JOGO AROGHALU
Houston,TX
Summary
IT Auditor with many years of experience in leading and executing comprehensive IT audits to assess and enhance information technology systems' security, compliance, and effectiveness. Proficient in developing audit plans, conducting risk assessments, and evaluating control environments to identify and mitigate IT-related risks. Adept at interpreting regulatory requirements, including GDPR, HIPAA, SOX, and PCI DSS, and ensuring organizational compliance. Committed to continuous learning and professional development to stay abreast of evolving technologies and regulatory trends in the IT audit field
Overview
8
8
years of professional experience
1
1
Certification
Work History
IT AUDITOR / COMPLIANCE ANALYST
CNRL
05.2022 - Current
- Reviewed control descriptions, process narratives and testing strategies for reasonableness and accuracy
- Make recommendations and implement updates to Documentation
- Identified internal control weaknesses and recommended remediation to strengthen control environment
- Provided guidance to the member of Businesses and IT on implementation of ITGC and provide suggestions on how to improve their ITGCs
- Performed fieldwork in accordance with the approved IT audit program
- This will generally include documentation of the system, identification and testing of internal controls (general computer controls, application controls, user access, etc.), analytical review, and substantive testing
- Assist in the evaluation of IT control design and participate in the planning, execution, documentation, and communication of all IT general controls related to SOX compliance
- Conduct and supervise all aspects of the end-to-end IT audit process to include engagement planning, coordination, scope determination, risk and control identification, design of audit program procedures, testing, and evaluation and analysis of results
- Implementation and testing of internal controls over financial reporting: Sarbanes Oxley Act (SOX), performs walkthrough of controls and evaluates operating effectiveness of controls
- Evaluated IT general controls (ITGC) including information security, change management, and systems development life cycle (SDLC)
- Partnered with different key internal and external stakeholders in identifying, assessing, and documenting IT processes, risks and controls.
GOVERNANCE RISK AND COMPLIANCE ANALYST
CN Rail
02.2018 - 03.2022
- Lead and execute the review, testing and validation of SOC 2 controls based on the TSC
- Collaborate with stakeholders and Internal Audit to review test procedures, evidence, and artifacts that support SOC 2, ISO27001 controls, including process improvements for audibility.
- Effectively communicate SOC 2 Objectives, control effectiveness and test procedures to control owners, and internal and external auditors
- Establish and maintain policies, procedures, and controls to mitigate risks and ensure compliance with applicable laws, regulations, and standards.
- Perform risk assessment and third part risk management to meet organization standard.
- Conducting various audit engagements simultaneously with numerous engagement team members per audit, including assisting with planning, execution and scheduling staff.
- Perform weekly, monthly, quarterly, and yearly audits of the system regarding access, evidence, ticketing, logs etc
- Initiate and assist with semi-annual and annual user access reviews, collecting evidence of necessary approvals to verify access levels are provided appropriately
- Implement workflows to gather audit evidence and artifacts from control owners using GRC tools like RSA Acher
- Perform quarterly risk register reviews and manage and monitor remediation and exceptions of cyber security risks
- Provide advisory on cybersecurity training and awareness programs for clients.
- Collaborates with IT resources and key stakeholders from other business units to identify and assess cybersecurity and compliance risks
- Conducting independent risk-based IT and cyber security audits to assess the adequacy and effectiveness of internal controls, the reliability and integrity of the client’s business and IT systems.
- Lead the development and implementation of risk mitigation strategies and action plans in collaboration with key stakeholders.
IT Risk & Compliance Analyst
Pembina Corporation
02.2016 - 03.2018
- Assisted in development and implementation of IT compliance standards regulations, guidelines, policies, and business tools across commercial lines of business of operations
- Ensured business adherence to compliance regulations by identifying gaps in business processes, recommending remediation, monitoring line of business compliance, and working collaboratively with the Commercial, Retail and Card lines of business in identifying opportunities to reduce risks, strengthen controls and improve business performance
- Evaluated/interpreted SOX IT Audit and provided guidance to process and control owners on the objective / intent of the requirements
- Work with both External and Internal Audit to ensure compliance with policies, International Accounting Standards and ITCG security protocols Assist management with SOD issues including monitoring and reporting
- Performed risk assessments, identified IT controls for significant processes, developed test procedures for SOX readiness.
Education
MBA - Information Technology Project Management
California State University
05.2025
Bachelor of Science - Management Science
University of Northern British Columbia
12.2014
Skills
- Third-Party Risk Management
- PCI-DSS Implementation and gap remediation
- SOC 1 & 2 audit gap assessment
- Advanced Technical Proficiency
- Policy review development
- Risk assessment on application, infrastructure etc
- Threat risk assessment
- Control testing, implementation, monitoring
- Communication Stakeholder management
- Project Management
Certification
- Certified Information Systems Auditor - CISA
- Comptia Security+
Timeline
IT AUDITOR / COMPLIANCE ANALYST
CNRL
05.2022 - Current
GOVERNANCE RISK AND COMPLIANCE ANALYST
CN Rail
02.2018 - 03.2022
IT Risk & Compliance Analyst
Pembina Corporation
02.2016 - 03.2018
MBA - Information Technology Project Management
California State University
Bachelor of Science - Management Science
University of Northern British Columbia