Technology Risk and Audit Professional

• Background encompasses extensive experience planning, executing, and reporting on compliance, risk, and audit strategies. Led several audit engagements assessing the effectiveness of controls and processes in many areas that included, Information Security, IT Operations, Backups Disaster Recovery, System Development, and Change Management. I have assessed mainframe security, SAP security, Windows Active Directory, and various applications with heavy emphasis on general, application, and infrastructure controls which included segregation of duties, access control and management, network security and security policy and procedure design and development. Strengths include leveraging leading regulatory and control frameworks COBIT, PCI DSS, NIST strong schedule and resource management capabilities and the ability to effectively interface with all levels of the organization including senior leadership.
• Strategic and Technology Management Competencies
• IT Audit and Assurance
• IT Risk Management
• Change Management
• IT Security Mainframe/Client Server
• SDLC Methodologies
• ERP Systems SAP-FI/CO, MM Modules
• Sarbanes-Oxley Compliance Sox-IT
• CoBIT 4.1
• NIST Technology Standards
• PCI DSS
• HIPPA Compliance
• CFO Act
• FFIEC
• FISMA

Professional Experience

Senior Consultant Confidential

Participate in and supervise multiple client engagement teams and other related activities. Engagements focus on the assessment and/or evaluation of Information Technology IT systems and the mitigation of IT-related business risks. Engagements may be either assurance attestation and/or risk advisory in nature, and vary considerably in size and complexity. Typical duties include leading an audit team, interviewing Information Technology Directors and Managers to gain understanding of processes and identify risk areas, develop audit plan, gather and analyze data, evaluate controls, prepare audit findings and recommendations for senior management.

IT Audit Senior

Confidential

Managed and facilitated information technology audit issues for Corporate Audit Department. Designed and performed audit procedures to validate compliance with set standards including examining global technology areas Access Management, Databases, IT Security for compliance with company policy and management plans. Obtained and analyzed information for evidence of deficiencies in internal controls, or lack of compliance with laws, government regulations, and company policies and procedures. Presented remediated issues to senior audit management to ensure agreed-upon recommendations and action plans have been implemented.

IT Compliance Manager

Confidential

Managed and facilitated information technology compliance activities for both internal and external audits. Validated audit remediation in the areas of Data Center, Oracle Databases, Windows and Application Security. Works collaboratively with corporate compliance, external and internal audit, and various technical teams in the design and implementation of regulatory and internal compliance practices for IT. Recommended improvement changes to strengthen controls in Information Technology areas.

Professional Experience

IT Compliance Senior Confidential

Led and coordinated ongoing compliance efforts in support of annual financial statement and other compliance audits. Documented and evaluated IT control environment process narratives, flowcharts, and risk/control matrixes . Authenticated audit remediation in the areas of Data Center, IT Operations, Oracle Databases, SDLC, Change Management, and Security AS400, UNIX, and Windows . Advised IT management on key Information Technology General Controls.

IT SOX Manager

Confidential

Managed IT SOX projects and team members contractors responsible for evaluating client's existing IT control structure. Developed project plans and managed IT SOX audits for testing various IT controls, processes, and systems. Managed and trained IT SOX project team members on methodology, project expectations and deliverables. Prepared written reports to management identifying issues and provided recommendations for improvements to the IT SOX control environment.

Senior IT Auditor

Confidential

Led and managed assigned tasks in support of information systems and integrated audits to determine the adequacy and effectiveness of information technology controls. Focus areas were Application Security, Policies and Procedures, Infrastructure, Disaster Recovery, and key transactional systems. Prepared automated work papers in accordance with the department standards. Developed audit programs that measured the effectiveness of controls.

Senior Consultant

Confidential

Led and managed detailed system-based IT audits and compliance reviews for clients. Assessed and reported on key information technology controls general and application controls . Inspected and documented significant strategic business risks and controls for clients' information system environments. Key focus areas were IT Security, SDLC and Change Management, IT Operations, and Disaster Recovery.

IT Audit Project Lead

Confidential

Managed and led general and application control reviews for Internal Audit. Identifies and assesses key risks and controls and develops effective test plans for engagements as assigned with limited guidance. Exhibits appropriate judgment regarding issue notification, issues draft findings to client management, and drafts final audit reports for review. Designed, developed, tested, and implemented new or modified CAAT programs that supported the audit services provided.