Uchechukwu Nzenwata
Rosharon,TX
Summary
Experienced Senior Cyber Security/Risk/Governance/Compliance Analyst, IT General Controls, AML controls, and manual/automatic controls specializing in ensuring accuracy and completeness in ITGC risk control assessments. Proven skill in Sarbanes-Oxley (SOX) compliance, IT controls management, and audit methodologies. Adept at identifying control deficiencies, developing solutions, and ensuring compliance with regulatory requirements. Strong analytical, organizational, and communication skills, with a track record of managing multiple audit projects and collaborating effectively with cross-functional teams.
Overview
14
14
years of professional experience
1
1
Certification
Work History
Senior IT Auditor
PayPal
08.2023 - Current
- Led the execution of SOX compliance audits, including IT General Controls (ITGC) and application controls.
- Conducted IT control assessments and ensured compliance with Sarbanes-Oxley (SOX) requirements.
- Performed detailed risk assessments, identifying and prioritizing risks based on potential impacts.
- Performed SOC 1 and SOC 2 risk review on new vendors and existing customers.
- Reviewed tickets for policy update and incident management request via SNOW (Service Now)
- Ensured effective Mapping of controls and testing of control design effectiveness.
- Assisted in implementing processes such as governance, risk, and compliance to automate and continuously monitor IT controls, exceptions, testing and risk.
- Assisted in gathering evidence for testing by integrating the gap between the control owner and external auditors.
- Performed walk-through and test of controls to assess design effectiveness of SOX ITGC controls, document design gap analysis and provide recommendations on remediation to audit clients.
- Report engagement status and results, both verbally and in writing, to management
- Provide overall direction and strategy to the senior leadership team in the project management of overall responsibilities across multiple IT Global Risk Compliance (GRC) initiatives / Software Development Life Cycle with Agile frameworks and Third-Party Risk Management (TPRM) regulatory compliance requirements.
- Demonstrate the ability to quickly grasp concepts and practice active listening.
- Reviewed SailPoint and ServiceNow tickets for proper testing to ensure compliance and accuracy.
- Capable of creating reports and dashboards in ServiceNow to visualize key metrics, track performance, and make data-driven decisions to enhance IT and business operations.
- Worked on Single Sign-On (SSO) and Sailpoint Identity IQ custom and out-of-the-box workflows in Sailpoint.
- Internal audit work with LOB risk delegates regarding security and remediation gaps, as well as collaborating with the 2nd Line of Defense.
IT Auditor / Risk Analyst
Comerica Bank
03.2022 - 08.2023
- Collaborated with stakeholders to communicate audit findings and recommendations, facilitating prompt resolution of issues.
- Managed multiple audit projects simultaneously, from planning and execution to reporting and follow-up.
- Implemented continuous improvement initiatives to enhance audit processes and increase efficiency.
- Performed SOX ITGC testing (Password configurations, UAR and Change Management) across various applications in scope within the organization and documented any identified deficiencies.
- Lead a team and worked closely with External and Internal Auditors for risk validation, mitigation, and vendor management.
- Tracked and Supervised team project performance.
- Tested, reviewed, and documented internal controls related to the IT environment to ensure compliance with SOX requirements.
- Conducted case review in guidance with compliance procedures.
- Conducted investigations on Risk based criteria and wrote reports for management purposes.
- Developed query strategies to ensure effective case review.
- Ensured adequate assessment and analysis of Risk in identifying key components for risk mitigation.
- Ensured adequate feedback to client and conducted team follow-up to meet review deadline.
- Implemented COBIT framework to align IT strategies with business objectives and improve IT governance practices.
- Skilled in extending ServiceNow capabilities beyond IT to other departments such as human resources, facilities, and finance, to streamline and automate various business processes.ai
- Conducted assessments using COBIT maturity model to identify gaps and areas for improvement in IT governance and management processes.
- Performing annual SOX IT Control scoping and risk assessment, walkthroughs, and testing of controls for SOX ITGC controls, and working on Tableau and SailPoint IQ for user access management.
- Conducting fair risk assessments for business vendors, including risk identification, information gathering, severity assessment, risk prioritization, mitigation strategy development, and continuous risk monitoring.
- Performing Internal Audit risk assessment, IPE testing, and SOX ITGC testing across various applications.
- Strong attention to detail for thorough reviews of issues and control tests and providing support for Enterprise Risk Management's programs.
- Established IT governance structures and committees based on COBIT guidelines to enhance decision- making and accountability.
