- To obtain a challenging role in the field of accounting/finance/IT that will provide an opportunity to continue to develop my professional skills and contribute to the growth of the organization.
Tools: Nessus Vulnerability Scanner Tenable Network Security, Microsoft Assessment and Planning Toolkit (MAP), Security Information and Event Management (SIEM) solution Analytics Tool, Unix, Linux
Languages: Java, Python, MySQL, C++
Software: TeamMate system, Salesforce, Microsoft Office Suite (Word, Excel, Access, Visio, Project, and PowerPoint), Oracle (PeopleSoft), Compose 3.5 (Military Windows based iOS), Symantec, Putty, Wireshark, HBSS, WSUS, BMC Remedy, Microsoft Windows Azure cloud, cloud computing Amazon Web Services, Wide Area Work Flow (WAWF)
Operating Systems: Windows Server 2008/Windows 10/Mac/Kali Linux/Ubuntu/Solaris 10 (Unix - based)
Confidential, Alexandria, VA
- Currently attending the University of Phoenix and majoring in Master of Information System with a Graduate Cyber Security Certificate degree ( )
- Course Class completed: CIS Project Management, IT Infrastructure Global Business Environment, CIS Strategic Planning, Emerging Technologies and Issues, Enterprise Models, Systems Analysis and Development.
- Assist Confidential with external audit to determining whether United States Marine Corps (USMC) General Fund (GF) financial statement, Information Technology Systems (IT) and related footnotes and disclosures, taken as a whole are presented fairly in all materials respects and in accordance with Generally Accepted Accounting Principles (GAAP), Office of Management and Budget (OMB) Circular A - 136, Financial Reporting Requirements, Government Auditing Standards, Generally Accepted Auditing Standards (GAAS), Generally Accepted Government Auditing Standards (GAGAS), Government Accountability Office (GAO)/ President’s Council on Integrity and Efficiency (PCIE) Financial Audit Manual (FAM).
- As an International Organization for Standardization (ISO) auditor: Audited and maintained all controlled documents or forms to ensured efficient/effective completion of all audit requirements; provided recommendations for business process and internal control improvements; and escalated potentially significant risks and exposures.
- Developed management reports to communicate progress and ensured compliance with applicable ISO laws regulation, Federal Information System Controls Audit Manual (FISCAM) controls with National Institute of Standards and Technology (NIST) Security and Privacy Controls for Federal Information Systems and Organizations. Sarbanes-Oxley Act of 2002 (SOX), Federal Information Security Modernization Act of 2014 (FISMA) Metrics, Payment Card Industry Data Security Standard (PCI DSS) Qualified Security Assessor (QSA), and Service Organization Controls (SOC) Statement on Standard for Attestation Engagements (SSAE) 16 Complementary User Entity Controls (CUEs)
- Demonstrated ability to gauge degree of compliance of systems to ISO standards, analyze operational functions, processes, workflow and suggest corrections for manufacturing defects in the products
- Updated standard IT governance, risk, compliance, and project quality management frameworks and standards (COBIT, Risk IT, Val IT, ISO 38000, ITIL, CMMI)
- Conducted (SDLC) full life cycle process frameworks, methodologies, tools, and practices information technology solution implementation from conceptualization, requirements, design and specification through development (coding or architecting), integration testing, commissioning, and retirement
- Supported SOX ITGC Program sustainability by ensuring IT controls remain effective, documentation is kept current, and evidence is maintained in preparation for self-assessments and external audits
- In coordination with Internal Audit IT Governance, Risk & Compliance Analyst, review documentation and conduct walkthroughs for proposed processes and controls.
- Work in partnership with IT Management to understand audit findings, develop management action plans, identify solutions, and obtain acceptable responses for SOX and other compliance reviews
- Maintained Healthcare Organization (HCO) industry Information Technology (IT) in accordance with HIPAA-compliant (Health Insurance Portability and Accountability Act of 1996) require development of Healthcare Strategy solutions plan to achieve mission, vision and goal.
