- SAP (ECC 6.0, SAP 4.7, and SAP 4.5)
- UNIX (AIX 6.1, Solaris 10.0)
- Oracle 11g
- Microsoft Office Suite
Confidential, Alexandria, VA
Security Analyst and Audit Readiness SME
- Maintained user access in development and production SAP environments including creation, modification of role assignments, locking/unlocking user accounts, and password management.
- Assist in troubleshooting existing roles in development and production SAP environments related rectifying or providing additional access to address authorization issues.
- Served as the Functional Lead for the implementation of SAP Firefighter functionality, including testing, training of user base, and daily administration of Firefighter in the SAP production environment.
- Functional Lead for implementation of the SAP GRC Risk Analysis and Remediation tool in the SAP sandbox, development, and production environments, including initial implementation and evaluation of risks, functions, critical actions, and Segregation of Duties conflicts.
- Define, document, and update new and existing policies and procedures adhering to best practice standards for SAP Security in production and non - production environments for user access, role administration, and other functions needed to support the current environment.
- Assisted Management in participating in and leading collaborative meetings with customer base providing updates to current issues and identifying and tracking new issues related to SAP Security.
- Successfully demonstrated a clear ability to effectively understand SAP Security functionality, specifically in the areas of user access, role administration and troubleshooting, and authorization objects.
- Audit Readiness Lead for Plan of Action and Milestones (POA&M) open issues, which included working with impacted functional or technical areas to ensure issues and related remediation plans were adequately addressed to meet FISCAM audit requirements.
- Project Management Lead for remediation of Interface Confirmation Management documentation, which included managing staff of two contractors, review and evaluation of approximately 330 Interface documents, and working closely with functional Subject Matter Experts ensuring a clear understanding of Interface business requirements and revisions made for audit purposes aligned with those requirements. Project was completed three months in advance.
- Project Management Lead for remediation of customized SAP objects transported into production, which included review of approximately 1400 objects (utilized multiple times in development) and related Configuration Management documentation to ensure objects were adequately documented to meet FISCAM audit requirements. Project was completed one month ahead of schedule.
- Project Management Lead for quality assurance review of all (approximately 2,200 nodes) SAP IMG configuration, which included identifying all IMG nodes that were customized and ensuring those nodes were adequately documented and evaluating standard SAP delivered nodes to identify any instances where customization had occurred but was not appropriately documented.
- Worked closely with SAP Security Management to address open FISCAM audit issues, and identify and implement strategies to ensure FISCAM audit requirements were appropriately addressed.
Confidential, Alexandria, VA
Audit Readiness Consultant
- Utilized the FISCAM audit methodology for planning, testing, and reporting, which included risk-based evaluations of materiality and significance related to the effectiveness of standard operating procedures.
- Identified FISCAM control techniques that were relevant to the objective of achieving DoD directives issued by the Defense Information Systems Agency (DISA), as well as associated National Institute of Standards and Technology (NIST) guidelines, specifically for 800-53.
- Utilized FISCAM to map testing results for each critical financial reporting area to risk in application security and business process controls for validity, completeness, accuracy, and confidentiality of transactions.
- Evaluated security management at the entity level, which included the network, operating system, infrastructure, applications, and database management functions.
- Evaluated FISCAM control techniques to current Risk Assessment Control Matrices (RACM), which list control techniques for relevant auditable areas, to identify potential GAPS in testing.
- Assisted in mapping Plan of Action and Milestones (POAM) to Issues Matrices and RACMs to ensure issues and related plans addressed in POAM were adequately addressed.
- Evaluated RACM control tests in an effort to streamline test plans, addressing control testing GAPs, duplicate testing, or other control tests not relevant to control areas.
- Evaluated entity IS controls and the effect of those controls at the business process application level.
- Assessed general controls and the pervasive impact on business process application controls.
- Assisted in identifying remediation recommendations and re-test IT control activities, as needed.
- Assisted in the preparation of management reporting for Exam 3 SAP Business Intelligence testing, which status reporting and issues reporting for entity-level controls, interface controls, and general IT controls, based on criticality.
Confidential, Richmond, VA
Sarbanes-Oxley Compliance Auditor
- Conducted Sarbanes-Oxley auditing of controls related to Information Technology cycles for Altria and its operating companies.
- Conducted Sarbanes-Oxley auditing of controls related to financial cycles for Altria and its operating companies.
- Performed reviews of Information Technology and Financial compliance with COSO framework for Altria and its operating companies, including periodic assessments of the enterprise risk environment to determine if modifications to the control environment were required to ensure compliance with COSO.
- Collaborated with individuals responsible for Sarbanes-Oxley controls, resulting in additions, changes, or deletions of controls as required by Altria’s business environment.
- Executed periodic evaluations of IT systems to ensure that all systems impacted by Sarbanes-Oxley were appropriately included as part of the control environment and audit testing.
- Executed periodic evaluations of critical spreadsheets used in Finance Sarbanes-Oxley control cycles to ensure that all relevant spreadsheets were included in audit testing.
