A performance - driven, results-oriented, energetic, focused, team playing professional looking to find a position with a corporate entity that offers daily challenges that will enable me to contribute to the goals of the organization. Offering experience, in enterprise governance, risk, regulatory compliance, IT security and IT audit experience. I am a self-starter, multitasking, and high-profile time manager, consistently sustaining high levels of productivity and quality in a fast-paced high volume environment.
- Assessment of internal Controls. Sarbanes Oxley (SOX) 404/COSO/HIPAA/HITECT/SANS/HITRUST Compliance Audit
- SOC 1,2 Reports/ 16 SSAE ERP Applications - Oracle Financials/SAP Audit.
- Windows, Unix/Linus Platform COBIT, COSO, ITAF, ITGI, NIST CSF, ISO/IEC 2700 Frameworks Audit.
- NERC, NIST 800-53, GDPR, Cloud Security Alliance Framework.
- PCI DSS and Data Center Audit Audit Report Writing and Presentations
- ITGC, BCP, DRP, Backup and Recovery, Risk Assessment BSA, OFAC, KYC, US patriot Act, FFIEC Compliance Audit
- Database & SDLC application Audit Gap & Root cause analysis, Quality Assurance Audit Experience
TECHNICAL APPLICATION SKILL SETS:
MS-office-Word, Excel, PowerPoint, MS-project, SharePoint, TeamViewer, Teammate, Jira, Asana, Tableau-For Datamining, SIEM- (core logic, Net-IQ, Splunk), MBSA and ACL Application testing tools. DLP tools; McAfee Total Protection for DLP, Trustwave DLP
Confidential, Dallas, TX
IT Security Analyst
- Global InfoSec Vendor Risk Assessments Team - engaged in Global Enterprise information security Vendor Risk Assessments from End to End for Confidential internal/external onboarding and integration of clients into cloud security infrastructure (IaaS, PaaS, SaaS) platforms.
- Review Security Framework, establish Cloud Governance standards, educate Business / Technology teams. Design and build Cloud Security solutions that balance the need for speed and flexibility of Cloud infrastructure and IaaS/PaaS/SaaS applications with the need to protect Cloud Service Clients against ongoing and potential security threats.
- Implement the Information Security design for Cloud usage throughout the enterprise, enforce compliance with Security policies, controls and function as a technical security SME on various projects. Help synthesize radical ideas, define new security strategies and persevere to get the job done Globally.
- Review, assess and analyze infrastructure access request questionnaires business Team/Vendor’s granting of access according to organization policy requirements and procedures in alignment to Vendor needs on targeted platforms.
- Assess program and security controls using Organization Information Security Policy Handbook and NIST Special Publications to provide information necessary to determine their overall effectiveness.
- Conducting Information Security Vendor Risk Management Assessment, identify gaps in cloud security architecture and documenting key control findings.
- Report, Plan of Action and Milestones, System Security Plans (SSP), Application Security and Development Checklists, and review security artifacts (Penetration and Vulnerability scan testing reports, SOC2 type 2 report, ISO 27001 report, PCI-DSS certification report etc.) supporting software certification and accreditation • Running vulnerability scans for applications using various tools such as HP Fortify; working with software engineers to analyze the report; and running vulnerability scans for operating systems and network infrastructure.
- Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure.
- Interface and collaborate with multiple groups and/or managerial staff to eloquently describe and implement security solutions.
- Provide technical support to Vendors who need advice, assistance, and training in applying hardware and software systems. Provide Risk Management Framework support to the Global Office of Cyber security.
- Support the determination and documentation of system Vulnerability Findings and the flow through Risk Matrix Decks
- Respond to development Program partners, Global Program Managers to provide guidance on priority Information Assurance (IA) requirements affecting development and acquisition programs.
Confidential, Raleigh, NC/Dallas, TX
Sr. IT Risk and Compliance Specialist
- Work with IS Directors to assist in ensuring their teams are compliant with established compliance practices, standards and IT policies and procedures.
