Expert in Information Systems Audit & IT Assurance, System Controls & IT Security, Revenue Assurance & Value for Money Audit, Forensic & e-Fraud Investigation
Expert ID: 728121 Nigeria
He has an excellent background in Information Technology and Computer Engineering and has developed expertise in the efficient deployment of IT for value delivering to organization. In the course of his career, he led audit teams that successfully audited IT systems (hardware and software) and departments of banks and other corporate entities to provide assurance to management on the effectiveness of controls and security of core banking and non-banking applications, operating systems, databases, perimeter networks, data centres, human resources software, ERP systems, e-banking & payment systems and other information assets.
Expert has also conducted value for money (VFM) audit on various strategic IT services and investments of banks and other enterprises to determine the extent that IT investments has delivered valuable returns. He is an expert in network security & controls, application security, database security, UNIX (AIX & Solaris) OS, LINUX (Ubuntu, Red Hat) OS, Windows Server and Workstation OS security, Business Continuity and Disaster Recovery Planning (BCP/DRP), e-banking & payment systems, physical security, Payment Card Industry Data Security Standard (PCI-DSS), Payment Card Security, customer information protection, IT project implementation, among others. He has undergone training on Information Security Management (ISMS) and IT policies and governance strategy. He is an ISO 27001 Lead Auditor, and was part of the team that implemented ISO 27001:2013 and ensured successful certification for Fidelity Bank Plc, Nigeria.
He has been involved in the implementation of several IT Security projects in organization such as ARCSIGHT (Enterprise Log Management System), TACACS+ (Remote Access Authentication System for Network Administration), TRIPWIRE (File Integrity Monitoring System), Enterprise Backup Solution, Entrust (Multiple Factor Authentication Solution), Imperva (Database Security Monitoring Solution), MKInsight (Audit software) among others. He has researched extensively on e-channels Transaction Security (i.e. ATM, POS, Web payment). He has also presented several papers in professional conferences and seminars bordering on Information Security and Risk Management, IT Policy initiative, e-payment solutions, challenges and opportunities. He is acquainted with the following IT Security, Control and Governance Frameworks: ITIL, Risk IT, ISO 27001, COBIT, PCIDSS, COSO.
He is also an expert in Income/Revenue Assurance and Information integrity assurance using robust CAAT Solutions like ACL (Audit Command Language) to generate/block income leakages for banks and other organizations.
Risk Assessment on: Addressing insider threats/abuses/compromises inherent to ATM operation/administration and added functionalities/ Controls to be implemented
White paper for: ATMIAWhite Paper on: Inclusion of Fingerprint Biometric authentication mechanism to supplement the already used Personal Identification Number (PIN) and card technology authentication for accessing cardholders’ accounts when conducting ATM transactions
for: ATMIAConsulted for ATM Industry Associatin (ATMIA), a global non-profit organization based in USA.Currently running an IT Assurance consulting firm as the Founder and Lead Information Systems Auditor. Company website: oxleyconsults.com.ng
|Year: 2009||Degree: Bachelor of Technology (B Tech) Degree||Subject: Information Management Technology (IT)||Institution: Federal University of Technology Owerri, Nigeria|
|Year: 2005||Degree: Higher National Diploma (HND)||Subject: Telecommunications (Electrical/Electronics Engineering)||Institution: Federal Polytechnic Nekede Owerri, Nigeria|
|Year: 2002||Degree: National Diploma (ND)||Subject: Electrical/Electronics Engineering||Institution: Federal Polytechnic Nekede Owerri, Nigeria|
