ALONA TUNKUDA
Saint Augustine,FL
Summary
Experience executing risk-based audit projects using COSO, COBIT, NIST, FFIEC, ISO frameworks and standards in obeying SOX regulation, testing of IT general controls (ITGCs) and IT application controls (ITACs). Projects include SOX and PCI DSS compliance, Database Security Audit, IT Operations and Resilience. Experience auditing IT infrastructure and ERP systems, professional level in using Microsoft suites – word, excel, PowerPoint. Detail-oriented Auditor with track record of quickly completing complex audit projects. Well-versed in managing entire audit process from planning and risk assessment to fieldwork. Experienced Auditor focused on improving business compliance, workflow and processes through detailed audits and optimization recommendations. Detail-oriented team player with strong organizational skills. Ability to handle multiple projects simultaneously with a high degree of accuracy. To seek and maintain full-time position that offers professional challenges utilizing interpersonal skills, excellent time management and problem-solving skills. Hardworking and passionate job seeker with strong organizational skills eager to secure IT Auditor position. Ready to help team achieve company goals.
Overview
23
23
years of professional experience
1
1
Certification
Work History
IT Auditor
BlueCross Blue Shield
05.2020 - Current
- Review SOC 1 type II and SSAE18 reports, execute SOC1 type I and SOC 1, 2 and 3
- Team participation in annual review of comprehensive company risk assessment for Annual Audit Plans.
- Liaise with external auditors to perform annual SOX compliance audit, serving as primary point of contact during compliance projects.
- Perform IT infrastructure audit to determine control design appropriateness and operating.
- Review of effectiveness of controls around servers, operating systems, network devices and databases.
- Perform various audit projects using COSO, COBIT, NIST, FFIEC, ISO frameworks to evaluate design appropriateness and operating effectiveness.
- Evaluate IT General Controls (ITGCs) audit and IT Application Controls testing (ITACs) using risk-based methodology.
- Recommend process improvement opportunities as needed.
- Conduct information security audit around administrative, technical and physical safeguards.
- Work with management on recommendations for improvements in controls, processes, systems and assist co-source auditors as appropriate
- Carry out annual internal audit plan control testing, per internal audit standards and IIA and ISACA alike, inform management of audit results and make recommendations to remediate identified control weaknesses
- Review post and pre-implementation review of SDLC projects to determine design appropriateness and operating effectiveness of implemented controls.
- Conduct SOX and PCI compliance audits to ensure control are in place that meet regulatory requirements.
- Evaluate and document financial and information systems for data integrity and quality.
- Participate in all phases of financial, operational and technology audits and risk assessments.
- Perform third-party control assessment and make recommendation to fix identified vulnerabilities.
- Communicated with auditee staff to obtain necessary information for audits.
- Performed observations and evaluated supporting documents to supplement audit findings.
- Planned and executed follow-up audits at appropriate intervals.
- Identified control gaps in processes, procedures and systems through in-depth research and assessment and suggested methods for improvement.
- Interviewed auditees to gather data needed to conduct audits.
- Prepared working papers, reports and supporting documentation for audit findings.
- Consulted clients on internal control systems development and audit program improvements.
Quality Control Test Analyst
BlueCross Blue Shield
11.2000 - 05.2020
- Drafted into Apollo Model Office in Canary Wharf for testing of new KYC workflow system – Universal Work Queue and DB Client Life Management (UWQ and dbCLM).
- KYC business process testing against UWQ/dbCLM application sprint development.
- Testing KYC rules engine (wallpaper) against dbCLM application and UWQ workflow.
- Processing User Acceptance Test (UAT) files End to End across various KYC scenarios.
- Identifying defects/enhancements and discuss issues with technical support teams.
- Providing SME guidance for KYC and QC Analysts in production environment.
- Providing remote support to extended pilot locations and core branches in relation to processing files, in advance of global deployment
- Individual JIRA level/ unit level testing against specific functionality, including regression testing, and validating workflow/data points that are resolved.
- Reporting findings to Central Readiness Teams.
- Collaborating with various CLM/Business/AFC teams to ensure efficient and successful Model Office testing.
- Skilled at working independently and collaboratively in a team environment.
Education
LLb. Law - Law
University of Jos
1999
Skills
- IT Skills:
- MetricStream, SharePoint, TeamMate, Excel, Access, Word, PowerPoint Tools: Nexpose and Splunk
- Continuing Education
- Issue Resolution
- Systems Efficiency Evaluation
- Sampling Techniques
- Reports and Documentation
- Microsoft Office
- Sarbanes-Oxley (SOX)
Certification
- CISA - Certified Information Systems Auditor - Testing Window August 2023
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
IT Auditor
BlueCross Blue Shield
05.2020 - Current
Quality Control Test Analyst
BlueCross Blue Shield
11.2000 - 05.2020
LLb. Law - Law
University of Jos