- Expertise in Operational Risk Management, Business Process Mapping, LOBs, Line of Defense (2LOD), and GRC tools such as Archer and ServiceNow.
- Reviewed technology proposals and status reports, addressing company challenges.
- Conducting issues management and providing 2nd Line defense on Issues Management and Control Testing Results.
- Participating in global risk privacy compliance and IT security projects for implementing GRC requirements in Archer with scaled Agile project methodologies.
- Reviewing information systems for compliance with the company's business strategy and developing standard operating procedures for IT systems for corporate governance compliance.
IT Auditor / Risk Governance & Compliance
Texas Bank & Trust
02.2019 - 02.2022
- Identified control deficiencies and provided control matter recommendations.
- Ensured completeness and accuracy in design and performance of Internal controls and control users.
- Reviewed composition of Password to ensure it consist of “Alpha numeric” to maintain Password strength regarding automation testing.
- Ensured timely task completion and performed compliance reviews.
- Conducted scoping and risk assessment to identify applications, systems, and processes for annual control testing.
- Conducted walkthroughs and tested controls to evaluate the design effectiveness of SOX ITGC controls, documented design gaps, and provided remediation recommendations to audit clients.
- Conducted IPE testing for various evidence relied on for executing SOX ITGC Controls to provide independent assurance on the completeness and accuracy of the evidence or population used in performing a control.
- Proficient in creating interactive and visually appealing dashboards in Tableau to communicate complex data insights to stakeholders.
- Engaged with Senior Managers, Lines of Businesses, and other departments to maintain AML Standards and regulatory compliance.
- Enforced compliance with the code of Ethics, AML, BSA, information security, and suspicious activity reporting policies and protocols.
- Established and managed Anti-Money Laundering (AML) controls, aligning with regulatory standards and best practices.
- Worked on special projects addressing emerging AML risk typologies and provided input for SOP development.
- Developed a reputation for dependability and a goal-oriented approach in handling AML investigations.
- Collaborated across teams to improve AML monitoring systems and procedures.
- Identified segregation of duties issues and internal control weaknesses for numerous clients in various industries, including manufacturing, financial institutions, online brokerage, and retail.
- Analyzed and granted access rights for audits, risk and compliance assessments, and audit responses using Archer.
- Reviewed Technology Infrastructure and several controls aligned with each process.
- Used Archer to generate control reports and assign adequate risk.
- Performed SOX ITGC testing (Computer Operations, Logical Security, and Change Management) across various applications in scope within the organization and documented any identified deficiencies.
- Determined the impact of service organization control gaps on the company's SOX compliance and mapped user consideration controls (UCC) to the test of controls performed by the front line.
- Ensuring accuracy and completeness of audit coverage.
- Ensured adequate Testing of accuracy and completeness of IPE’s on ITGC user access reviews.
- Evaluating and validating evidence from PowerBI, Service now and Audit Board to ensure all controls being tested are adequate and properly validated.
- Engaging with IT department and external auditors during SOX testing.
AML/EDI Analyst / IT Control Tester
Fast-Track BidFta
04.2016 - 01.2019
- Implemented and maintained Anti-Money Laundering (AML) controls in accordance with regulatory requirements and industry best practices.
- Collaborated with cross-functional teams to enhance AML monitoring systems and processes.
- Assist in all aspects of Audits including risk assessments, audit planning, audit testing, control evaluation, report drafting and follow-up of verification of issue closure.
- Ensuring accuracy and completeness of audit coverage.
- Ensured adequate Testing of accuracy and completeness of ITGC user access reviews.
- Evaluating and validating evidence from PowerBI, Service now and Audit Board to ensure all controls being tested are adequate and properly validated.
- Ensuring user access is validated by appropriate management and changes made are approved by the appropriate users.
- Engaging with IT department and external auditors during SOX testing.
- Managed IT Compliance Risk & controls matrix and reviews existing IT compliance controls for regulatory updates and perform the necessary gap analysis.
- Reviewing various ITGC controls, ensuring proper documentation and assisted in retrieving evidence from SNOW for proper validation.
- Conducted ITGC assessments in accordance with regulatory requirements (e.g., Sarbanes-Oxley Act) to ensure compliance and mitigate risks and assess client risk management to identify vulnerabilities in third- party vendors and mitigate associated risks. My responsibilities include collaborating with third parties to reduce open third-party assessment gaps.
- Conducting ERM and security risk assessments on Azure cloud platforms and providing recommendations for gap areas.
