| | | 20,000+ Fresh Resumes Monthly | |
|
|
| |
Click here or scroll down to respond to this candidateResume Regina Lukong Page 1REGINA B. LUKONG, PhD, CISA, CISM, CDPSEStreet Address 4thStreet, NE, Washington, DC Street Address
Tel: 302-513-5995 Email: EMAIL AVAILABLE Information Security Manager Auditor IT Risk Assessor Data Privacy Cloud Security IAM Diligent and highly organized Information Security Analyst with a proven track record in risk assessment, cybersecurity analysis, and comprehensive audit expertise spanning financial, operational, compliance, transactional and information security domains. Proficient in all audit stages, including meticulous planning, thorough evaluation, control testing, insightful reporting, and effective follow-up. Highly motivated self-starting professional with profound understanding of PCI_ DSS requirements and testing methodology (version 3.2.1 and above). Possesses a profound understanding of both technical and business environments. Action-oriented and customer-focused, with a keen aptitude for decision-making, problem-solving, and tenacity. Proficient in navigating compliance frameworks such as SOX and ISO standards. Strong communication skills (verbal & written) coupled with the ability to facilitate walkthrough sessions and prioritize tasks across multiple projects concurrently. Holds multiple certifications, including CISM, CISA, CDPSE, showcasing a commitment to excellence in the field. EducationPhD in Forensic Accounting & Auditing: Charisma University, Turks & Caicos Islands 2019MBA in Banking and Finance: Saint Monica University, Buea, Cameroon 2013Bachelor of Science in Banking and Finance: University of Buea, Buea, Cameroon 2002 Cybersecurity Training & CertificationsCertified Data Privacy Solutions Engineer (CDPSE) ISACA 2020Certified Information Systems Auditor (CISA) ISACA 2021Certified Information Systems Manager (CISM) ISACA 2021Managing Risk in the Information Age HARVARD University 2023 Career Path & PerformanceCITI NATIONAL BANK/ AKRAYA ConsultingINFORMATION SECURITY ANALYST -Team Lead 01/2023 11/30 2023Evaluate security assessment documentation and provide written recommendations for security authorization to the Authorizing Official (AO).Conduct comprehensive reviews of security authorization documents, ensuring adherence to NIST security guidelines during assessments.Select and validate security controls, emphasizing confidentiality, integrity, and availability of the system.Develop FISMA security package deliverables, including the System Security Plan (SSP), Information System Contingency Plan (ISCP), Incident Response Plan (IRP), Continuous Monitoring Plan, and Risk Treatment Matrix (RTM).Perform Security Control assessments using NIST 800-53A guidance, meeting continuous monitoring requirements.Managed information security issue management program including triage, tracking of information security issues, current remediation status, projected remediation dates, and contacts associates with the system or application undergoing security remediation.Developed remediation plans and monitored progress of agreed upon remediation plans.Contributes to continuous improvement of ServiceNow Issue Management module to enable effective automated workflows and reporting.Resume Regina Lukong Page 2Review IT security, cybersecurity, and data privacy programs to provide clients with an independent assessment of risks, internal controls, and the overall effectiveness and efficiency of their environment.Create IT Issue Findings in Archer and Service Now.Conduct daily, weekly, and monthly operations verification and reporting across scheduled security activities, including infrastructure penetration and vulnerability scans, patch management, Anti-virus, phishing reports, and user access.Support the organization's InfoSec and data privacy policies.Work with internal groups to conduct audits, assessments, vulnerability and penetration testing, leveraging third-party partners as needed.Participate in the evaluation and testing of new security tools and countermeasures.Assess the accuracy of submitted IT risk records, focusing on risk and ownership parameters.Act as the issue owner, ensuring comprehensive details in records, meeting due dates, and assigning delegates when necessary.Document IT risks and their associated risk treatment plans, emphasizing completeness, quality, and adherence to enterprise standards.Ensure IT risk records meet enterprise quality standards, upholding a commitment to excellence. WeSecure LLC / (SMBC)/ Boston Consulting Group/IT Auditor 11/2020 01/2023 Scheduled yearly audits for the bank according to the bank's requirements. Defined the criteria for each audit project, such as audit goals, initial planning tasks, main contacts, and project scope. Supervised and authorized audit scope and detailed audit