We provide IT Staff Augmentation Services!

Information Risk Analyst Resume

2.00/5 (Submit Your Rating)

South Windsor-, CT

SUMMARY

  • Having 7+ years of experience in training I.T. industry, management, Risk assessments and end - users in appropriate policies/procedures to ensure understanding of the controls environment, ensuring an appropriately governed, process-oriented environment.
  • Having extensive experience in reporting directly to C-level executives and governance owners, leading teams and/or independently discovering audit issues or inefficiencies in business processes and partnering with business units to develop recommendations for process improvement in operations and technology.
  • Responsible for communicating critical issues and recommendations to members of Information Technology groups, Audit, C-level Executives, and other business departments.
  • Been an integrated part of internal Audit team, overseeing audit-remediation items and newly implemented processes/systems experience in creating key documentation required by auditors, such as policies & procedures, operations and administration logs, business continuity/disaster recovery plans.
  • Experience in IT security activities, including managing risk activities including threat and vulnerability scanning and penetration tests of network and web-applications, such as Electronic Banking; and design of enterprise IT security strategy, policies, processes, roles and solutions role out.
  • Having experience as a Compliance analyst and an expert in IT risk analysis, implementation of internal controls, monitoring controls, and working with the application owners for remediation plans.
  • Conducting Risk Analysis, Business Process Analysis, GAP analysis, Implementation of new or enhanced internal controls for regulated or non-regulated multi-national and local businesses and their I.T. environments (i.e. Sarbanes-Oxley (SOX)).
  • Integral Part of SOX projects starting with discovery through pre-audits, scoping with the company’s leadership followed by planning to identify key controls, design, implement and test them for the Management.
  • Critically reviewed Controls Documentation against standards and guidelines for SOX, NIST 800-53 Rev4, SAN 20, COBIT, PCI DSS, HIPAA, ITGI, ITIL and ISO 27001.
  • Having an experience of working with the Audit Teams to map HIPAA Administrative Safeguards (164-308) and Technical Safeguards (164-312) to COBIT Control Objectives and actual internal controls in order to improve/Reuse the controls testing done for SOX.
  • Been a part of Internal audit team have reviewed SAS70, SOC1 (Type1 and Type2, SSAE16), SOC2 and SOC3 reports for Third Party Risk Management and Compliance.
  • Audited IT and Business processes identifying process control weaknesses tied to the COBiT framework for Corporate Governance Risk and Compliance Programs in support of Sarbanes-Oxley (SOX) 404
  • Managed software development eliminating control gaps and material weaknesses to implement new controls aligned with Corporate strategy surrounding GRC

PROFESSIONAL EXPERIENCE

Confidential, South Windsor- CT

Information Risk Analyst

Responsibilities:

  • Primarily responsible for performing controls testing for FDIC Cybersecurity controls, Gramm-Leach-Bliley Act (GLBA) and gathering the relevant evidences of the related controls.
  • Performing Gap Assessments of the information security policy and procedures and finding any deficiencies.
  • Experience in conducting meeting and interviews with the department heads, networking team, patch management team, IT security team to understand the bank’s network security and information security structure and framework.
  • Coordinate with the appropriate personnel to perform internal controls assessments, report on the results or internal control assessments and coordinate any necessary follow up action to address control weaknesses or opportunities for improvement.
  • Contribute to the development and management of IT policies and procedures, and other activities and assist in Training and Development Administration, Reporting, Tracking and Follow-up of the Audit Findings.
  • Extensively worked on the Forcepoint Triton DLP (Data Loss Prevention) tool, monitoring banks incoming and outgoing network traffic and emails, scrutinizing the false positive events, following up with the bank employees through emails/Phone calls and explaining regarding the possible violation of the bank policy.
  • Performing annual review of the password controls parameters of 150+ applications, making sure that they comply with the banking/organization passwords standards by following up with the application owners and filing the Exception forms of the non-compliant applications.
  • Identify and Assess Information Security and Information Technology risks.
  • Creating Executive Management level - Reports, Dashboards, Status Reports, Meeting Minutes.
  • Experience in performing the vendor/third-party SOC reviews, identifying organizations SOX Controls Gap assessments and assisting in preparing and tracking the remediation plans for the various gaps discovered in the process.
  • Plan and execute integrated reviews and/or audits as well as IT compliance and IT risk specific reviews and/or audits (general computer controls, application controls, agreed upon procedures, SOC 2, process improvement, control self-assessment, operational, compliance, etc.)
  • Experience on working with various risk assessments frame works like NIST-800-53, ISSP (Information system and standard protocol), ISO 27001, FDIC Cyber Security Controls.
  • Experience in implementing Security controls based on ISO 27001 security controls Performing control testing on change management, patch management, access controls, network security (Firewalls, IPS, HIPS etc.), Segregation od duties(SOD) and various other controls.
  • Collaborate with business application owners and other IT SME's (Development, DB teams, Security Administration, Network Administration and Security, etc.) gathering the information regarding their system/applications to layup as system security plan(SSP) and decide which security controls to select, implement, assess, authorize and monitor.
  • Assessed the level of preventative and detective internal control mechanisms by applying thorough knowledge of the COSO and COBIT framework. Evaluated the design and operating effectiveness of the internal control mechanism.

