Iheanyichukwu Paul
IT Auditor Risk Analyst
Rochester,MN
Summary
A Risk and IT audit Consultant, a bright self-starter with strong written and verbal communication skills. Flexible with high attention to detail, able to work individually or as part of a team and thrives in fast-paced and challenging environments. I have a strong expertise in risk assessment, information security advisory roles, governance, risk and compliance and security assessments. I also have experience in risk control self assessment (RCSA), customer risk assessments, data loss prevention, policy design, policy implementation, ITGC testing, Application Control, Gap analysis, SAP testing, policy review around internal and external security controls, and Risk mitigation and assurance.
Overview
9
9
years of professional experience
1
1
Certification
Work History
IT Risk analyst
Imagine Integrated Systems
08.2019 - Current
- Evaluated the IT Security risk management and associated risk exposures
- Helped clients to understand requirements and ensure the implementation of a risk based approach to control testing and effectiveness of required IT controls
- Ensured business adherence to compliance regulations by identifying gaps in business processes, recommending remediation, monitoring line of business compliance, and working collaboratively with the Commercial, Retail and Card lines of business in identifying opportunities to reduce risks, strengthen controls and improve business performance
- Served as a member of a team tasked to ensure the effective execution of periodic risk assessments and drive integration of remediation efforts with the risk management process
- Lead the cyber security compliance program and conducted security audits to identify vulnerabilities
- Helped in tracking trends, gaps, exceptions, and mitigation plans as they relate to third-party risks to ensure timely resolution
- Conducted research into a 3rd party vendor risk management to understand the risk involved in doing business with them
- Served as a team member tasked with implementing and operating Governance Risk and Compliance (GRC) tools to efficiently support and automate our risk management processes
- Participated in the setting up and implementation of a third-party risk management program
- Performed Sarbanes-Oxley (SOX) and Service Organization Control (SOC I, II & III testing), reviewed SSAE 18, Review SOC 1 type 2, employing COBIT and COSO frameworks.
IT Auditor
VIP Logistics
01.2016 - 07.2018
- Oversaw all aspects of Information Systems, data availability, integrity, authentication, confidentiality, and non-repudiation
- Implemented processes and controls with respect to information security
- Documented security breaches and assessed the damage they may cause
- Assisted with the performance of internal control testing in accordance with Sarbanes-Oxley Section 404 and/or COSO guidance
- Evaluated organizations’ readiness in case of business interruption and reported to executive leadership
- Develop security risk metrics wherever possible and identify issues that possibly put my organization at risk
- Documented results of security risk analyses and presented them as necessary
- Completed audit work by interviewing personnel to document process flows, define audit scope, objectives and testing procedures and completed audit programs
- Contributed to developing, documenting, and maintaining information security policies, procedures, and standards
- Initiated, facilitated, and promoted activities to create organization information security awareness
- Responsible for security event log collection and review, monitoring, intrusion detection, and information security incident response
- Participated in enterprise-wide annual risk assessment to develop the Audit Plan, and execute the audit work program
- Conducted pre- and post-implementation audits to ensure adequate controls are implemented in the system and determine that the seven phases of the System Development Life Cycle (SDLC) are adhered to.
Systems Analyst
Kegoy Consulting
04.2014 - 12.2015
- Recommended improvements in security systems and procedures
- Performed risk analyses to identify appropriate security countermeasures
- Developed plans to safeguard computer files against modification, destruction, or disclosure
- Monitored the use of data files and regulated access to protect secure information
- Reviewed violations of computer security procedures and developed mitigation plans
- Established compatibility with third-party software products by developing programs for modification and integration
- Aligned office departments and increased inter-department communication and data sharing.
Education
Masters - health administration
Ohio University
08.2022
BSc. - International Law and Diplomacy
Babcock University
06.2008
Skills
- Managing security breaches
- Data management
- Conflict resolution
- Team building
- Critical thinking
- Protecting networks
- Strong verbal communication
- MS Office Suite
- Strong knowledge of risk management and audit methodologies: COBIT, PCI DSS, FFIEC, COSO, SOX, SOC2, NIST RMF, HIPAA and ISO standards
- Strong knowledge of IT control framework, Operating Systems Security, web security, information security standards and baselines
- Risk assessment, incidence disaster recovery, control selection and business continuity planning skills Organized and methodical with good time management, prioritization, and planning
- Enthusiastic, highly motivated, flexible, and adaptable individual
- Understands the use and workings of information security framework programs and regulatory/compliance programs, such as ISO 27001,2,3, SOC 1&2, SOX,COBIT,FISMA, FedRAMP and HIPAA
- A committed team player, able to motivate and inspire others and lead a cohesive team
- Proficient in the use of GRC tools such as, Archer, ServiceNow, and MetricStream
- Mobile Banking, Human Resources, Inventory
- Windows 95/2000/XP/7/8/10/Server 2012/Server 2016, Linux, Mac, Unix,SAAS, PAAS
- MS Office Suite, Adobe PDF reader, Snipping tools, Archiver, Notepad, Power point, Excel, Outlook
- Mozilla Firefox, Internet Explorer, Google Chrome, Microsoft Edge, Safari
- COBIT, ISO 27000 series, NIST 800-53, PCI DSS, FFIEC, SOX, HIPAA, PCI DSS
- IT Audit tools
- Sap Audit Management, Audit Board, Hyperproof, IT Change management, IT Operations, IT general controls, IT Standards, QualysGuard,Dynamic application security testing (DAST),Interactive application security testing (IAST)
- Reporting and documentation
Accomplishments
- Served as a team member in the change management team to migrate from a legacy system to a newer version
- Designed and implemented a user awareness program that has made a significant impact in improving information security culture across the entire organization
- Collaborated with a team with members from different functions to develop and execute an Incident Response Plan for outages, failed and compromised systems, etc.
Certification
- CISA, CRISC, CSM
- CISA - Certified Information Systems Auditor
Timeline
IT Risk analyst
Imagine Integrated Systems
08.2019 - Current
IT Auditor
VIP Logistics
01.2016 - 07.2018
Systems Analyst
Kegoy Consulting
04.2014 - 12.2015
Masters - health administration
Ohio University
BSc. - International Law and Diplomacy
Babcock University
Similar Profiles
Ravi ChauhanRavi Chauhan
Sales Manager at Imagine Tresor Systems Pvt. LtdSales Manager at Imagine Tresor Systems Pvt. Ltd
Rushiraj JaniRushiraj Jani
Deputy Manager-Branch Head (Service & projects) at Elcome Integrated Systems Pvt LtdDeputy Manager-Branch Head (Service & projects) at Elcome Integrated Systems Pvt Ltd
Jason TellingJason Telling
Systems Engineer II at Dakkota Integrated Systems LLCSystems Engineer II at Dakkota Integrated Systems LLC
Shariihan AbdullahiShariihan Abdullahi
Supplemental Staff Nurse Tech at RX Team Home Health CareSupplemental Staff Nurse Tech at RX Team Home Health Care
Scott CampbellScott Campbell
General Manager at The Somerby Golf ClubGeneral Manager at The Somerby Golf Club