|Year: 2015||Degree: Master of Science (M SC) Degree||Subject: Information Technology (IT)||Institution: Federal University of Technology Owerri, Nigeria|
|Years: 2011 to 2017||Employer: (Undisclosed)||Title: Information Systems Auditor||Department: Information Systems Audit Department under Internal Audit and Investigation Division||Responsibilities: He is an information Systems policy review and contributor. Responsibilities include: IT project Management; Value for Money Audit; Design Audit Programs & checklists, audit procedure and report templates for the Systems Audit Unit; Physical Security Audit; Logical access review; Networks & Telecommunication Audit; Business Continuity & Disaster Recovery Audit; IT Governance Audit; and data analysis.|
|Years: 2010 to 2011||Employer: (Undisclosed)||Title: Information System Auditor||Department: Corporate Audit Division||Responsibilities: He reviewed E-channel payment systems. He also reviewed head office IT department. He reviewed E-business operations. Responsibilities also included operation and system control evaluation, monitoring and compliance in line with bank’s operational and IT security policy. he also undertook system development lifecycle review.|
|Years: 2006 to 2009||Employer: (Undisclosed)||Title: Compliance Monitoring Officer||Department: Group Internal Audit & Control||Responsibilities: He headed a Reconciliation Task force team that reconciled unbalanced Accounts of some of the bank's business offices in the South region.|
|Years: 2005 to 2006||Employer: (Undisclosed)||Title: System/Network Analyst||Department: Computer Science/Network Support||Responsibilities: Expert conducted laboratory practical for students of Computer Science and Engineering Department on computer programming languages such as, Pascal, COBOL, FORTRAN, Visual Basic, C#, C++, Web design & programming and Active server page scripting among others.|
|Years: 2004 to 2005||Employer: (Undisclosed)||Title: Network administrator||Department: Network Support/User Help Desk||Responsibilities: He performed Network Support and help desk functions. He administered the company's VSAT & Backbone server (Sheron), Front-end Server (Ret Hat Linux Server), routers/switches, McAfee epo antivirus server, Billing server, VOIP server and other network facilities. He also performed network monitoring and controls function and provide performance/utility reports to management.|
|Years: 2017 to Present||Employer: Undisclosed||Title: Technical Infrastructure Auditor||Department: Information Systems Audit Unit in Internal Audit Department||Responsibilities: IT Operations and infrastructure audit (Windows infrastructure, Virtualized infrastructure, AIX/UNIX infrastructure, Linux infrastructure, Network Infrastructure, Database infrastructure (Oracle, MSSQL, MySQL), Storage infrastructure – EMC/Vmax/NetApp).
Information Security Operations Department (ISOD) Audit (Cybersecurity Defense) – Security Operations Centre (SOC), Threat Intelligence, Fraud & Forensic Analysis, IT infrastructure Security, user access management, Vulnerability management, Incident Management, etc.
Data Center audit.
Change management review.
Personnel security review.
Business Continuity Management and Disaster Recovery Site audit.
Electronic solution/application review (Online Banking-FirstOnline, Mobile Banking-FirstMobile, Mobile Money-FirstMoney, USSD, Web payment gateway etc.).
Payment Cards infrastructure review (Postilion FEP – Realtime/Office/Postcard, ViaCard)
Electronic Terminal Security Review (ATM/POS/Web Platform).
Investigation of security breaches in the IT platforms.
Management Systems audit (ISO 27001:ISMS, ISO 22301:BCMS, ISO 9001:QSM, ISO 20000:ITSMS, COBIT5 IT Governance Compliance).
Core Banking and Treasury Application Audit (Finacle Core, Finacle Treasury, Connect24 & interface management/API review).
SWIFT Infrastructure Review.