- Tested United States Marine Corps (USMC) Provided by Client (PBC) #2235 for Marine Corps Orders Resource System (MCORS) Operating System (OS) layer and Database User (DB) sample; and documented ten (10) exceptions related to System Authorization Access Request (SAAR) Form 2875, Technology Services Organizations (TSO) Access Permission by System (TAPS), and Privilege Access Agreement (PAA).
- Updated the TeamMate system Criteria cross reference mapping for Federal Information System Controls Audit Manual (FISCAM) controls with National Institute of Standards and Technology (NIST) Security and Privacy Controls for Federal Information Systems and Organizations SP. rd4.
- Tested United States Marine Corps (USMC) Service Organization Controls (SOC) Statement on Standard for Attestation Engagements (SSAE) 16 Complementary User Entity Controls (CUEs) for Defense Civilian Personnel Data System (DCPDS) Provided by Client (PBC) #2072 and 44.
- Documented Notification of Finding and Recommendation (NFRs) for Marine Corps Orders Resource System (MCORS)- Configuration Management CM, Marine Corps Financial Integrated Analysis System (MCFIAS) - Access Control AC, SABRS Management Analysis Retrieval System (SMARTS)-AC, Global Combat Support System Marine Corps (GCSS-MC) - Security Management SM, CM, Standard Procurement System (SPS) - Interface IN, Master Data Repository (MDR) - IN, Marine Corps Total Force System (MCTFS)-(IN, CM), and Standard Accounting, Budgeting, and Reporting System (SABRS)-CM.
- Documented Global Combat Support System Marine Corps (GCSS-MC) Process narratives and process flowcharts for Access Control AC, Configuration Management CM, Interface IN, and Contingency Planning CP.
- Prepared Provided By Client (PBC) request for Marine Corps Orders Resource System (MCORS), Marine Corps Total Force System (MCTFS), Standard Accounting, Budgeting and Reporting System (SABRS), Global Combat Support System- Marine Corps (GCSS-MC) and SABRS Management Analysis Retrieval Tools System (SMARTS).
- Conduct financial statement audits by assessing the effectiveness of Information Systems (IS) controls related to USMC financial reporting and how it affects the nature, timing, and extend of financial system controls to be assessed; and provide timely identification and recommendation over noncompliant IS controls in financial systems.
- Evaluate USMC Information Systems (IS) infrastructure as it relates to its financial statement and policy reviews as well as general and business process application level tests for Security Management SM, Access Controls AC, Configuration Management CM, Segregation of Duties SoD, Contingency Planning CP, Application Level General Controls GC, Business Process Controls BP, Interface Controls IN, and Data Management System Controls DM based on Federal Information System Controls Audit Manual (FISCAM) controls with National Institute of Standards and Technology (NIST) Security and Privacy Controls for Federal Information Systems and Organizations.
- Created Organizational System Management Plan incorporating integration of Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), Supply Chain Management (SCM), and data management into IT infrastructure business environment.
- Determine Cloud computing as a service over the internet Software as a service (SaaS), Platform as a service (PaaS), Infrastructure as a service (IaaS), Public cloud, Private cloud, Hybrid cloud and selected IT infrastructure project upgrade recommendations.
- Benefits of combining SCM and ERP Systems with Data points where SCM, CRM, and ERP integrate assessed.
- Written and documented enterprises business narrative descriptions of Network Diagrams for System response time, Data security, Network security, Business intelligence, Virtualization, Big Data, Network reliability and uptime.
- Utilized Microsoft Visio to diagram current networking architecture risks, identified risks and developed assessment of current telecommunications standards improvements Network protocols used to support voice, video, data communication integrity, Public switched telephone network (PSTN) Protocol, Cellular Communication Protocols, VoIP (Voice over Internet Protocol), Hubs, Switches, Routers and Category 7 cable
- Proposal distinguishing options integrating eCommerce into business strategy list anticipated functional requirements justify proposal in context include Business intelligence (BI), Electronic Commerce (e-commerce), Product Development, Supply and Inventory Management, etc.
