Information Technology Security

Ola Awolaru

214-***-****- Cell

***********@***.***

SUMMARY

Ola Awolaru is a team-oriented Risk, I/S Audit and compliance Management with Audit, Governance, Security, Risk and Compliance experience, examines, evaluates and analyzes the I/S organization striving to ensure that the highly developed repeatable processes, technical standards and management procedures are working effectively to improve the overall performance of the organization; With strong analytical, problem-solving, research, and communications skills. Manages the I/S Audit process, and ensures a standardized process is in place and executed for timely delivery of artifacts, remediation of audit findings, and consistent responses. Oversees and provides guidance to the personnel and business sensitive issues that are uncovered. He has knowledge of SOC, IT general controls, and IT industry standards, best practices, guidelines and requirement e.g. COBIT, ITIL, and NIST-800-53. IRS Pub 1075. He has the ability to work across multiple projects and communicate with technical and non-technical individuals and simultaneously driven to learn new technology and build in-depth expertise.

CERTIFICATIONS

Information Technology Service Management (ITSM)

Certified Information Systems Auditor (CISA)

Certified In Risk and Information System Control (CRISC)

Certified Information Security Manager (CISM)

Certified Data Privacy Solutions Engineer (CDPSE)

Certified Fraud Examiner (CFE) Passed two stages

Professional Leadership:

Educational Board Member: Information System Audit & Control Ass. (ISACA)- Midland Chapter, SC.

Information Security (ISC)2 Columbia Midland Chapter, SC.

Information Technology Professional of SC.

Board Member S.C. State Internal Auditors Association.

Member Association of Certified Fraud Examiner.

Education

Lagos State College of Science and Technology 1983-1985

Ordinary National Diploma (OND) (Agriculture)

Lagos, Nigeria

Lagos State Polytechnic 1986- 1988

Agricultural Economics (HND/BSC)

Lagos, Nigeria.

EXPERIENCE

South Carolina Department of Revenue.

IT Internal Audit Division 04/2022 - Date

Responsible for overall planning, organization and execution of IT internal audits functions.

Under limited supervision of the Director of Internal Audit, establishes and manages SC DDSN IT Internal Auditing Program.

Audit Plan Development - Survey the technological functions and other business activities for IT-related risks in order to develop the IT audit plan, set audit scope, and audit objectives for specific engagements.

Audit Management - Under limited direction, conduct and/or manage specific engagements (assurance and consulting) as assigned by the Director of Internal Audit.

Plan work to achieve efficient and effective performance.

Assist with providing guidance to and/or reviewing work papers of senior auditors to ensure compliance with established standards.

Prepares and/or reviews audit reports to communicate audit observations in a clear and meaningful manner, developing sound recommendations to correct any opportunities for improvement.

Demonstrate thorough understanding of program laws, rules and regulations, industry practices, and IIA standards.

Assess compliance through appropriate interpretation of policies, procedures, laws, and regulations.

Assess risks and internal controls.

Develop internal audit programs that examine processing controls, input and output data, system changes, operations documentation, program documentation, and test procedures and results to ensure the presence of adequate controls.

Ascertain the reliability of information systems examine and ensure that computer control standard and established SCDOR policies and procedures are followed on SCDOR computer platforms.

Review the adequacy, effectiveness, efficiency, compliance, and application of computer hardware, software, and network controls.

Evaluate and review proposed application to provide input into the design of new systems regarding internal controls and adaptability.

Perform IRS Publication 1075 compliance reviews.

Write specialized/technical reports detailing findings and recommendation to yield desired results.

