Risk Management It Auditor

PROFESSIONAL SUMMARY

Seasoned IT Auditor and SOX Compliance Specialist with over 9 years of experience in IT risk management, regulatory compliance, internal controls, and audit leadership. Proven expertise in managing end-to-end SOX 404 compliance initiatives across complex IT landscapes using frameworks including NIST, COBIT, ISO 27001, HIPAA, and PCI-DSS. Strong background in ITGC and application control testing, risk assessments, audit readiness, and control remediation. Skilled in working with cross-functional teams, including Legal, Internal Audit, and external auditors. Proficient in GRC tools such as Archer, MetricStream, ServiceNow IRM, and OneTrust. Demonstrated ability to provide executive reporting and improve control effectiveness.

SKILLS AND TOOLS

Compliance &Audit: SOX 404/302, SOC 1&2, ICFR, PCAOB Standards, Internal Controls, ITGC, Risk Management.

Frameworks: NIST SP 800-53, COBIT, ISO 27001, FFIEC, HIPAA, PCI-DSS, HITRUST

Tools & Platforms: Archer GRC, MetricStream, ServiceNow IRM, OneTrust, Splunk, QRadar, SAP, Oracle, NetSuite, Microsoft Dynamics, Azure, AWS

Regulatory Knowledge: GDPR, HIPAA, UDAAP, OCC, DORA

Technical Proficiency: SQL, Active Directory, Windows, UNIX, Linux, Network Security, MFA, Disaster Recovery

Certifications: CISA CISSP (In Progress) Security+

Core Competencies: Strategic Planning, Cross-functional Collaboration, Executive Reporting, Risk Communication, Project Leadership

PROFESSIONAL EXPERIENCE

Metasource April 2023 – Present

Senior IT Auditor

Dallas, TX

Leading SOX IT compliance efforts across infrastructure, applications, and cloud platforms (AWS/Azure), ensuring alignment with NIST, ISO 27001, and COBIT frameworks.

Conducting audit engagements and testing strategies for ITGCs, application controls, and risk assessments across critical platforms (SAP, Oracle, NetSuite).

Coordinating cross-departmental collaboration to assess risk impacts and improve internal controls, resulting in a 7% reduction in cyber vulnerabilities.

Implement Multifactor Authentication (MFA) for AWS root accounts and establish a password rotation policy.

Integrating ServiceNow and Workday into SailPoint to enhance identity governance.

Utilizing SIEM tools (Splunk, QRadar) for incident detection aligned with audit objectives.

Delivering control effectiveness metrics and audit insights to executive stakeholders.

Deloitte

Senior IT Auditor/Sox Compliance September 2020 – March 2023

Dallas, TX

Executed SOX 404/302 compliance engagements, including Segregation of Duties (SOD), change management, and access controls testing.

Served as SME for audits of logical access, configuration management, and data security in line with HIPAA and PCI-DSS.

Managed walkthroughs and testing of controls within ERP systems (SAP, Oracle) and performed remediation tracking for deficiencies.

Conducted audit readiness assessments and provided consulting to business process owners to elevate control design and operation.

Worked closely with external auditors to ensure alignment with audit objectives.

AT&T

IT Auditor/Risk Compliance November 2018 – September 2020

Dallas. TX

Conducted full-cycle ITGC testing under SOX requirements using COBIT, NIST, and COSO frameworks.

Performed risk assessments and facilitated remediation planning for high-risk controls across infrastructure and applications.

Partnered with application owners and security teams to document and implement control improvements.

Provided advisory on regulatory compliance for custom and third-party application integrations.

Allstate Insurance Company

IT Auditor/Risk Analyst January 2016 – November 2018

Northbrook, IL

Led third-party risk assessments using Archer and OneTrust to evaluate vendor security posture.

Coordinated SOX readiness reviews and collaborated with stakeholders on policy enhancements and IT control frameworks.

Managed SOC 1/2 audits and reviewed SSAE 18 reports to assess design and operating effectiveness.

Delivered detailed documentation and testing of ITGCs, including user access, change management, and backup processes.

Supported remediation efforts and process redesigns to address audit findings.

EDUCATION

MSc, (Information Technology)

Western Governors University (WGU) – In view

MSc, (Public and International Affairs)

University of Lagos, Nigeria.

BSc, (Sociology)

University of Ilorin, Nigeria.

CERTIFICATIONS

Certified Information Systems Auditor (CISA) certification (ISACA)

CISSP (Certified Information Systems Security Professional) certification – In View

PROFESSIONAL AFFILIATIONS

Member, Information Systems Audit and Control Association (ISACA)

Contact this candidate