Uploaded File
Andrew
andrew.ad009@gmail.com
346-758-3768
13 Norfolk Street
Houston, TX 77003
IT Auditor/Analyst
15 years experience W2
0
Recommendations
Average rating
43
Profile views
Summary

A Certified Information Systems Security Professional with ten years' experience in Information Security, handling electronic Fraud cases and IT audit. A proven track record in assessing system security, data integrity, process improvement, electronic fraud, Information Systems Audit and risk assessment. Highly analytical and looking to bring a new perspective and contribute to the success of a team and organization.

Experience
INFORMATION SECURITY ANALYST
May 2015 - Nov 2017
New York, NY
Information Security Security Analyst
Remove Skill
IT Auditor
Jun 2010 - Apr 2015
New York, NY
  • Perform HIPAA audit testing for privacy rules and security rules.
  • Core Participant in disaster Recovery and Business Continuity Audit.
  • Performed audit of IT general controls such as access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS)
  • Performed application controls assessment in retail banking and Insurance industry by checking authorization control, interface control, computation control and data validity check.
  • Ensured audit tasks are completed accurately and within established time using the applicable frame works such as PCI-DSS, COSO, CoBIT, and SOX
  • Actively participated in conducting information technology (IT) controls audit and review related compliance with section 404 of the Sarbanes-Oxley Act, and test the adequacy of internal controls in the following areas: Information Access, Change Management, Information Technology Operations, and Segregation of Duties.
  • Communicates with the company's external auditors on general computer control related matters and SOX test procedures
  • Evaluated segregation of duties over application security involving the company's ERP systems and execute audit strategy.
  • Information gathered is reviewed and analyzed extensively, and then compiled into a written summary report
  • Prepared audit scopes, reported findings and presented recommendations for improving data integrity and operations
Auditing Compliance
Remove Skill
Team Lead - E Fraud Unit
Dec 2006 - Mar 2010
New York, NY
Lagos State Team Lead
  • E Fraud Unit Monitoring and Investigation
  • Responsible for the strategic leadership of the e-Fraud team which comprised of nine people managing the daily operations of the team with the aim achieving the organization's objective.
  • Investigated over 5000 electronic fraud cases comprising of Internet Banking Fraud, Credit/Debit Card Fraud and other related transactions to determine the area of compromise and how to prevent its future occurrence.
  • Monitoring electronic transactions such as local web transactions, Interbank transfers, Intrabank transfers and card not present transactions. The outcome was that of the total number of Internet Banking fraud cases, we prevented 40% from occurring and recovered over 75% of the stolen funds due to early detection.
  • Worked with internal and external partners including law enforcement agencies, local and international banks to investigate fraud cases, recovery funds, prosecute suspected fraudsters and collaboration with the aim of the making the industry safer.
  • Represented the company at various fraud conferences and forums (i.e. NEFF) ensured the company was knowledgeable of new threats, vulnerabilities and the best ways to mitigate such threats.
  • Maintained a balanced knowledge base of both traditional and data infrastructure as well as analytic techniques to support investigations. Information Security and Compliance
  • I oversaw the implementation of different enterprise fraud detection & prevention applications such as National Fraud Service (MasterCard), Scorebridge and Intellinx.
  • Participated in the ISO 27000 compliance audit readiness wherein my team reviewed various applications and database to ensure that the organization's Information assets are secured.
  • Manage product and program risks, including risk associated with fraud, data management, technology.
  • Worked with the qualified security accessor to ensure that the organization is PCI-DSS complaint.
  • Led regulatory compliance projects on OTP security and ensured on-time completion of all requirements.
  • Provided monthly reports to Management and regulatory agencies on fraud cases.
  • Worked with the several units on the design and implementation policy in line with PCI-DSS framework.
Compliance Information Security
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Banking & Finance
Olabisi Onabanjo University OSU NGR 2005
Certifications
A Certified Information Systems Security Professional with ten years' experience in Information Secu
Certified Information System Auditor (CISA)
Cisco Certified Entry Network Technician (CCENT)
Certified in Risk and Information System Control (CRISC)
Certified Information Systems Security Professional (CISSP)
Skills
Compliance
2015
8
Information Security
2017
5
Auditing
2015
4
Security Analyst
2017
2
Process Improvement
0
1