BlueCross BlueShield of SC 05/2013 – 03/2022

Information System Governance, Audit Project Manager and Quality Assurance

•Manage the I/S audit process and auditors to ensure standardized process is in place and executed for timely delivery of artifacts, remediation of audit findings, and consistent responses. Work as the liaison amongst I/S management at all levels to manage the political and business sensitive issues that are uncovered. Oversees and provides guidance to the personnel responsible for the audit management process and auditors such as planning, and scheduling, and for the day-today operations of the audit management office

•Manage the team responsible for ensuring consistency, standardization, and timely responses. Within the structured processes related to the conducting audits of information system by internal and external entities. Monitor all audit activities/work to ensure work is completed on time, with quality and with budget.

•Work as the liaison amongst I/S management at all levels to deal with any political and

Business sensitive issues that is uncovered. Review management responses and agreed upon

Action to ensure the deliverables support business goals in collaboration with senior management,

And are cost and business justified.

•Responsible for ongoing planning and contingency planning for Audit Management Office

AMO) resources for all internal and external audits, to include unexpected audits/activities;

Provide coaching and mentoring to staff to ensure performance is maintained and growth

Opportunities are provided. Provide consistent leadership/direction of audit activities to the staff.

•Works as liaison with multiple areas within I/S involving audit efforts. Assists in review of management responses, monitor deliverables, and work with I/S management in ensuring responses and subsequent remediation actions are business justified, and are measurable. Escalates as needed to management areas of concern.

•Communicate with senior and executive management on the current status of work effort. Work with Client and PMO Coordination of activities to audit activity.

•Provides guidance and timely updates to I/S areas on audit request as needed. Assists with the review of governance documents and helps to remove any ambiguity with observations or control deficiencies. Works with Auditors and System Security Officers to clarify request to help reduce interruptions and repeated request to I/S staff.

•Develops, executes, and maintains audit effort communications throughout the audit timeline. Maintains required documentation of all activity on assigned audits within the audit methodology and ensures management tools are current for I/S management review. Addresses all onsite logistics for audits, including requirements for access and equipment for external auditors; Schedules all onsite meetings, attends meetings, and ensures follow-up or request for additional information is completed in a timely manner.

•Ensures that quality methods and procedures are properly executed. Meets scheduled milestones to ensure products, applications, and systems are delivered and consistently demonstrates high standards of integrity by supporting the Company's mission and values and adhering to the Corporate Code of Conduct.

•Ensures that audits can be conducted concurrently with the day-to-day activities within I/S Responsible for executing processes related to planning, monitoring and controlling, and integrated management of the Audit Request Methodology to ensure Audit Requests are completed on time, within budget, adhere to high quality standards, and to ensure that all audit observations are either successfully rebutted or remediated.

•Remediation Tracking— Track all corrective actions necessary to remediate audit findings.

•Once audits are completed, perform follow-up activities to ensure that all items in the consolidated list of remediation activities (Corrective Action Plan) are addressed in the timelines established

•Review of Risk Document and determination of escalation process in alignment with risk assessment, risk appetite and risk acceptance.

•Duties also include setting clear expectations for Task Management, Status Reporting and Monitoring Coordinate change control with the audit participants obtain agreement from Client Management before presenting to the Auditor.

•Review Weekly Status Reports Issues and Current Risks Mitigation.

•Auditing and investigating processes to examine, evaluate, and analyze the internal controls, processes and management procedures to insure they are working effectively to improve the overall efficiency of the I/S staff and system assets.

•Responding to QA Measurement findings I/S Governance inquiries, I/S management requests, and regularly scheduled audits.

•Presenting findings to involved management and staff and making recommendations to I/S Governance.

•Identifies and assembles I/S Stakeholders participant.

•Facilitates meetings and observation session with audit stakeholders Identifies and resolves issues and conflicts with audit stakeholders.

•Manages Audit request communications, including escalation where needed. Analyzes inquires and findings.

•Assist I/S management with responses to audit inquires Manages Audit Request communications, including escalation where needed.

•Assist I/S management with responses remediation has a corrective action plan.

•Coordinates audit tasks assignments i.e. Documents requests, interviews and meetings and Data Center Tours.

