ADEJUWON ADESANYA
**** ************, ******, **, *****
Contact No: 469-***-****
Email: ****************@*******.***
Professional Summary
Results-driven IT Auditor and Risk & Compliance Analyst with 7+ years of experience delivering comprehensive audits across IT systems, cloud environments, and business processes. Proven ability to assess and enhance IT General Controls (ITGC), cloud application controls, and enterprise risk frameworks while identifying control gaps and developing scalable control catalogs. Skilled in auditing critical business functions, evaluating process-level risks, and aligning IT controls with broader organizational objectives. Adept in applying regulatory and industry frameworks such as COBIT, COSO, FFIEC, NIST, ITIL, SOC 1/2, SOX, ISO 27001/2, PCI DSS, and GDPR to ensure continuous compliance. Experienced in leveraging GRC/IRM platforms including RSA Archer, Oracle GRC, MetricStream, ServiceNow, AD Audit+, and Jira to automate evidence collection, streamline issue tracking, and monitor remediation. Recognized for delivering actionable insights that strengthen enterprise risk posture, improve compliance readiness, and support long-term operational resilience.
Area of Expertise
ITGC & ITAC Testing
SOX Compliance & Control Auditing
User Access Reviews & (SoD) Analysis
Risk Assessment & Risk Reporting
Change Management & Configuration Monitoring
Audit Log & Security Event Review
Cloud Compliance (AWS Shared Responsibility, CIS, NIST)
Process Improvement & Control Remediation
Data Analytics for Audit & Risk Insights
Effective Communication
Project Management
RPA Design
Professional Experience
Darling Ingredients Inc – Senior Compliance Analyst, IT Internal controls
01/2025 – Present
Led quarterly user access reviews across 18 critical enterprise systems, documenting results and remediating inappropriate access within 48 hours to maintain compliance with SOX controls.
Conducted impact assessment for identified issues and provided a comprehensive risk analysis for enterprise applications.
Executed specific audit procedures, documenting the procedures performed and evaluating the adequacy and effectiveness of internal controls.
Assisted in identifying preliminary audit scoping, including performing technical research, conducting stakeholder interviews, and preparing audit questionnaires.
Analyzed and interpreted complex audit logs to identify suspicious activity patterns, developing new monitoring reports that enhanced detection of potential security violations.
Conducted scoping reviews for new or updated compliance standards and policies to determine the impact on the organizations control environment.
Ensured completeness and accuracy of monitored objects, maintaining an audit-ready inventory for compliance reporting and testing purposes.
Led and documented detailed control walkthroughs with key stakeholders to identify design and operational control gaps and ensure appropriate evidence collection for accurate risk evaluation.
Conducted comprehensive inherent and residual IT risk assessments, leveraging control testing results to evaluate risk exposure and recommend remediation strategies.
Implemented robust change monitoring process for SOX-critical objects, resulting in 30% improved detection of unauthorized modifications to custom reports, business processes, and system integrations.
Charles Schwab - Senior IT Auditor
09/2021 - 11/2024
Performed compliance IT audits in accordance with COSO and COBIT internal control framework and performed SDLC pre and post implementation reviews, identified control deficiencies and provided recommendations to fix it. Conducted Business Continuity and Disaster Recovery audit.
Identified control gaps in processes, procedures and systems through in-depth research and assessment and suggested methods for improvement.
Identified risk exposures including results from human error, transaction, processing failure, external events, threats to information systems, data integrity and fraudulent activities and provided remediation plans to help mitigate those risks.
Executed end-to-end IT audits using Agile methodologies, increasing engagement efficiency by 20% and improving collaboration with cross-functional teams.
Assessed and validated network architecture and server infrastructure, identifying vulnerabilities that were remediated prior to regulatory audits.
Performed Sarbanes-Oxley (SOX) and PCI DSS compliance audit, testing primary controls – ITGCs and Interface for design appropriateness and operating effectiveness in compliance with SEC regulations.
