Information Security It Audit

Chicago, United States *******@*****.*** 773-***-**** Olamide Abesin

OLAMIDE ABESIN

IT / Information Security Auditor GRC Specialist SELF SUMMARY CERTIFICATION & TRAININGS

I have strong experience in IT Audit, Information Assurance, Governance Risk & Compliance. Specifically, I have in-depth experience in SOX Audit, and well-versed in Conducting various IT audit engagements leveraging COSO, COBIT, NIST frameworks, including - SOX testing, ITGCs, IT application controls

(ITACs), and IT infrastructure audits, Business process and operational Risk, SOC 1, 2, SOC 1 type I, SOC 1 type II, SSAE 18 review, Information Security and Cloud Computing Audits, SDLC Pre-implementation. Script Analysis, IPE Testing, Completeness and Accuracy. Walkthrough meetings, clear and concise documentation.

• CISA Certified

• CISM Certified

• OneTrust GRC Administrator

• Qualys PCI Compliance

• ISO 27001 Lead Auditor

• Azure Fundamentals (AZ 900)

COMPETENCIES

• Expertise in security compliance frameworks ISO 27001, SOC 1, 2 and 3, ISO 22301, ISO 27017, ISO 27018, PCI DSS, UK Cyber Essential, CSA CCM, NIST CSF v1.1 and 2.0, ISO 2000, COBIT, COSO, and EU GDPR

• Design & Implementation of Security Policies, Procedures, Standards, Baselines and Controls

• SOX IT Controls Testing covering ITGC, ITAC, ICFR, ELC, EUCs, CEUCs, and Security Controls.

• Extensive experience in IT / Security Audit scoping, engagement planning, risk assessment, stakeholder management, audit execution and walkthroughs, evidence gathering, findings & reporting, remediation, and continuous control monitoring.

• Strong knowledge of IT Risk Assessment, RCSA, and Third-party risk management (TPRM)

• Excellently knowledge of cloud security architecture, cloud security compliance, CSA CCM, VPC security, and cloud deployment models and shared responsibility.

PROFESSIONAL EXPERIENCE

SafePro Services – Manchester, United Kingdom Jan. 2023 – Present Consultant, Information Security Risk & Control (Remote)

• Leading control self-assessment reviews, and attestation for various frameworks (ISO 27001, CIS CSC, NIST CSF)

• Aptly executing an audit of IT general and application controls (ITGC), systems development, business continuity, and disaster recovery; thereby improving the client experience through progressively improved business automation and operations.

• Performing a series of technical reviews of IT infrastructure controls covering Servers, Active Directory, Operating systems, and Databases that prevent third-party data breaches and revealed improvement opportunities.

• Supporting Cyber Governance, Risk and Compliance (GRC) Review on frameworks such as ISO 27001, SOC 2, and PCI and Internal Controls.

• Performing gap assessments to assess control deficiencies and leveraging the assessment result to improve ISMS to obtain ISO certifications.

• Delivering IT audit programs, risk-based reviews, and client-specific assurance commitments and facilitating corrective actions for identified deficiencies.

• Collaborated with independent auditors in executing audit procedures for the organization, including SOC1, SOC2, NIST, etc.

• Tested IT General Controls (ITGCs) and documented audit work papers across Access, Change, and Operations management.

• Reviewed vendor security compliance for critical third parties as part of the third-party risk management process to cover data security, privacy, processing integrity, and availability using standards and frameworks such as SOC 2 and NIST.

• Recommended solutions to audit findings and collaborated with control operators across business functions to remediate findings.

• Providing guidance on security compliance and GRC programs for corporate clients through review of risk management practices and controls. SafePro Services – Manchester, United Kingdom Jul. 2021 – Dec. 2022 IT & Information Security Audit Analyst (Remote)

• Led IT General controls (ITGC) review covering access to programs and data and computer operations, and IT application controls (ITAC) review covering controls on system access, system configuration, and interface controls.

• Led IT audit fieldwork and walkthrough of controls; performed detailed testing, analysis of controls, validations, and creation of clear and accurate documentation of workflows in the IT process and report of test results and exceptions.

• Tested and evaluated the effectiveness and adequacy of General Computer controls on the Organization’s policies and procedures.

• Planned and executed IT audit reviews to assess the design and effectiveness of ITGC and ITACs as part of the SOX Audit program.

