SUMMARY

• An IT Audit professional with over 10 years’ experience in IT audit, information security, governance, risk management, technology and project management experience.
• Carried out audit engagements by performing work on risk based technology audit haven carried out Test of IT General Controls (ITGC), and IT Application Controls (ITAC). Competence in frameworks such as COBIT 5, NIST 800 - 53, rev.4 and ISO/IEC 27001:2013.
• Involved in projects such as HIPAA, Financial Statement Audit (Integrated). Worked within an Internal Audit team to conduct periodic reviews of information system to determine whether they continue to meet organization’s objectives.
• Experience performing audit engagements like the Audit planning, Audit scope definition, Walkthrough of controls, Audit fieldwork, Audit report and follow-up process if needed.
• Ensuring IT audit practices comply with company procedures and government regulations, promote efficient practices by recommending improvements in processing capability, user interface, and security designs.
• Handle special projects such as Segregation of Duties (SOD) and SOX Compliance business challenge projects, PCI DSS, HIPAA and identify conflicts or inadequate internal controls and provide recommendations.
• Conduct testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SSAE 16 Review, using COBIT and FISCAM frameworks.

TECHNICAL SKILLS

GRC: RSA Archer, Agiliance RiskVision, MetricStream

Databases: Oracle 10g, 11g, MS SQL Server 2008, Sybase ASE, DB2

Languages: VBA, SQL, Java

Operating Systems: Sun Solaris, IBM AIX, Windows, Linux

Basic: MS Excel (Advanced), MS Word, MS Access, MS Project, MS Visio

ETL: Informatica

CRM: Salesforce.com

Other: SharePoint

PROFESSIONAL EXPERIENCE

Confidential, Baltimore, MD

IT Auditor

Responsibilities:

• Responsible for planning, organizing and conducting IT Audits and leveraging on the knowledge of various regulatory, compliance and standards requirement such as HIPAA, and COBIT 5 to help identify associated IT control gaps, and provide recommendation to management to improve firm’s control environment
• Coordinated IT related audit readiness processes, assessing IT Application Controls (ITAC) in connection with program development, change management, computer operations, security and configurations as well as vendor service providers.
• Implemented and tested internal controls using the COBIT 5 framework and performing Walkthroughs of controls and evaluating operating effectiveness of controls.
• Performed audit of IT general controls (ITGC) such as, access control, change management, IT operations, disaster recovery and platform reviews (Mainframe and UNIX OS).
• Tested compliance with company policies and procedures to ensure it conforms to industry standards; such as HIPAA.
• Coordinated documentation, and timely processing of patient rights (i.e., amendment to medical records, requests for restrictions to health information, requests for confidential communications) activities to ensure compliance with privacy regulations.
• Participated in the consolidation of IT audit findings and presentation of reports with recommended remediation plans with management.
• Handled staff training on operational processes that ensured compliance and best practices, including HIPAA regulations together with the review of operational system for control effectiveness and ensured adherence with healthcare regulations

Confidential, Baltimore, MD

IT Risk Analyst

Responsibilities:

• Ensured IT Risk and Security Control issues are addressed, and respective corrective action plans are completed on committed dates.
• Managed application security testing review & application vulnerability assessments to identify potential risks.
• Tracked the statuses of RCSA issues, action plans, risk acceptances, change requests in Archer and working with responsible source teams to resolve them
• Mapped internal IT security controls to frameworks
• Conducted IT Risk assessments and log all findings to monitor and coordinate with respective owners/source teams for remediation.
• Performed control break Analysis and root cause analysis of identified findings
• Exception Register Management to record and monitor non-compliance
• Development, maintenance and enhancement of security processes and procedures per standards and best practices
• Created and managed IT Risk & Control dashboard - RCSA Units, RCSA Issues, Control Procedures, Control Test Reports, Risk Reports
• Ensured that security and loss prevention standards and instructions are consistently and effectively applied during the planning, development and execution of business operations as well as in all administration, infrastructure and support functions activities.
• Participate in the development of the analysis of product defect data and map it with corresponding action plans to reduce defects.
• Develop and execute daily, weekly and monthly action plans that increase quality, inventory accuracy and service.
• Responsible for evaluating threats, Assessing Risks and developing risk management strategies.
• Participated in providing secure working environment taking into consideration relevant legal and statutory compliance requirements, Labour regulations, agreements and practices.
• Provided open, trusted and reliable partnership with internal and external stakeholders, by supporting, advising and enabling successful accomplishment of business operations and initiatives.
• Participated in driving security change and improvement by engaging leadership and associates and by providing the relevant and useful security knowledge and awareness.
• Preparing weekly and monthly status to stakeholders