Developed and automated security testing scripts using PowerShell and Python to monitor access control anomalies across Windows and Linux environments.
Conducted comprehensive IT audits to evaluate the effectiveness of internal controls, focusing on IT processes, application controls, and data protection mechanisms.
Evaluated SAP Authorization Concepts and implemented mitigation strategies for SAP SoD conflicts using SAP GRC tools.
Conducted assessments of business unit exposures, identifying risks, evaluating their potential impact and reviewing strengths and weaknesses of firm's existing controls.
Continuously monitored control compliance and prevalent risk environment to ensure that exposures are kept at acceptable levels.
Assist in developing metrics, models and tools to create and analyze Operational Risk Loss Estimates and other capital planning documentation.
Conducted IT risk assessments and gap analyses to identify potential risks and vulnerabilities.
Collaborated with cross-functional teams to develop and implement IT compliance strategies.
Monitored and reported on the effectiveness of IT controls and security measures.
Performed risk assessment using NIST 800-30 task to determine level of criticality and sensitivity of information system.
Developed and maintained Third Party Oversight Plan validation process to ensure all monitoring and oversight activities identified are being performed and address documented third party risks.
Influenced Engagement Management Team and Front-Line Subject Matter Experts (SMEs) as applicable, to resolve issues and strengthen internal controls and performed gap analysis to identify areas of improvement.
Performed risk assessments on enterprise financial applications, improving control coverage for digital payment and reconciliation processes.
Led audit efforts targeting cloud IT solutions and IT infrastructure to ensure proper logging, encryption, and access segmentation across AWS and Azure platforms.
Supported the rollout of a Digital Learning platform by assessing application controls, change management, and data privacy features to ensure compliance with internal policies.
Conducted specialized workshops to train stakeholders on risk management principles and effective internal control documentation practices.
Monitored audit engagements related to Windows OS, identifying patching deficiencies and recommending improvements that were implemented within SLA.
Performed specialized scripting reviews for cloud-hosted firewalls and servers to detect misconfigurations and unauthorized changes.
Worked closely with audit leadership to perform architecture reviews of IT environments, resulting in risk-reduction strategies aligned with organizational goals.
Participated in special projects involving the integration of compliance checks within CI/CD pipelines for real-time vulnerability assessments.
Starr Insurance – IT Auditor
01/2020 - 09/2021
Provided ongoing training, guidance, support and IT control and compliance status reporting to company to build awareness of and promote progressive and sustainable compliance culture.
Designed, implemented, and oversaw execution of IT controls program including periodic control testing of design and operation effectiveness sufficient to meet regulatory requirements and to satisfaction of internal/external auditors.
Executed ITGCs and IT Application controls (ITAC) testing, determining design appropriateness and operating effectiveness of controls.
Implemented and maintained IT controls catalog and related documentation sufficient to ensure compliance with regulatory requirements and internal policies and procedures.
Verified user and system security configurations for compliance with internal and external requirements; Collect and maintain appropriate evidence and supporting documentation.
Built and maintained effective working relationships and liaise with business unit control owners to collect, report, and retain compliance documentation.
Identified control gaps and potential remediation steps; lead and/or assist process re-design and coordination of remediation efforts.
Completed work accurately and efficiently to meet project milestones, implementing effective problem-solving skills.
Acted as a coach to junior auditors, providing mentorship, review feedback, and training on ITGC audit techniques and risk assessment methodologies.
Applied judgment to ensure professional standards were satisfied, escalating issues to higher levels of management when necessary.
Delivered concise observations and practical recommendations to executive stakeholders, influencing strategic risk remediation decisions.
Collaborated with and advised ITS and business unit resources on implementing IT controls that achieve risk and control objectives while striking balance between costs vs benefits.
Identified and reported on IT control program status and metrics; Assist with Audit Committee and Board reporting.
Document and maintain risk-based compliance policies and procedures; Develop and maintain IT controls related content for Information Security & Compliance intranet site.
