Bukunmi Ogundimu
Richmond,TX
Summary
Dedicated and experienced IT auditor and Senior Information Security GRC Analyst with In-depth knowledge of Sarbanes-Oxley Act (SOX), risk assessment, IT General Controls (ITGC), IT Application Controls (ITAC) and SSAE18 evaluation & assessment, in industries such as Healthcare and Banking/Financial Services. And also, with a proven track record of ensuring data security and compliance for organizations. Seeking an opportunity to contribute my expertise in governance, risk management, and compliance to help companies effectively manage their information security needs.
Overview
11
11
years of professional experience
1
1
Certification
Work History
Snr. Information Security GRC Analyst
Prosperity bank USA
10.2021 - Current
- Spearhead all operations associated with executing cyber security audits, testing preventive, corrective, detective, and compensating controls
- Lead the development and implementation of the company's Information Security Governance, Risk Management, and Compliance (GRC) program
- Conduct comprehensive risk assessments and gap analyses to identify vulnerabilities and recommend mitigation strategies
- Collaborate with cross-functional teams to identify, assess, and manage security risks throughout the organization
- Monitor and report on security incidents and breaches, implementing incident response plans when necessary
- Conduct regular security awareness training for employees and promote a culture of security within the organization
- Manage third-party vendor assessments, Applications assessment and oversee compliance with contractual security requirements
- Continuously evaluate and update security policies and procedures in response to changing threat landscapes and regulatory requirements
- Review third-party Due Diligence and other documents to complete vendor's Residual Risk Assessment.
- Maintain an understanding of privacy concepts and legal obligations, including GDPR, GLBA, FFIEC, NIST, PCI-DSS, HIPAA, ISO27001, and new or evolving privacy obligations
- Performance of analyzing security scan data and converting into actionable reports and into automated, real-time dashboards using Microsoft Office 365, Microsoft SharePoint Online and the Microsoft Power Platform (e.g, Power BI, Power Automate, Power Apps, Power Agent).
- Identified opportunities to enhance data integrity through database structure modifications.
- Developed actionable roadmaps for improving workflows and processes.
- Championed efforts in accurately evaluating attestation engagement SSAE18, SOC 1, II, III review
IT Security Risk and Compliance Auditor
Kelsey-Seybold Clinic
11.2020 - 09.2021
- Performed risk analysis and assessments to ensure an appropriate scoping of audit
- Conduct internal and external testing to measure compliance with HIPAA, PCI, and other regulations and frameworks as it relates to SOX
- Perform user and vendor access reviews
- Responsible for the corporate-wide IT GRC program
- Adhered to audit principles, standards, and practices to keep the company in good standing
- Directed completion of planned audits, assessed records and procedures for accuracy to accomplish objectives and appraised policies and plans under audit review
- Assessed compliance risk, developed audit work plans, and documented findings
- Managed completion of planned audits, reviewed records and procedures for accuracy to accomplish objectives and appraised policies and plans under audit review
- Prioritized multiple, concurrent projects to deliver high-quality results
- Applied audit fundamentals to identify risks and develop action plans
- Trained, developed, and provided performance management initiatives to audit staff.
- Met with stakeholders to discuss compliance audit plans and results, explaining options for improvement
- Streamlined internal auditing programs by utilizing data analytics software.
- Administered internal auditing programs through the use of data analytics software.
- Manage timely completion of requests and follow-ups to third parties for appropriate documentation (e.g., SOC1; SOC2) and review and evaluate materials submitted
- IT security Audit using FISMA, HIPAA PCI-DSS, HITRUST, and ISO 27001 security Framework
- Help with HIPAA compliance and privacy policies and procedures. Routinely monitor changes in the applicable HIPAA government regulations.
IT Auditor
Quest Diagnostics
06.2017 - 09.2020
- Perform assessment of IT General controls (ITGC) such as Access control, Change management, and IT operations
- Perform test execution of IT General controls and Application controls based on internal and industry standards and guidelines
- Manage and drive compliance of Internal Controls over Financial Reporting (ICFR) program and Sarbanes-Oxley (SOX) requirements, particularly for IT general controls, application controls, and information produced by entity (IPE) for the Corporate Accounting department
- Assist in developing audit objectives and audit program to address process and financial risks, coordinate audit process, ensure work is assigned, completed timely, and work papers are sufficiently supported to identified risks
- Perform walk-through and detailed test of controls to determine if controls are designed and operating effectively
- Review internal policies and procedures and existing laws, rules, and regulations to determine applicable compliance and the adequacy of underlying internal controls
- Evaluate compliance with corporate security policies from planning phase to completion using COBIT, COSO, SOX, SSAE 18, frameworks in performing audit
- Perform IT audit activities for compliance and risk-based IT audits, general computer controls, application, and infrastructure
- Identify risks and recommend control to mitigate them
- Perform Application control by checking authorization control, computation control, and data validity check for SOX Compliance Audit
- Document work paper, audit wrap-up procedures, and verify audit objectives to ensure that the controls are properly evaluated
- Conduct assessment of disaster recovery plans and business continuity plans as well as assist with application security reviews for separation of duties and compliance with business rules
- Perform application security design around user authorization, access authorization, information protection & application logging.
