Summary
Overview
Work History
Education
Skills
Certification
Timeline
Education and Training
Generic

TAIWO SALAKO .O

Irving,TX

Summary

Experienced IT Auditor with over 6 years of specialized expertise in IT General Controls (ITGC), IT Application Controls (ITAC), and User Access Review (UAR) campaign management within highly regulated banking and telecom environments. Adept at driving risk and compliance initiatives, leveraging advanced Excel automation to optimize control testing and strengthen risk mitigation. Proven success in aligning audit strategies with industry standards and regulatory frameworks including SOX 404, NIST, COBIT, and ISO 27001. Highly analytical and process-driven, with a strong command of IT testing methodologies and a keen eye for identifying control gaps. Recognized for clear communication, stakeholder engagement, and the ability to build trust across technical and non-technical teams.

Overview

8
8
years of professional experience
1
1
Certification

Work History

Group/Identity Governance Administrator [Entra ID]

T-Mobile
01.2025 - Current


  • Initiate and manage access review campaigns for groups, applications, roles, and access packages across Microsoft Entra ID
  • Define review scope and frequency, including multi-stage and recurring access reviews
  • Configure review settings such as reviewers, decision options, and auto-apply policies
  • Monitor review progress and completion status using Entra ID Governance dashboards
  • Analyze review results to identify inappropriate or excessive access rights
  • Apply remediation actions such as removing access, resetting roles, or escalating exceptions
  • Coordinate with business owners and reviewers to ensure timely and accurate responses
  • Generate and distribute audit reports for compliance and internal governance
  • Enforce policy-based access controls aligned with least privilege and zero trust principles
  • Collaborate with IT and security teams to integrate access review outcomes into broader IAM workflows
  • Maintain documentation of review configurations, decisions, and audit trails
  • Stay current with Microsoft Entra ID Governance updates and best practices.
  • Key Achievements:
  • Enabled a successful shift from manual spreadsheet attestations to an automated ,scalable review process , improving efficiency across 400+ groups and applications.
  • Reduced privileged and guest access over-provisioning by 30–50% through targeted, recurring reviews and automation.
  • Improved UAR completion rates to over 95% by deploying stakeholder-specific notification workflows and reviewer accountability measures.

Sr. Analyst, IT Risk & Compliance

T-Mobile
02.2023 - Current


  • Design & Maintain Controls: Develop and maintain controls over IT systems, including access management, change management, and data integrity.
  • Control Testing: Periodically evaluate ITGCs for effectiveness and alignment with frameworks like SOX, COBIT, or NIST.
  • Documentation: Create and update process narratives, flowcharts, and risk/control matrices.
  • Audit Support: Collaborate with internal and external auditors during walkthrough and testing phases.
  • Remediation Management: Identify control gaps, propose remediation plans, and track resolution efforts.
  • Campaign Planning: Schedule and coordinate periodic access reviews across systems and applications.
  • Execution & Monitoring: Ensure timely completion of reviews by stakeholders and escalate overdue tasks.
  • Access Validation: Verify that users have appropriate access based on roles and responsibilities.
  • Reporting: Generate metrics and dashboards to track campaign progress and highlight risks.
  • Automation & Optimization: Identify opportunities to streamline UAR processes using tools or analytics.
  • QA Reviewer – Internal Compliance:
  • Reviewed control documentation and test evidence for accuracy and completeness
  • Validated remediation actions for audit findings and tracked closure status
  • Conducted quality assurance checks on access reviews and control testing within the team.


Sr. Auditor/Internal Auditor.

MoneyGram
05.2020 - 01.2023

UAR Campaign Management Responsibilities Compliance & Audit Responsibilities

  • Campaign Planning & Coordination: Design and schedule periodic access reviews across critical applications and systems.
  • Execution Oversight: Monitor campaign progress, ensure timely completion by reviewers, and escalate delays or issues.
  • Access Validation: Audit user access to confirm alignment with job roles, segregation of duties (SoD), and least privilege principles.
  • Exception Handling: Review and validate access exceptions, ensuring proper documentation and remediation.
  • Tool Utilization: Leverage identity governance platforms (e.g., SailPoint, Saviynt) to automate and streamline access reviews.
  • Control Testing: Evaluate the effectiveness of access controls and UAR processes as part of broader ITGC or ITAC audits.
  • Risk Identification: Identify access-related risks, such as excessive privileges or dormant accounts, and recommend mitigation strategies.
  • Reporting & Documentation: Prepare audit workpapers, findings, and dashboards to communicate campaign outcomes and compliance status.
  • Stakeholder Engagement: Collaborate with IT, HR, and business units to ensure accurate role mapping and access provisioning.

Compliance & Audit Responsibilities Control Testin

CITYBANK
02.2018 - 04.2020

Risk & Compliance Oversight Policy & Procedure Management

  • Risk Identification: Analyze IT systems and operations to detect potential risks—cybersecurity threats, data breaches, or regulatory non-compliance.
  • Control Evaluation: Assess the effectiveness of existing controls and recommend improvements to mitigate risks.
  • Compliance Monitoring: Ensure adherence to frameworks like SOX, NIST, ISO 27001.
  • Audit Support: Assist with internal and external audits by preparing documentation, evidence, and responses to findings.
  • Policy Development: Help draft and maintain IT compliance policies, standards, and procedures.
  • Process Documentation: Create and update process flows, control matrices, and compliance checklists.

Education

Bachelor of Science - Mechanical Engineering

Yaba College Of Technologie Lagos
Lagos, Nigeria
08-2008

Skills

  • Experience with Archer and ServiceNow GRC
  • Excel and Visio expertise
  • Proficient in AWS and Azure
  • Identity governance management
  • SharePoint document management
  • User provisioning in Active Directory
  • SailPoint and Microsoft Entra ID expertise
  • Azure container deployment for cloud-native applications
  • Identity Governance: SailPoint, Microsoft Entra ID, Active Directory
  • Access Control: RBAC, Conditional Access, Privileged Identity Management
  • Compliance Frameworks: SOX, ISO 27001, NIST, COBIT
  • Cloud & Automation: Azure Containers, Aurora, SharePoint WorkflowsPower Shell
  • GRC Platforms: [Specify if applicable—eg, ServiceNow GRC, RSA Archer]
  • Database management expertise
  • Server management: Linux and Windows

Certification

  • Certifications
    Certified Information System Auditor (CISA) Information System Audit and Control
    Association. | October 2022
    ISACA ID 1640258

Timeline

Group/Identity Governance Administrator [Entra ID]

T-Mobile
01.2025 - Current

Sr. Analyst, IT Risk & Compliance

T-Mobile
02.2023 - Current

Sr. Auditor/Internal Auditor.

MoneyGram
05.2020 - 01.2023

Compliance & Audit Responsibilities Control Testin

CITYBANK
02.2018 - 04.2020

Bachelor of Science - Mechanical Engineering

Yaba College Of Technologie Lagos

Education and Training

  • Certifications: CISA (Certified Information Systems Auditor).
  • Certify Developer Associate Certification.