- Addressed Systems Analysis and Development Software application domains engineering practitioner's approach Systems Development Lifecycle (SDLC) and Methodologies for Software Application Domains: 1. System software, 2. Application software, 3. Engineering/ scientific software, 4. Embedded software, 5. Product-line software, 6. Web/ Mobile applications, 7. Artificial intelligence software
- System Planning and Requirement Analysis requirement for development, testing, User Acceptance Testing (UAT) and production.
- Tools design methodology Extreme Programming (XP) use for creating software within a very unstable environment and allows flexibility within the modelling process, Waterfall model of software development positive prospective forces creation of formal documents that include requirements, functional specification, technical specification and a technical architecture document, if applicable before a line of code is written and Agile iterative approach to software development: Instead of handling all the planning upfront, Agile focuses on being lean, and producing minimum viable products (MVPs) over set periods of time while improving with each iteration.
- Listed project steps for design and implementation as require for development, testing, User Acceptance Testing (UAT) and production. 1. PLANNING, 2. DESIGN 3. DEVELOPMENT 4. LAUNCH 5. POST-LAUNCH. Documents design team will produce include Design brief/Request for Proposal document. Identified issues, risks and proposed ways to minimize technical issues relating to web design included browser compatibility, screen resolutions, web technologies and internet speed.
- Mobile Application and Mobile Website (browser) Application system design differentiation addressed database entities attributes Presentation Layer: Individual User; User Interface components; Presentation Logic components, Business Layer: Application Facade; Business workflow; Business components; Business Entities, Data Layer: Data Access components; Data Helpers/ Utilities; Service Agents, Local Data and Cache, Unreliable Networks, Data Synchronization, Data Sources, Services, Mobile Support Infrastructure, Cross-cutting: Security; Configuration; Communication/ Connectivity
- Detailed Entity Relationship Diagram (ERD) demonstrating relationship between entities identified including primary keys and the attributes the primary keys link to.
- User Interface (UI) Security concerns, risks and ways to manage the risks. 1. Weak Server-Side Controls Lack of Binary Protections, Insecure Data Storage, Insufficient Transport Layer Protection, Poor Authorization and Authentication.
- Business process re-engineering (BPR) fundamental rethinking and radical redesign of business processes to achieve improvements in critical, contemporary measures of performance such as cost, quality, service and speed. Current Software Engineering Technology Emerging Trends: Big Data, Mobility, Cloud Computing.
- Management Support Systems increase organizational effectiveness for managers at each level to leverage Enterprise Models uses of information resources and provide information to manage planning with decision making. Types of management support systems are Decision Support Systems (DSS), Executive Information (support) Systems (EIS) and Business Expert Systems (BES) by Business Process Improvement/Continuous process improvement (CPI)
- Merging Technology strategy identified how company use IT metrics to effectively and efficiently improve its business.
- Management’s identified key performance indicators (KPIs) that measure efficiency Management information system (MIS) metrics and Balanced Scorecard helped enterprise innovate and elevate itself to new heights of performance by assisting its leaders in making key decisions that are in line with the company’s objectives.
- Security Threats issues affect business CRM, SCM, and ERP systems addressed.
- Evaluated corporation systems environment, Emerging technologies issues or current position Strengths, Weaknesses, Opportunities, Threats, and Trends (SWOTT).
- Created Cloud Computing Controls Matrix and Cloud Change Log matrix to evaluate/compare types of cloud services investigated controls assigned between Cloud Service Provider (CSP) and client: Cloud Service Delivery Model Applicability Cloud Layer IaaS, PaaS, SaaS. Strategic management of emerging technologies to leveraging company's competitive advantage and providing for future direction.