- Performed periodic security assessment reviews of Altria systems, primarily focused on vulnerabilities related to personnel, application security, system (e.g., DB/OS) security, operational security, and government regulations.
- Performed continuous evaluations of test plans to ensure that control objectives were executed appropriately.
- Performed monthly reporting of the Sarbanes-Oxley control environment for Altria and its operating companies.
- Conducted year end Sarbanes-Oxley requirements including 404 deficiency evaluations, 404 deficiency aggregation analyses, year-end mitigating control analyses, and management reporting.
- Participated in periodic evaluation of IT control environment to identify gaps in controls for those IT systems relevant to Sarbanes-Oxley.
- Utilized Confidential and Microsoft Excel to analyze data and consolidate data from different sources for Sarbanes-Oxley testing purposes.
- Participated in special projects at management’s request such as mapping of the Sarbanes-Oxley Act to Altria’s control environment and evaluating Altria’s control environment for risk or controls elimination or consolidation.
- Conducted Sarbanes-Oxley training for Altria’s Compliance Training program for directors and managers within the Altria organization.
Lead Financial Auditor
- Led audit teams to perform internal financial, operational, integrated audits, and external vendor audits, which included developing audit plans, assessing process risk, assigning resources, and working with business management to ensure related audit findings were accurate.
- Identified financial and IT issues and worked with business management to develop action plans to remediate the risk.
- Utilized Confidential and Microsoft Excel to analyze large quantities of data to identify risk areas for large processes within the business and external vendors that processed large amounts of data on behalf of Altria.
- Lead and participated in projects as required by Audit management, including process evaluations, process re-engineering projects, and Altria Board of Directors Compensation reviews.
- Worked on the annual risk assessment team to determine high risk areas for future audits.
- Developed TeamMate training to facilitate training for new hires and individuals transferring to the audit organization.
Senior Internal IT Auditor
- Led and participated in performing IT audits on external vendors and internal applications, infrastructure and processes, including developing audit plans, assessing process risk, assigning resources, and working with the business to ensure audit findings were accurate.
- Participated as a finance auditor on integrated business audits and vendor audits.
- Identified issues in the areas such as Change Management, Data Storage and Transmission, Segregation of Duties and User and Administrative Access, and worked with business management to develop actions plans to remediate the risk.
- Utilized Confidential and Microsoft Excel to analyze large quantities of data to identify risk areas for each audit.
- Worked on the annual risk assessment team to determine high risk business areas for future audits.
Confidential, Richmond, VA
Vice President - Information Technology
- Responsible for all technology related applications and/or equipment for 170 stores, Confidential ’s corporate office, and field offices.
- Responsible for the Company’s network environment, UNIX systems, Microsoft Exchange, all communications, and all issues related to the Company’s PDI/Resource Management Series (RMS) accounting application, utilized at the corporate office and each store location.
- Led and participated in all PDI/RMS application training, issue tickets, or requests for application enhancements as required by management.
- Responsible for development and deployment of all new applications and technology.
- Responsible for other services and applications, including telecommunications, Web page maintenance, and corporate training.
- WAN/LAN maintenance.
- Managed the Company’s Retail Accounting department, which included all operational accounting aspects of store level sales activity related to merchandise sales.
- Managed the Company’s Gasoline Accounting department, which included all accounting aspects of store level retail sales and sales to wholesale distributors.
- Managed the integration and maintenance of the Company’s electronic Price Book tool, central to item level purchasing and sales.
Confidential, Corpus Christi, TX
Director of Operational Accounting
- Managed Retail Accounting, Retail Gasoline Accounting, Wholesale Gasoline Accounting, Accounts Receivable, Accounts Payable, and Money Order Services departments.
- Responsible for defining and implementing business systems designed to enhance department efficiencies and automation.
- Performed UNIX maintenance related to accounting data files.
- Performed data extractions of accounting system information required for Company reporting.
- Performed system and application training, including creating training documentation and facilitating instruction of courses.
- Provided field training of existing and new accounting procedures, which included written documentation and presentation.
- Provided consulting services to the wholesale division for the integration of a new wholesale accounting system.
- Coordinated and produced the Company’s business plan for 1999 and 2000.
- Oversaw the development of enhancing the A/R functionality in the accounting system to track workman’s compensation and General Ledger reporting for the Human Resources Department.
- Oversaw the development of utilizing the Company’s Payroll system in conjunction with the money order application to provide electronic delivery of payroll checks.
Confidential, Temple, TX
Senior Support Consultant
- Provided application support for the PDI Resource Management Series accounting software, report writer applications and other related products.
- Provided consulting services for installation of accounting systems for new customers.
- Provided training to customers on data mining.
Confidential, Cherokee, OK
- Responsible for all areas of operational and financial accounting, including financial reporting, general ledger management, retail and operational accounting, purchasing, and preparation of all accounting information required for the annual audit.
- Provided multi-state tax reporting for excise, payroll, and corporate taxes.
- Responsible for streamlining procedures and reducing staff by over 80% through process efficiencies.
- Responsible for streamlining audit preparation and execution procedures by over 60% through process efficiencies.