We provide IT Staff Augmentation Services!

It Compliance Analyst Resume

2.00 Rating

Dallas, TexaS

Profile:
A team-oriented IT-Auditor with, a strong analytical, problem-solving, research and communications skills. Ability to work across multiple projects simultaneously and driven to learn new technology and build in-depth expertise.


Certifications: IT Service Management (ITSM)
CISA

Functional knowledge:
IT Audit
Systems Audit Controls and Security, Remote Access Audit, Risk Management, Incident Management, Change Management, Payment Card Industry (PCI) and Data Security Standard (DSS) Compliance, SOX, Disaster Recovery, HIPAA Compliance, ITIL, Writing audits reports and Training on IT industry’s best practices.

Project Management
System Development Life Cycle (SDLC), Project Analysis and Design, Project Development and Deployment, comprising Business Requirements Definition (BRD), Gap Analysis, and Testing.

Technical Skills:

Hardware: PC

Operating Systems: UNIX, Windows NT, Windows 9x, Windows 2000, Windows
Windows XP, Windows Vista,
Office tools: MS - Word, Access, Excel, power point

ERP:SAP, Peoplesoft, Oracle financial, JD Edwards,
Flexcube, AS 400.

EDUCATION:

  • Information Technology Audit, Security and Compliance
  • Bachelor of Science in Physics

PROFESSIONAL EXPERIENCE:

Confidential,Dallas Texas: October 2011 – Date

Title: IT Compliance Analyst

Responsibilities:

  • Plan, manage and execute the IT audit functions using best practice audit guidelines in compliance with COSO and COBIT.
  • Establish IT compliance frame work covering IT platform applications, processes and procedures to ensure compliance with industry standards and best practices.
  • Review and test access control – physical access relating to server room or data center, and logical access control relating various applications.
  • Review and test other important IT controls such as: Change management, segregation of duties, Data integrity, etc.
  • Tested IT controls in compliance with the Payment Card Industry Data Standard Security (PCI DSS) policy.
  • Review organization’s disaster recovery readiness – DR plan, Business impact analysis (BIA), annual testing, site adequacy, etc.
  • Coordinate and execute projects and ensured security risks/vulnerabilities are identified, communicated and remediated.
  • Measure the adequacy of the quality of IT service delivery, through the review of key controls in incident management (help desk), problem, and release and change management.
  • Evaluate the adequacy of the key controls in UNIX operating system, and also in Applications – Alloy, FOL, TSS, Back-up Exec, etc,
  • Work closely with management (IT Directors, Managers, etc), over IT audit findings, compliance issues, recommendations, management’s response and implementation.
  • Ensure projects plans are updated for significant changes to scope, cost, and schedule and resource usage; and are agreed to by all parties.
  • Recommend process improvements on vulnerabilities tracking and possible remedy to security issues.
  • Perform follow-up on every past due resolutions.

Confidential,USA. October, 2008 – October 2011
Title: IT Auditor.
Responsibilities: General Systems and Applications Audit.
Environment: LAN, WAN, Firewall, Oracle, Access, Peoplesoft, SAP, AS 400

  • Planned, managed and executed the IT audit functions using best practice audit guidelines.
  • Performed audit in compliance with COSO and COBIT standards
  • Performed systems log audit
  • Performed SOX audit
  • Coordinated and executed projects and ensured security risks are identified, communicated and remediated.
  • Performed information security assessments, vulnerability scans and internal penetration testing to ensure that information systems are adequately protected to meet security requirements.
  • Measured the adequacy of quality of IT service delivery, through the review of key controls in incident management (help desk), problem management, Releases and change management
  • Evaluate the adequacy of the key controls in UNIX operating system and management of databases – data integrity, data back –up, access control, among others.
  • Reviewed and tested access control – physical access relating to server room or data center and logical access control relating to applications.
  • Worked using ACL
  • Tested Networking control (LAN, WAN, Firewall).
  • Reviewed and tested Databases controls (Oracle, Access).
  • Tested Software Applications controls (Oracle, Siebel, Peoplesoft, SAP, JD Edwards etc).
  • Reviewed organization’s disaster recovery readiness– DR plan, Business impact analysis (BIA), annual testing, site adequacy, etc.
  • Provided security and compliance support to all associates and departments enterprise wide, including consulting and interacting with third party organizations (auditors/assessors/vendors).
  • Recommended process improvements and possible remedy to security issues.
  • Developed and published information security policies, procedures, standards and guidelines based on security best practices and compliance requirements.
  • Worked closely with management (IT Directors, Finance Directors, etc), over IT audit findings, compliance issues, recommendations, management’s response and implementation.

Confidential,Nigeria August 2006 – June 2008
Role: IT Auditor
Environment: LAN, WAN, Firewall, Oracle, Access, PeopleSoft, SAP,
JD Edwards, Flexcube

Responsibilities: General Systems and Applications Audit & Project Management.

  • Planned, managed and executed the IT audit functions using best practice audit guidelines.
  • Established IT compliance frame work covering IT platform applications, processes and procedures to ensure compliance with industry standards and best practices.
  • Reviewed and tested access control – physical access relating to server room or data center and logical access control relating to the applications roles and responsibities.
  • Conduct complete review and audit of ERP applications (SAP, Oracle financials, PeopleSoft and JD Edwards) to ensure compliance with defined security policies and industry standards – segregation of duties, authorization, access, data integrity, change management, etc.
  • Reviewed organization’s disaster recovery readiness – DR plan, Business impact analysis (BIA), annual testing, site adequacy, etc.
  • Review systems availability control – redundancy and failover in electrical, telecom and network set- up.
  • Measured the adequacy of quality of IT service delivery, through the review of key controls in incident management (help desk), problem, and release and change
  • Evaluate the adequacy of the key controls in UNIX operating system and management. Databases – data integrity, data back –up, access control, among others.
  • Worked closely with management (CEO, IT Directors, Finance Directors, etc), over IT audit findings, compliance issues, recommendations, management’s response and implementation.
  • Provide training and guidance to other subordinates. Manage end-to end audit process to ensure compliance.

Project Management:

    • Worked with Project team on Flexcube implementation.
    • Reviewed the adequacy of project management methodology for compliance with industry standard, SDLC.
    • Provided consulting services to the project team by ensuring key controls are considered in requirement definition and design.
    • Conduct gap analysis between application capability and business requirement.
    • Reviewed the adequacy of traceability matrix.
    • Ensured compliance with key controls – management approval, ROI, business sign- off, estimations, timeliness, testing, etc, from initiation through go- live
    • Ensured project cost was captured and periodically advised management on cost variances.
    • Conducted post implementation review.

We'd love your feedback!