- Examined business application of cloud computing Amazon Web Services business use case scenarios
- Microsoft PowerPoint presentation training on infinite business possibilities using Internet of Things/Internet of Everything (IOT/IOE): Microsoft azure internet of things (IoT) integrated product team (IPT)
- Analyzed Cloud Service Providers (CSP) Microsoft Windows Azure cloud computing service platform IoT concepts for B2B, C2B, and M2M to develop Leadership/Continuity manual for Strategic Management of Emerging Technologies.
- Recommended role of information systems business planning in organization Strategy for Sustainable Competitive Advantage (SCA) chart
- IT current assessment conducted on Healthcare industry information technology (IT) and proposed status Assessment within organization for IT external audit environment information technology audit or information systems audit examination of management controls within an Information technology (IT) infrastructure to obtained evidence determines if information systems are safeguarding assets, maintaining data integrity, and operating effectively to achieve the organization's goals or objectives.
- Led IT Mergers, Risk, and Short-Term Strategy development for expansion of company via acquisition.
- Researched IT Innovation Proposal for new ways to improve all human being life style by creating healthy environment through IT innovation proposal analysis of outsourcing strategy entertained by Chief Information Officer (CIO) of Healthcare industry based on outsourcing some aspect of organization business.
- Operating cost reduce free internal resources for other purposes by maintaining Healthcare Organization (HCO) industry Information Technology (IT) in accordance with HIPAA-compliant (Health Insurance Portability and Accountability Act of 1996) require development of Healthcare Strategy solutions plan to achieve mission, vision and goal.
- Analysis Tools Used for Current Status Assessment: IT Tool use to perform infrastructure assessment: Assessing Current Healthcare Industry: IT infrastructure with Microsoft Assessment and Planning Toolkit (MAP), And Bonus evaluate for Migration to Azure Cloud.
- Conducted areas of Analysis elements of IT being considered for organization outsourcing healthcare include Applications Development (Electronic Medical Records (EMR), Business Process Management (BPM), Warehousing, Operations Management, Security, Wireless, Customer Relationship Management (CRM), Laboratory Information (Management) System (LIS/LIMS), Software Oriented Architecture, etc.
- Documented results of Analysis IT Current Assessment Healthcare industry: SWOT Analysis: Strengths: Improved Patient Safety, Greater Efficiency of Operation, Current Investment in IT, etc. Weakness: Lack of System Integration, User Resistance, Slow IT Adoption, etc. Opportunities: The Internet, Favorable External Environment, Industry Standards, etc. Threats: Legal Compliance, Loss of Patient Trust, Costs, etc.
- Aligned of proposed strategies with company overall strategy through feasibility Studies: The only way a Healthcare Organization (HCO) industry can grow is if its short and long-term goals are clearly identified and broken down into actionable steps
- Challenges addressed faced in merging/consolidating IT systems company data due to Acquisition, IT personnel restructuring due to Acquisition, Network Infrastructure changes due to Acquisition, etc.
- Implemented Revenue cycle management (RCM) software leading segment in Healthcare Information Technology (HCIT) and RCM software solutions reduce time spent on administrative tasks, free up resources to focus on delivering better patient care and acquisition enable its customers to increase operational efficiency and improve cash flow, exemplifying the strong value proposition that RCM technology can provide.
- Utilized Security Information and Event Management (SIEM) solution Analytics Tool for EventLog Analyzer capabilities such as log aggregation from heterogeneous sources, log forensics, event correlation, real-time alerting, file integrity monitoring, log analysis, user activity monitoring, object access auditing, compliance reporting, and log retention. Applied security information and event management (SIEM) software products as services combine security information management (SIM) and security event management (SEM) to provide real-time analysis of security alerts generated by network hardware and applications.
