Security Analyst Information
Resume:
Usoro Itata
Frisco, TX 469-***-**** **************@*****.***
RELEVANT SKILL SUMMARY
§Detail-oriented Information Security Analyst / IT Auditor with 10+ years of experience in SOX compliance, ITGC/ITAC testing, risk assessment, and internal audit across financial services and banking.
§Skilled in executing SOX 404 compliance testing, managing remediation, and supporting external auditor queries to ensure audit readiness.
§Strong background in records management, documentation retention, and regulatory compliance (FRB, OCC, SEC, FDIC).
§Experienced collaborating with Finance, Accounting, and Operations teams to build effective governance, address control gaps, and improve processes.
§Certifications: CISA, CSPO with strong knowledge of NIST, HIPAA, PCI-DSS, COBIT, and ISO 27001.
.
CORE AREAS /TECHNICAL SKILLS
§Core Areas: Auditing & Assessment Data Privacy Data Analysis & Reporting Incident Management & Response Performance Monitoring Policy & Procedure Development Project Management Regulatory Compliance Risk Management
§Technical Skills: Microsoft Office Suite Management Information Systems ERP Systems Linux Power BI SQL Windows AS400 Jira Confluence Cloud Computing (Amazon Web Services – AWS, Google Cloud Platform – GCP & Azure)
PROFESSIONAL EXPERIENCE
US Bank
Irving, TX
IT Auditor / IT Control Tester
April 2023 – Present
§Executed SOX 404 compliance procedures across designated business units under guidance of SOX Manager, ensuring alignment with methodology, reporting, and compliance efforts.
§Coordinated scoping, scheduling, and completion of SOX testing, managing workpapers and supporting timely reporting.
§Served as point of contact for external auditors, addressing queries and providing documentation to support testing conclusions.
§Performed all phases of IT audits — planning, fieldwork, reporting, and remediation follow-up — and executed remediation testing for prior findings.
§Partnered with Finance, Accounting, and Operations stakeholders to support control owners, resolve deficiencies, and improve governance processes.
§Assisted in managing the audit management system and contributed to special projects improving business processes and risk controls.
§Conducted testing of ITGC and ITAC controls, identified control deficiencies, and provided recommendations for corrective actions to enhance the organization's compliance posture.
§Spearheaded IT Change & Release processes, ensuring alignment with SOX, PCI-DSS, and NIST standards while minimizing operational risk.
§Delivered presentations and updates to leadership, ensuring stakeholders remain engaged with SOX compliance progress.
Kairos Vision Consult LLC
Stamford, CT
Information Security Analyst
February 2019 – March 2023
§Led vendor security assessments, completing SIG questionnaires and risk analyses for 100+ third-party vendors, evaluating vendor security controls, and ensuring adherence to cybersecurity policies and contractual obligations.
§Conducted vendor documentation reviews, identifying areas for improvement in risk management.
§Conducted interviews and facilitated workshops with IT and business personnel to gather evidence and assess processes.
§Conducted 3rd party cyber risk assessments to ensure vendors’ security controls align with Kairos Vision Consult standards and organizational risk thresholds.
§Identified gaps through assessments, recommended and documented mitigation strategies, and logged issues in the Issue Management System, driving timely resolution with internal/external stakeholders.
§Collaborated with business relationship owners, compliance, security, and vendors to collect due diligence documentation and complete assessments.
§Managed and supported the company’s TPRM lifecycle, including risk triage, documentation validation, remediation follow-up, and oversight of vendor performance.
§Lead Third Party Risk Management (TPRM) efforts using tools such as One Trust and Security Scorecard
§Applied critical thinking in evaluating incomplete or imperfect vendor data to assess inherent and residual risks.
§Coordinated risk reporting for leadership, including preparation of materials for committees and board-level reviews.
§Oversee TPRM procedures, respond to suspected policy violations, and adjust processes to align with evolving regulations
Freddie Mac
Dallas, TX
Information Security Analyst
February 2017 – February 2019
§Conducted third-party risk assessments for enterprise technologies, products, services, and operations, aligning with ISO/IEC 27001, ITIL,
COBIT, NIST, and PCI-DSS standards to enhance and strengthen risk management practices.
§Developed and implemented GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices.
§Collaborated with cross-functional teams to integrate GRC principles into business processes and systems.
§Led third-party vendor information security assessments to facilitate informed decision-making and risk mitigation strategies, resulting in improved risk documentation accuracy and achieving 100% compliance
§Drove process innovation and efficiency enhancements through automation initiatives to improve the operational capabilities of the third-party risk management program, which improved overall efficiency by 50%.
§Developed and implemented strategies to mitigate risks and improved the overall third-party risk management program, which improved overall efficiency by 40%.
§Identified opportunities to promote third-party risk management that improved overall efficiency by 60%.
Chase Bank
Dallas, TX
IT Auditor / IT Compliance Analyst
February 2015 – February 2017
§Conducted regular Audits of IT General Controls (ITGC) to ensure compliance with internal policies and external frameworks (e.g., SOX, COSO, HITRUST, NIST).
§Identify control deficiencies and potential risk areas, working with IT and cybersecurity leadership to design and implement effective mitigation strategies.
§Collaborated with IT, information security, and the organization to ensure regular monitoring and consistent management of controls
§Led the planning, preparation, and coordination of internal and external IT testing activities, ensuring readiness and clear documentation of findings.
§Provided training to various department stakeholders on IT controls, compliance objectives, and the importance of risk management for the organization.
§Monitored IT infrastructure and software updates for the potential inclusion in control scoping
§Interface with internal stakeholders to identify, communicate, and remediate compliance issues.
§Perform vulnerability scans and shift – left scanning to proactively identify risk.
§Maintained comprehensive audit documentation and ensured timely response to Auditor requests and evidence collections.
§Interface with internal stakeholders to identify, communicate, and remediate compliance issues.
Goodwin Consulting LLC.
Garland, TX
Product Owner/ Business Analyst
December 2012 – January 2015
§Collaborated across the entire business with a willingness to learn existing business processes and ideas on new processes to support an ever-evolving industry.
§Gathered and documented user requirements and translated them into clear and actionable user stories and acceptance criteria, ensuring alignment with business goals and customer needs, which limited errors in preproduction by 10%.
§Developed and implemented RESTful APIs to enable seamless communication between the front-end and back-end systems.
§Knowledge of relevant regulations and standards (such as GDPR, HIPAA, or industry-specific standards) to ensure the product aligns with legal and compliance requirements.
§Implemented robust database security measures, including user authentication and access control mechanisms, to protect sensitive data and comply with regulatory requirements
§Led the development and implementation of Identity and Access Management (IAM) systems, enhancing security and streamlining user authentication processes for banking platforms.
§Collaborated with cross-functional teams, including UI/UX developers, designers, and healthcare professionals, to define
the scope and objective in the building a feature and system using the principles of SDLC.
EDUCATION
University of Texas
Richardson, TX
Bachelor of Science in Accounting and Information Management
CERTIFICATIONS
Certified Information Systems Auditor (CISA), ISACA
Scrum Alliance - Certified Scrum Product Owner® (CSPO)
Contact this candidate