Confidential (MUFG)- Jersey City-NJ

Technology Risk Analyst

Responsibilities:

  • Responsible for the implementation of the technology risk management and risk assessments program which comprises application and infrastructure security risk assessments.
  • Knowledge of regulatory requirements, security standards and compliance issues (COSO, COBIT, Sarbanes Oxley, GLBA, ISO 27001, NIST-800-53).
  • Experience in working on NIST 800-53 security controls standards like access controls, awareness and training controls, maintenance, audit and accountability, program management controls.
  • Experience in working with SME and technical team for security and risk assessments for system security plan(SSP) for various applications/systems.
  • Train Business Application Owners (BAOs) and System owners on use of SRE Online tool and on SRE (system risk evaluation) methodology and concepts, including Exception; help coordinate, guide, and monitor, the conduct and completion of SRE reviews; follow-up on BAO’s and/or SOs on the completion of their SRE reviews.
  • Experience working with Business Application owners interviewing and understanding their process flow to prepare detailed Business Requirement documents. Defined the Business Process Flow.
  • Validate responses, exceptions, eDiscovery; Liaise with the various technology groups, and branches on Compliance/Controls review completions and issues.
  • Identified SOX Critical Processes in the organization. Conducted accounting and business process reviews about Financial Statements, GAAP, SOX reporting, substantive procedures and test of controls to Identify key risk areas relevant to financial accounts/cycles.
  • Worked extensively on Archer tool (GRC tool) for controls implementation and have experience Preparing audit reports, findings, recommendations, and presentations as requested.
  • In conjunction with internal and external audit teams participate in and conduct walk-through activities/meetings, collection of evidence, entrance and exit conferences with auditors, and auditees.
  • Worked on applications with windows/Unix platforms, database administration, network design.
  • Implement security processes and worked extensively on various Risk control frameworks like NIST-800-53, ISSP (Information system and standard protocol), ISO 27001

Confidential, Warren, NJ

I.T. Audit Operations - Technology Risk Consultant

Responsibilities:

  • Conducted user interviews, gathered Requirements, performing risk assessments analyzed the Requirements and managed changes. Worked closely with the business partners to test design and assist in providing direction for defects.
  • Act as IT management for projects such as business systems analysis, Risk Assessment and liaison between I.T. and business management, system and vendor selection, and system implementation.
  • Write and implement IT Risk and Operations Also End-User Policies & Procedures and prepare clients for internal/external audits
  • Worked extensively on the COSO, COBIT and Sox 404 regulations and Experience in Examining SSAE 16 Audit Reports.
  • Implemented process controls necessary for compliance with the Sarbanes and Oxley Act.
  • Prepared the Audit Reports for CIO every week as part of the Management Reporting.
  • Assisted in Testing and developing Business Continuity and Technical Disaster Recovery Plans
  • Formulate new or enhanced controls environment, acting as Information Security Officer, Data Confidential Officer, Regulatory Compliance Officer, and on behalf of C-level executives and business governance owners.
  • Detailed evaluation of administration and operations around Data Security and Information Confidential (i.e. COBIT, risk based controls and technical review of firewall/router settings, server/operating systems/database security controls, evaluation of penetration and vulnerability test reports, etc).
  • Experience for implementation of IT controls and technological systems required for remediation of audit issues and to maintain regulatory or corporate compliance.
  • Provide oversight for IT implementation projects, ensuring system and Information security and

Confidential

SOX Compliance (Consultant)

Responsibilities:

  • Involved in process improvements in gathering SOX information, data and reports from various businesses within GE Corporate organization.
  • Responsible for ensuring Sarbanes Oxley, COSO, COBIT, HIPAA, Risk Assessments control compliance and the preliminary establishment of the assurance culture and delivery system through the CERTUS tool. Managed SOX IT Audit team.
  • Experience on working with HIPAA technical safeguards for access controls, audit controls, integrity controls and transmission security controls.
  • Review and Analysis of IT Risk and IT general controls, TOD’s and TOE’s performed by the Businesses, also performing risk assessments/analysis, Monthly and Quarterly Test Results for IT Security System Access, SOD’s and defining Roles and Responsibilities of persons having access to the Applications for SOX compliance.
  • Develop and track project plan, milestones, critical path tracking, assigning project tasks, and negotiation of project tasks between departments.
  • Coordination with the SOX Leaders on SOX 404 Gap Identification/Assessments and to support remediation procedures for applications, testing and the implementation of the new policies and procedures.
  • Worked closely with Business Leaders for Collection, Review, Validation, Consolidation of SOX Tollgate Information and Reporting to IT Controller on continuous and periodic basis.
  • Coordinated and acted as a liaison between the finance department and implementation team SAP FICO R/3 4.6C for the business process review and requirement gathering.

Confidential, Edison, NJ

SOX Consultant

Responsibilities:

  • SOX Project Management and managing internal and external audits. The position involved strong time management, financial management, communication, and presentation skills.
  • Involved in Internal Audit, developing testing plans and scenarios to support application compliance initiatives, quality initiatives, controls and edits validation.
  • Participated in testing and evaluation of internal controls over financial reporting as required by the SOX.
  • Conducted IT pre-audit activities, remediation management and tracking, and compliance reporting.

We'd love your feedback!