PROFESSIONAL SUMMARY:

• Audit & Information Security professional with 7+ years of experience in providing Audit and Information Risk Assurance services.
• Able to effectively communicate to all levels of an organization to bridge the gaps between IT and the business.
• Provided training to senior management to establish awareness and promote the importance of effective internal controls.

SKILL:

• Regulatory Adherence
• Cost Benefit Analysis
• Policy Planning & Implementation
• Data Integrity and Security
• Risk Assessments and Impact Analysis

CORE QUALIFICATIONS:

Data Analysis tools: ACL, Excel Pivot tables, Tableau

Operational Risk tools: RSA Identity Governance & Lifecycle, IBM InfoSphere Guardium Activity Monitor, Guardium SOX Accelerator, OKTA SSO, LogRhythm

Audit and Governance Standards: Anti - Money Laundering (AML) / Know your Customer (KYC) PCI DSS, SOX, Confidential CIP V5

EXPERIENCE:

Confidential, Fort Mill, SC

Senior AML Internal Auditor, AVP

Responsibilities:

• Worked within the Anti-Money Laundering (AML) Internal Audit group to develop and execute complex Audit plans for the assigned businesses.
• Responsible for working with AML Team to assess the long-term strategy of the compliance audit programs, covering AML Data Governance, AML Name Screening and Global Economic Sanctions.
• Worked extensively in performing the validation of issues and the corrective action plans for issues identified during Audits.
• Delivered high quality report on Audit completion status and Internal and Regulatory Issue Validation and Corrective Action Plan completion.
• Responsible for working with Internal Audit Data Analytics team to perform in-depth analytics to identify root cause issues during Audits and during Business Monitoring activities.

Confidential, Charlotte, NC

Senior IT Auditor

Responsibilities:

• Part of the Global Technology and Operations Division working for the Corporate Investment Data Warehouse team
• Worked as the prime Audit Liason between the team director and multiple LOB’s.
• Responsible for identifying, categorizing, escalating, and tracking resolution of data incidents and security events within the bank’s Enterprise Data Incident Management system (eDIM)
• Worked with application manager, support team, QA team to negotiate process enhancements for application team members that will optimize evidence capture with minimal impact to team efficiency.
• Responsible for oversight of the software deliverables to ensure compliance with both regulatory and enterprise technology requirements.
• Improved departmental performance and quality by improving the risk assessment and documentation process, and time accounting system allowing the organization to automate evidence collection.
• Evaluated security measures and business objectives using a risk-based approach
• Collaborated in producing audit reports that summarize the procedures, findings and recommendations.

Confidential

Senior IT Compliance Analyst

Responsibilities:

• Drafted corporate policies such as Logical Access, Acceptable use and Data Classification policies
• Worked with SME’s to implement Confidential CIP V5 Compliance program
• Participated in vendor evaluations during project initiation phases
• Consulted with senior management to draft and implement the Confidential Security Awareness corporate program.
• Executed phishing awareness and training program to internal IT Teams as well as end users
• Assisted cyber-security and compliance teams by gathering supporting documentation and preparing reports for annual SOX 404 and Confidential CIP compliance audits

Confidential, Horsham, PA

Information Assurance Analyst

Responsibilities:

• Used RSA Governance & Lifecycle to develop user account provisioning requirements.
• Analyzed internal controls of an organization as well as vendors and service providers.
• Participated in BIA assessments and reviewed the finding with senior management.
• Conducted interviews and participated in data gathering activities as part of the BIA.
• Participated in the development and implementation of BCP & DR Plans for corporate sites.
• Participated in due diligence activities that are performed prior to vendor onboarding.
• Participated in drafting and implementing the security awareness and training for organizational policy.
• Involved and took part in the development of an audit analytics strategy for FCPA compliance testing that is part of the overall organizational compliance program.
• Participated in the internal and external audit efforts for SOX compliance to ensure the integrity of internal controls for benefit programs and financial transaction accuracy.

Confidential, Philadelphia, PA

Audit Associate

Responsibilities:

• Performed end-to-end information systems compliance testing that included assessing risk and formal reporting of risk internal and external to the enterprise.
• Worked on the Vendor Risk Management requirements to make sure due diligence and compliance assessment activities are carried out prior to vendor onboarding.
• Classified the list of vendors into risk based categories and determined the appropriate risk assessments applicable to each vendor.
• Participated in PCI DSS requirements review to assess the overall level of compliance within the organization.
• Analyzed IT assets and business processes that aided in payment card processing for vulnerabilities that could expose credit card data
• Participated in the contingency planning sessions, for disaster recovery, risk management and business recovery.
• Maintained the: backup & recovery operations, DR procedures and test reports to present to senior management.

Confidential, Philadelphia, PA

IT Risk Assurance Associate

Responsibilities:

• Involved in SOX compliance activities such as assessing the adequacy and effectiveness of organizational internal controls.
• Evaluated the entity level controls which correspond to the COSO framework.
• Used IBM Guardium to monitor organizational database and set up alerts and policies to notify in the case of a policy breach.
• Reviewed the documented control procedures with risk assessments along with aiding in the creation of operational risk policies.
• Participated in developing project initiation documents such as charters, plans, and execution reports.
• Participated in the design, implementation and assessments of internal controls, process flows and process descriptions.
• Assessed operational activities including user access management, network security and infrastructure operations.
• Worked with multiple business groups to establish and define user access controls based.

Confidential, Philadelphia, PA

Business Analyst

Responsibilities:

• Worked cross functionally to ensure that development, implementation and coordination of testing approaches are meeting the business needs.
• Involved in creating required business documents such as project scope, Swimlane process, Data flow diagrams and Activity diagram.
• Interviewed SME’s to record requirements and processes that need to be reviewed.
• Managed all the requirements in MS Applications, making sure the documents were easily accessible to the team members.
• Performed reviews of controls and reviews of quality for financial systems development and enhancements that undergo the Systems Development Life Cycle (SDLC)
• Analyzed and documented client’s business requirement and processes.