- I am an experienced IT professional with broad experience in performing ITGC internal controls as part of nancial statement audit, internal and operational audits, SOX compliance, PCI DSS and infrastructure testing, risk assessment, attestation engagement, and audit readiness.
- Conducted IT audit projects such as compliance testing of Sarbanes - Oxley (SOX), OMB Circular A-123 audit and Service Organization Control (SOC) SAS 70 /SSAE 16 reviews, using COBIT, PCI DSS, FISCAM, FISMA and NIST 800-53 .
- An effective communicator, self-motivated, team player, result and detail oriented, and also possesses excellent technical, analytical and organizational skills demonstrated daily in meeting deadlines and management expectations.
- Operations, SAP, Sarbanes: Oxley (SOX), SSAE 16, Oracle Financial.
- Operating Systems: Windows AD, UNIX, Mainframe server
- Software tools: SAP R3 FICO Module, SAP GRC 10.0, Randomizer
- Microsoft Exchange, O ce365 Audit tools: ACL, IDEAL, Archer GRC
- Network security tools: IDS/IPS, SIEM
- OMB A: 123 and SOX compliance
- Network Devices: Routers, Firewalls LAN/WAN,TCP/IP, ERP Systems, Database 11G, SQL 2008/12, DB2
- Database & project management: SQL Server, Oracle, IMS mainframe database, DB2 UDB.
- Operating system: Linux-AIX, UNIX-Solaris, Microsoft window server 2012, 2016.
- Mainframe z/OS reporting and analysis.
- Proficient with operating systems like Microsoft Word, Microsoft Access, Microsoft Excel, Spreadsheet, Microsoft Outlook, Kronos, QuickBooks.
Confidential, Houston, TX
Senior Information System Auditor
- Performing testing in compliance with company policies and procedures to ensure it conforms to industry standards; such as HIPAA and PCI DSS framework.
- Maintaining a good working relationship with clients and colleagues to enhance customer satisfaction and work with client management and staff at all levels to perform audit services.
- Conducting financial audit using my knowledge of ERP systems (SAP and Oracle Financials), Microsoft Dynamics, and Net Suite. Documented control weaknesses and related testing exceptions.
- Conducting walkthroughs, developing tested plans, testing procedures and documented test results, and exceptions.
- Preparing and making presentation of audit reports to include audit findings, recommended remediation . Plan and lead follow up meetings with client management.
- Performing Information Technology audits (e.g. information security, change management, computer operations) for clients from various industries (manufacturing, technology, education, healthcare, etc...)
- Participating in all phases of IT Audit - Planning, Fieldwork and Follow up using applicable framework. COBIT, COSO and prepare appropriate testing Matrix.
- Conducting testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SSAE 16 Review, using COBIT and FISCAM frameworks.
Confidential, Houston, TX
Information System Auditor
- Assisted with special projects such as Segregation of Duties (SOD) and SOX Compliance Audit, challenge projects and identify conflicts or inadequate internal controls and provide recommendations.
- Coordinated IT related SOX compliance assessment in connection with program development, change management, computer operations, security and configurations as well as vendor service providers.
- Performed and documented walkthroughs of internal controls. Also assisted external auditors with financial statement audit tests.
- Documented internal control weaknesses and make recommendation for remediation of the weakness.
- Responsible for internal audit management and execution from planning to reporting, with a focus on key risk.
- Assisted in the implementation of control, self-assessment (CSA) tools, automated audit techniques and an integrated audit approach designed to encompass financial, operational and information technology controls.
- Performed design effectiveness assessment of internal controls. Also assisted in ERP implementation to ensure Compliance & Risk oversight.
- Supported IT internal controls as part of financial statement audit, internal and operational audits, SOX compliance and audit readiness.