Kola Ola, CISA, CFE, CICA
Details
Business; Accounting/ Internal Auditing,
University of Maryland - Robert H. Smith School of Business
2008 : 2009
Bachelors of Business Administration
Accounting
Merrick Business School, University of Baltimore
2006 : 2008
Bachelors
Accounting
Abuja Business School, University of Abuja
1999 : 2004
• Perform third party risk management security assessments for vendors which includes performing on-site assessments, security control reviews, identify gaps, and track remediation. Prepare and present reports of the assessment results to different levels of management
• Perform all internal risk assessments and supporting external assessment teams
• Review and assess internal information security controls to ensure they meet or exceed Bank of America Merchant Services information security risk management requirements
• Clearly and professionally communicate information security risks identified through risk assessments to business leaders
• Recommend solutions to eliminate, reduce, or mitigate risk, and communicate said solutions to both external parties and internal business stakeholders
• Report status of engagements to Information Security management, project managers, and other business stakeholders as appropriate
• Act as the liaison with BAMS’ Joint Venture parent organizations on all topics related to Information Security governance at the company
• Act as the Information Security subject matter expert for the BAMS Product Risk Governance routine including partnering with First Data and Bank of America
• Collaborates with key stakeholders in Information Technology to educate, guide, and assist with the development, implementation, and reporting of governance process. Develops and implements control monitoring programs to support management’s Sarbanes-Oxley 404 assertions, security controls, and other regulatory compliance programs (i.e. HIPPA, GDPR, PCI, SOC1/SOC2). Evaluates and assesses information technology controls and monitors the operating effectiveness of them
2019 : Present
Bank of America Merchant Services
Information Security Risk Manager
• Conduct incident review meetings to identify root cause, response activities, and remediation plans to prevent future occurrences of negative information technology (IT) events. Recommend and assist with implementing controls, processes, or risk mitigation strategies, monitoring compliance, and document and present findings to the appropriate governance bodies
• Perform IT risk assessments, develops control objectives, designs control tests, and performs control testing of design and operating effectiveness.
• Perform third party risk management security assessments for vendors which includes performing on-site assessments, security control reviews, identify gaps, and track remediation.
• Perform readiness assessments that includes designing controls and bridging design gaps for information technology controls related to Sarbanes-Oxley 404 and SOC reports
• Acts as risk management liaison with all levels of the IT organization and with the lines of business and other internal departments and organizations. Provides information risk and controls consulting and advisory services to individuals, leaders, project teams, and vendors
• Mentors, manages, develops and evaluates performance of IT staff, and reviews work for sufficiency of scope, accuracy and completeness.
• Collaborates with key stakeholders in IT to educate, guide, and assist with the development, implementation, and reporting of governance process. Develops and implements control monitoring programs to support regulatory compliance programs (i.e. HIPPA, GDPR, PCI, SOC1/SOC2).
• Coordinates the centralized storage, distribution, and review schedules for IT policies, standards, and procedures.
• Maintains up-to-date knowledge of industry standard information technology controls and technology to improve or enhance overall system and business process controls.
• Coordinates IT activities related to the testing, documentation, and review of internal information technology controls.
2017 : 2019
Crawford & Company
Global Information Technology Governance, Risk & Compliance, Manager
• Lead and manage all aspects of audit engagement from planning through reporting.
• Assessing risks associated with audit results and providing management/and senior leadership with concrete and effective recommendations for reducing risk
• Responsible for preparing clear, concise and accurate documentation and audit reports, and presenting these reports to senior leadership both internally and externally.
• Responsible for developing, presenting, and defending relevant audit issues and recommendations to management, understanding root causes of issues and pursuing resolution of audit issues with clients.
• Demonstrating strong supervisory, project management and execution skills, including : prioritizing tasks, balancing workload, anticipating next steps, and adapting to change.
• Collaboratively working with team members to identify ways to improve processes to boost efficiency and team morale.
• Responsible for my own personal growth and professional development, as well as that of seniors, staff and interns.
• Establishing and building effective relationships with key contacts (internal/external) by also understanding the roles, responsibilities, processes, and goals of key contacts.
• Serving as counselor/mentor for 4 seniors/and staff each calendar year.
• Perform independent controls testing for Type I & II SOC1, SOC2, and SOC 3 reports.
• Perform effective internal controls compliance reviews and regulatory compliance reviews for both ITGC (Information Technology General Controls) and business processes
• Serve as the key contact person for clients, and answer all questions, or concerns from the client.
• Prepare the budget hours, track hours charged for each member of the team to determine whether we are achieving the predetermined realization amount, and communicate to the engagement leader on a regular basis.
