Senior It Auditor
Resume:
ACHILLE ZOGO
SENIOR IT AUDITOR IT RISK & CYBERSECURITY COMPLIANCE
+1-646-***-**** *********@*****.***
PROFESSIONAL SUMMARY
Senior IT Auditor with 8+ years helping banks, fintech, and SaaS companies tighten controls, pass audits, and reduce risk. I lead end-to-end ITGC and SOX work, translate technical issues into business impact, and drive fixes that actually stick. Comfortable across cloud and enterprise stacks and fluent in the frameworks hiring managers expect: SOX 404, SOC 1/2, NIST CSF, ISO 27001, PCI DSS, HIPAA, COBIT, FFIEC, and ITIL.
CORE COMPETENCIES
ITGC and SOX SOC 1/2 NIST CSF ISO 27001 PCI DSS HIPAA COBIT FFIEC Risk Assessment Access Management Data Privacy Vendor/Third-Party Risk Incident Response BCP/DR Audit Analytics Continuous Monitoring Executive Reporting Policy & Procedure Development Stakeholder Management
TOOLS & PLATFORMS
AuditBoard, TeamMate+, Workiva, Archer GRC, ServiceNow GRC SAP & Oracle ERP Jira, Confluence, MS Project SQL, ACL, IDEA, Python (audit automation), Excel (advanced), Power BI, Tableau AWS, Azure, GCP, VMware, Hyper-V Splunk Nessus, Qualys
Professional Experience
Senior IT Auditor — GreenSky, Atlanta, GA 2023–Present
Perform IT audit testing based on identified risks in compliance with policies, procedures, and regulatory standards.
Perform walkthroughs, risk assessments and testing relating to IT General Controls of ERP systems to meet regulatory and compliance requirements for clients in the public and private sector
Complete ITGC review and testing of key applications following company-set standards/ policies and IT business processes
Communicate risks and issues to process owners and senior management and collaborate with stakeholders across different teams and business units.
Test Access, Change Management, IT Operations, and Disaster Recovery controls using COBIT, NIST, and FISCAM frameworks
Elaborate presentation of audit reports that include remediation and corrective action plans
Conduct IT audit testing of specified Business areas based on identified risks, incompliance with policies, procedures, and safety, national laws, regulations, and industry standards
Leverage data visualization tools such as Tableau and Power BI to conduct data analysis during audit testing
Contribute to and advise on plan developments to ensure alignment with business strategy and compliance requirements.
Assist in preparing and executing operational team plans for SOX assurance activities.
Build and maintain internal control documentation such as process flow diagrams, narratives, and testing records.
Senior IT Auditor — Morgan Stanley, NY, NY 2022–2023
Conducted IT audit testing to ensure compliance with policies, procedures, and regulatory standards, including ITGC reviews of key applications.
Performed post fieldwork resolves all open items in a timely and efficient manner, prepares the audit report utilizing department standards of report writing, holds closing conference and prepares written evaluations of other staff members assigned to audit.
Identified and assess technology-related risks, including those in applications, system infrastructure, data accuracy, and processing
Collaborated with IT system owners to evaluate internal controls and process efficiencies, ensuring audit readiness and compliance.
Participated in continuous monitoring to identify new developments and assess the overall risk environment
Utilized audit tools like IDEA and ACL to analyze data sets and identify anomalies, contributing to effective reporting and internal control improvements.
Led special projects on Segregation of Duties (SOD) and SOX Compliance, working with senior management to refine audit policies, resulting in reduced audit time and improved quality.
Developed audit programs and procedures to ensure adherence to IIA Standards and execute the audit plan effectively.
Performed walkthroughs, risk assessments, and testing related to IT General Controls of ERP systems to meet regulatory and compliance requirements for clients in public and private sectors
Implemented IT policies, procedures, and best practices to enhance security, compliance, and operational efficiency
Partnered with product and data teams to embed privacy reviews earlier in the lifecycle, fewer last-minute surprises before releases.
Prepared regulator-ready evidence packages with screenshots, system extracts, and approvals; review meetings became shorter and more predictable
Cybersecurity Risk & Compliance Analyst — Esurance, San Francisco, CA 2019–2023
Ran enterprise and cloud risk assessments mapped to HIPAA/PCI/GDPR/NIST; closed 22% of open control gaps within the next cycle through clear owners and dates.
Validated pen test and vulnerability results and prioritized fixes by exposure and business criticality, reduced repeat findings and improved patch timeliness.
Strengthened incident response and disaster recovery through tabletop exercises; clarified roles, escalations, and evidence capture so audits went smoother.
Built a practical vendor-risk process that reviewed SOC 2, ISO certs, DPAs, and exit clauses; blocked high-risk vendors and set remediation terms up front.
Drafted crisp, usable policies and procedures aligned to COBIT/ITIL, reduced variance across teams and simplified control testing.
Launched security awareness content and phishing drills; improved click-through resilience by 28% and helped managers coach their teams effectively.
Partnered with product and data teams to embed privacy reviews earlier in the lifecycle, fewer last-minute surprises before releases.
Prepared regulator-ready evidence packages with screenshots, system extracts, and approvals; review meetings became shorter and more predictable.
IT Audit Associate — Ally Financial, Charlotte, NC 2017–2019
Supported 20+ ITGC/SOX audits per year across ERP, payment, and loan systems under FFIEC/COBIT guidance, closed issues faster by standardizing requests and walkthroughs.
Performed access, change, and operations testing with ACL/IDEA/Excel, flagged weaknesses in batch monitoring and reconciliations for targeted fixes.
Reviewed BCP/DR plans and test results for core platforms; improved documentation of RTO/RPO and evidence of successful failover tests.
Helped with vendor compliance checks (PCI/ISO/GDPR) and tracked remediation; kept third-party exposure visible to risk committees.
Cleaned up audit workpapers and version control; reduced prep time 15% and made external reviews more straightforward.
Coordinated with technology and business owners to align timelines and reduce audit fatigue during quarter-ends.
Summarized complex control issues in plain English for non-technical stakeholders, which sped up sign-offs.
Contributed to team knowledge articles, helping new auditors’ ramp faster on systems and evidence expectations.
EDUCATION
MBA — DeVry University, Chicago, IL
CERTIFICATIONS
CISA CRISC PCI DSS Implementation (in progress) CompTIA Security+ (in progress)
Contact this candidate