Summary
Overview
Work History
Education
Skills
Certification
Affiliations
Accomplishments
Timeline
Generic

DAVID FALOLA

Richmond,TX

Summary

Analytical IT Auditor/Security Analyst with strong strategic planning, problem solving and project management skills. Fully knowledgeable in applicable regulations and standard audit procedures. Performing various information Technology Audit including (ITGC) and Application Controls (ERP System, Mainframe) with Proven track record of assessing System Network Access Controls/ ITGC detailed walkthrough Control Testing/ SOC / SOX/ SAP/ SDLC/ Circular A-123/ SSAE18 Report/ IT Infrastructure/ PCI DSS/ SQL Server/ Database/ GDPR / Control Assessment/ COSO/ COBIT/ CAPA/ FISMA & FISCAM/ FFIEC/ ISO 27000-27002/ Salesforce/ PeopleSoft/ Active Directory/ Security+/ NetSuite/ ACL/ ATS/ Azure and AWS/ GXP/ GAMP/ NIST SP 800-53 Rev 5/ Metric Stream/ GRC/ Archer and Aurora/ Jira and Scaled Agile Methodology/ Firewall/ UNIX/ Oracle Database/ Linux/ HIPPA/ Change Management Controls/ IT operation Control and Security Management to identify, manage and reduce risks and ensure general compliance.

Overview

8
8
years of professional experience
4
4
years of post-secondary education
2
2
Certifications

Work History

Senior IT Auditor

Telephone and Data Systems Inc.
Chicago , IL
2021.09 - Current
  • Conduct Sarbanes-Oxley (SOX 404) and PCI DSS compliance audit, testing primary controls – performing assessments of
  • ITGCs and application controls, Change Management and IT operations interface for design appropriateness and operating effectiveness in compliance with COBIT, NIST, ITIL ISO 27001, FFIEC, FISCAM or FISCAM framework
  • Conducted detailed interviews with senior managements of client companies to gain a full understanding of their businesses
  • Managed the identification of relevant control objectives for the service organizations SSAE18 attestation and performed readiness reviews in preparation for the attestation engagement
  • Responsible for business and system solutions, design and document methodologies, configuration of S/4HANA FICO functional module, integration processes, conducts workshops, users training and continued support during the project
  • Create extensive and detailed process flow charts, swim lanes among other diagrams to document business requirements and to analyze gaps in business process and system controls
  • Review SAP standard and custom transactions for SOD impact and work closely with business partners, Internal and External Auditors to identify, document, and resolve or escalate problems within SAP systems/user access to meet regulatory requirements
  • Performed assessments of application controls and IT general controls such as access control, change management, operations, disaster recovery and job scheduling
  • Tailored an audit approach to ensure all significant risks areas are identified and tested
  • Execute various audit projects deploying IT audit process from planning, fieldwork, reporting and follow-up
  • Test IT controls within ERP and in-house-developed systems, Oracle financials and other applications
  • Conduct pre and post implementation audits to ensure adequate controls are implemented in the system and determine that the seven phases of System Development Life Cycle (SDLC) are adhered to
  • Perform cloud computing controls testing of integrity, confidentiality, availability, compatibility, security access control and encryption to determine design appropriateness and operating effectiveness
  • Execute financial, operational, security and compliance IT audits in accordance with the Institute of Internal Auditors Standards enterprise-wide from planning, detail testing and report documentation
  • Evaluate Management Directives - Policies, Standards, and Procedures against leading practices to identify gaps in the design and provide recommendations to enhance operational efficiencies
  • Develop first draft of audit reports and recommend adequate controls to stakeholders based on audit outcome
  • Enhance internal controls, risk management and governance practices through target and integrated audits
  • Design analytics and automation of transactional data to support processes and audits
  • Oversight of the inventory of business processes, internal testing, audit, regulatory engagements outputs and the integration with RCSA, as applicable
  • Performs and investigates internal and external information security risk and exceptions assessments
  • Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.

