mary agyeman
Fredericksburg,PA
Summary
An IT Audit professional and a Medical Practitioner with over 10 years of progressive experience specializing in HIPAA, PCI DSS and SOX compliance within the healthcare and financial industries. Adept at developing and executing comprehensive IT audit plans to evaluate the adequacy and effectiveness of IT controls. Demonstrated expertise in identifying and documenting control deficiencies, recommending corrective action plans, and overseeing the implementation of key initiatives to enhance IT control frameworks. Recognized for exceptional interpersonal, communication, and presentation skills, alongside a proven ability to engage cross-disciplinary teams. Extraordinary critical thinker and problem solver with a strong focus on KPIs, ensuring robust and compliant IT environments.
Overview
2025
2025
years of professional experience
1
1
Certification
Work History
Sr. IT Auditor
Macedonia Associates International
Manassas, VA
01.2023 - Current
- Lead and conduct comprehensive IT audits to ensure compliance with HIPAA and PCI- DSS regulations
- Develop and execute risk-based audit plans that address HIPAA and PCI compliance requirements
- Evaluate IT systems and processes to identify potential security risks and ensure the protection of sensitive health and payment card information
- Assess the effectiveness of existing IT controls and recommend improvements to mitigate risks and enhance security
- Conduct detailed reviews of access controls, encryption methods, and data storage practices to ensure HIPAA and PCI compliance
- Collaborate with IT and security teams to develop and implement corrective action plans for identified control deficiencies
- Monitor and report on the implementation of remediation efforts to ensure timely and effective resolution of compliance issues
- Prepare and present audit findings and recommendations to senior management and stakeholders, highlighting areas of concern and improvement
- Stay current with changes in HIPAA and PCI regulations and update audit programs accordingly to ensure ongoing compliance
- Perform regular audits of vendor systems and processes to ensure third-party compliance with HIPAA and PCI requirements
- Conduct training and awareness programs for staff on HIPAA and PCI compliance best practices
- Assist in the development and maintenance of IT security policies and procedures in alignment with HIPAA and PCI standards
- Participate in incident response activities, providing expertise in the identification and mitigation of security breaches
- Review and assess the security of electronic health records (EHR) systems and payment processing systems for compliance with HIPAA and PCI standards
- Collaborate with internal and external auditors, providing necessary documentation and support for audit activities related to HIPAA and PCI compliance
DATA ENTRY CLERK
EAM-USA
- 05.2023
- COLLECT DATA FROM CLIENTS AND CUSTOMERS, INPUT IT INTO THE DATABASE, AND VERIFY ITS ACCURACY
- ORGANIZE DATA IN SPREADSHEETS AND DIGITAL AND PAPER FILES
- UPDATE AND MAINTAIN THE DATABASE, AND PERFORM REGULAR BACKUPS
- GENERATE REPORTS FROM THE DATA, AND STORE THE OUTPUTS IN THE DATABASE
- ENSURE DATA SECURITY AND CONFIDENTIALITY
- RETRIEVE DATA AS REQUESTED, AND PROVIDE IT TO TEAM MEMBERS
IT Audit Analyst
Inova Health System
Falls Church, VA
09.2022 - 12.2022
- Assist in the planning and execution of IT audits to ensure compliance with HIPAA regulations
- Evaluate IT systems and processes to identify potential security risks related to protected health information (PHI)
- Assess the effectiveness of IT controls designed to protect PHI and recommend improvements where necessary
- Perform detailed reviews of access controls, encryption methods, and data storage practices to ensure HIPAA compliance
- Document and report audit findings, including control deficiencies and compliance issues, to senior auditors and management
- Assist in the development and implementation of corrective action plans to address identified control deficiencies
- Monitor the progress of remediation efforts to ensure timely and effective resolution of compliance issues
- Conduct regular audits of electronic health records (EHR) systems to ensure they meet HIPAA standards
- Participated in the evaluation of third-party vendors' compliance with HIPAA requirements
- Assist in the development and maintenance of IT security policies and procedures in alignment with HIPAA standards
- Collaborate with IT and security teams to ensure that new systems and processes are designed with HIPAA compliance in mind
- Stay current with changes in HIPAA regulations and update audit programs accordingly
- Provide support during internal and external audits, supplying necessary documentation and information
- Conduct training sessions to raise awareness among staff about HIPAA compliance best practices
- Participated in incident response activities, providing expertise in the identification and mitigation of security breaches involving PHI