- Responsibilities include operating, maintaining, and improving security incident response processes, tools and systems to ensure all potential security incidents are identified and actively managed before they can pose a risk to the IT infrastructure and stakeholders. Specific responsibilities include using a wide variety of tools such as Splunk, Fire power, Symantec, etc. to identify, prioritize, and manage potential security incidents. IT Security concepts to include security operations, incident handling and response, security engineering, and vulnerability and patch management.
- Assessed TCP/IP networking (LAN, WAN, DMZ) systems based on knowledge of network security, current information security threats, incident management concepts, and operational security with tools such as Sourcefire IDS/IPS, Antivirus, Vulnerability Scanners, and SIEM.
- Developed Services/security Operations Centers (SOCs) set of SOC metrics for government approval that indicate ESOC and Enterprise SOC staff awareness of the Kill Chain methodology, implemented metrics scorecard and dashboards using the ESOC infrastructure to support on-demand metrics representation.
- Work with all teams on the United States Marine Corps (USMC) Financial Statement Audit project as needed and assist anywhere needed.
- Led the Corporation for National and Community Service ( Confidential ) information technology (IT) component of the Internal Controls Program within the Office of the Chief Risk Officer (OCRO) and Office of the Chief Operating Officer (COO).
- Created Confidential IT General Control and IT Business Process overview work plan; and presented it to the CEO, COO, CISO, CPO, CRO and the entire upper managers of Confidential .
- Served as the primary source of expertise, leadership for IT internal controls, cross-cutting role and collaborates with all Confidential unite to recommend business process improvements.
- Facilitated the annual assessment of and reporting on the effectiveness of internal controls, specifically those related to information technology business processes, in accordance with the principles of the Office of Management and Budget’s (OMB) Circular A-123, Appendix D, Federal Financial Manager’s Improvement Act (FFMIA) Internal Control Quality Assurance Team (ICQAT), Risk and Vulnerability Assessment (RVA), GAO Green Book standards, Federal Information Systems Controls Audit Manual (FISCAM), Confidential Fiscal Year 2017 Inspectors General Federal Information Security Modernization Act of 2014 (FISMA) Metrics, NIST Special Publication, and Enterprise Risk Management principles.
- Conducted IT Internal Controls Program activities including performing the assessment of computer security, evaluation of IT general and application controls, assessing IT strategies, policies and procedures, management practices and governance of enterprise IT as its relates to the broader enterprise risk management.
- Reviewed NIST Risk Management Framework (RMF) three critical IT Security artifacts for Confidential financial system Momentum (MOM) that include System Security Plan (SSP), Security Assessment Report/Plan (SAR/SAP) and Plan of Action and Milestones (POA&M).
- Developed Statement on Standards for Attestation Engagements (SSAE No. 16) Reports FISCAM CUECs: Assess design effectiveness for Contract/Vendor Pay Assessable Unit, develop Corrective Action Plan (CAPs) and plan for site visit to perform process walkthrough for Confidential financial system Momentum (MOM).
- Assisted Confidential Office of Information Technology (OIT) with the acquisition of Grants and Members Management System (GMM) and other systems through contribution to development of acquisition strategies; provided expert consultation, advice, and recommendations for improvement; In support of the customer, conducted market surveys, preparing notifications of planned solicitations, and responding to vendors’ inquiries; Performed mission-shortfall analyses and draft justifications to obtain funding and approval to address shortfalls; Supported the development of cost estimates and business-case analyses; Prepared the documents and briefings required to obtain program and project approval including those items associated with implementation strategies, planned documents and Program Management Plans; Assisted with the preparation of technical specifications, statements of work, and data-item descriptions for contract deliverables; Assessed opportunities to use new technology and new service delivery models to improve the quality and efficiency.
- Reviewed findings, prepared reports and corrective action plans and monitoring noted deficiencies and progress toward corrective action plan completion.
- Worked collaboratively with the financial and operational component Internal Control Program Manager to ensure that test plans, strategies and documentation are in alignment.