Assisted in effective management of internal and external audit efforts and partnership, Drive for timely submission of critical audit and compliance deliverables.
Prepared ongoing reports with specified metrics/key performance indicators related to compliance activities, audit results, remediation plans other compliance efforts and presented to IT executives.
Contributed to a shared team vision of improving audit quality by establishing streamlined documentation standards and audit analytics dashboards.
Audited firewalls, reviewing rule configurations and ensuring compliance with segmentation and data exfiltration prevention policies.
Meridian Bank - IT Risk & compliance Analyst
05/2018 - 12/2019
Evaluated IT controls to reduce impact of internal and external IT audits.
Reviewed third-party vendor contracts and service-level controls for global infrastructure services, assessing risk exposure across multiple data centers.
Evaluated/interpreted SOX IT Audit, PCI DSS and Privacy requirements and provide guidance to process and control owners on objective / intent of requirements and assisted project teams to evaluate IT Risk and Compliance considerations for projects.
Drafted audit recommendations for inclusion in audit reports and memos for review by Audit Manager.
Performed follow-up work on past audit recommendations, ensuring corrective actions were taken by management.
Performed walkthroughs, documented risks, and prepared control documentation.
Collaborated with business units to deliver enterprise risk assessment results; and identify solutions to minimize risk exposure.
Partnered with key stakeholders in business to identify, assess, aggregate and document IT processes, risks and controls.
Performed risk assessments, identify IT controls for significant processes, developed test procedures for SOX readiness.
Assisted with development of IT policies and procedures necessary to mitigate risk assessment and risk report exposures.
Supported client engagements in a global audit capacity, coordinating with regional teams to ensure consistency and compliance with enterprise audit frameworks.
Communicated results of risk assessments to management, process owners.
Assisted in development and implementation of continuous monitoring program for IT compliance and automation of manual processes.
Technical expertise to review vendor's controls and document in business terms, risk, and recommendation to address vendor's control deficiencies.
Assisted with special studies and projects as assigned.
Led control assessments on digital platforms used for customer onboarding and transaction processing, identifying 3 key gaps in session timeout and encryption settings.
Developed and maintained IT policies and procedures to ensure compliance with industry regulations and standards.
Participated in client audit advisory meetings, offering tailored insights on IT risk trends and industry best practices.
Conducted infrastructure audits on cloud-hosted servers, verifying backup, logging, and patching controls across hybrid environments.
Reviewed and validated technical design specifications during pre-implementation audits to identify potential security and compliance risks.
Investigated disparities between stated security policies and implemented controls, recommending policy updates to improve alignment.
Ensured IT audit practices aligned with applicable federal laws including GLBA, FISMA, and HIPAA during internal assessments.
Championed continuous improvement initiatives for IT control testing, reducing manual evidence collection time by 40%.
Supported development of IT governance documentation to align risk ownership with operational responsibilities across business units.
Evaluated the impact of health data protection measures on clinical workflows and overall health outcomes during system audits.
Audited data security protocols across a distributed health system environment, focusing on patient data confidentiality.
Led cross-functional audits on complex projects involving legacy system migration and third-party integrations, ensuring alignment with enterprise security requirements.
Reviewed health benefits platform for compliance with medical data privacy regulations, focusing on encryption, user access, and vendor due diligence.
Worked on network penetration testing engagements, documenting weaknesses in public-facing IP ranges and issuing prioritized remediation tasks.
Performed information risk reviews to assess exposure to internal and external threats, delivering executive-level findings.
Developed automation tools that streamlined the access certification process and reduced manual review time by 40%.
Conducted vendor risk assessments, including background checks, to ensure alignment with enterprise security standards.
Collaborated on security awareness campaigns and delivered quarterly training programs to increase staff participation by 60%.
Participated in incident response planning, including tabletop exercises, to improve organizational readiness for cybersecurity threats.
