Risk Analyst Information Security

Celinemary Tuner

Pennsylvania USA 215-***-**** *************@*****.***

IT Risk Analyst / IT Audit

Summary

Professional IT Risk analyst, Third Party Risk Analyst, and Audit control specialist with 6 years of experience in audit and control, risk assessments, and in-depth knowledge of Sarbanes-Oxley Act (SOX), HIPPA, ISO 27001,PCI DSS, IT General Controls (ITGC), Security Assessment, NIST 800-53, NIST 800-37 and Attestation engagements with a proven record of assessing Third Parties, systems, security and data integrity to identify, manage and reduce vulnerabilities and ensure general compliance.

Education

Master of Science, IT Auditing and Cyber-Security, August 2023- 2025 Temple University, Fox School of Business, Philadelphia, Bachelor of Science (BSc) Electrical Electronics Engineering, August 1998-2002 Rufus Giwa Polytechnic, Owo, Nigeria

Certifications

CompTIA Security+

CISA (In Progress)

Skills

• Risk Assessment, Data analytics, Audit Board, RSA Archer, GRC Tools

• Excellent analytical, communication, and problem-solving skills.

• Team player who works well with management, colleagues, and end users.

• Proficient in Microsoft Office suite, Excel, CRM tools, SharePoint, Experience

Special People in Northeast (SPIN) PA

Compliance/ IT Risk Analyst February 2022 – Present

• Performed audit with IT general controls such as, access control, change management, IT operations, disaster recovery.

• Performed internal and external IT risk assessments; conducted gap analysis against industry standards, and provided recommendations on mitigation options

• Lead integrated audits for evaluating network-related issues; identifies IT related risks assessments and updated various risk and controls files to ensure firm-wide identified risks were adequately addressed by control activities

• Worked on risk assessment and corresponding controls that align with the TPIRM function. I performed observations, reviewed documentation, and performed sample-based testing to support controls that were identified within the risk assessment.

• Evaluated segregation of duties over application security involving the company's ERP systems (PeopleSoft, and Oracle Financials) and execute audit strategy

• Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by the Information Systems Audit Control Association (ISACA)

• Provided IT risk assessments and SAS 70 /SSAE16 and has conducted a review of data centers, extranets, telecommunications, and intranets to access controls and ensure availability, accuracy, and security under all conditions

• Communicated with the company's external auditors on general computer control-related matters and SOX test procedures

• Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations.

Bright way Professional & Associates

IT Risk Analyst September2019 – 2022

• Performed audit with IT general controls (ITGC) such as; access control, change management, IT operations, disaster recovery.

• Performed audits using COSO, PCI DSS, SSAE 18, HIPAA SOX, and Cyber Security Frameworks.

• Developed Security Assessment Plan according to NIST SP 800-53A.

• Coordinated with IT department and external auditors during SOX IT testing

• Determined security controls effectiveness (i.e., controls implemented correctly, operating as intended, and meeting security requirements) using the three basic methods of assessment - Examine, Interview, and Test (EIT).

• Understand and report on control exceptions and deficiencies regularly; ensured measures raised in assessments were implemented in accordance with the risk profile, and root causes of risks were fully addressed following NIST 800-30 and NIST 800-37.

• Worked with Engagement Team to identify and resolve client issues discovered during the Audit and Review Process.

• Produced automated work papers clearly documenting work performed

• Serving as the principal advisor to the Information System Owner and Authorizing Official on all matters involving the security of the information systems;

• Assessed existing security policies, processes, and templates against NIST guidance.

• Performed on-site security testing using vulnerability scanning tools such as Nessus.

• Collaborated with different vendors in addressing serious problems, enhancing the ability for improvement

• Delivered high-quality analysis using relevant data to provide effective recommendations for business improvements

• Directed and coordinated all projects timely, accurately, and efficiently; accomplished all projects from beginning to end.

• Documented findings in the Security Assessment Report (SAR) and Conducted risk assessment testing and documentation of key SOX and IT General controls leveraging a defined process compliance monitoring process. Professional Membership:

• Information Systems Audit and Control Association (ISACA)

Contact this candidate