SUMMARY:

Certified IT Auditor and Information Security Manager with over 14 years < - - My math might be wrong but I think this is an old number?I think it should be 14? -->of experience in providing control assurance and advisory services for diverse, global companies in the Consumer Products, Media, Manufacturing and Insurance industries. Specialized in SAP authorization concept, role design, user administration, and segregation of duties conflict resolution. Performed technology related audits and risk assessments internally and externally as a consultant, interacting extensively with clients and partners, presenting solutions, delivering products, and providing end user individual training. Recognized for achieving consensus resulting in successful partnerships with internal and external customers.

TECHNICAL SKILLS:

SAP (SD, FI, CO, MM, SD), GRC 5.3, 10, VIRSA, Linux, AIX, HP-UX, Oracle, Windows Server AD. Security tools including Qualys, Nessus, Nmap; SharePoint, TeamMate, OpenPages

PROFESSIONAL EXPERIENCE:

Confidential, Charlotte, NC

IT Audit Supervisor

• Scoped, planned and performed risk based audits and evaluated controls over IT and operational processes to ensure compliance with applicable company policies, laws and regulations, including Sarbanes-Oxley Section 404
• Presented findings to internal management and audit committee< -- The content here is really good, but if you can consolidate into themes it may help summarize your contributions in a more reader-friendly format. I've grouped together the various audit and review language as suggestion, but feel free to reject the change if you don't like it. Consider updating throughout this list so that the first word of each bullet starts with the same tense. For example maybe say scoped, planned and performed in the first bullet as it appears most of the bullets begin in past tense?also looks like you used past tense in the Kellogg's list -->
• Liaise between Internal Audit, stakeholders and external auditors< -- Consider consolidating with the previous bullet (#2) as an example of how you've demonstrated effective communication throughout duration of your projects to include the various stakeholders -->
• Ensured audit tasks are completed accurately and within established timeframes
• Reviewed third party SOC 1 and 2 reports for reliance and trust service purposes
• Developed and delivered audit documentation standards and OpenPages training for new auditors and contractors
• OpenPages Subject Matter Expert tasked with developing enhancements to reports and expanding functionality of the tool

Confidential, Oak Brook, IL

Manager IT Technical - Legal and Compliance

• Planned, scoped, and developed work programs for IT audits in both a lead and supporting role
• Performed technology audits related to network infrastructure, data center operations, database systems, SAP Basis and GRC, Applications and Help Desk Service Providers
• Assisted and performed data analytics related to the following integrated audits: Order to Cash, Procure to Pay, Reconcile To Report, Advertising, Promotion and Trade, and Fixed Assets
• Managed the planning, execution and documentation of the tests of design and operating effectiveness of IT internal controls for SOX 404 testing ensuring zero significant deficiencies and reported findings to senior management
• Performed walkthroughs and detailed controls testing of key IT and business process controls
• Identified risks and opportunities to strengthen internal controls, including identifying business process improvements and remediation alternatives
• Communicated findings, both verbally and in writing, to Chief Compliance Officer(CCO), Chief Security Officer(CSO), Chief Information Officer (CIO), and business process owners
• Provided major input to development of annual risk assessments and audit plan
• Leveraged advanced knowledge of SAP query and reporting tools, MS Excel, Access, and ACL to perform data mining and analysis to support audit findings
• Created and automated SAP SUIM report variants to run on demand across five SAP instances greatly reducing time and effort to manually perform
• Evaluated technology tools and solutions to perform continuous auditing/monitoring, analytics and automation of manual tasks where applicable
• Performed SAP User Entitlement and Segregation of Duties reviews ensuring appropriate levels of access and privileges associated with job functions across 5 instances globally

Senior IT Compliance Auditor

Confidential

• Contract to Full Time hire. Managed and performed compliance and social engineering audits and risk assessments related to Payment Card Industry (PCI), HIPAA/HITECH, and MA Privacy across many industries: Healthcare, Higher Education, Banking and Government. Conducted Internal and External network vulnerability scans using Rapid7’s Nexpose and QualysGuard scanning tools, provided scan results and remediation in order to secure client’s network assets and to assure compliance with PCI Data Security Standards. Interfaced with client personnel and Lighthouse Compliance Director to maintain status project milestones and assure customer satisfaction.

Confidential, South Windsor, CT

Senior IT Audit Consultant

• Responsible for auditing networks, SAP, and IT general controls. Involved in Sarbanes Oxley 404 compliance testing and related projects. Created and managed the SAP authorization process and approval matrix. Supported go-live and post go-live activities in support of worldwide SAP implementations. Maintained, and managed the SAP GRC reporting tool for quarterly management reporting and SOX 404 compliance. Assisted the Audit Director in support of SAP ad hoc reporting requirements and special projects. Performed information systems and/or operational efficiency audits in all areas with the purpose of determining whether systems, procedures, and controls are in accordance with standards set forth by COBIT and the General Standards for Information Systems Audits published by ISACA. Provided advice and guidance to clients on all matters related to effective management aimed at achieving compliance with statutory requirements and greater levels of operational efficiency and effectiveness.