•Gathers audit program or testing plan from the auditors and distribute to the appropriate stakeholders.

•Facilitates meetings and observation sessions with audit stakeholders.

•Evaluate evets and ensure that appropriate resources are assigned.

•Ensure that resources and team are appropriately coordinated.

•Provide oversight and direction for all I/S security incident activities.

•Ensure adequate administrative, technical and operational security controls are in place to protect the organization in response to a security event.

•Provide oversight and guidance for pre/post incident planning for current and future incidents.

Commercial Metal Company 11/2009 – 05/2013

Senior I/S Risk and Compliance Analyst

•Identify the internal and external requirement for the organizations.

•Participate in the development of procedures that aligns with privacy policies.

•Participate in the privacy incident management process.

•Established IT compliance framework covering IT platform applications, processes, and procedures to ensure compliance with industry standards and best practices

•Reviewed and tested other important IT controls such as change management, segregation of duties, and data integrity

•Collaborate with Cybersecurity personnel on the security risk assessment process to address privacy compliance and risk mitigation.

•Participate in the development of data lifecycle procedures that aligns with privacy policies.

•Tested IT controls in compliance with the Payment Card Industry Data Standard Security (PCI DSS) policy

•Reviewed the organization’s disaster recovery readiness using the DR plan, business impact analysis (BIA), Business Continuity annual testing, and site adequacy

•Coordinate and execute projects and ensured security risks and vulnerabilities were identified, communicated, and remediated

•Worked closely with management over IT audit findings, compliance issues, recommendations, and implementation.

•Recommended process improvements on vulnerabilities tracking and possible remedies to security issues.

•Conducted risks/controls assessments to facilitate development of both audit work programs and test plans

•Monitor and report performance metrics and trends related to privacy practices.

•Identify issues requiring remediation and opportunities for process improvement.

•Identify, validate, and/or implement appropriate privacy and security controls according to data classification procedures.

Arch Communications 10/2008 – 10/2009

Information Systems Auditor II

•Performed I/S audits in compliance with COSO and COBIT & ISACA standards

•Performed systems Application, Disaster Recovery audits

•Coordinated and executed projects and ensured security risks were identified, communicated, and remediated

•Reviewed information security assessments, and penetration testing to ensure that information systems were adequately protected to meet security requirements.

•Measured the quality of IT service delivery through the review of key controls in incident management, problem management, releases, and change management

•Reviewed and tested physical access control relating to server room or data center, and logical access control relating to applications

•Reviewed the organization’s disaster recovery readiness using the DR plan, Business impact analysis (BIA), annual testing, and site adequacy

•Provide security and compliance support to all associates and departments enterprise-wide, including consulting and interacting with third-party organizations (auditors/assessors/vendors)

•Recommended process improvements and possible remedies to security issues

•Worked closely with management over IT audit findings, compliance issues, recommendations, and implementation

Employment Search 06/2008 – 10/2008

Mobile Communications 08/2006 – 06/2008

• IT Auditor

•Assisted in I/S compliance framework covering I/S platform applications, processes, and procedures to ensure compliance with industry standards and best practices

•Reviewed and tested physical access control relating to server room or the data center, and logical access control relating to the applications

•Assisted in the organization’s disaster recovery readiness using the DR plan, Business impact analysis (BIA), annual testing, and site adequacy

•Assisted in systems availability control such as redundancy and failover in electrical, telecom, and network setup

•Assist Senior I/S Auditors in end-to-end audit process.

•Assist in Senior I/S Auditors in gap analysis between application capability and business requirements

• Assist in Conducting post implementation reviews.

Ernst & Young LLP 3/01 – 7/06

Business Analyst

•Reviewed and reconciled general ledger accounts

•Reviewed and analyzed un-reconciled accounts held in the suspense account

•Performed bank reconciliation by mapping cleared and un-cleared accounts to the cash accounts

•Created and posted journal entries to correct accounting errors

Contact this candidate