CAREER SUMMARY:

• I am a remarkable IT auditor with 6 years hands - on experience in ITGC detailed/Walkthrough control testing, SOC, SOX, SAP, SDLC, Circular A-123, applications, SOD, SSAE 18 report, IT infrastructure, PCI DSS, SQL server, Window server, GDPR control assessment using NIST, ISO 27001, COSO, COBIT, FISMA & FISCAM.
• Through the years, I have garnered experiences in independent testing, Risk assessment, Audit review, Cybersecurity reporting, People management, policy management, creating procedure, compliance testing, Business analysis, process improvement, sustainability, Business continuity, strategic planning, time management, client relationship, system integration, agile methodology, data management, business collaboration, vendor management, fieldwork mapping, operational design and implementation.
• I have built in my profession a strong Audit program, test narratives, detailed internal and external risk compliance and control testing.
• Highly motivated, Dynamic, organized, systematic, problem solvermulti-talentedgreat sense of humor, detail oriented, thrives in a challenging, fast-paced working environment, team player, time, and people management skills.

SKILLS:

Risk compliance

Audit, IT Infrastructure

Financial Accounting

Cloud

IT project planning/program

Cyber security

Disaster Recovery

Application Control

ITGC Testing

Data Privacy

Risk aversion recommendations

Cost reduction options

Report creation

Regulatory filings

Compliance standards

Report generation

Process evaluations

GAAP guidelines

Risk management

Planning

Sarbanes - Oxley regulations

FFIEC, NIST, ITIL, COBIT, ISO

WORK EXPERIENCE:

SNR IT AUDITOR

Confidential

Responsibilities:

• Develop and create IT Audit program including access control, change management, IT operations and application controls.
• Identified deficiencies in the design and operating effectiveness of conx1trols and provided recommendations for all clients.
• Implemented appropriate security controls for information system based on NIST 800-53 rev 4.
• Participated in SAP transaction testing to perform included testing of segregation of duties to assist the client in improving their user management, authentication management, authorization management, access management and provisioning capabilities.
• Conducted ITGC walkthrough and detailed testing by reviewing document and observing procedures to gather useful evidence.
• Involved in conducting ITGCs testing and IT application Control testing, audit readiness, attestation engagements, Infrastructure audit, compliance, and risk assessment.
• SOX walkthrough meetings with control owners, and internal/external auditors, and perform follow-up discussions as needed.
• Performs walkthrough and executes testing procedures to determine control design/operating effectiveness against industry standards
• Develop and create IT Audit program including include access control, change management, IT operations and application controls Identified deficiencies in the design and operating effectiveness of controls and provided recommendations for all clients.

RISK COMPLIANCE OFFICER

Confidential

Responsibilities:

• Assisted in the development and implementation of a continuous monitoring program for IT compliance and automation of manual processes.
• Effectively collaborate with IT stakeholders to provide support and guidance across a broad range of IT compliance work efforts.
• Performed basic procedures necessary to ensure the continuation of core IT risk and compliance functions.
• Perform risk assessments, identify IT controls for significant processes, develop test procedures for SOX readiness. Assist with the development of IT policies and procedures necessary to mitigate risk assessment and risk report exposures.
• Evaluate/interpret SOX IT Audit, PCI DSS and Privacy requirements and provide guidance to process and control owners on the objective / intent of the requirements.
• Maintain knowledge of legislation and regulation changes related to the financial industry; understanding of applicable finance industry security and privacy regulations, procedures, and issues, and assist in ensuring the organization remains compliant with such laws and regulations.
• Work with both External and Internal Audit to ensure compliance with policies, International Accounting Standards and ITCG security protocols Assist management with SOD issues including monitoring and reporting.
• Assist with revising cybersecurity policies and standards as well as their alignment of general technology policies with security requirements.
• Documented, assessed, and evaluated automated systems controls including interface completeness and validity, authentication and authorization, and input/ output controls to support sensitivity of data and privacy.

OPERATIONAL RISK ANALYST

Confidential

Responsibilities:

• Responsible for supporting and maintaining a Cybersecurity risk and compliance program and strategy that monitors adherence to cybersecurity security requirements and drives remediation of unacceptable risks.
• Manage the review of changes in company processes, standards, and technology to ensure the effectiveness of security controls to meet compliance requirements.
• Identify and report on new and emerging security risk and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
• Conducted risk evaluation by examining related risk, key controls and developing appropriate audit measures to test control identified.
• Develop, maintain, and support Security policies and procedures that support HIPAA and Hi-Trust in ensuring compliance to different regulatory standards.
• Involved in conducting ITGCs testing and IT application Control testing, audit readiness, attestation engagements, Infrastructure audit, compliance, and risk assessment.
• Conducted and supervised end to end IT audit process including engagement planning, coordination, scope determination, risk and control identification, design of audit program, procedures, test control and evaluate results.
• Conducted ITGC walkthrough and detailed testing by reviewing document and observing procedures to gather useful evidence.

AUDIT/RISK ANALYST

Confidential

Responsibilities:

• Conduct and supervise all aspects of the end-to-end IT audit process to include engagement planning, coordination, scope determination, risk and control identification, design of audit program procedures, testing, and evaluation and analysis of results.
• Determine scope, develop audit programs, and coordinate activities and communication with audit clients and management.
• Assign testing responsibilities to other project members, and monitor the audit communicating progress, obstacles, and issues to management on an as-needed basis.
• Perform QA reviews of IT controls related work products such as user attestations packages and client assistance documentation prior to delivering to internal and external auditors, clients, and business partners.
• Prepare comprehensive, well-written, audit work papers documenting the test steps performed, audit results and recommendations.
• Assist in preparing draft audit reports and communicating audit observations to management.