Soji Bankole, CISA

About Soji

Soji is an accomplished IT auditor with 10+ years of experience in IT governance, compliance and control frameworks, risk assessment, mitigation options, and strategy execution. A skilled problem solver who adapts to changing business, regulatory, and information technology environments, he has proven project management, cross-functional, and change management skills.

Stemming from positions held as an IT audit team member and team lead at a commercial bank and as an IT audit consultant at separate business/IT and cybersecurity consulting firms, Soji thoroughly understands information systems, security policies, business processes and financial activities. He conducts and manages IT audits following established standards to ensure compliance with internal and external policies, procedures, and processes – recommending efficiency, accuracy, security and risk remediation actions to management where gaps exist.

Soji is adept at assessing the adequacy of internal controls and compliance with the Sarbanes-Oxley Act (SOX), including testing Information Technology General Controls (ITGC) and Application Controls (ITAC). He capably performs project planning, prepares process documentation, evaluates control designs and operational effectiveness with end-to-end walkthroughs, analyzes and reports findings, recommends preventative and mitigation options, and performs follow-up activities in line with the project’s scope.

He is experienced in application security for ERP systems, including SAP, PeopleSoft, and Oracle Financials, and proficient in advanced Excel techniques, including VLOOKUPs, PivotTables and macros. His copious skill set for IT control and industry standard frameworks includes the National Institute of Standards and Technology (NIST) 800-53, Cybersecurity Framework (NIST CSF), and Risk Management Framework (NIST RMF), along with the Committee of Sponsoring Organizations (COSO), Control Objectives for Information and Related Technologies (COBIT), International Organization for Standardization (ISO) 27001 and 27002, and the Payment Card Industry Data Security Standard (PCI DSS).

Clients appreciate Soji’s depth of business and IT knowledge, excellent communication skills, attention to detail, and ability to work independently and collaboratively to help their company create strategies and implement changes to reduce organizational risk and increase the reliability of their information resources.