Subsidiary Audit (Information Systems Review).
|Years||Country / Region||Summary|
|Years: 2012 to 2014||Country / Region: ATM Industry Association (ATMIA) Representative for West Africa Region, which include Nigeria, Ghana, Benin, Togo, Cote d'Ivoire, Cape Verde, Liberia, Senegal, Gambia, Niger, Guinea & Sierra Leone||Summary: ATM Industry Association (ATMIA) is an independent, non-profit trade association, whose mission is to promote ATM convenience, growth and usage worldwide; to protect the industry's assets, interests, good name and public trust; and to provide education, best practices, political voice and networking opportunities for member organizations.|
|Associations / Societies|
|Information System Audit and Control Association (ISACA)|
|Licenses / Certifications|
|Certified Information Systems Auditor (CISA), ISO 27001 Lead Auditor, ISO 22301 Lead Auditor, ISO 20000 Lead Auditor, ISO 27032 Cyber Security Lead Manager|
|Publications and Patents Summary|
|He has three publications, one of which concerns forensic data analysis.|
|Expert Witness Experience|
|He played a prominent role in collection of audit evidence that aided the identification and arrest of a staff of an organization who installed a malicious software (password sniffing tools, network packet filtering and analyzing tools) used for stealing of passwords and gathering of server IP addresses for malicious intentions.
- Evidence witness in a case where Teamviewer software was used to access a secured network from outside (internet) and compromised a fund transfer application.
|Training / Seminars|
|- He was instrumental in the development of staff awareness training programme in pursuance of ISO 27001 certification for his current employer. He was also part of the team that developed Information Security Management System (ISMS) policy, Business Continuity Policy, Computer Acceptable Use Policy, IT Security policy and equally trained key staff of his currently employer on them. He has participated in various ISACA conferences, training weeks and workshops organized by both Lagos and Abuja chapters of the association where he facilitated on some topical issues.
- Training on Audit and Control issues on Postilion.
- Arcsight (SIEM) Analyst Training.
- Training on Secure Coding principles and practices fo Software development
- ISO 27001 Lead Auditor Training.
- Thales HSM (Hardware Security Module) Payshield 9000.
|Selection of vendor for implementation of Audit Software for a bank. MkInsight software was selected for implementation.|
|He is a trained Information Technology professional with expertise in Database management & security, System Administration & Security, Application Security. He is a practicing Certified Information System Auditor (CISA) and have sound and practical knowledge in Information Security and Control Frameworks like ITIL, RiskIT, COBIT, ISO 27001, PCI-DSS, PCI-ASS, ITGI and others. He has several white papers and policy materials to his credit and have conducted extensive risk assessments on ATM Infrastructure and Transaction Security which are endorsed by ATM industry association (ATMIA).|
|Other Relevant Experience|
|He is a talented professional whose passion for Information Assets protection, Information Security Management, System Control implementation and advisory services has given him leverage for success. He is also very proficient in IT project implementation where he plays leading role in ensuring that controls are embedded in the design and requirement definition stages of IT project which ensure project success and security of IT systems thereby facilitating prompt completion of project and eliminating system vulnerabilities.|
Fields of Expertise
bank security, computer network security, information security, information security management, information technology compliance, information technology security, internal audit, Internet firewall, internet security, payroll audit, risk management, security management, auditing, automatic teller machine, computer forensics, credit card, debit card, electronic funds transfer system, investigation, risk assessment, application security, computer system disaster recovery planning, encryption system, information technology management, bank procedure, core banking system, computer fraud investigation, bank fraud, mobile payment, security risk assessment, banking regulation, Current Good Manufacturing Practice auditing, Sarbanes-Oxley, payment, hacking, internet scam, operational risk, risk, internet crime, sales audit, management audit, insurance audit, insurance claim audit, legal auditing, forensic auditing, security standard, fraud investigation, forensic investigation, intellectual property security, communications security, physical security, security assessment, enterprise risk management, internet fraud, biometric forensics, workplace safety and security, software reverse engineering, process audit, access control system, electronic security, network hub, ISO 9000 auditing, magnetic strip reader, vendor auditing, magnetic strip, drafting auditing, computer room security, control system performance evaluation, regulatory compliance auditing, local-area network management, operational auditing, process development, feasibility study, safety auditing, process control system, high-performance computing technology assessment, local-area network security, local-area network operating system, local area network, computer communication, network security system, computer equipment, security system, quality auditing, process assessment, network, electronic countermeasure