• Follow up with clients throughout the year regarding steps taken to remediate deficiencies identified during the audit.
2014 : 2017
EY
IT Risk & Assurance Manager
• Perform SOX 404 compliance by testing and evaluating the effectiveness of key controls for clients’ business processes relating to financial accounting and reporting, and documenting results in work papers.
• Perform independent controls testing for Type I & II Statement of Auditing Standards (SAS) 70 (now SOC 1/SSAE16) engagements for clients.
• Perform effective internal controls compliance reviews and regulatory compliance reviews for both ITGC (Information Technology General Controls) and business processes
• Perform an independent review and audit of clients’ financial statements in compliance with Generally Accepted Auditing Standards (GAAS).
• Work with key financial officers to help manage risks in their business.
• Prepare well documented and organized work papers to substantiate results documented in the audit report
• Lead engagement teams in the performance of IT audits, SOX 404 compliance testing, and SSAE16 engagements, and provide final audit results to the Manager and Partner for sign-offs.
• Serve as the key contact person for my clients, and answer all questions, or concerns from the client.
• Prepare the budget hours, track hours charged for each member of the team to determine whether we are achieving the predetermined realization amount, and communicate to the engagement Manager on a regular basis.
• Responsible for communicating the final audit report to the client and engagement team; such as preparing the management comment letter, or the final SSAE 16 report.
• Responsible for partaking during the planning stages of the engagement, preparing engagement economics, staffing, and logistics.
• Follow up with clients throughout the year regarding steps taken to remediate deficiencies identified during the audit.
2011 : 2014
PwC
Senior Associate - Risk Assurance
• Perform effective internal controls compliance reviews and regulatory compliance reviews for both IT and business processes
• Perform SOX 404 compliance by testing and evaluating the effectiveness of key controls for clients’ business processes relating to financial accounting and reporting, and documented results in work papers.
• Perform an independent controls testing for Type II Statement of Auditing Standards (SAS) 70 (now SOC 1/SSAE16) engagements for clients, and drafting the final report.
• Perform an independent review and audit of clients’ financial statements in compliance with Generally Accepted Auditing Standards (GAAS).
• Perform IT risk assessment analysis for clients, communicate results to clients, and provide recommendations.
• Schedule appointments with process owners and key financial officers to perform walkthroughs in order to gain an understanding of the business processes, understanding the risks, documenting and testing controls, communicating results of testing to the senior/manager on the engagement, and drafting the audit report.
• Work with key financial officers to help the client manage risks in their business.
• Prepare well documented and organized work papers to substantiate results documented in the audit report.
• Work closely with senior auditors in the performance of audit test work, identify areas of recommendations, and conduct various day- to-day audit procedures.
2010 : 2011
Grant Thornton LLP
IT & Business Process Audit Associate - Business Advisory Services
Skills
Accounting, Account Reconciliation, Accounts Receivable, Assurance, Auditing, Budgets, CISA, Corporate Finance, CPA, External Audit, Finance, Financial Accounting, Financial Analysis, Financial Reporting, Financial Statements, Fixed Assets, GAAP, General Ledger, Internal Audit, Internal Controls, IT Audit, QuickBooks, Risk Assessment, Sarbanes-Oxley, Sarbanes-Oxley Act, SAS70, U.S. Generally Accepted Accounting Principles (GAAP), US GAAP
About
With over 12 years of experience in IT risk, audit, and compliance, I am a passionate and dedicated information security risk manager at Bank of America Merchant Services (BAMS), where I provide professional expertise for internal and external information security risk oversight activities. I hold the credentials of Certified Fraud Examiner (CFE), Certified Information Systems Auditor (CISA), and Certified Internal Controls Auditor (CICA), and I am pursuing the CISSP and CIPP/IS certifications to further enhance my skills and knowledge.
As part of my role at BAMS, I perform third party risk management security assessments for vendors, review and assess internal information security controls, and support external assessment teams. I also prepare and present reports of the assessment results to different levels of management, and recommend and implement controls, processes, or risk mitigation strategies. My mission is to ensure that BAMS meets or exceeds the information security risk management requirements and standards, and to protect the data and assets of the organization and its clients. I have a proven track record of delivering high-quality audit reports, identifying root causes of issues, and providing effective recommendations for reducing risk. I have experience in various industries, such as financial services, real estate, beverages, utilities, and healthcare, and I have a strong understanding of the regulatory and compliance environment. I am also skilled in Sarbanes Oxley (SOX) Compliance testing, SOC 1/SOC 2/SOC 3/SSAE 16, Internal Audit, IT Risk Assessment, Third Party Vendor Risk Assessment, and Cyber Security.