IT Audit/Security Consultant Resume New York, NY - Hire IT People

SUMMARY

MBA wif ten years of experience in the field of IT auditing and IT security.
Worked six years for Confidential as an IT Security Auditor.
Worked four years for Confidential and Confidential as an External and Internal IT Auditor.
Lead information technology audits, SOX compliance audit and SSAE 16 audit for multiple Financial Services clients: Confidential, Confidential and Confidential .
Build information security program based on industry standards.
Perform risk assessment of key applications and advise on business impact to application owners and senior management.
Issue compliance reports by validating the design and operating TEMPeffectiveness of IS controls for SSAE 16 audit, FIDICA and other banking audits.
Apply current knowledge of applicable regulatory/legislative guidance, including, but not limited to, NIST, SOX, SSAE 16, SDLC, and COBiT.
Experience of risk based auditing and clearly understand the relationship between IT risk and underlying business risk.
Experience in auditing of overall IT infrastructures, Windows Active Directory, UNIX, application software, web applications, databases (SQL, and Oracle, Windows servers and ERP systems).
Excellent leadership, teamwork and client service skills.
Dynamic and Assertive team player wif Strong Commitment and ability to work independently.

TECHNICAL SKILLS

OS: Active Directory, AS 400, UNIX, Mainframe.

ERP: SAP and Oracle.

Databases: Microsoft Access, Oracle, DB2 and SQL.

Networks: Citrix Servers, VPN, Firewalls, Router and Switches.

Office Tools: MS Word, MS Excel, MS PowerPoint, MS Project and MS Visio.

PROFESSIONAL EXPERIENCE

Confidential, New York, NY

IT Audit/Security Consultant

Responsibilities:

Lead SAS70 (SSAE 16) project for IT Department and work wif business team for successful completion.
Develop standard account administration program, which includes all existing and new enterprise applications and conduct periodic access recertification of users account.
Develop role based structure of users account and set privileges according to the business needs.
Perform Security and Risk assessment of applications, and report on IT audits, risks, and compliance issues and collaborate wif key stakeholders to ensure that issues are documented and timely resolved.
Maintain information security policies and procedures and update periodically.
Develop Security reports related to Network, applications and databases and discuss security issues wif key stakeholders and senior managers.
Design and develop Information security and Cyber security controls through mapping wif NIST, ISO 27001 and COBit guidelines.
Develop detailed information security program that can address SEC Cybersecurity Examination.
Monitor and investigate potential Information Security breaches from various security systems (e.g. IDS, anti - virus, logs).
Participate in the planning and design of an enterprise Business Continuity Plan and Disaster Recovery Plan.

Confidential

Senior Consultant

Responsibilities:

Performed annual risk assessment of in-scope IT infrastructure, data processing and computer general controls.
Performed periodic testing of IS controls for validating the design and operating TEMPeffectiveness of IS controls for SAS70 audit.
Performed Network Security reviews including VPN, LAN, WAN, WLAN, Firewalls, IPS/IDS & router, switches, and Citrix Servers.
Performed Operating System Windows, AS400 & HP-Unix, Active Directory and z/OS
Created audit work programs, conduct fieldwork, and communicate observations, recommendations, and conclusions to management.
Discussing observations and remediation activities wif senior stakeholders and overseeing issue remediation.

Confidential, New York, NY

Staff Auditor

Responsibilities:

Prepared Annual Risk assessment plan and Audit charter for the company by considering Industry's and Government regulations.
Performed application (SAP, Oracle Financial, People Soft) change management audits and analyzed segregation of duties among the business users and developers.
Performed documentation of key processes (including risks and controls), performed controls evaluation and assessment, designed tests, performed testing, developed or worked wif business owners to develop remediation plans and report results as needed.
Executed the tests of controls as per the test procedures for various IT control processes for system security policies, standards and overall plan related to section 404 of Sarbanes Oxley.
Performed General Information Security audits (Vulnerability Scans, Virus Protection, Account Provisioning, Security Incident Monitoring, and Datacenter Security and Environmental Controls).