Internal Audit It Risk

KELECHI EZEUDU

(INTERNAL AUDIT/RISK CONTROL ANALYST)

Email: ****.******@*****.*** Phone: 713-***-****

SUMMARY

Technology-driven risk specialist with over eight years of experience in governance, risk, and compliance within regulated industries. An accomplished senior consultant with a proven track record of identifying and mitigating risks by implementing robust controls across financial infrastructure and business applications. Skilled in delivering solutions that align with strategic business objectives through in-depth analysis, stakeholder collaboration, implementation and testing of IT controls. Work closely with external auditors and first line of defense (1LOD) teams to plan and execute risk assessments and remediation efforts. Certified in ITIL, CoBIT, and CISA.

SKILLS

•IT General Controls • Governance, Risk, and Compliance

•SOX Compliance Auditing • Internal Controls Evaluation

•Risk Assessment and Management • Vulnerability Assessment and Penetration Testing

•Regulatory Compliance • IT Risk Mitigation Strategies

•Data Analysis and Reporting • Cybersecurity Frameworks

PROFESSIONAL EXPERIENCE

IT Risk Consultant (RCSA, Controls Testing, Remediation, SOC1/2, PCI, ITGC, ISO27001, ITIL, NIST)

PNC BANK (Dallas Hybrid) Dec 2023 – Present

Lead the Technology Control Council for remediation efforts, making decisions on action and resolution plans. Perform in-depth analysis of these plans, ensuring that provided evidence and artifacts are directly tied to the reported findings.

Aligned IT controls with SOX regulatory requirements and best practices, ensuring effective monitoring and reporting.

Conducted comprehensive IT risk assessments, identifying vulnerabilities and remediating 85% of risk issues within a 12-month period.

Conduct risk and control self-assessments (RCSA) and technology quality assurance reviews to identify vulnerabilities and mitigate risks.

Review and assess controls and sustainability initiatives across technology categories such as Application Scanning and Vulnerabilities, Change Management, Cyber Incident & Response, IAM and Network Monitoring, ensuring alignment with industry standards and authoritative guidelines.

Collaborated with Business Owners to implement, document, and maintain control frameworks based on COSO, COBIT, and ITIL standards

Utilize Archer GRC and ServiceNow for risk tracking, issue management, and compliance reporting.

Develop risk reporting dashboards using Tableau and Power BI for executive decision-making.

Track and report on open issues and overdue findings monthly, providing management with clear and insightful summaries of current exposure levels.

Collaborate with cross-functional teams to ensure comprehensive documentation of remediation plans, leading weekly cadence meetings to track progress toward resolution dates. Involve the Issue Management department as necessary to monitor and drive progress.

Design and document the challenge review process, ensuring that the right stakeholders are involved. Collect and document feedback to assist process and control owners in guiding and improving remediation efforts for effectiveness.

Oversee the monthly certification reporting process, acting as an intermediary between internal audit and process/control owners within technology divisions.

Continuously update and maintain policies and standard operating procedures for the Technology Control Council.

IT Risk & Controls Management (GDPR, CoBIT, IT SOX Testing and Certification, PCI, ITGC, ITIL, NIST)

Comerica Bank (Dallas Remote) Oct 2020 – Nov 2023

Oversaw ITGC compliance initiatives, ensuring controls for critical financial systems were in line with SOX and COBIT frameworks.

Executed IT General Controls (ITGCs) and IT Application Controls test using a risk-based approach to assess controls' design and operational effectiveness, ensuring compliance with regulatory standards.

Collaborated with Application Owner, SME’s to document, and maintain control frameworks based on COSO, COBIT, and ITIL standards

Performed comprehensive audits of IT infrastructure, including Active Directory, databases, servers, and operating systems, identifying potential vulnerabilities and ensuring system integrity.

Conducted risk assessments and developed risk management strategies, mitigating operational risks through proactive policy implementation and compliance enforcement.

Led high-profile compliance testing initiatives, including walkthrough, CDA, test script execution, and reporting, ensuring thorough validation of control processes.

Collaborated with cross-functional teams, including developers and business analysts, to resolve transactional issues and improve compliance workflows, delivering actionable insights for continuous improvement.

Performed audits of third-party contracts to verify adherence to security and privacy clauses, ensuring alignment with corporate governance and compliance standards (e.g., GDPR, SOC1 and SOC 2).

Provided training on the GRC Application and Risk and Control Self-Assessment Process, enhancing team capabilities and compliance awareness.

Facilitate the monthly certification reporting process, serving as a liaison between internal audit teams and technology division process and control owners.

Collaborate with cross-functional teams to document remediation plans effectively and lead weekly cadence meetings to track progress toward resolution deadlines. Engage the Issue Management department as needed to ensure issues are monitored and driven to completion.

Regularly update and manage policies and standard operating procedures associated with the Technology Control Council.

Track and report on all open issues and overdue findings on a monthly basis, providing management with insightful summaries of the current exposure status.

IT Risk Management Consultant (Sarbanes-Oxley/CoBIT/COSO/ITIL)

First Independence Bank (Detroit Remote) Oct 2016 – Sept 2020

Conducted enterprise risk assessments for IT and financial systems, ensuring compliance with Sarbanes-Oxley (SOX), NIST, and COBIT.

Led IT general controls (ITGC) and application controls reviews, identifying key risks in access management, change management, and data privacy (GDPR, HIPAA).

Reviewed SailPoint and ServiceNow tickets, ensuring proper user access testing and compliance with security policies.

Designed and implemented risk-based audit strategies, providing executive insights for regulatory reporting and enterprise risk management (ERM).

Identified and rectified segregation of duties issues and internal control weaknesses in various industries, including manufacturing, financial services, retail, and online brokerage, resulting in a 15% increase in overall compliance levels.

Conducted thorough annual SOX IT control scoping and risk assessments to pinpoint critical systems, applications, and processes for control testing across multiple clients.

Coordinated with internal audit teams to address audit findings, ensuring timely and effective resolution.

Provided management with detailed reports on risk trends and control effectiveness, facilitating informed decision-making.

Reviewed ITGC controls documentation and assisted in retrieving validation evidence from ServiceNow, SailPoint, JIRA, improving efficiency by streamlining the process.

Reviewed system logs using Archer GRC and generated audit reports to track policy violations, suspicious activities, and changes in critical configurations.

Collaborated with clients to develop, document, and maintain control frameworks based on COSO, COBIT, and ITIL standards, resulting in a 15% increase in client satisfaction ratings.

Participated in walkthroughs and testing of SOX ITGC controls, identifying design gaps and recommending remediation strategies to audit clients.

Reviewed and validated process documentation and controls for Access Provisioning, Change Management, Password Configuration, User access Review (UAR), Segregation of Duty (SOD).

EDUCATION

Bachelor of Science in Electrical Engineering - University of Nigeria, Nsukka

Master of Science in Data Science - University of Nigeria, Nsukka

CERTIFICATIONS - Certified Information Systems Auditor (CISA), Comerica Incorporated SOX Training

Contact this candidate