Confidential, Washington DC

IT Auditor

Responsibilities:

• Conducted testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SSAE 16 Review, using COBIT and FISCAM frameworks.
• Reviewed IT General Controls (ITGC) and various applications, databases and operating systems.
• Documented control weaknesses and related testing exceptions.
• Identified and communicated IT audit findings to senior management and client.
• Documented work completed by preparing work papers.
• Evaluated the status of the internal control environment within business units and provide recommendation to bridge the gap between the current and recommended state.
• Conducted and supervised all aspects of the end-to-end IT audit process to include engagement planning, coordination, scope determination, risk and control identification, design of audit program procedures, testing, and evaluation and analysis of results
• Prepared IT Audit program to include Access control, change management control Operations Control and application controls identified deficiencies in the design and operating effectiveness of controls and provided recommendations.
• Evaluated the design and effectiveness of technology controls throughout the business cycle.
• Evaluated the adequacy and effectiveness of the client’s internal controls using a risk-based methodology developed from professional auditing standards, such as COBIT and FISCAM.
• Supported clients with audit readiness efforts
• Performed assessment of IT internal controls as part of financial statement audit, Internal and operational audits, Attestation engagement and Audit readiness.
• Assisted in special projects such as Segregation of Duties (SOD) and SOX Compliance business challenge projects, PCI DSS, HIPAA and identify conflicts or inadequate internal controls and provide recommendations
• Performed Business process application control (FISCAM Control) and General Control (GCC)

Confidential, Jersey City, NJ

Third Party Risk Analyst

Responsibilities:

• Engaging with multiple LOB Delivery Managers for firm-wide critical suppliers to ensure compliance with all required assessments per the JPMC policy and procedures.
• Implements information risk processes, executes and monitors risk related procedures, promotes risk policy a wareness, and/or tracks and reports on risk compliance in line with established IT Control policies, processes and procedures
• Driving all aspects of the risk assessment of firm-wide critical suppliers, service providers.
• Assessing completed questionnaire and supporting materials to ensure they are complete
• Identifying control breaks and vulnerabilities with third party.
• Document findings and work with the LOB Delivery Manager to resolve those findings through Remediation Plans (RPs) or seek Non-Compliance Acceptance (NCA) approvals.
• Validating evidence from third party before Remediation Plans are closed.
• Escalating issues associated with third parties as needed.
• Assisting with various Third Party Risk Management program initiatives

Confidential

Internal Controls and Compliance

Responsibilities:

• Determine what internal controls should be developed and how they will be monitored.
• Document financial reporting processes, map key controls and sub-processes that impact financial statements.
• Perform testing of the design and operating effectiveness of internal controls over financial reporting and identify any deficiencies in accordance with Central Bank Guidance and other government policies.
• Leveraged strong command of auditing and attestations processes and requirements to assist 30+ external auditors to ensure flawless outcomes of audits.
• I have hands on experience with ERPs such as SAP, Oracle Financials
• Involve in the creation of clear and accurate documentation of audit workflows in IT process and report of test results/findings and exceptions.
• Proficient in the drafting of clear and concise audit reports that are easily understood by clients and other users.
• Make quarterly presentation to the Bank management regarding the observance of controls by branches within my region using analytical tables and projections to buttress my findings.
• Perform testing of the design and operating effectiveness of internal controls (General Controls) over financial reporting and identify any deficiencies