Emmanuel A. Ampofo
Beltsville,Maryland
Summary
A skilled IT Auditor with over Six years of experience implementing, managing, and evaluating compliance with corporate security policies from planning phase to completion using COSO, SOX, FISCAM, FISMA, SSAE 18 Frameworks. Specialist in information security control and risk assessments. Proven track record of assessing internal/external security vulnerabilities of information systems across broad ranges of business functions using knowledge and practice of HIPAA Act.
Overview
5
5
years of professional experience
1
1
Certification
Work History
IT Auditor
Pricewaterhouse Cooper PwC
Washington- DC
07.2022 - 04.2024
- Performing audits using COBIT, COSO, PCI DSS, SSAE 18, HIPAA SOX and cyber security Frameworks
- Review IT policies, procedures, directives, and guidelines to ensure compliance with NIST 800-53 and FISMA guidelines
- Working with the Engagement Team to identify and resolve client issues discovered during Audit and Review Process
- Assisting in developing new controls to be tested in SSAE18 & SOX Audits and built a good foundation of client operations and what controls are necessary to evaluate based on size and type of business client
- Performing audit with IT General Controls (ITGC) such as Access Control, Change Management, IT Operations, Disaster Recovery and Platform Reviews (Windows and UNIX OS)
- Participated in audit process, including planning,reporting and follow-up, walkthrough and detailed testing of contros to determine if controls are properly designed and operating effectively
- Analyzing the adequacy of the security and processing controls as they relate to each audit, and the effectiveness of general computer controls in effect in the IT environment
- Conducted SOX annual testing in line with control requirements and the execution of various IT key control test
- Serving as the principal advisor to the Information System Owner and Authorizing Official on all matters involving security of the information systems
- Tested SOX applications control compliance to make sure controls are in place and operating effectively
- Tested and documented key SOX and IT General controls leveraging a defined process compliance monitoring process
- Demonstrated an understanding of the client’s environment and assessed the adequacy of the application security, application configuration and business process control.
Risk Management Specialist
Longview Technology Solutions
Herndon, MD
05.2019 - 05.2022
- Supervised internal risk management projects and monitored the Risk Assessment platform to ensure effective risk management practices across the organization
- Conducted third-party risk assessments using industry standards such as ISO 27001/27002, SOC 2 Type II, and other relevant frameworks to identify potential security risks in line with the company's policies and compliance activities
- Utilized NIST CSF, NIST 800-53, NIST 800-37 to perform thorough risk and control assessments for high-risk third-party service providers, verifying the adequacy of their control systems
- Develop and maintain risk assessment methodologies, tools, and frameworks
- Work with stakeholders to understand their security needs and requirements
- Collaborate with cross-functional teams to identify and prioritize risks, define risk mitigation strategies, and track progress towards implementation.
Education
Bachelor of Arts - Industrial and Organizational Psychology
University at Albany
05.2016
Skills
- Excellent communication and interpersonal skills combined with the ability to interact effectively with management at all levels across the organization
- Demonstrates a high regard for punctuality and good time management skills, including performing assigned work within allocated budgets
- Demonstrates an ability to coordinate validation of multiple audit findings and effectively combine/synthesize issues into final audit reports
- High level of self-confidence, strong people and client management skills and demonstrates leadership ability
- Data Security /Documentation and reporting/ Cross-Functional Collaboration/ Vulnerability Management
Certification
- CompTIA Security+, 09/2021, Present
- Google Project Management, 09/2021, Present
- CISA Certification, In Progress
Softwarehardwareskills
- Proficient in Windows XP/7/8/8.1/10, Vista, XP.
- Windows Administrative tools; remote desktop and help-desk management software.
- Microsoft Word, Excel, Excel, PowerPoint, SharePoint.
- Troubleshooting desktops, laptops, mobile devices, printers, and scanners.
- Aura/ Astro / Alteryx
Timeline
IT Auditor
Pricewaterhouse Cooper PwC
07.2022 - 04.2024
Risk Management Specialist
Longview Technology Solutions
05.2019 - 05.2022
Bachelor of Arts - Industrial and Organizational Psychology
University at Albany