Supported information security governance activities, aligning policies with NIST and ISO27001 standards.
Contributed to internal audit reviews of cloud platforms, identifying misconfigurations in identity access management control
Reviewed policy development procedures to ensure alignment with security risk management frameworks.
Evaluated scholarship management software security settings during third-party risk reviews for higher education clients.
Partnered with HR and legal teams to resolve retaliation claims and ensure compliance with FERPA and state law requirements.
Contributed to security policy development and implemented technical controls to support security domains.
Facilitated retirement plan audits by ensuring vendor controls met ERISA and IRS data retention requirements.
Conducted audits involving 3rd party vendors to validate cybersecurity protocols and contractual compliance.
Oversaw account administration reviews for privileged access accounts across cloud platforms.
Partnered with arts colleges to evaluate data privacy practices and accessibility standards in online learning tools.
Assessed compensation systems to ensure compliance with pay transparency and audit trail requirementsReviewed compensation package configurations in HRIS platforms for accuracy and system control integration.
Conducted control reviews for technology platforms used in criminal defense legal operations.
Led economic risk assessments during major IT transformation projects.
Assessed IT systems managing regional economies data for integrity and compliance with data usage agreements.
Reviewed employee onboarding systems to ensure risk-based access provisioning and proper documentation.
Collaborated on IT control audits for Fortune 500 clients in the finance and insurance sectors.
Participated in audits involving government agencies to assess compliance with federal security mandates.
Recommended improvements to growth initiatives by aligning technology risk strategy with business goals.
Audited information systems used by academic institutions to manage grants and institutional data.
Reviewed instructions provided in user training programs for clarity and compliance relevance.
Conducted risk assessments for applications supporting multi-language interfaces and translation services.
Audited internal systems used in military defense contracts for compliance with DFARS and NIST 800-171.
Verified office network controls to ensure secure configuration of routers, switches, and access points.
Assessed operating systems for vulnerabilities and alignment with CIS Benchmarks.
Conducted risk reviews focused on people-centric risks, including social engineering simulations.
Audited employee records systems to ensure data security and compliance with retention policies.
Managed recruiting systems audits, verifying access control settings and candidate data protection.
Evaluated access provisioning against established schedule and rotation policies.
Reviewed social media monitoring tools to ensure ethical usage and data privacy compliance.
Implemented new technology risk controls to support cloud migration initiatives.
Collaborated with university IT teams to assess risk of learning management systems.
Performed verification of audit evidence submitted by business units during compliance testing.
Conducted veteran support system audits to ensure privacy and accessibility standards were upheld.
Reviewed controls in working environments supporting remote and hybrid operations.
Participated in working group meetings to standardize internal audit procedures globally.
Evaluated audit readiness of systems supporting global operations around the world.
Reviewed color-coded role matrix used for access provisioning and segregation of duties.
Assessed institutional data for integrity as part of accreditation readiness evaluations.
Conducted IT control audits related to social impact initiatives and nonprofit partnerships.
Partnered with technology teams to document and remediate control deficiencies across cloud-based applications.
Supported security training initiatives by integrating awareness modules into new hire onboarding.Implemented Nessus to conduct vulnerability assessments across internal networks and cloud infrastructure.
Led a PHP code review project to identify insecure configurations and mitigate SQL injection risks.
Collaborated with university departments to ensure student success metrics were aligned with technology support efforts.
Advised leadership on the economic impact of audit findings on IT project budgets and resource allocation.
Supported commercialization strategy by reviewing data privacy implications for launching new cloud services.
Assessed employee selection systems to confirm compliance with EEO and information security requirements.
Conducted reviews of enrollment systems to assess data security configurations and incident logging.
Managed security controls documentation for Health Insurance Portability and Accountability Act (HIPAA) readiness.
Implemented SSCP-aligned practices for access provisioning in high-security environments.
Reviewed Asian regional compliance controls for global information security audits.
Created standard work documentation to support consistent execution of audit procedures across business units.