- Strong understanding of ITGC frameworks, including COBIT and NIST, to guide audit activities.
- Demonstrated ability to communicate audit findings and recommendations to stakeholders.
- Experience in collaborating with IT teams to implement control improvements and remediate issues.
- Proven track record of ensuring the integrity, confidentiality, and availability of information systems through effective ITGC auditing.
- Implemented and managed EDI systems, ensuring seamless data exchange between trading partners and internal business applications.
- Developed and maintained EDI maps to translate business documents into EDI standard formats.
- Established and maintained relationships with trading partners, managing EDI communications and troubleshooting issues.
IT Auditor and Risk Analyst
Guaranty Trust Bank
01.2011 - 03.2016
- Conducting analysis of Suspicious Activity Reporting (SAR) and investigations involving high-risk customers.
- Reviewing various ITGC controls, ensuring proper documentation and assisted in retrieving evidence from ServiceNow for proper validation.
- Conducted ITGC assessments in accordance with regulatory requirements (e.g., Sarbanes-Oxley Act) to ensure compliance and mitigate risks.
- Developed and maintained documentation for ITGC processes, controls, and testing procedures.
- Lead the development and implementation of risk governance frameworks, ensuring alignment with national regulatory standards and industry best practices.
- Conduct comprehensive risk assessments across the organization’s operations, identifying key vulnerabilities and recommending mitigation strategies to senior management.
- Oversee the compliance program, ensuring adherence to SOX, GDPR.
- Coordinate and execute internal audits, analyzing findings to develop corrective action plans and improve internal controls.
- Collaborate with cross-functional teams to design and implement policies that enhance operational efficiency while mitigating potential risks.
- Develop and deliver risk awareness training programs, fostering a culture of compliance and proactive risk management throughout the organization.
- Lead the creation of business continuity plans to ensure the resilience of critical energy delivery operations in the event of disruptions.
- Prepare and present detailed risk and compliance reports to executive leadership and regulatory bodies, ensuring transparency and accountability.
- Prepared risk and compliance documentation, including audit reports, risk registers, and policy updates, for review by senior management.
Education
M.sc - Information Technology
University of Lagos
06.2014
B.sc - Public Administration
Ebonyi State University
09.2010
Skills
- IT Auditing (Advanced), SQL Databases, Transaction Monitoring, IT General Controls (ITGC), Multitasking, Risk analyzing, AuditBoard, AZURE, Sarbanes-Oxley Act, Python, Audit Command Language (ACL), COBIT, NIST, SAP HANA, PowerBI, SNOW Manual and Automated Controls
- Audit: (SOX Act) - Experience with audit reporting plus demonstrated accuracy in internal and external auditing
- Teamwork: Ability to operate effectively in a team setting/independently in a fast-paced/rapidly changing environment
- Critical Thinking: Strong organizational, problem-solving, multi-tasking, and time-management skills
- Communication: Able to learn and teach others, strong interpersonal skills and excellent interaction with customers
- Microsoft Office: Advanced user of MS Word, Excel and PowerPoint
Certification
- Certified information system Auditor- (CISA) .5
- Certified Scrum Master (CSM).5
Timeline
Senior IT Auditor
PayPal
08.2023 - Current
IT Auditor / Risk Analyst
Comerica Bank
03.2022 - 08.2023
IT Auditor / Risk Governance & Compliance
Texas Bank & Trust
02.2019 - 02.2022
AML/EDI Analyst / IT Control Tester
Fast-Track BidFta
04.2016 - 01.2019
IT Auditor and Risk Analyst
Guaranty Trust Bank
01.2011 - 03.2016
B.sc - Public Administration
Ebonyi State University
M.sc - Information Technology
University of Lagos
Similar Profiles
Amanda BennettAmanda Bennett
Global Security Operations Center Analyst at PayPalGlobal Security Operations Center Analyst at PayPal
REBECA REYNAREBECA REYNA
Senior Operations Supervisor at PayPalSenior Operations Supervisor at PayPal
Venkatesh MaligireddyVenkatesh Maligireddy
Member of Technical Staff 2 at PayPalMember of Technical Staff 2 at PayPal
DYLAN BROOKSDYLAN BROOKS
LEAK REPAIR MECHANICAL TECH at Industrial Specialty ServicesLEAK REPAIR MECHANICAL TECH at Industrial Specialty Services
Jansen BurgosJansen Burgos
Level III Technician at Industrial Thermal Services, LLCLevel III Technician at Industrial Thermal Services, LLC