- Developed performance standards, staff objectives, policies, and guidelines related to internal controls in Confidential ’s information technology business processes.
- Worked with staff across Confidential and the Office of the Inspector General to resolve risk-related issues.
- Perform aggregation and analysis of data sources to establish risk modeling profiles and trend analyses useful to information risk-based decision making.
- Interpreted the National Service laws, the National and Community Service Act of 1990, as amended, (42 U.S.C. 12501 et seq) (NCSA); the Domestic Volunteer Service Act of 1973, as amended (42 U.S.C. 4950 et seq) (DVSA); Confidential ’s implementing regulations in 45 CFR Chapter XII and/or XXV; and OMB Regulations 2 CFR Chapters I and II, Corporation Policies and Procedures, Terms and Conditions, Grant Application Materials, audit documents, financial records, financial statements, accounting systems, internal controls and other documentation related to risk management.
- Served as a Contracting Officer Representative (COR) and currently in the process of obtaining COR certification.
- Software: Microsoft Office Suite (Word, Excel, Access, Visio, Project, and PowerPoint), Confidential financial system Momentum (MOM)
Confidential (Fall Church, VA)
- Provided support to Defense Health Agency ( Confidential ) across all aspects of the Financial Improvement Audit Readiness (FIAR) internal control assessment cycle.
- Documented the Complementary User Entity Control (CUECs) Federal Information System Controls Audit Manual (FISCAM) gap analysis for Line Air Force (LAF) on behalf of the Air Force Surgeon General (AF/SG) and LAF executed CUEC control gap analysis for Vendor/Contract Pay systems.
- Performed Data reconciliation of Air Force IT systems and Micro-application submitted to Office of the Secretary of Defense.
- Created and reviewed Test of Design (TOD) test plans to assess the operating effectiveness of FISCAM CUECs.
- Conducted walkthrough meetings with the client to understand and document FIAR/CUECs processes and key financial statement line items, performing analysis to identify unaddressed risks and process gaps.
- Supported internal risk management and contract compliance function for account team.
- Developed Statement on Standards for Attestation Engagements (SSAE No. 16) Reports FISCAM CUECs: Assess design effectiveness for Contract/Vendor Pay Assessable Unit, develop Corrective Action Plan (CAPs) and plan for site visit to perform process walkthrough.
- Assess CUECs executed by LAF on behalf of AF/SG gaps for civilian Pay and Contract/Vendor Pay Assessable Unit (AU) between LAF and OUSD baseline Control Description.
- Addressed the challenges of LAF CUEC responsibility to update CUEC documentation for controls executed by LAF on behalf of SMA-AF to mitigate IT compliance risks.
- Responsible for audit readiness, remediation, audit response, prioritizing the systems and training work streams.
- Determined key CUECs FISCAM (general controls and application controls) and Key Supporting Documentation (KSDs).
- Leveraged other assessments that include Internal Controls over Financial Reporting (ICOFR), Federal Security Management Act (FISMA), Agency Independent Public Auditor (IPA) Reports, Federal Management Financial Integrity Act/ Federal Financial Manager’s Improvement Act (FMFIA/FFMIA)
- Assisted with the process of performing TOD and test of operating effectiveness (TOE) for key IT Controls.
- Prepared and follow up on corrective action plans.
- Software: Microsoft Office Suite (Word, Excel, Access, Visio, Project, and PowerPoint)
Confidential (McLean, VA)
- Provided support to Federal Emergency Management Agency (FEMA) Office of Chief Financial Officer (OCFO) across all aspects of the internal control assessment cycle.
- Served as technical lead in the assessment of internal control over Insurance Management business processes, overseeing and reviewing the technical outputs of three team members.
- Created and reviewed test plans to assess the operating effectiveness of Insurance Management internal control.
- Led walkthrough meetings with the client to understand and document Insurance Management processes and key financial statement line items, performing analysis to identify unaddressed risks and process gaps.