• Reviewed the IT policies and procedures against the provision of COBIT 5 frameworks to ascertain governance and management of IT within the organization. Also benchmarked Information Security policies against ISO 27001 for adequacy.

• Improved audit strategies, including the use of data analytics tools such as Alteryx for Journal Entry (JE) testing.

• Engaged in attestation reviews to provide unqualified opinions on SOC 2 reports in line with the AICPA 5 TSCs,

• Supported the implementation of GRC tools to support security compliance and attestation programs and meet audits faster.

• Maintained technical IT audit competence via training, self-development, and applied new knowledge to daily work tasks.

• Performed risk assessments and gap analysis for client’s information security program against industry best practices, including CIS CSC, NIST SP 800-53, ISO27001/ 27002, and others as applicable. MOTORMATA – LAGOS, NIGERIA Sep. 2016 – Jun. 2020

IT Auditor, Internal Controls & Risk Analyst

• Planned and managed the ITGC audit functions using best practice audit guidelines in compliance with COSO and COBIT standards.

• Benchmarked security policies and IT policies against leading standards such as ISO 27001 and COBIT 5

• Assessed IT control elements to mitigate IT risks regarding the confidentiality, integrity, and availability of business information.

• Established vendor security assessment (VSA) program, managed vendor risk process exercise and SOC 1 & SOC 2 attestations.

• Coordinated General IT controls (ITGC) review covering access to programs and data, change management, and computer operations.

• Reviewed, and updated the Information Security Policy in accordance with relevant frameworks NIST CSF, CIS CSC, and ISO 27001.

• Prepared audit program plan, workpapers with detailed testing procedures, and ensured efficient evidence collection.

• Assessed clients’ control environment through reviews of ITGCs vis-à-vis Access, Change and Operations management, and ITACs.

• Facilitated the implementation of security measures and assessed the information security controls' operational efficacy.

• Utilized software and tools like MS Excel and IDEA to carry out substantive testing, reperformance, and various data analysis duties.

• Supported with Cyber Governance, Risk, and Compliance (GRC) Review using PC, SOC 2, and ISO 27001 frameworks.

• Utilized data-driven insights to interact with and challenge hiring managers and other decision-making

• Developed and maintained GRC policies and processes, encompassing risk, compliance, and incident management, across open-source and other product-based frameworks.

• Stayed up to date with GRC best practices and current industry developments, suggesting program modifications as appropriate.

• Supported the IT application controls (ITAC) evaluation, involving processing and calculation, system configuration, and system access controls. SKYLINK TECHNOLOGIES – LAGOS, NIGERIA Apr. 2014 – Aug. 2016 Technical Service Desk Analyst

• Resolved a diverse range of technical issues across multiple systems and applications for end-users across various time zones.

• Offered troubleshooting of connectivity issues across networks such as Wi-Fi, Hotspots, etc.

• Helped users with Intune installation processes and using azure for mobile device reset and confirming mobile device compliance.

• Support users' accounts and profile issues such as password reset, unlocking account, etc. using Azure Active Directory

• Working within the required SLA timeline to ensure that client issues are resolved appropriately.

• Provide 1st and 2nd line Windows user support, which includes Active Directory administration; user account password resets, support users with Windows applications, and hardware installation such as printers and other peripherals.

• Provide a central point of contact and ownership for all calls raised by users.

• Provide initial support to users, demonstrating appropriate levels of understanding and professionalism.

• Log every user call fully, correctly, and accurately within the call Management software, questioning the user effectively for all relevant details.

• Monitor and escalate all calls logged according to agreed service levels.

• Provide progress updates and explanations on call resolutions in clear either verbally, or in writing within the Call Management software.

• Provide 1st line network support investing LAN, WAN, and Ethernet issues. CAPABILITIES

• Expertise in performing the review of IT controls across Operating Systems, Databases, and Application layers within an enterprise.

• Excellent understanding of security domains such as threat management, vulnerability management, configuration and change management, access management, incident management, and response, and ISMS improvements

• Demonstrable expertise in testing ITGC, ELC, and ITAC controls within an external engagement or internal audit environment

• Good understanding of security compliance frameworks such as ISO 27001, PCI-DSS, CIS, NIST-CSF, and GDPR

• Excellent ability to pay attention to details, and to manage workloads with good turnaround in accordance with the task timeline. ACADEMIC BACKGROUND REFERENCE

OLABISI ONABANJO UNIVERSITY – NIGERIA Available on Request BSc. Industrial and Labor Relations. 2015

Contact this candidate