PROFESSIONAL SUMMARY:

• As an independent consultant, I have extensive experience (more than 15 years) in assurance and financial management advisory services for commercial and government institutions.
• This includes a strong background in IT security, IT governance, risk and security compliance, configuration management, change management, reporting, audits, audit readiness, business & process improvement, information systems audits to include SSAE 18 type and other IT reviews assessing Information Technology General Control and application control audits.
• I have expert knowledge and extensive experience in auditing, reviewing, evaluating and assessing the level of compliance with industry standards including Confidential 800 - 53, Revision 4, CoBIT and other standards and frameworks.
• Over the past 10 years, I have held positions where I was responsible for monitoring, managing and closing existing compliance issues.
• I have also worked at ensuring that internal systems are compliant with security standards. In carrying out these functions, I was responsible for the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.
• Change Management
• Business Process Re-engineering (BPR)
• Performance Improvement
• Internal Controls
• Enterprise Risk Management (ERM)
• Sarbanes Oxley
• OMB A-123 Appendix A
• Financial Improvement Audit Readiness ( Confidential )
• Internal Audit
• IT Risk Assessments
• IT application controls
• IT General Controls
• Physical Security
• Data Center Reviews
• Change Management
• Configuration Management
• Logical access
• Problem management-root cause analysis
• Disaster Recovery Plan/Business Continuity Plan (development and assessment for adequacy)
• CFO Act, OMB Circular A-123 and Confidential compliance, Sarbanes Oxley (SOX), OMB Circular A-123, OMB Circular A-136, GAAP & FAR, Federal Corrupt Practices Act (FCPA), SAS 115, Confidential Guidance
• Federal Information Processing Standard Publication 199 (FIPS 199) Security Categorization, Privacy Impact Assessments (PIA), Security Control Assessments (SCA) Certification
• COSO, CoBIT 5, SSAE 18, A-127 & A-130, FMFIA, FFMIA, FISCAM, FISMA, NIST Special Publications

WORK HISTORY:

Senior Operational Risk Manager

Confidential

Responsibilities:

• Support Enterprise Information Security Front line Risk Management with issue management routines and audit engagements.
• Responsible for putting together new issue and corrective action documentation, requesting and tracking required approvals and periodic review and oversight of the Enterprise Access Management (EAM) issue portfolio with owners.
• Also assisted EAM with coordinating remediation plans across multiple lines of business and provided credible challenge to ensure solutions would be effective and sustainable.
• I performed the following risk management activities:
• Assisted with corrective actions related to Corporate Policy Risk, including root cause analysis and development of sustainable solutions.

Senior IT Auditor

Confidential

Responsibilities:

• Create / Update hardware and software baselines, diagrams, and documentation as a result of system changes, patches and upgrades.
• Assist with SPS infrastructure, application hardware and software security requirements and documentation
• Assist with program monitoring and control efforts, including critical path management, planning and preparing for critical events.
• Provide advice in the establishment and implementation of other control methods tailored to SPS program requirements; provided written documentation of such to management, if applicable; format commensurate to the requirement.
• Develop IT security Policies
• Develop IT security Procedures
• Manage the Computer Security Awareness Training and Role-Based

Senior IT Auditor

Confidential

Responsibilities:

• Information Technology General and Application Controls Audit to support the annual financial statement audit using Confidential.
• Focused on the application control families.
• Perform security assessment
• Review System Security Plan (SSP) and Risk Assessments (RA)
• Test application controls including security controls
• Performed walkthrough of critical internal control processes

Senior Operational Risk Manager

Confidential

Responsibilities:

• Support Enterprise Information Security Front line Risk Management with issue management routines and audit engagements.
• Responsible for putting together new issue and corrective action documentation, requesting and tracking required approvals and periodic review and oversight of the Enterprise Access Management (EAM) issue portfolio with owners.
• Also assisted EAM with coordinating remediation plans across multiple lines of business and provided credible challenge to ensure solutions would be effective and sustainable.
• I performed the following risk management activities:
• Assisted with corrective actions related to Corporate Policy Risk, including root cause analysis and development of sustainable solutions.

Senior IT Auditor

Confidential

Responsibilities:

• Also, responsible for documenting process controls, assessing control design, developing test plans to test key controls, and writing reports to summarize observations. provide process improvement recommendations to design efficient and effective process controls to best mitigate process risks.

Senior IT Auditor

Confidential

Responsibilities:

• Reviewed and assessed prior year findings remediation/Developed Corrective Action Plans
• Assess the following controls for Enterprise applications:
• Access controls/Change management/Configuration settings/Segregation of Duties/Post-implementation Review
• Evaluated enterprise IT security and other governance processes/Co-developed Management Periodic Access
• Reviews approach and the management tool to remediate significant deficiencies
• Developed and Implemented the Post-implementation
• Review approach to remediate significant deficiencies.

Senior IT Auditor

Confidential

Responsibilities:

• Supported SSAE 18, SOC 1, Type II Audits for several clients:
• Assessed Configuration Management Controls
• Review of policies and procedures for adequacy/Review of Business Continuity Plan for Adequacy.

Senior IT Auditor

Confidential

Responsibilities:

• I independently apply subject matter expertise and experience in Federal financial management, accounting, internal controls/A123 and IT audit readiness to support Federal Information Systems and Controls Audit Manual (FISCAM) audit readiness efforts.
• I interpret and apply Federal systems and compliance regulations, mandates and requirements to conduct IT/FISCAM audit reviews/assessments, conduct application and controls testing/re-testing, document results and Corrective Action Plans (CAPS) and follow-up actions/plans, develop FISCAM related documentation as required including Standard Operating Procedures (SOPs) for DHA and stakeholder systems and develop recommendations and approaches for FISCAM compliance.
• Performed IT and FISCAM related audit readiness tasks to support audit readiness activities
• Researched, develop, analyze and provide data, reports and audit compliance information through detailed written work products and deliverables and analytical spreadsheets.