Uploaded File
Peter
peterfai93@gmail.com
713-340-8354
6214 Presidio Dr
Houston, TX 77053
Senior IT Auditor
10 years experience W2
0
Recommendations
Average rating
67
Profile views
Summary

I am a proactive and skilled Information Technology Audit professional, who over the years have led, as well been part of a successful and productive team in IT Audit, Risk Management, Cyber Security, and IT General Control Implementation, Testing and Documentation. My principal concentration is management and carrying out Information Systems Security Control Assessment and Testing, Cyber Security and Risk Assessment. I have also been involved in other projects ensuring proper security documentation, compliance and regulations are met according to best practices and industry standards. I also possess skills in Network Administration and infrastructure Management.

SKILLS/TOOLS

IT Risk Assessment, IT Control Auditing, Change and Configuration. Management (Testing/Assessment/ Compliance) IT Infrastructure Auditing (OS, Database, Network and Active Directory) IT Operations (Logging and monitoring, Job Scheduling and Backup Recovery) Asset Management, Due Diligence, Security Documentation/Frameworks (ISO 27001, COBIT, PCI-DSS, NIST, ITAF) Vulnerability management (Testing/Assessment) Patch Management, Business Continuity/Disaster Recovery Plan, Incident Prevention and Response documentation; SOX404. SOC, Report writing and Recommendation.

Knowledge of tools like Nessus Vulnerability Scanner, Wireshark, Netstat, Traceroute, Ping, IPS/IDS, MDM Software, DLP Software, SIEM, Archer GRC, Open pages GRC, Risk vision.

PERSONAL SKILLS

Ability to work well with little or no supervision as well in a team. Good Communication, self-motivating and willingness to learn, and strong sense of leadership.