IT Auditor

Availity LLC
Jacksonville , FL
2017.07 - 2021.09
  • Manage internal control systems by updating audit programs and implanting new policies and procedures while ensure all are in compliance with HIPPA, OSHA state and federals
  • Utilize data analytics tools such as Audit Command Language (ACL), IDEA and MS excel to test, analyze and verify whether information system internal controls are effective, sufficient and appropriate
  • Propose recommendations to senior management with various business units, which initiated correctives strategies and improved management control weaknesses
  • Conducted walkthroughs and testing of controls - Information Technology General Controls (ITGCs) and IT Application
  • Controls (ITACs) to establish design adequacy and operating effectiveness of controls
  • Evaluate and present control findings during IT infrastructure audit of databases, Network Devices, Servers and Operating
  • Systems to determine adequacy and operating effectiveness
  • Design, execute and complete testing of the design and operating effectiveness of SOX business process and IT controls, including entity and process level controls, IT general and application controls and SOC reviews
  • Supported and helped mature the security risk management program, familiar with general Governance Risk and Compliance (GRC) programs with specific knowledge of vendor risk and policy management
  • Documents and reports control failures and gaps to stakeholders
  • Provides remediation guidance and prepares management reports to track remediation activities
  • Developed and managed budget of $1.5 mm for the international audit department and plan and execute financial audit for our clients
  • Assists in recommending changes to client business operations and negotiating solutions, improvement opportunities, and management corrective actions
  • Perform financial and operational audits as directed to ensure coordination of internal audit function with regulators and external auditors
  • Executed audit-related activities such as IT general controls, infrastructure and security audits, business continuity planning, and disaster recovery audit
  • Other functions include vendor risk assessments, governance, risk, and compliance
  • Reviewing and testing for segregation of duties SOD and accessing control in application to ensure compliance with SOX
  • Oversee QA reviews of other key internal audit activities for the subject areas including the audit universe/risk assessment process and trimester refresh, continuous monitoring process, issue validation process and reporting process
  • Implementation of cloud security controls and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns to business objectives
  • Access new IT systems or changes to existing applications to determine controls impact & risks to environment such as migration to new systems and tools
  • Analyze of the system landscape to make sure that all relevant systems (production and development) were measured and systems that are not relevant for the measurement are java based, portals, dual stack, no longer used but not maintained properly on SAP Support Portal, test and training systems.

Project Manager

Baker Newman Noyes LLC
Boston , MA
2015.04 - 2017.07
  • Formulated business strategies and coordinated day to day marketing programs to help acquire more clients
  • Responsible for budgeting and forecasting, expense reporting, risk management, status reporting and execution
  • Developed business plans and provide financial support and summary analysis
  • Building and maintaining accurate project budgets responsibilities to field operations
  • Oversaw personnel matters, billing and collection, budgeting, planning and patient flow
  • Documented business processes and analyzed procedures to see that they would meet changing business needs
  • Built and maintained effective client relationships and handle challenging situations
  • Provided software support for all office applications and train employees on company systems and software
  • Assisted in documenting, evaluating and testing of application performance and reporting findings to the development team
  • Updated and processed client medical billing and coding to ensure all data are correctly entered into the system
  • Developed employee training manuals and provide training classes on company procedures and policies as well as state regulations
  • Ensured databases are complete, accurate and available only to authorized personnel.

Education

Bachelor of Technology (B.Tech - Computer Science

Ladoke Akintola University of Technology
2008.01 - 2012.01

Skills

Risk Assessment and Management, Tax Regulation Compliance, Excellent Communicator and Time Management and Attention to Details.undefined

Certification

CISA – Certified Information System Auditor (November/ 2022)

Affiliations

Information Systems Audit and Control Association (ISACA)

Accomplishments

  • Used Microsoft Excel to develop inventory tracking spreadsheets.
  • Resolved product issue through consumer testing.
  • Supervised team of 3 staff members.

Timeline

Senior IT Auditor

Telephone and Data Systems Inc.
2021.09 - Current

IT Auditor

Availity LLC
2017.07 - 2021.09

Project Manager

Baker Newman Noyes LLC
2015.04 - 2017.07

Bachelor of Technology (B.Tech - Computer Science

Ladoke Akintola University of Technology
2008.01 - 2012.01
CISA – Certified Information System Auditor (November/ 2022)
CISM – Certified Information System Manager (November/ 2022)

Similar Profiles

  • Deonte Jones

    Deonte JonesDeonte Jones

    IT Support Technician II at TDS Telephone And Data SystemsIT Support Technician II at TDS Telephone And Data Systems

    View Profile
  • DAVIA KNIGHT

    DAVIA KNIGHTDAVIA KNIGHT

    Subject Matter Expert at ITELInternational - Telephone & Data Systems (TDS)Subject Matter Expert at ITELInternational - Telephone & Data Systems (TDS)

    View Profile
  • Gary Lynch

    Gary LynchGary Lynch

    Cable Technician at Orlando Business Telephone SystemsCable Technician at Orlando Business Telephone Systems

    View Profile
DAVID FALOLA