SUMMARY

• I is a highly motivated and experienced Information Systems Auditor and Risk Control specialist with years of experience in Audit, Vendor Risk Assessments and In - depth knowledge of Sarbanes-Oxley Act (SOX), HIPAA, PCI DSS, IT General Controls (ITGC), SAS70/SSAE16 Attestation and NIST 800-53 Frameworks. I has teh skills, knowledge and experience required to adequately reduce risk and provide security of Information asset. Extensive background in all stages of audit including: planning, studying, evaluating, testing of controls, reporting and follow-up.
• Good understanding of control frameworks: COSO, COBIT and ISO 27001.
• In-depth experience of Government and Industry related regulations/ laws and reports dat involve Information Security: SOX 404, PCI DSS, HIPAA, FISCAM, FISMA and SSAE.16.
• Proficient in administering Computer Assisted Audit Techniques (CAAT) to analyze data with teh use of software tools such as Microsoft Access, TOAD for my SQL, Sharepoint and IDEA.
• Business continuity and disaster recovery plans review.
• Payment Card Industry Data Security Standard.
• Information Technology General Controls Auditing.

PROFESSIONAL EXPERIENCE

Confidential, New York isk

Control Specialist and IT Auditor

Responsibilities:

• Conducted SOX compliance testing on application controls.
• Implementing and testing of internal controls under SOX, performing walkthrough of controls and evaluation operation.
• Identifying relating mitigating controls and ensuring management TEMPhas an adequate. control environment, includes SOX process documentation, executing test plans to evaluate effectiveness of SOX controls and monitoring remediation of SOX deficiencies.
• Evaluation and running of SQL query using TOAD and comparing results set.
• Project planning participation with project managers, business analyst and team members to analyze business requirement and outline propose IT solution.
• Testing of ITGC controls such as Access Control, Change Control, Incident Management Controls, Mainframe Application Controls and UNIX Enterprise Controls.
• Consulted with Audit owners on how to respond to audit observations and findings.
• Performed Identity Access Management within teh Logical Security Administration to ensure compliance with access provisioning, entitlement of access and privileged access reviews respectively.
• Assist with work papers reviews and report preparation.
• Identified AML risks, deficiencies and best practice, suggests policies and control enhancement and defining corrective action plans to mitigate emerging and residual risk and control issues.
• Proactively detected, mitigate and escalate on matters dat require attention dat put teh bank into potential reputational, operational or legal risk.
• Status report on all open Audit items.
• Assessed deficiencies in teh bank BSA/AML compliance as per OCC requirements.
• Managed AML issue tracking, reporting and escalation processes.

Confidential, Cherry Hill NJ

IT AUDIT CONSULTANT

Responsibilities:

• Conducted IT compliance testing to assess risk, evaluate internal controls, safeguard assets and analyze IT controls supporting financial reporting and operating procedures.
• Performed testing on all applications in teh bank, both internally developed and vendor developed applications to ensure compliance.
• Conducted Information Systems Control reviews on platforms and operating procedures in accordance with teh established corporate standards for efficiency, accuracy and security.
• Reviewed areas identified for improvement by staff and by self, and in conjunction with IT Compliance Management, developed viable business solutions to mitigate teh risk.
• Evaluated IT Compliance gaps and work with management to recommend solutions to improve policies, procedures and efficiency of controls by using applicable frameworks like COSO, COBIT, and PCI DSS.
• Performed audit of IT General Controls such as, Access Control, Change Management, IT Operations, Disaster Recovery and Platform Reviews (Windows and UNIX OS).
• Performed Application Control Assessment in retail banking by checking authorization control, interface control, computation control and data validity check.
• Evaluate Segregation of Duties over application security involving teh company's ERP systems (SAP, PeopleSoft, and Oracle Financials) and execute audit strategy.
• Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by teh information Systems Audit Control Association (ISACA).
• Conducted SOX 404 and GBLA annual compliance testing on all teh internal controls in teh bank.
• Carried out sampling methodology to validate population analysis.
• Reviewed Vendor Risk Assessment report.

Confidential, Cranston Rhode Island

IT AUDITOR

Responsibilities:

• Reviewed teh Access Control policy of teh organization (Logical and physical) to determine its adequacy and effectiveness.
• Documented physical access controls to computer resources by evaluating existing environmental security conditions and available emergency procedures.
• Ensured audit tasks are completed accurately and within established timeframe by using applicable frameworks such as COSO, COBIT, PCI DSS, FISCAM and NIST 800-53.
• Reviewed teh adequacies of key systems and application controls - Access control, Data Integrity, Segregation of duties, disaster recovery, and change management among others.
• Testing and Documentation of key SOX and IT General Controls, leveraging a defined process compliance monitoring process.
• Established teh control points for every phase of system implementation as defined by teh SDLC methodology - end user buy-off, testing in development and not production environment, adequacy of testing etc.
• Tracked, monitored, and reported all Internal Risk Control Self Assessments (RCSA) in compliance with policies and standards.
• Evaluated IT and business processes for effectiveness and efficiency, through obtaining an understanding of and documenting key business processes and internal controls.
• Reviewed internal policies, procedures, existing laws, rules and regulations to determine applicable compliance and teh adequacy of underlying internal controls.

Confidential, Rockville, MD

IT AUDITOR

Responsibilities:

• Performed various IT auditing with commercial public companies, financial institutions and hospitals.
• Performed IT General Controls (ITGC) auditing for various organization in areas such as, Access Control, Change Management, IT Operations, Disaster Recovery and Platform Reviews (Windows and Unix OS).
• Performed PCI DSS auditing by testing all teh IT controls to ensure confidentiality, integrity and availability of sensitive and confidential information systems.
• Reviewed enterprise security program.
• Validates IT control implementations and performed risk-based audit.
• Performed walkthrough and detail testing on controls and validates remediation control.
• Performed IT audit on network infrastructures such as Routers, Switches, Firewalls and Remote Access to access current vulnerabilities.
• Performed auditing of various organizations to ensure compliance with teh relevant government regulations and guidelines (i.e. PCI, Sarbanes - Oxley Act, SAS 70, COBIT/COSO.GLBA, HIPPA, ISO, etc.).
• Testing of ITGC controls such as Access Control, Change Control, Incident Management Controls, Mainframe Application Controls and UNIX Enterprise Controls.
• Performed MAR testing and assist process owners to perform their own self -testing.
• Developed relationships with process and control owners to ensure ownership of controls are understood and managed.
• Performed testing and assist IT control/process owners in SOX control testing.
• Assessed Segregation of Incompatible Duties within change management environment.
• Reviews of privileged access to Sailpoint.