- Collaborated in the creation of a multi-year financial management assessment roadmap, helping to prioritize organizational risk areas for the client.
- Supported internal risk management and contract compliance function for account team.
- Documented and tested A-123 Appendix A - Assessments and Routine Monitoring Key Changes included ICOFR Roadmap approach, Routine Monitoring, Risk Assessment - If a process is low risk, only tested once in Quarter 3, may use self-assessment for continuous monitoring if baseline exists; High risk areas ( those contributing to Material Weakness and Budgetary Resources Management and IT for every component) must be tested quarterly; Expectation to immediately remediate Material Weakness deadline then rested (TOD and TOE); Changes to Control Evaluation Matrix (CEM) includes two Fund Balance with Treasury (FBwT) CEMs, Identification of Management Review Controls (MRCs) and Information Prepared/Provided/Produced by the Entity (IPE); and New columns.
- Software: Microsoft Office Suite (Word, Excel, Access, Visio, Project, and PowerPoint)
Confidential (Alexandria, VA)
- Documented and tested the key controls as part of the Office of Management and Budget (OMB) Circular A-123, Appendix A review related to obligations to comply with the Federal Managers’ Financial Integrity Act (FMFIA), USDA guidance and Appendix A in order to ensure compliance with management’s responsibility for maintaining adequate Internal Control over Financial Reporting (ICOFR).
- Reviewed, analyzed, and updated internal control narratives, business process controls, and flowcharts for the A-123 Internal Control Review for NRCS FY15 Phase III to properly document business processes. Assisted in development of A-123 FY15 Phase I and II test plans, performed testing of control activities, documented testing results, and evaluated identified exceptions to determine the effectiveness of the controls.
- Prepared engagement deliverables, including redesigning flowcharts and reports on the effectiveness of controls over segregation of duties, conducted tests of obligations, disbursements of easements, grants payroll and procurement, tests Protract disbursements, revenues and downward adjustments.
- In addition, assisted in determinations of high risk programs to the susceptibility of improper payments. Audits the primary transactions of NRCS obligations funds programs, which includes Conservation Assistance programs administered in Protracts, Easements, Grants and Cooperative Agreements administered outside of protracts, Interagency Agreements and Procurement Contracts.
- Software: Microsoft Office Suite (Word, Excel, Access, Visio, Project, and PowerPoint)
Confidential (McLean, VA)
- Was team lead for the Corrective Action Plan/System Change Request (CAP/SCR) Team on the DLA Audit Readiness Project: Supervised between 8 to 12 associates.
- Supported agency-wide Internal Control Programs in compliance with OMB Circular A-123.
- Utilize established test procedures to test IT controls to assess the design and operating effectiveness of general and application controls.
- Demonstrated strong understanding of Defense Logistics Agency large scale information technology systems, business process, and security regulatory risk management and securities vulnerabilities.
- Reviewed System Security Plans for compliant with FISCAM/NIST guidelines
- Evaluated information systems for compliance with FISCAM and NIST standards
- Applied risk-based control framework to identify and to evaluate complex business and technology risk, internal controls which mitigate risks and related opportunities for internal control improvement.
- Became familiar with client’s business environment and basic risk management approaches.
- Supported internal teams as well as system and control owners in development and maintenance of a remediation plan with milestones, dependencies, timelines, budget, project management, and communications for known IT control weakness.
- Supported personnel involved in annual IT internal control assessments (FISCAM and FISMA) performed by the Office of the Inspector General (OIG) or external auditor through validation of auditor findings; issuance of draft responses to findings; and identification of require evidence to support closure of findings.
- Communicated project status internally and externally.
- Tools: EAGLE Enterprise Change Request Tool (ECRT)
- Software: Microsoft Office Suite (Word, Excel, Access, Visio, Project, and PowerPoint), Clarizens, CAP/SCR Repository Database (Microsoft Access Database), BSM & CRM Requirements Tracking System