Partnered with leadership on the development of the organization’s five-year strategic plan, with a focus on IT risk management.
Ensured compliance with federal and state government requirements for IT asset retention and audit trail generation.
Led analysis on creative work access controls for digital rights management solutions.
Integrated CRISC-aligned controls into GRC platform configurations for automated risk assessment.
Delivered internal training programs on compliance with ITIL, GDPR, and risk reporting protocols.
Designed dashboards in Splunk to visualize anomalies and aid in security event correlation.
Applied CISM framework to improve maturity of information security risk management practices.
Reviewed compensation and employee benefits systems for segregation of duties violations.
Identified gaps in teaching platforms’ technical knowledge and provided remediation plans to improve online security.
Audited IT risk management frameworks to assess adherence to CISSP-defined control objectives.
Facilitated FERPA compliance by auditing student data access across cloud applications.
Contributed to higher education audits by evaluating HSI systems for accessibility and security risks.
Managed vendor management reviews to verify alignment with institutional policies and SLAs.
Evaluated data retention strategies in compliance with government funding and grant reporting requirements.
Reviewed phase documentation of software development life cycle to assess control checkpoints and signoffs.
Collaborated with the Office of Information Security to develop metrics and reports for security risk.
Coordinated risk-based audit plans for state law compliance and cybersecurity insurance policy qualification.
Oversaw data privacy and protection controls for students enrolled in international education programs.
Assisted in managing information technology compliance during economic downturns and restructuring.
Audited retirement plans for system-level misconfigurations in payroll integrations.
Evaluated internal controls of employee compensation packages to ensure accuracy and prevent fraud.
Managed cross-functional reviews for IT systems used in entertainment sector partnerships.
Participated in entrepreneurship incubator audits, focusing on IP protection and cloud usage.
Reviewed internal controls for systems managing student enrollment and institutional funding data.
Conducted information security audits for colleges and universities using FERPA, NIST, and GDPR guidelines.
Reviewed public service systems for data integrity, access control, and compliance gaps.
Conducted risk-based reviews of information systems used for scholarship processing.
Led audits of systems related to criminal defense case management, verifying chain-of-custody protocols.
Evaluated compliance with information security governance frameworks within institutions managing genetic data.
Audited systems supporting technical operations in the military domain to ensure compliance with DoD frameworks.
Calculated potential risk exposure using quantitative metrics to enhance audit planning accuracy.
Maintained credibility with stakeholders by providing transparent and evidence-based audit recommendations.
Dedicated time to mentoring junior auditors and ensuring alignment with industry best practices.
Fostered innovation by proposing new audit analytics techniques using Power BI and Python.
Built strong interpersonal relationships with control owners to streamline the audit evidence collection process.
Launched a knowledge-sharing initiative to centralize IT compliance insights across departments.
Participated in enterprise-wide compliance workshops and presented audit findings to executive leadership.
Promoted a culture of continuous improvement by identifying and addressing recurring audit findings.
Maintained audit project schedule adherence through proactive planning and stakeholder coordination.
Provided excellent service to internal clients by offering practical and actionable control improvements.
Prepared and presented well-written audit reports that clearly communicated findings and remediation steps.
Tools & Business systems
ServiceNow GRC – MetricStream – Archer GRC – AuditBoard – Rapid7 – SAP – Oracle Database – Salesforce – Sharepoint – PowerBI – Excel (pivot tables, Power Query) – AD Audit+ - Aws – Azure – Jira - Microsoft Dynamics – Linux
COBIT SOC 2 SOC 123 FISMA FISCAM COSO SOX HIPAA GDPR ITIL NIST FFIEC IPPE OCC PCAOB Circular-123 AICPA SOX HITRUST ISO27001 CSA STAR
Education
Bachelor of Science Mathematics
Olabisi Onabanjo University Ogun State, Nigeria
Certifications
•Certified Information System Auditor (CISA).