Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Kossi Ayigah

Minnesota

Summary

Results-driven Senior IT Compliance Analyst at Abbott with expertise in risk assessment and audit management. Successfully led remediation efforts for SOC 2 and ISO 27001 compliance, enhancing policy adherence and control integrity. Proficient in Archer and skilled in cross-functional collaboration, fostering sustainable improvements in compliance documentation and issue remediation.

Overview

9
9
years of professional experience
1
1
Certification

Work History

Senior IT Compliance Analyst

Abbott
Little Canada
02.2025 - Current
  • Coordinate internal and external audit remediation by documenting issues, defining remediation steps, validating fixes, and updating evidence packages within Archer
  • Write detailed remediation validation forms, including issue descriptions, root cause, corrective steps, timelines, and closure criteria
  • Managed high‑volume internal findings across product teams (Merlin, Neuro, MSP platforms), ensuring timely updates and effective communication of status and escalation paths
  • Supported SOC 2 and ISO 27001 audits by gathering evidence and confirming remediation, facilitating communication of closure progress to leadership
  • Identify control gaps, assign issue owners, track timelines, and escalate delays based on severity and audit timelines
  • Improve policy compliance by updating documentation and data location tables to resolve SOC 2 non‑conformances
  • Partner cross‑functionally with developers, system owners, automation teams, HR, and infrastructure to validate fixes and ensure sustainable control improvements
  • Prepared dashboards and reports to summarize remediation progress, adherence to SLAs, and identification of open risks
  • Contribute to ISMS activities and continuous improvement of enterprise ISO controls

Senior Identity and Access Management and Compliance Lead

Blattner Energy
Avon, MN
09.2023 - 12.2024
  • Led access governance and compliance oversight for 20+ enterprise applications, including 9 SOX‑critical systems
  • Directed remediation of IAM-related findings, including terminations, entitlements, and privilege reviews; collaborated with HR and system owners to resolve automation failures
  • Executed quarterly access reviews and partnered with auditors to deliver evidence packages and facilitate walkthroughs
  • Owned full remediation lifecycle from issue creation to owner assignment, documentation, validation and management approval
  • Led privileged access migration from Secret Server to CorPAS while maintaining SOX control integrity
  • Documented issues in Archer including source, ownership, timelines, validation evidence, and closure approvals
  • Managed Code42 investigations and escalated potential exfiltration risks
  • Performed third-party risk assessments using SIG questionnaires and inherent risk scoring, coordinating remediation efforts
  • Delivered the PISUP security awareness program to 10,000+ employees, improving compliance maturity

Financial Auditor

Minnesota Department of Transportation (MnDOT)
St-Paul, Minnesota
05.2017 - 09.2023
  • Performed financial audit to determine transaction accuracy, and integrity, through substantive testing
  • Audited and closed out government contracts, such as railroads, utilities, and consultants
  • Led, supervised, and trained audit teams; allocated responsibilities to associates; and reviewed and approved audit work products
  • Participated in the audit planning, execution, and reporting of audit and review engagements
  • Executed fieldwork by performing audit testing through inquiry and observation, documenting results in working papers.
  • Drafted audit reports with findings and conclusions on the audit performed in accordance with agency procedures
  • Developed accurate and complete audit work papers that adequately support audit observations and document work performed
  • Conducted risk analysis of various contracts (Inherent, Control, Detection risk)
  • Determined whether organizational units in the company are performing their accounting, custodial, or control activities in compliance with management instructions
  • Performed three-way match during inventory audits. Ensured compliance with GAAP and GAGAS (Yellow Book) standards

Education

Bachelor of Science - Accounting

Metropolitan State University- College of Management
St. Paul, MN

Master of Art - Organizational Leadership

University of Northwestern
St. Paul, MN

Skills

  • Risk assessment
  • Audit management
  • Compliance documentation
  • Risk lifecycle management
  • Issue remediation
  • SOC 2
  • ISO 27001
  • FFIEC
  • ServiceNow GRC
  • Archer
  • Qualys
  • Vulnerability management
  • Access governance
  • SIG

Certification

  • Security+ (CompTIA Security+)
  • Certified Information Systems Auditor (CISA)
  • Certified Vulnerability and Penetration Tester (CVPT)
  • Annex A Controls Audit ISO 27001:2022
  • ISO/IEC 27001:2022 Lead Implementer

Timeline

Senior IT Compliance Analyst

Abbott
02.2025 - Current

Senior Identity and Access Management and Compliance Lead

Blattner Energy
09.2023 - 12.2024

Financial Auditor

Minnesota Department of Transportation (MnDOT)
05.2017 - 09.2023

Bachelor of Science - Accounting

Metropolitan State University- College of Management

Master of Art - Organizational Leadership

University of Northwestern
Kossi Ayigah