- Manage the SOX compliance calendar, control execution schedule, and Technology audit checklists, programs and guidelines.
- Work with local IS Directors to ensure all SOX control documentations is up - to - date and accurate for all IT area.
- Prepare the IT department for our regular external audit SOX testing.
- Support Internal Audit in SOX Management Testing by conducting Semi-annual User Security access audit and quarterly Segregation of Duties - SOD reviews and assessment.
- Support with review of Applications Users Security for Company reorganization, mergers and acquisition.
- Define, develop, and execute testing of segregation of duties - run and review SOD validation, violations and implement mitigations on violations using Oracle Confidential ERP and Qsoft application software.
- Serve as member of the change advisory board (CAB) and provide all necessary review of security objects of customized security programs before they are migrated to the production environment by running validation and violations reports. Work with software’s security engineers, Business analyst, Business Process Owner to resolve issues of security violations.
- Provide regular status metrics on compliance initiatives and audit activities to Director of Project Management Office.
- Assist in the migration of decentralized control documentation across multiple technology groups into a consolidated repository.
- Participate in the development and oversight of required management action plans relating to compliance issues.
- Monitor and support compliance initiatives for related 3rd parties (e.g. SOC1,2).
- Assist with the education of process/control owners so they better understand the controls framework and their responsibilities.
- Stay up-to-date on current compliance regulations and changes in policy.
- Work closely with functional teams to develop user profiles and levels of access that meet both audit and functional requirements.
- Validate end user access by facilitating an accurate evaluation of the level of security required.
- Maintain procedures for data access and perform user access reviews for proper authorizations.
- Responsible for proactively alerting management to security issues and associated risks and making recommendations for resolution.
- Coordinate and provide summary reports for management of the business units to assist in reviewing access for their team members.
- Provide reporting of security controls and access for audits as needed.
- Assisting in validating and reviewing security controls and roles of applications Users access security during reorganization and acquisition process and procedures.
Confidential, Dallas, TX
IT Audit Consultant
- Responsible for the execution and delivery of audit assignments by ensuring that all IT-related business risks are identified and appropriately reviewed in alignment with the departmental audit plan and initiatives.
- Support Internal Audit in SOX Management Testing by conducting ITGC SOX Compliance review and testing. Involved in various Semi-annual User Security access audit and quarterly Segregation of Duties - SOD reviews and assessment, change management audit etc.
- Reviews of IT and Investments-related integrated processes for compliance with company policy and control standards, regulatory requirements, leading practices, and procedural efficiency and accuracy;
- Identification, drafting, and communication of audit issues and audit reports as well as review of management’s proposed mitigation plans for appropriateness.
- Recommendations and implementation of changes to the control environment or operating processes.
- Support integrated systems pre- & post-implementation audits on major systems transformations.
Confidential, Arlington, TX
Sr Fraud & IT Risk Management Analyst
- Perform monitoring and auditing of IT controls at the application, database, operating system, and process levels. Work with business partners to ensure process documentation, support controls knowledge transfers, program communications are complete and timely. This also includes IT audit full engagements from start to end.
- Responsible for determining of audit object, audit scoping, risk assessment, audit planning (logistics, meeting invitation, creation of audit programs, maintaining an open communication channel with the auditee). This also includes kickoff meetings, fieldwork (evidence gathering, walkthroughs, observations, interviewing, testing of controls to determined risk tolerance level and materiality of evidence gathered), closing meeting with auditee and report writing including recommendations.
- Engage in SOX compliance audits for clients - conduct walkthroughs, perform testing of Access controls, Change management, Application Interface controls, DRP/Backup and Recovery audit assessment for test of design, and operative effectiveness. Engage in Oracle and SAP audits resulting in remediation of vulnerabilities found. While auditing UNIX/Linus and Windows operating systems, ERP applications e.g. Oracle database, perform tests based on companies’ scope and documented controls objectives in line with COBIT/NIST framework.
