuity and Disaster Recovery audit.

• Identify control gaps in processes, procedures and systems through in-depth research and assessment and suggested methods for improvement.

• Identify risk exposures including results from human error, transaction, processing failure, external events, threats to information systems, data integrity and fraudulent activities and provided remediation plans to help mitigate those risks.

• Performed Sarbanes-Oxley (SOX) and PCI DSS compliance audit, testing primary controls – ITGCs and Interface for design appropriateness and operating effectiveness in compliance with SEC regulations.

• Conduct comprehensive IT audits to evaluate the effectiveness of internal controls, focusing on IT processes, application controls, and data protection mechanisms.

• Conduct assessments of business unit exposures, identifying risks, evaluating their potential impact and reviewing strengths and weaknesses of firm's existing controls.

• Continuously monitor control compliance and prevalent risk environment to ensure that exposures are kept at acceptable levels.

• Assist in developing metrics, models and tools to create and analyze Operational Risk Loss Estimates and other capital planning documentation.

• Performed risk assessment using NIST 800-30 task to determine level of criticality and sensitivity of information system.

• Developed and maintained Third Party Oversight Plan validation process to ensure all monitoring and oversight activities identified are being performed and address documented third party risks.

• Influenced Engagement Management Team and Front-Line Subject Matter Experts (SMEs) as applicable, to resolve issues and strengthen internal controls and performed gap analysis to identify areas of improvement.

Starr Insurance - Governance, Risk and Compliance Analyst

01/2020 - 09/2021

• Provided ongoing training, guidance, support and IT control and compliance status reporting to company to build awareness of and promote progressive and sustainable compliance culture.

• Designed, implemented, and oversaw execution of IT controls program including periodic control testing of design and operation effectiveness sufficient to meet regulatory requirements and to satisfaction of internal/external auditors.

• Executed ITGCs and IT Application controls (ITAC) testing, determining design appropriateness and operating effectiveness of controls.

• Implemented and maintained IT controls catalog and related documentation sufficient to ensure compliance with regulatory requirements and internal policies and procedures.

• Verified user and system security configurations for compliance with internal and external requirements; Collect and maintain appropriate evidence and supporting documentation.

• Built and maintained effective working relationships and liaise with business unit control owners to collect, report, and retain compliance documentation.

• Identified control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts.

• Collaborated with and advised ITS and business unit resources on implementing IT controls that achieve risk and control objectives while striking balance between costs vs benefits.

• Identified and reported on IT control program status and metrics; Assist with Audit Committee and Board reporting.

• Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls related content for Information Security & Compliance intranet site.

• Assisted in effective management of internal and external audit efforts and partnership, Drive for timely submission of critical audit and compliance deliverables.

• Prepared ongoing reports with specified metrics/key performance indicators related to compliance activities, audit results, remediation plans other compliance efforts and presented to IT executives.

Meridian Bank - IT Risk and compliance Analyst

05/2018 - 12/2019

• Evaluated IT controls to reduce impact of internal and external IT audits.

• Evaluated/interpreted SOX IT Audit, PCI DSS and Privacy requirements and provide guidance to process and control owners on objective / intent of requirements and assisted project teams to evaluate IT Risk and Compliance considerations for projects.

• Collaborated with business units to deliver enterprise risk assessment results; and identify solutions to minimize risk exposure.

• Partnered with key stakeholders in business to identify, assess, aggregate and document IT processes, risks and controls.

• Performed risk assessments, identify IT controls for significant processes, developed test procedures for SOX readiness.

• Assisted with development of IT policies and procedures necessary to mitigate risk assessment and risk report exposures.

• Communicated results of risk assessments to management, process owners.

• Assisted in development and implementation of continuous monitoring program for IT compliance and automation of manual processes.

• Technical expertise to review vendor's controls and document in business terms, risk, and recommendation to address vendor's control deficiencies.

****************@*******.***

469-***-****

Dallas, TX 75251 Dallas, TX 75251

Skills

COBIT SOC 2 SOC 123 FISMA FISCAM COSO SOX HIPAA GDPR ITIL NIST FFIEC IPPE OCC PCAOB Circular-123 AICPA SOX HITRUST.

SAP, SQL Database, FFIEC, ISO 27000,27001,27002 OCC, NIST SP 800-53 Rev4, metric stream, Rally, UNIX, Microsoft Dynamics, NetSuite, Windows Server, IDEA, SOX, SailPoint, Tableau, PowerBI, Oracle Database, GRC Archer and Aurora, Prime, People Soft, CARS, Linux, Network Systems, Security +, Microsoft Windows, ERP, Active Directory.

Azure, AWS, Microsoft Office Suite (Word, PowerPoint, Excel, Access), SQL database, Salesforce, SIEM, Intrusion Detection Systems, Firewall, SOC 2, SOC 123, HIPAA, PCI DSS, PeopleSoft, ACL, ATS, Agile Methodology, COBIT, Share Point-Based System, Audit Command Language (ACL).

SAP, SQL Database, FFIEC, ISO 27000,27001,27002 OCC, NIST SP 800-53 Rev4, metric stream, Rally, UNIX, Microsoft Dynamics, NetSuite, Windows Server, IDEA, SOX, Oracle Database, GRC Archer and Aurora, Prime, People Soft, CARS, Linux, Network Systems, Security +, Microsoft Windows, ERP, Active Directory.

Education

Olabisi Onabanjo University

Ogun State, Nigeria

Bachelor of Science : Mathematics

Certifications

Certified in Risk and Information System Control (CRISC)

Certified Information System Auditor (CISA). AWS Certified Solution Architect (Associates).

.

Contact this candidate