test plans, ensuring they were comprehensive and in line with Internal Audit (IA) Standards. Monitored the progress of audit projects and intervened when faced with challenges or obstacles. Collaborated with key strategic partners to reach objectives, fostering team cohesion, addressing issues, and reaching consensus to advance audit goals. Created programs, databases, and systems to enhance IA efficiency and utilization, including the introduction of continuous auditing methods. Collected feedback from senior management post-audit to confirm that findings are appropriately handled and resolved within the specified timeframes. Conducted a thorough review and assessment of audit reports to verify that the findings and recommendations are both reasonable and effective, and that they comply with Internal Audit Standards. Monitored changes in regulatory practices concerning Internal Audit issues and communicated relevant information to senior management and staff. Participated in projects aimed at the development and enhancement of systems, products, and procedures. Assisted in conducting risk analysis and in the preparation of the Internal Audit plan and calendar. Ensured that external auditors and examiners were satisfied with the audit procedures and findings. Reviewed and assessed risk exposure for the bank, prioritizing Internal Audit issues accordingly. Facilitated change management and process improvement initiatives through collaboration and analysis of departmental objectives. Acted as a representative of the department, serving as a liaison and spokesperson to bank committees, other departments, and senior management on all relevant matters. Resume Regina Lukong Page 3Trinitech Consulting, Bowie, MDIT Auditor 02/2020 08/2020Assisted with executing IT, operational, and compliance audits.Participated in regular audit meetings with stakeholders and ensured the quality and timeliness of audit department deliverables.Strong knowledge in control and transactional testing (Test of Design (ToD) and Test of Effectiveness (ToE)Supported financial audits as necessary, including testing the occasional business process control.Contributed with control design walkthrough meetings, documenting end-to-end processes, data flows, related risks, controls, and test steps.Documented deficiencies addressing the root cause, validates with process owners in a timely manner, and assisted with regular issue follow up activities.Built relationships throughout the company which served as a process, control, and risk advisor, while also identifying future opportunities for audit to add value.Drove data process mapping and the completeness and accuracy of reports.Owned the quality and timeliness of assigned audit department deliverables.Key contributor with department improvement efforts, such as audit application implementation and data analytics.Reviewing existing and new systems, identifying critical IT processes, and providing detailed reports on necessary changes.Planned and executed internal audit procedures following audit plans.Prepared audit reports and submitted audit findings to management.Compiled and analyzed complex technical data and drew logical conclusions.Analyzed and drafted IT controls and policies.WeSecure, Dover, DE (Remote)BUSINESS OPERATIONS SENIOR CONSULTANT IAM 08/2019 11/2020Worked with IT and other divisions to support the design and implementation of an effective governance structure for the Multifamily division of a national mortgage company.Design and implement an effective remediation process within the department for access management issues regarding applications and LANs; and create closure package of support demonstrating issue remediation.Create, update, and distribute procedures and templates, documenting access approaches, identifying and taking actions to address inconsistencies, and reporting routine progress and concerns.Creation and/or review of internal procedures and control documents, focusing on operational risk, access management, and least privilege access.Provides management with quarterly risk reporting, performs credit and fraud risk oversight, and assists in performing risk assessments for the Underwriting and Credit department.Facilitating risk identification, assessment, measurement, monitoring, mitigation, and reporting of operational risk management; and identifying and swiftly communicating significant issues and risks to senior leadership.Driving remediation of issues and action plans; ensuring robust action plans are developed and complete; & supervising response and resolution to ensure remediation activities are diligently handled. THIRD PARTY RISK ASSESSOR 08/2018 08/2019Understand overall third-party cybersecurity risk management processes. Resume Regina Lukong Page 4Partner closely with Enterprise Third Party Risk Management team and