IT Audit Associate
HealthFair
02.2016 - 06.2017
- Participated in planning and prioritization of IT controls both ITGC and ITAC
- Conducted IT controls risk assessments including reviewing organizational policies, standards, and procedures and providing recommendations on their adequacy, accuracy, and compliance with industry standards
- Coordinated and executed projects and ensured security risks/vulnerabilities are identified, communicated, and remediated
- Planned, managed, and executed the IT audit functions using best practice audit guidelines in compliance with COSO and COBIT
- Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and operations
- Performed all stages of audit, including planning; fieldwork/execution; reporting; and follow-up
- Developed strong working relationships with client's internal resources like functional area leaders, system owners, and Internal Audit team as well as worked in a team to assess financial statement risk, optimize client's controls universe, and identify opportunities for achieving efficiencies in the execution of the engagement
- Liaised and translated risk and controls between the system and the financial controls environments across a complex systems landscape
- Performed vulnerability assessment making sure that risks are assessed, evaluated, and proper actions are taken to limit their impact on the information and information systems
- Perform various interface automated control testing such as security controls, system configuration, and data completeness control within applications
- Documented control gaps and offer value-added recommendations to resolve issues
- Involved in performing technical audits of IT infrastructure controls, including Operating Systems, Databases, and Network services
- Perform post-implementation review of management's work, assessing the design adequacy and the operating effectiveness of the SDLC phases, identifying risks and gaps in the implementations, cascading issues and recommendations to appropriate stakeholders.
Quality Assurance Auditor
Diamond Bank (Nigeria)
06.2013 - 03.2014
- Designed and conducted walkthroughs, formulated test plans and test results, and developed remediation plans for each area of the testing
- Evaluated effectiveness of control activities to provide reasonable assurance regarding client's achievement of internal control objectives including, efficiency and effectiveness of operation, reliability of financial reporting, and compliance with applicable laws and regulations
- Conducted follow-up work, as necessary, to evaluate corrective action taken by management to resolve previous IT audit observations and ensure corporate compliance with policies, laws, and regulations
- Assisted in preparing IT audit program to include access control, change management controls, and application controls; and identified deficiencies in the design and operating effectiveness of control as well as provided recommendations
- Maintained good working relationship with the clients to enhance clients' satisfaction and work with client management and staff at all levels to perform audit service
- Ensured that IT general controls and IT application controls are performed in compliance with SOX and relates to confidentiality, integrity, and availability of information.
Education
Bachelor of Sci. in Mass Comm. & Information Security -
Moshood Abiola Polytechnics
05.2013
Skills
- Documentation and Reporting
- Issue Identification
- Workflow Analysis
- Trend Modeling
- System Analysis
- BI Dashboards
- Audit Support
- KPI Analysis
- Information Gathering
- Report Preparation
- Risk Mitigation
- Root Cause Analysis
- Regulatory Compliance
- Continuous Improvement
- Financial Accountability
- Policy Improvements
- SQL and Databases
- MS Excel
- Trend Analysis
- Presentation Development and Delivery
- Budget Development
- Deadline Adherence
- Incident Reporting
- Data Integrity Assurance
- Analytical Thinking
- Cost Control Programs
- Corrective Action Planning
- Compliance Analysis
- Contract Analysis
- Security Solutions
- Intrusion Detection
- Evidence-Based Decision Making
- Risk Analysis
- Business Operations Analysis
- InfoSec
- Data Processing
Affiliations
Information Systems Audit and Control Association (ISACA)
Certification
CISA
Timeline
Snr. Information Security GRC Analyst
Prosperity bank USA
10.2021 - Current
IT Security Risk and Compliance Auditor
Kelsey-Seybold Clinic
11.2020 - 09.2021
IT Auditor
Quest Diagnostics
06.2017 - 09.2020
IT Audit Associate
HealthFair
02.2016 - 06.2017
Quality Assurance Auditor
Diamond Bank (Nigeria)
06.2013 - 03.2014
Bachelor of Sci. in Mass Comm. & Information Security -
Moshood Abiola Polytechnics
Similar Profiles
JOSHUA UYANGA (CAMS)JOSHUA UYANGA (CAMS)
AML Compliance Quality Assurance Analyst at Prosperity Bank USAAML Compliance Quality Assurance Analyst at Prosperity Bank USA
Joshua UyangaJoshua Uyanga
AML Compliance Quality Assurance Analyst at Prosperity Bank USAAML Compliance Quality Assurance Analyst at Prosperity Bank USA
Carol RutherfordCarol Rutherford
Loan Assistant at F&M Bank/Prosperity BankLoan Assistant at F&M Bank/Prosperity Bank
Geovany BolanosGeovany Bolanos
Back of House Team Member at Torchy's TacosBack of House Team Member at Torchy's Tacos
Aali AliAali Ali
Assistant Center Director at Mathnasium of ConroeAssistant Center Director at Mathnasium of Conroe