Chief Executive Officer (CEO)
Ropheka Hospital and Ropheka foundation
Accra-Ghana
07.2018 - 09.2022
- Medical practitioner in charge, specializing in alternative holistic medicine with a focus on autoimmune diseases, chronic diseases related to the liver, heart, kidney, fibroid, and infertility
- Evaluated, designed, and implemented Electronic Medical Health Record (EHRM) applications, enhancing the operating effectiveness of IT controls within the clinic
- Identified and documented over 130 control deficiencies regarding patient prescriptions and developed corrective action plans to address them
- Monitored the implementation of corrective action plans, ensuring that all deficiencies were addressed within the agreed-upon timeline, resulting in a 50% improvement in the overall effectiveness of IT controls
- Developed and executed an audit program to assess the adequacy of IT security regarding patient registration, identifying and documenting over 1000 security control deficiencies in insurance payment processes, and recommended corrective action plans
- Conducted regular risk assessments to identify vulnerabilities and ensure compliance with HIPAA regulations
- Collaborated with multidisciplinary teams to develop and enforce IT security policies and procedures in alignment with HIPAA standards
- Provided training and support to clinic staff on HIPAA compliance and best practices for handling PHI
- Coordinated with external auditors and regulatory bodies to ensure continuous compliance and address any audit findings promptly
- Reviewed and enhanced data encryption and access control mechanisms to safeguard sensitive patient information
- Oversaw the integration of new IT systems, ensuring they met all regulatory requirements and improved operational efficiency
- Conducted periodic reviews of third-party vendor systems to ensure their compliance with HIPAA and clinic standards
- Prepared detailed audit reports and presented findings to senior management, providing actionable recommendations to enhance IT controls
- Implemented continuous monitoring systems to track compliance status and detect any deviations promptly
- Assisted in incident response planning and execution, focusing on minimizing the impact of data breaches and ensuring rapid recovery
Education
MD. Medicine -
National University of Singapore (NUS)
Bachelor of Science - Biology and Biochemistry
University of Ghana
IT AUDITOR AND DATA ENTRY -
SLAMM TECHNOLOGIES (USA)
UK-Strategic Management -
Institute of Commercial Management (ICM)
Skills
- IT risk assessment IT control evaluation IT security control assessment Audit planning and execution Corrective action plan development IT process evaluation Risk mitigation strategy development Control deficiency identification and documentation IT audit program development Monitoring and tracking of corrective actions IT compliance and regulatory knowledge Data analysis and interpretation Cybersecurity best practices Project management Communication and reporting skills Critical thinking and problem-solving Attention to detail Time management and prioritization Team collaboration and leadership Medical practitioner expertise
Certification
- Certified Information Systems Auditor (CISA) Pending
- Certified Internal Auditor (CIA) Progress
Tools
| ARC Tool | PIEE-EDA | WAWF || Don Tracker | Deficiency Tracking Tool | Microsoft Office Suite (Excel, Word, PowerPoint)
Application Software
AuditBoard | PACTS 360 | Office 365 | Various Financial Reporting Systems || ERP Systems | Compliance and Audit Software
Frameworks
| CAS || GAAP | OMB A-123 | IT PM Framework | IT Control Frameworks | Regulatory Compliance | HIPAA | SOX 404 | PCI | SOC
Timeline
Sr. IT Auditor
Macedonia Associates International
01.2023 - Current
IT Audit Analyst
Inova Health System
09.2022 - 12.2022
Chief Executive Officer (CEO)
Ropheka Hospital and Ropheka foundation
07.2018 - 09.2022
DATA ENTRY CLERK
EAM-USA
- 05.2023
MD. Medicine -
National University of Singapore (NUS)
Bachelor of Science - Biology and Biochemistry
University of Ghana
IT AUDITOR AND DATA ENTRY -
SLAMM TECHNOLOGIES (USA)
UK-Strategic Management -
Institute of Commercial Management (ICM)
Similar Profiles
Paula GilevskaPaula Gilevska
Counselor at Permanent Mission of North Macedonia to OSCE, UN and other International organizations in ViennaCounselor at Permanent Mission of North Macedonia to OSCE, UN and other International organizations in Vienna
Dakadda Tucker-CurryDakadda Tucker-Curry
Volunteer at Macedonia Church of God in ChristVolunteer at Macedonia Church of God in Christ
Thomas KempThomas Kemp
Maintenance Technician at City of MacedoniaMaintenance Technician at City of Macedonia
Emily RentschlerEmily Rentschler
Paramedic at South Central EMSParamedic at South Central EMS
Kevin EmrichKevin Emrich
Warehouse Associate at UTZ Quality FoodsWarehouse Associate at UTZ Quality Foods