SUMMARY

Develop and implement standards, processes and procedures that conform to best practices outlined in COBIT standards   for Confidential .  Also periodically review existing standards and procedures relating to security and governance frameworks (IT general controls, COBIT) and update as necessary.

• Sarbanes Oxley ( Confidential ) IT audit experience in the following industries: financial, manufacturing, retail, healthcare, and aerospace.
• Confidential audit skills in the following areas: IT Management, Networks, Operating Systems, Databases and Applications, Systems Software Changes, SDLC, Securities and Logical Access, Storage Management, Job Scheduling, Physical Security
• Strong IT Audit and technical skills related to information security, security administration, security risk assessment, IT architecture development, firewalls, design and security control, and evaluation of new technologies and procedures
• Seasoned Audit/Security/System Administration including strong analytical, technical and problem solving skills with proven ability to mentor staff, build a team, deal with complex issues and develop practical solutions.
• Experienced in audit of new and existing information operating systems, networks, databases and applications to ensure that appropriate controls exist, that processing is efficient and accurate, proper data integrity is maintained, and information system procedures are in compliance with corporate standards
• Risk assessment related to computer processes and systems including providing management with recommendations for improvements to policies, procedures and practices as needed.
• Experienced in security principles and products, including experience with multi - platform security designs and vendors.
• Business continuity planning (BCP) and disaster recovery planning (DRP).

PROFESSIONAL EXPERIENCE

Confidential

Lead Business Analyst

Responsibilities:

• Support compliance, audit response, testing and quality control support for the Compute Team and the underlying infrastructure they manage.
• Support audit or regulatory inspections, including preparation, support and post audit activities for Confidential TOD and TOEs, SAS70(SOC), ISO27001, FDA and others. Perform tests of controls to obtain high levels of assurance about their effectiveness, pick samples, test internal controls to determine if they are working as intended, identify and report on internal control issues, and remediate those issues.
• Actively manage the infrastructure computerized system validation activities for projects involving GxP relevant computer systems.
• Work closely with Compute Team members, IT Compliance team, QA function and other TSO groups to implement and operate required system lifecycle processes for relevant computer systems and their underlying infrastructure.
• Communicate clear concise compliance standards and support processes to customers and IT&PE Teams.
• Develop training material for the life cycle process and TSO documentation project. Worked with the GEHC managers to develop training matrices for their staff. Also attended extensive training for PMP, Lean and Black Belt. Presented PMP training module. Worked with TIG groups and presented pitch out for lunch and learns.
• Participate in volunteer activities, worked at the Share Holders Meeting, participate in planning employee events with the Celebration Committee, and involved with the Women’s Network.

Confidential

Senior IT Auditor

Responsibilities:

• Acted individually, as an audit team member, or as the auditor in charge for audits which included planning and executing the day-to-day activities of IT audit engagements.
• Identified and assessed risk, evaluated and improved the underlying processes and controls, and identified ways of increasing the efficiency and effectiveness of information systems.
• Conducted IT and integrated audits of complex IT infrastructures (Networks, Active Directory, Mainframe, Telecommunications, Operating Systems, Change Management, Disaster Recovery, Business Continuity and Security).
• Prepared audit work papers in accordance with professional standards, and prepared written reports of completed audits and presented results to Management. 
• Responsible for managing Sarbanes Oxley compliance as it relates to IT controls. This included working with Management to identify and test key IT controls according to generally accepted auditing standards. 
• Effectively handled administrative functions associated with performing an audit including participating in audit kickoff meetings, ongoing(weekly), and closing meetings, delivering presentations, reviewing work papers, and developing audit reports.
• Assessed and documented the effectiveness of IT system general controls (physical environment, data security, data integrity, change management, operations, backup).
• Identified and tested effectiveness of operating procedures and internal controls embedded in systems.   
• Designed, carried out and documented tests of IT system.  Generated and ran selected audit queries against business application systems either in conjunction with an IT audit or in support of a financial audit.
• Ensured that tests and test documentation meet professional standards and could pass review by external auditors and/or third party QA reviewer.
• Discussed test results with auditee management.
• Resolved issues and reach agreement on appropriate solutions with appropriate business unit management.
• Consulted and interacted routinely with IAS audit management.
• Effectively handled special assignments including assist external auditors, assist in handling non-routine inquiries and other confidential projects.
• Reviewed First application implementation project and Intralink application.
• Performed SAS 70 II reviews of IT controls relating to significant services provided by third parties for Intralink, TaxStream, and First applications.

Confidential, Southfield, MI

 IT Auditor

Responsibilities:

• Worked with the Sarbanes-Oxley ( Confidential ) organization to perform validation checks that all Confidential Application program changes are being made by properly executing the defined procedures to provide the required evidence for customer and ITM approvals (process compliance). Coordinated within the required time frames the review of key preventative and detective controls across the security administration and change management functions.
• The review focused on validating that change management controls over key applications are monitored and supported by appropriate authorized documentation. The review also focused on monitoring the periodic review of access rights, security parameters and utilities related to key in-scope applications, databases, networks, operating systems and data transmissions.
• Performed application testing for new release of change management system. Developed quality-assurance checking procedures.
• Required problem solving skills and previous IT general controls audit experience, good interpersonal skills and written and verbal communication skills. Used the Mainframe, Windows XP, Lotus Notes, Microsoft Office Suite, Microsoft Excel and Access.

Confidential, Southfield, MI 

 IT Auditor

Responsibilities:

• Perform Sarbanes Oxley testing for software applications
• Complete testing steps listed in Confidential audit IT workpapers to gather evidence to support documented IT processes.
• Audit and evaluate information systems applications and operating procedures in accordance with established corporate standards for accuracy and security.
• Determine audit sample sizes based on written guidelines to gather evidence.
• Interview owners of processes to gather information and documents pertaining to their controls.
• Communicate recommendations for deficiencies.
• Update Confidential findings in AutoAudit.

Confidential, Troy, MI 

IT Auditor

Responsibilities:

• Review and evaluate internal controls and help ensure compliance and support of executive management’s Confidential 404 IT certifications.
• Perform Sarbanes Oxley testing for physical security, information security, change management for applications and platforms, data backup and recovery, SDLC, database controls, computer operations
• Test established company policies for setting up users, permissions, and access rights.
• Determine audit sample sizes based on written guidelines to gather evidence.
• Evaluate the audit results and develop recommendations to address the deficiencies, weaknesses, and the areas of concern noted during the performance of the audit.
• Interviewed owners of processes to gather information and documents pertaining to their controls.
• Perform remediation for weakness and retest.
• Prepare timelines, MS project plans, and scorecards.

Confidential, Livonia, MI

IT Auditor

Responsibilities:

• Performed Sarbanes-Oxley compliance work for major subsidiary of a global Fortune 100 conglomerate with operations in the Americas, Europe and Asia.
• Conducted testing, evaluation, and documentation of findings based on existing test plan, utilizing RCTS Deloitte & Touche software.
• Executed remediation of identified control weaknesses and documented results.
• Interviewed process owners for information systems, information security, database subsystems. Owners included the Systems Manager, Facilities Manager, Personnel Manager, and NT Systems and AS400 Administrators.