Experience
Senior IT Auditor
Professional/Consulting Services
May 2016 - present
Houston, TX
  • Help clients identify IT risk and ensure control implemented are well designed and are working as intended. This includes the evaluation of efficiency and effectiveness of IT General Controls and application Controls.
  • Review SSAE 16/18SOC1,2,3TYPEII report for financial audit teams for reliance and trust service purposes
  • Participated in IT General controls testing for Sarbanes-Oxley 404 (SOX) compliance Risk governance and Physical Security audit. with lines of Businesses to ensure completion of all aspects of the risk assessment of the third-party vendors.
  • Assist the Team lead in overseeing risk assessment and due diligence processes and ensure they are properly performed in selecting new third parties vendors.
  • Prepare audit report detailing results of audits and provide recommendations for remediation, as well follow up review of corrective action plan.
  • Report on the findings of the executed audits and translate improvement opportunities and necessities into conclusions and advice, in order to provide management and other internal and external stakeholders with insight into the audit outcomes.
  • Performed general computer review to verify compliance with SOX Section 404
  • Proactively interacted with POC to gather evidences, resolve audit problem and made recommendations for business and process improvements, document audit report and submit to Audit Supervisor.
  • Assessing IT Control Elements to mitigate IT risks regarding the Confidentiality, Integrity, and Availability of the business information.
  • Reviewing user policies, job functions, permissions and authorization from time to time to ensure least privilege policy is enforced while utilizing frameworks LIKE COBIT, ITIL, NIST, COSO, ISO 27001 & 27002.
  • Testing and Reviewing Backup and Recovery plan to ensure backup data is truly recoverable in event of an incident or disaster.
  • Testing for Change Management Controls ensuring only appropriately authorized, tested and approved changes are made to applications, databases and OS, also ensuring changes are tested before applying in production environment. Also ensuring no conflict of duties in the process and appropriate documentation is in place.
  • Assist with the development and testing of effective remediation plans for control deficiencies in addition to identifying areas for improvement, and discuss findings and recommendations.
  • Worked with third party application vendors/clients to ensure appropriate security standard and compliance with regulations. Ensured all vendor patches are applied and up to date.
  • Engaging in ongoing communication with cross -functional partners to ensure companywide understanding of IT Goals, soliciting feedback and fostering cooperation.
Auditing Compliance Risk Assessment AFC Testing Information Security Change Management COBIT Process Improvement Sarbanes-Oxley SOX ITIL COSO NIST
Remove Skill
IT Compliance Auditor
Banking/Financial
Jun 2014 - Jul 2016
Washington, DC
  • Ensure compliance with company policies, procedures and other frameworks/guidelines like ITIL, NIST, PCI-DSS, SOX and FISCAM to ensure CIA is adequately protected.
  • Knowledge of vulnerability assessment of operating systems (Unix/Linux, Windows).
  • Monitored security infrastructure for policy violations or security events and participates in problem management activities
  • Performed assessment of IT internal controls as part of the compliance and operational audits.
  • Implemented process improvement to SOX testing, resulting in efficiency in review time and desirable financial reporting.
  • Work with the vendor Management Office and Head Strategic Sourcing & Vendor management to formulate holistic strategy around key third parties.
  • Reviewed SDLC manual and automated controls and oversaw the implementation of corrective action plans while maintaining communication with all levels of management.
  • Met with process owners and other point of contact to remediate audit findings/exceptions and as well follow up to ensure system and process security.
  • Performed assessment of application controls and IT general controls such as access control, change management, operations, disaster recovery and job scheduling.
  • Performed SSAE 16SOC 1,2,3 type II report for the third parties vendors.
  • Work with network Administrators for effective implementations of adequate Firewall protection and Network segmentation in compliance with PCI DSS.
  • Supported the development, implementation, and monitoring Data Confidentiality, s integrity, system reliability, recovery methods and procedures.
Auditing Compliance Change Management CIA Process Improvement Regulatory Reporting SOX Vendor Management NIST ITIL
Remove Skill
IT Auditor II
Retail
Apr 2012 - Jun 2014
  • Performed internal and external IT risk assessments, conducted GAP analysis against the industry standards and providing recommendations on mitigation options.
  • Adapt in testing designs and effectiveness of internal controls by completing walkthrough and test of controls sample and complex business processes, recommend solutions, agree on corrective action plans with the management and perform follow ups.
  • Actively participated in improvement of the efficiency of the audit department by 10% through ensuring audit tasks are completed accurately and within established time frames saving the company 15% in quarterly auditing cost.
  • Track the results of prior audits and facilitating appropriate corrective action.
  • Performed risk assessments, including identification, evaluation and documentation of IT business risks and controls.
  • Reviewed work papers and reports, documenting and analyzing the audit evidence.
  • Reviewed the company business continuity plan to determine the business strategy, the risks and the impact of unexpected disruptions.
  • Reviewed and testing for segregation of duties (SOD) and accessing control in application to ensure compliance with SOX.
  • Implementation and assessment of security business process control in the application including segregation of duties, structural authorizations, access restrictions, role and profile assignments.
  • Tested application controls, including both logical and physical access, controls to ensure the effectiveness and functionality, good reporting, and interfaces.
  • Consistently met and exceeded deadlines and performance p as set by the management.
Auditing Compliance Risk Assessment Mitigation Regulatory Reporting
Remove Skill
Information Security Analyst
Information Technology
Jan 2011 - Mar 2012
  • Worked with security team to perform tests and uncover network vulnerabilities
  • Investigated security breaches and other cyber security incidents also documented the breaches and accessed the damage they caused
  • Fixed detected vulnerabilities to maintain high-security standard
  • Analyzed IT requirements and provided objective advice on the use of IT security requirements
  • Trained fellow employees in security awareness and procedures
  • Conducted vulnerability testing to look for vulnerabilities in the system before they are exploited
  • Performed risk analysis to identify any security issues that could lead to lost or stolen data
Risk Analysis Cyber Security Information Security
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Bachelor's in Business Management
University of Yaounde-Cameroon 2000
Certifications
CISA Certification (CISA)
Scrum Master Certification
Network Administration Certification (HCC)
Skills
Auditing
2021
8
Compliance
2021
8
Change Management
2021
6
ITIL
2021
6
NIST
2021
6
Process Improvement
2021
6
Risk Assessment
2021
6
SOX
2021
6
Information Security
2021
5
AFC Testing
2021
4
COBIT
2021
4
COSO
2021
4
Regulatory Reporting
2016
4
Sarbanes-Oxley
2021
4
CIA
2016
2
Mitigation
2014
2
Vendor Management
2016
2
Cyber Security
2012
1
Risk Analysis
2012
1
Project Management
0
1
Risk Management
0
1