- Provide subject matter expertise and training to relevant business units relating to regulatory compliance, IT security/controls risk management and IT Audit-related issues respectively. While performing other key audit functions such as SOC 1,2,3 audits for data centers, ERP platforms, DRP offsite facilities for certifications and compliances with regulatory requirements- used various design audit engagements programs and templates.
- Responsible for revise, test risk assessments & controls catalogues, and monitor for compliance, including oversight of various documentation associated with IT Audits and all-related IT cybersecurity memos-used SANS-CSC model. Team corroboration with functional team, vendor software/application management team, and liaised with external auditors during external audit engagement within company facilities.
- Perform, review, test, validate standard Policies & procedures, control access logs, batch/patch process logs, incident/exception report logs, data loss prevention logs, physical access logs, firewalls configuration logs, Disaster recovery/Business continuity plans and recommended updates, change management authorization decisions/approval logs, antivirus & malware application logs for updates, generated reports of trends, and statistics to senior management and those charged with governance.
- Test and validate IT security infrastructure networks carrying out vulnerability scan, security risk assessment, penetration test - social engineering, packet sniffing, man in the middle attacks, Brute force attacks, password cracking etc. to identify IT infrastructure weakness.
- Review, test and validate Access control list, active directory, DNS/ DHCP, LAN, WAN, VLAN, Role base remote access configurations of VPN, VOIP, Firewall configurations of Network infrastructure for detention of control weaknesses.
- Evaluate process risks, process mapping, pre-developed tests for key controls, risk assessment and determine an effectiveness of controls. Reviewed, Revised and monitored SLAs. OLAs. SLRs gathered, their various frameworks within internal management and external vendor’s management targets.
- Review and analyze lead for potentially suspicious activity, including those generated from an alert detection process, subpoenas and warrants, negative mediation reports. Managed investigative process from initial detection to disposition.
- Formulate and recommend responses to potentially suspicious findings, reporting such activity to the appropriate regulatory authorities and support forward-looking risk-mitigation response. Conducts analysis of alerted transactions for suspicious activity, conducting high-level, complex case investigations.
Confidential, Arlington, TX
Quality Assurance Auditor
- Develop annual IT Audit Plan for the assessment of internal controls to meet Sarbanes-Oxley Act compliance; advise following a top-down, risk-based methodology, and recommend appropriate IT mitigation strategies
- Support significant BCP projects in a to ensure regulatory compliance. Provide expertise on Risk Assessments, Incident Response handling, IT General Controls and reporting requirements
- Establishes system controls by developing framework for controls and levels of access; recommending improvements
- Ensures authorized access by investigating improper access; revoking access; reporting violations; monitoring information requests by new programming; recommending improvements
- Audit Data Center’s physical, logical and environmental controls to comply with company policies
- Carry out DRP and Backup/Recovery engagement for businesses ensuring continuity and timely recovery during a disaster
- Use ACL to export, analyze and evaluate evidence of supporting documentation collected to determine deficiencies in controls, fraud or lack of compliance with PCI DSS, government regulations and management policies
- Engage in SOX compliance audits for clients - conduct walkthroughs, perform testing of Access, Change and Interface controls for effectiveness. Engage in Oracle and SAP audits resulting in remediation of vulnerabilities
- Audit UNIX/Linus and Windows operating systems, ERP applications e.g. Oracle database, perform tests based on companies’ scope and documented controls objectives in line with COBIT framework
State Accountant/Revenue Officer
- Planned, supervised, and conducted bank reconciliations for over twenty Projects, and maximized working capital, and cash flow of bank accounts used by the board for transactions over $500 million.
- Designed and implemented internal revenue checks and control system to safeguard the assets of the board, saved $5m within four years of system implementation.
- Coordinated and managed consulting projects involving financial modeling of business operations, and critical process path analysis.
- Evaluated internal controls and recommended systems strategic improvement model.
- Developed and maintained revenue generation strategies for the board within the local office, and designed and implemented a system of revenue activities and remittance reporting through revenue mobilization units.
- Performed extensive contract review and analysis, and budget allocation to promote efficiency and continued profitability