PROFESSIONAL SUMMARY:

A Certified Information Systems Auditor with ten years’ experience in the financial industry. A proven track record in assessing system security, data integrity, process improvement, electronic fraud, Information Systems Audit and risk assessment . Highly analytical and looking to bring a new perspective and contribute to the success of a team and organization.

TECHNICAL SKILLS:

IT Audit: ISO 27001, NIST, COBIT, SOX, ITIL Standards | PCI - DSS | HIPPA| ISO 27002 | HIPPA | Vendor Management | IDS/IPS | BCP-DRP program | SDLC

Platforms: Windows 7 Clients, Server O/S, ERP Systems (SAP & Oracle Financial) and Linux server (Ubuntu,Redhat) knowledge

Tools: VMware ESX | Office | Symantec | ACL | Idea | RSA/ACS | Lotus Notes | MS Outlook 2010 and Exchange 2010 |

Programs: C++ | HTML | CSS | Batch/Bash Scripts | Python | SQL

PROFESSIONAL EXPERIENCE:

Confidential, NY

IT Auditor

Responsibilities:

• Performed audit of IT general controls such as access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS)
• Responsible for the implementation of the technology risk management and risk assessments program which comprises application and infrastructure security risk assessments.
• Performed application controls assessment in retail banking and Insurance industry by checking authorization control, interface control, computation control and data validity check.
• Ensured audit tasks are completed accurately and within established time using the applicable frame works such as PCI-DSS, COSO, CoBIT, and SOX
• Conducted Risk Analysis, Business Process Analysis, GAP analysis, Implementation of new or enhanced internal controls for regulated or non-regulated multi-national and local businesses and their I.T. environments (i.e. Sarbanes-Oxley (SOX)).
• Actively participated in conducting information technology (IT) controls audit and review related compliance with section 404 of the Sarbanes-Oxley Act, and test the adequacy of internal controls in the following areas: Information Access, Change Management, Information Technology Operations, and Segregation of Duties.
• Communicates with the company's external auditors on general computer control related matters and SOX test procedures.
• Experience of working with the Audit Teams to map HIPAA Administrative Safeguards ( ) and Technical Safeguards ( ) to COBIT Control Objectives and actual internal controls in order to improve/Reuse the controls testing done for SOX.
• Evaluated segregation of duties over application security involving the company's ERP systems and execute audit strategy.
• Liaised between in-house managers/IT department and External Financial and Operational Auditors
• Core Participant in disaster Recovery and Business Continuity Audit.
• Part of Internal audit team have reviewed SAS70, SOC1 (Type1 and Type2, SSAE16), SOC2 and SOC3 reports for Third Party Risk Management and Compliance.
• Perform HIPAA audit testing for privacy rules and security rules.
• Audited IT and Business processes identifying process control weaknesses tied to the COBiTframework for Corporate Governance Risk and Compliance Programs in support of Sarbanes-Oxley (SOX) 404.
• Information gathered is reviewed and analyzed extensively, and then compiled into a written summary report
• Prepared audit scopes, reported findings and presented recommendations for improving data integrity and operations

Confidential

Team Lead

Responsibilities:

• I was responsible for the strategic leadership of the e-Fraud team which comprised of nine people managing the daily operations of the team with the aim achieving the organization’s objective.
• Worked extensively on the COSO and COBIT regulations and Experience in Examining SSAE 16 Audit Reports.
• Investigated over 5000 electronic fraud cases comprising of Internet Banking Fraud, Credit/Debit Card Fraud and other related transactions to determine the area of compromise and how to prevent its future occurrence.
• Monitoring electronic transactions such as local web transactions, Interbank transfers, Intrabank transfers and card not present transactions. The outcome was that of the total number of Internet Banking fraud cases, we prevented 40% from occurring and recovered over 75% of the stolen funds due to early detection.
• Designed and developed the IT budget/risk assessments for all projects relating to data centers, security and operating software, and application systems
• Worked with internal and external partners including law enforcement agencies, local and international banks to investigate fraud cases, recovery funds, prosecute suspected fraudsters and collaboration with the aim of the making the industry safer.
• Represented the company at various fraud conferences and forums (i.e Confidential ); ensured the company was knowledgeable of new threats, vulnerabilities and the best ways to mitigate such threats.
• Identified IT risks and developed recommendations for mitigating the risks in compliance with COBIT and GAAP, resulting in additional controls over key financial applications.
• Maintained a balanced knowledge base of both traditional and data infrastructure as well as analytic techniques to support investigations.
• Information Security and Compliance
• I was in charge of implementating of different enterprise fraud detection & prevention applications such as National Fraud Service (MasterCard), Scorebridge and Intellinx.
• Assisted in evaluating potential risks and modifying the annual audit strategic plan.
• I participated in the ISO 27000 compliance audit readiness wherein my team reviewed various applications and database to ensure that the organization’s Information assets are secured.
• Manage product and program risks, including risk associated with fraud, data management, technology.
• I worked with the qualified security accessor to ensure that the organization is PCI-DSS complaint.
• I lead regulatory compliance projects on OTP security and ensured on-time completion of all requirements.
• Provided monthly reports to Management and regulatory agencies on fraud cases.
• Worked with the several units on the design and implementation policy in line with PCI-DSS framework.

Confidential

Account Reconciliation Anayst

Responsibilities:

• Handled the reporting and follow up of outstanding items on various scorecards as well as presenting them to senior management.
• Prepared quarterly reports to the Central Bank on Foreign exchange transactions within the quarter.
• Worked with external audit teams and regulators to ensure the bank complied to audit standards and government regulations.