SUMMARY

• Detailed audit professional experienced in Internal controls, IT audits, IT Governance, Risk Management, and Compliance Management.
• Strong expertise in integrated IT SOX audit (ITGCs, ITACs, IPE), IT systems audits and assessments, SOC 1 & 2 reviews & readiness, and internal audit projects.
• Adept at identifying risks and vulnerabilities, evaluating and implementing controls to mitigate risk, and improving security & compliance across the enterprise.
• Proficient in audit walkthrough, readiness, reporting, follow - up, remediation testing, process improvement, risk assessment, compliance management, and project management.
• Adept at leveraging guidelines and standards such as NIST 800 series ( A), PCI-DSS, HITRUST CSF, ISO, and COSO-COBIT frameworks.

TECHNICAL SKILLS

• IT Security Assessments
• Risk Management
• Intrusion Detection System (IDS)
• IT Risk Management
• GDPR
• HITRUST
• PCI-DSS
• SOX Audit
• Change Management
• Incident Management
• Enterprise Risk Management
• Business Process Improvement
• Information Security
• Business Controls
• IT Controls
• SOX Testing
• Software Development Life Cycle (SDLC)

PROFESSIONAL EXPERIENCE

Senior Information Technology Auditor

Confidential | Bellevue, Washington

Responsibilities:

• Conduct confidential and complex technology, operational, and integrated audits.
• Lead efforts to monitor compliance to control objectives across IT, analyze current controls, identify process inefficiencies, and provide suggestions to improve internal controls.
• Perform timely review of system control narratives, periodic maintenance work papers, and other documentation.
• Evaluate and review IT general, financial, and application controls, and report baseline testing to identify opportunities to mitigate emerging risks, strengthen controls, and improve operational efficiency.
• Demonstrate sound judgment in evaluating the results of audits and in developing and presenting remediation solutions where control weaknesses and root causes have been identified.
• Assess risks and internal controls by identifying areas of non-compliance, evaluating manual and automated processes, and identifying process weaknesses and inefficiencies.
• Provide support and guidance to management on how to effectively manage new opportunities and worked around identifying IT
• Operational risks to improve process control, efficiency, and effectiveness.
• Review pre- and post-implementation of SDLC, other projects, and new information systems initiatives.
• Perform risk oversight and develop internal controls to ensure compliance with third-party policies, programs, and procedures.
• Provide TPRM subject matter expertise in compiling audit evidence.
• Create, perform, and maintain documentation of detective controls that, when operating effectively
• Will ensure all appropriate third parties are in scope, all necessary contracts are obtained, and all processes are working as intended.
• Communicated and worked with other engagement team members on different types of security assessments such as Social Engineering, Penetration Testing, and Vulnerability Assessments.

Senior Information Technology Auditor

Confidential | Indianapolis, Indiana

Responsibilities:

• Liaise with various business units, technical and non-technical auditors, providing subject matter expertise on IT risk and control areas during project reviews and integrated audits.
• Evaluate the design appropriateness and operating effectiveness of IT controls within financial and general systems and the underlying IT Infrastructure controls.
• Review pre- and post-implementation of SDLC, other projects, and new information systems initiatives.
• Perform walkthroughs and detailed testing to ensure compliance with Sarbanes-Oxley (SOX) and PCI regulations.
• Prepare accurate working papers representing audit results and communicate identified issues with value-adding recommendations through reports and presentations.
• Engage in SOC 1. audit and review of Service Organization Control 1 Type 2, SOC 2, and SSAE18 reports to gain a good understanding of the organization's business processes, and financial, regulatory, strategic, and operational risks affecting it
• Conduct ERP control testing - Oracle Financials and Microsoft Dynamix AX testing to assist business units in improving their user, authentication, and authorization management.

Senior Information Technology Auditor

Confidential | Pittsburgh, Pennsylvania

Responsibilities:

• Assess IT risks, document related risks, note key control issues, and implement corrective actions; develop appropriate audit programs to test controls and subsequently evaluate control design.
• Perform tests readiness and reviews of SOC I Type 1 and SOC I Type 2 controls, as well as SSAE18 controls in the capacity of reliance.
• Worked on evaluating gaps and risks and providing control guidance before implementing key processes or projects.
• Documented and updated disaster recovery and business continuity processes, procedures, plans, and instructions.
• Performed vendor diligence on critical and no critical vendors of the organization.
• Developed and improved audit programs to meet the needs of the organization's environment.
• Established strong relationships with key functional stakeholders including presenting findings from various audit engagements and impact on the business environment.
• Perform risk-based SOX audit testing IT general controls and application controls such as access control, change management, IT operations, and automated controls within an application.