Marwat Lawal, CISA.
Richardson,Texas
Summary
Experienced Senior IT Auditor with strong strategic planning, leadership, and project management abilities with over 7 years of experience. Highly skilled at performing IT General Controls (ITGC), Governance, Risk and Compliance (GRC), and IT Applications control testing with project oversight capabilities. A result-driven individual with excellent interpersonal and communication skills, committed to utilizing COSO and/or COBIT frameworks to ensure compliance and operative effectiveness. Ultra focused on maintaining consistency, quality, and compliance in all areas of internal controls and IT audit.
Overview
8
8
years of professional experience
1
1
Certification
Work History
Senior Compliance Analyst
Crescent Bank
Carrollton, TX
08.2021 - Current
- Working closely with the internal audit and assurance team to plan engagement strategy, define objectives, and address IT controls risks and issues.
- Perform audit responsibilities including: scheduling, planning and participation in audit meetings; participation in scoping discussions; drafting of audit work; design and execution of testing; and completion and review of work papers
- Participate in all phases of internal audits from planning and research, risk assessment, work-paper, to report development and follow-up.
- Conduct testing and perform walk-throughs for test of control design, review evidence obtained to test for operating effectiveness of controls, prepare work papers and report audit findings.
- Develop audit manual for IT operations which incorporate company policies and standards.
- Apply current knowledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement
- Review IT General Controls (ITGC) for infrastructures, applications, databases,operating systems and network
- Report audit findings to members of management and SMEs to make recommendations for correction of weaknesses
- Document tests performed and results to ensure evidences support noted observations, conclusions, and recommendations.
- Manage the audit team of internal auditors and prepare practical action plans to respond to audit discoveries and compliance violations.
IT (SOX) Auditor
T-Mobile
Frisco, TX
11.2018 - 07.2021
- Performed application security assessment on both internal and external applications.
- Designed and tested IT controls for new and existing systems, including logical access, change management, computer operations, system development life cycle (SDLC), and general IT security
- Documented risks associated with internal and external applications.
- Worked with other departments within IT to obtain required evidence, develop test plans, testing procedure for SOX testing and document test results and exceptions.
- Performed analysis on SOC 2 control evidence to ensure all controls have been performed according to requirements.
- Met with process owners and other point of contacts to remediate audit findings/exceptions and as follow up to ensure system and process security.
- Wrote mock audit reports for distribution to management and senior management documenting results of audits.
- Communicated the results of IT audit, systems development projects, and consulting projects via written reports and oral presentations to management, using a risk-based approach
- Performed ITGC Audit to include key controls like Access control (Logical and Physical access control), Change Management control and IT Operation control(job scheduling, backup and recovery), network and Asset management and Documentation.
- Followed up on remediation activities to ensure identified risks are mitigated.
- Participated in system implementation projects as an IT control subject matter expert (SME) and provided guidance to ensure proper IT controls are designed and implemented.
Internal Auditor
NEC Corporation
Irving, TX
10.2017 - 10.2018
- Performed information systems acquisition and implementation reviews to ensure services provided possess efficient internal controls in relation to organizational policies, regulatory requirements and information systems best practices.
- Conducted SOX testing using COSO and COBIT frameworks.
- Performed assessment of internal controls as part of financial statement audits, internal and operational audits, and audit readiness.
- Utilized knowledge of ERP systems (particularly SAP) to access required evidence as stated in audit plan.
- Participated in all stages of audit process from planning and field work, to reporting and follow-up.
- Performed risk analysis and documented risks associated with controls.
- Tested design and operational effectiveness of internal controls by collecting and evaluating evidence and participating in walk-throughs of business processes.
- Discovered inadequate implementation of segregation of duties controls that resulted in mitigation of fraud.
- Performed testing procedures on financial trading systems to determine Segregation of Duties meets industry standards and security procedures.
- Created work papers using completed work.
- Identified and documented control weaknesses and related testing exceptions.
- Prepared and delivered presentations of audit reports, including findings, recommendations as well as remediation plans.
Linux System Administrator
IQor
Richardson, TX
08.2016 - 10.2017
- Supported deployment of Red Hat Enterprise Linux 6 servers for corporate clients
- Managed permissions on files and directories using Access Control Lists
- Configured and provisioned Servers for package Management functions
- Built and configured 120 Virtual Linux Machines using ESXi and vSphere 6 Client
- Managed users and groups in RHEL 6 and 7 enterprise network
- Used Remote Desktop and Virtual Private Network Applications for Server Configuration
- Configured Linux guests in Oracle VirtualBox Manager environment
- Engaged in performance monitoring and capacity planning on Linux Servers
- Managed backup and disaster recovery through strict data control and retention policies, personally handling recovery tasks when issues arose.
- Created and serviced administrator and user accounts on Linux-based systems, managing about 230 deployments.
- Coordinated with project team members to prepare and implement schedules, project plans, and status reports
- Interacted directly with users to diagnose and correct major system issues and address concerns.
Education
Bachelor of Science - Computer & Information Systems Cybersecurity
Dakota State University
Madison, SD2018
Associate of Applied Science - Computer And Information Systems Security
Collin College
Plano, TX2016
Skills
- IT General Controls
- Risk Assessments
- SOX 404 (SOX)
- ISO 27001, COSO, COBIT, PCI-DSS
- SOC reports (SOC 2, Type II)
- Third-Party Risk
- Application Controls Testing
- Change Management
- Log Reviews
- SDLC
- Linux Experience
- Internal Controls Testing
Certification
ISACA-CISA
Certified Information Systems Auditor (CISA)-Active 2023
Timeline
Senior Compliance Analyst
Crescent Bank
08.2021 - Current
IT (SOX) Auditor
T-Mobile
11.2018 - 07.2021
Internal Auditor
NEC Corporation
10.2017 - 10.2018
Linux System Administrator
IQor
08.2016 - 10.2017
Bachelor of Science - Computer & Information Systems Cybersecurity
Dakota State University
Associate of Applied Science - Computer And Information Systems Security
Collin College
Similar Profiles
Shannon RhodesShannon Rhodes
Facilities Administrator at Crescent BankFacilities Administrator at Crescent Bank
Fred WilcotsFred Wilcots
Credit Buyer & Underwriter at Crescent BankCredit Buyer & Underwriter at Crescent Bank
Sheridan McAlpinSheridan McAlpin
Collections Agent at Crescent BankCollections Agent at Crescent Bank
Judaea BouwensJudaea Bouwens
Business Assistant at Heartland DentalBusiness Assistant at Heartland Dental
Uriel ZunigaUriel Zuniga
Used Car Technician at Huffines Kia MckinneyUsed Car Technician at Huffines Kia Mckinney