SUMMARY

• Experienced and result driven IT audit and compliance professional with advanced understanding of IT General Computer Controls around applications, databases, and operating systems.
• Valued adviser on key security initiatives with a deep understanding of emerging technology risk areas and the design of controls to address such risks.

TECHNICAL SKILLS

Microsoft Products: Word, PowerPoint, SharePoint, Excel, Power BI ServiceNow, Jira, Azure DevOps, Legacy Ticketing Systems

Computer Tools: ACL, Teammate, SharePoint Active Directory, Processes Audit reports, Audit Programs, High Level Executive Summary, and metrics HR, Servers, Firewall Reviews JD Edwards, SQL, CyberArk, UAT Security Exception and Annual Risk Acceptance Program for management

PROFESSIONAL EXPERIENCE

Confidential, Bothell, WA

IT Compliance analyst

Responsibilities:

• Coordinated SOX audit walk - throughs and testing requirements.
• Ticket management (Service Now) opening and closing of Tasks, Clients, Incidents, etc.
• Experience performing audit with IT General Controls; Password parameters Testing, Change Approval and Testing, Access Administration (User Access Provisioning/Deprovisioning), Back up Process (Failures and Scheduling)
• Participated in the day-to-day execution of audit engagements, such as SOX, Risk Assessment, compliance audit, and operational audit.
• Quarterly Access Review, Periodic User Access Reviews, User Access Appropriateness and assessments of systems and processes to ensure regulatory and policy.
• Managing user login parameters and password parameters
• Performed functions using Identity and management procedures, which includes security-policy enforcement applications, reporting and monitoring apps and identity repositories.
• Work with System owners to make sure Servers are properly backed up.
• Reviewing change management procedures, attesting and for completeness and accuracy in the process and confirming that proper approval is in place.
• Develop and evaluate control testing as needed.
• Develop and maintain SOPs for Teammates on SharePoint
• Coordinate evidence collection as needed.
• Perform audit and assessments of systems and processes to ensure regulatory and policy controls are in place.
• Working with System owners to meet Auditor's Deadlines.

Confidential, Dallas, TX

Tech - 0prations Analyst

Responsibilities:

• Manages and maintains data within Salesforce and internal database to ensure data adheres to data standards.
• Recommends and implements data quality processes and provides sign off on data-related changes.
• Review user access Entitlement Documents (Word documents that detail the type of access being granted to a Database/SharePoint site
• Making sure entitlements description pass their compliance policies Drive adherence to global governance/release management processes to ensure system integrity.
• Assist with compliance needs, related to access reviews, lifecycle management, access requests, and other IAM functions.
• Perform tasks related to end user access, including user access provisioning, de-provisioning, and access modifications in various systems and applications.
• Validate and maintains user access roles and entitlements.
• Perform tasks related to end user access, including user access provisioning, de-provisioning, and access modifications in various systems and applications.
• Validate and maintains user access roles and entitlements.
• Assist with integration of databases, operating systems, and applications into IAM tools.
• Support and maintain global Active Directory solutions, policies, and access control.

Confidential, Odessa, TX

Systems Compliance Specialist

Responsibilities:

• Prepared clear and accurate narratives and workflows of business and informational technology-related processes in accordance with the internal audit methodology and standards.
• Conducted IT General Controls (ITGC) and IT Application Controls testing, Infrastructure using various audit Frameworks COSO and COBIT
• Performed audit planning, conducted walkthroughs, and assessed the internal control environment through control testing.
• Participated in the day-to-day execution of audit engagements, such as SOX, Risk Assessment, SailPoint, compliance audit, and operational audit.
• Ensured that policies and procedures are implemented, and processes are well documented and performed internal reviews which identified compliance problems that called for formal attention.
• Execute multiple IT audits, including internal applications, systems currently being developed, technology infrastructure and specialized or emerging technologies.
• Prepare risk-based audit plans and scope with Audit manager and director, detailed audit program, report findings, and present recommendations for improvement of overall IT controls environment.
• Established network specifications and analyzed workflow, access, information, and security requirements.

Confidential, Livonia, MI

IT Auditor

Responsibilities:

• Document and track control weaknesses, develop recommendations, remediation process, completed milestones, and assist with audit reports.
• Perform testing of IT General Controls (ITGC) and IT Application Controls, Infrastructure (databases and operating systems) using various audit Frameworks
• Knowledge of emerging technologies such as mobile computing, cloud, and understanding of the associated risks
• Work as part of the IT Audit Team that performs PCI DSS, HIPAA testing in regulated organizations.
• Participated in the day-to-day execution of audit engagements, such as SOX, Risk Assessment, compliance audit, and operational audit.
• Execute multiple IT audits, include internal applications, systems currently being developed, technology infrastructure and specialized or emerging technologies.
• Prepare risk-based audit plans and scope with Audit manager and director, detailed audit program, report findings, and present recommendations for improvement of overall IT controls environment.
• Create the initial framework to collect and document the current PCI technical environment.
• Develop processes for real time updating of the PCI environment triggered by ongoing technical changes.