Relationship Managers to comprehend purpose of third party and level of data access.Reviewed data security terms and conditions during contract negotiation process and ensured that data security terms are following company policies.Perform third party cybersecurity due diligence assessments.Ensure third party adherence to cyber security standards and contractual requirements via performing remote and on-site assessments.Assess identified third party cybersecurity findings and assist in identifying appropriate controls to mitigate cybersecurity gaps as well as managing them to closure.Complete terminated third-party processes and ensure disposal/return of data.Facilitate risk mapping implementation process with clients.Communicate and manage process implementation with client.Plan and conduct security risk assessment for all third-party vendors/suppliers.Administer questionnaire to all vendors to determine control effectiveness.Utilize e-GRC tools including RSA Archer Apptega, Process Unity, ServiceNow to ensure secured and prompt communication of findings and deployments of questionnaire to vendor and to track vendor progress on remediation.Design and constantly upgrade suppliers questionnaires to ensure all areas of new threat signatures discovered are covered.Provide detailed reports of assessments to business owners and documentation.Reviewed key vendor provided documentation such as SSAE 18 Type 11 report.Performed onsite and virtual risk assessment to continuously determine security posture at vendor site.Review and validate all controls at vendor site to ensure data confidentiality.Work as remediation analyst to ensure all gaps discovered during assessment are remediated or mitigated timely.Perform advisory and challenge functions regarding TPRM program to business units (first line)Review third party risk assessments for conformance to program objectives and methodology and provide detailed reports of assessments to business owners and vendor management office.Ensure timely and accurate escalation of issues and observations of non-compliance or risks outside of acceptable thresholds.IT RISK ANALYST 02/2017 07/2018Contribute to governance of IT Framework, Policy, and Standards.Support data risk and oversight for defense strategy, achieving MRA compliance.Ensure comprehensive risk assessments and challenge management control testing.Oversee risk exceptions, vulnerability assessments, and privileged access compliance.Identify and report control deficiencies; coordinate audit-related activities.Assist in Vulnerability Management, ensuring timely remediation.Enhance and maintain policies, standards, and procedures for system and data protection.Participate in Third Party/Vendor Security Assessment Program (VSAP).Perform information security assessments for NIST-RMF, SOX, and PCI-DSS compliance.Plan, schedule, and complete audit engagements, utilizing GRC tools and CAATTs.Create and review detailed Assessment & Authorization package documents.Conduct risk analysis and track findings for timely management response.Work on diverse technical infrastructure, providing data privacy advisory on regulatory requirements. Resume Regina Lukong Page 5Deloitte, Douala, CamerounIT AUDITOR 06/2013 10/2016Participated in IT Audits, where I did several Test of Design (ToD) and Test of Effectiveness (ToE) on various controls.Gaining an understanding of clients objectives as well as their regulatory and risk management environment.Obtaining and analyzing data as a basis for reviewing the adequacy, effectiveness, and efficiency of systems and processes.Examine internal IT controls, evaluate the design and operational effectiveness, determine exposure to risk and develop remediation strategies.Test and identify network and system vulnerabilities and create counteractive strategies to protect the network.Assisting with the evaluation of processes and controls for compliance with relevant existing or proposed laws and regulations, established policies, plans and procedures.Staying abreast of new technology, emerging risk areas and related control techniques. PublicationsPrinciples of Finance (2015)Essentials of Information and Communication Technology Ordinary & Advanced Level (2014)Success in Advanced Level Information Technology (2011)Essentials of Data Processing for Advanced Level (2009)Microsoft Word/Excel Practical Guide (2006)Introduction to Computer Sciences (2004)Information Technology Skills RSA Archer, ServiceNow, Microsoft Office Suite; Operating Systems, (Windows XP, Win 10, macOS Mojave and Ubuntu); Wireshark Software, Microsoft ASP.NET, Data Security, Qualys Cloud Platform, Internet and Network System security Products and platforms, Encryption tools and techniques, PCI-DSS version 3.2.1 and above, Communication Protocols; Agile; Qualys; Nessus; SQL; DevOps; Python; Jira, etc. |
