SUMMARY:

• 12+ years of experience in Risk Assessment, Management, design, testing and implementation as IT Security Consultant in deployment of web - based/client-server applications & related with Business Processes in Banking, & Financial industries
• Strong experience in Risk Management, SOX Compliance for Oracle Financial E Confidential & R11 for SYS ADMIN, GL, AR, AP modules security & several in house applications for various projects from conceptualization to implementation.
• Strong experience in Risk Management, SOX Compliance, SAP R3 security, & several in house applications for various projects from conceptualization to implementation.
• Strong focus on methodology quality.
• CISA- Certified Information Systems Auditor by ISACA
• Successful review from PCAOB inspectors (2009 & 2012).
• Experience in IT Risk, Operations, program changes, user provisioning, Segregation of duties, interfaces, automated controls, Computer assisted substantive testing, etc.
• Specialist in the management of Third Party Service Providers for Cybersecurity, PCI & NIST Security Compliance.
• Experience on HCSC & HIPAA regulations on IT process & information confidentiality.
• Excellent knowledge in Corporate Finance, Banking, Investment, Mortgage, Insurance, Sales & Collection, Equities, FX, Payroll & Financial Report.
• Assist in conducting quality assurance security risk assessments for new applications, roll out or major changes to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures,
• Good experience on new practices & team development.
• Good project manager leader (15 specialist’s team leader).
• Multi project & multi-tasking manager skills (seven years as Manager).
• Results-oriented (manager in 8500 audit & advisor hrs. / Year).
• Strong analytical, quantitative and problem solving skills.
• Sales & financial objectives orientation.
• Extensively communicated information in a clear concise, credible, and timely manner to optimize customer relations.
• Extensive experience on Excel, Word, PowerPoint, MS Project, MS Visio, SAP GRC, SAP ACE, ORACLE EBS GATE, ACL.
• Highly motivated self-starter with excellent communication, presentation and interpersonal skills, can perform well both independently and with a team, always willing to work in challenging and cross-platform environments.
• Strong management experience to fulfill client needs and make sure deliverables within specified budget, quality and time.

TECHNICAL SKILLS

Business Analysis Tools: Requisite Pro, MS Visio/UML

Methodologies: DTTL, PWC Audit guide, COBIT, COSO, ITIL, PMBOK, ISO 27000, AS5 PCI, NIST, HIPAA & HCSC

Testing Tools: SAP GRC, Oracle EBS GATE (SOD)RDBMS SQL Server, MS Access, ACL

Operating Systems: Windows, AS 400, Mainframe, Unix, Linux

Data Bases: Oracle, SQL, Progress SAP R3 Security BASIS, FI, SD, MM Oracle Financial E Confidential & R11 SYSADMIN, GL, AR, AP

Reporting Tools: MS Excel, AURA

Microsoft Tools: MS Project, MS Visio, MS Office

PROFESSIONAL EXPERIENCE:

Confidential, Florham Park, NJ

IT Security Compliance/Risk Manager

Responsibilities:

• Identification & correction of critical quality areas of Sarbanes Oxley (404) controls regulated assignations.
• Perform IT Security Control & Compliance and Risk Assessment activities as required by management & of IS Sarbanes Oxley (404) controls - Program changes, user provisioning, operation security- of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web based applications
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, and segregation of duties, related with financial business process - Corporate Finance, Banking, Investment, Mortgage, Insurance, Sales & Collection, Equities, FX, and Payroll & Financial Report.
• Built Project Plan to address PCI & NIST Compliance requirements
• Established project scope with list of active inventory of Third Party Service providers deemed in-scope for Cybersecurity, PCI & NIST Security Compliance.
• Convened regularly with team work groups to monitor and evaluate progress, discuss corporate policy issues and recommend service improvements for the Cybersecurity, PCI & NIST Program
• Reviewed all Master Services Agreement documents to ensure PCI Compliance language is in included in the agreement and that the agreement is signed and effective
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Strong experience in Risk Management, SOX Compliance for Oracle Financial E Confidential & R11 for SYS ADMIN, GL, AR, AP modules security & several in house applications for various projects from conceptualization to implementation.
• Substantive testing ACL experience.
• Successful performance on project teams related to the evaluation of ITS compliance for automated controls, access & interfaces related with AML applications.
• Facilitate, and execute post -production migration validation in the implementation of AML Applications.
• Develop and maintain documentation necessary to support the analytic processes within AML Applications implementation process.
• Assist in conducting quality assurance security risk assessments for new applications, roll out or major changes to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
• Work with Confidential teams, Internal Audit and External Auditors on IS audit plan.
• Successful performance on project teams related to the evaluation of ITS compliance for HCSC & HIPAA regulations on IT process & information confidentiality.
• Perform risk assessment and review of internal controls to identify issues, generate process improvements, mitigation strategies and track closure of all open action plans within target remediation date.
• Responsible for preparing and presenting senior management reports and risk metric reports to the business control committee and location operating committee.
• Communicate identified control deficiencies to management effectively, both orally and in writing.
• Strong experience on evaluation of the financial / operative impact.
• Prepared the annual audit projects plan, budget definition, audit management & monitoring
• Direct reporting of findings & recommendations to Financial audit Partners, Local Senior leadership & Headquarters Management.
• Excellent communication with other offices overseas.

Information Technology

Confidential

Responsibilities:

• Identification & correction of critical quality areas of Sarbanes Oxley (404) controls regulated assignations of financial sector.
• Substantive testing- Credit card, Borrowings & Loans, interest recalculation, accrual recalculation
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, segregation of duties, related with for banking cycles - Savings, Investment & derivatives Credit card, Borrowings & Loans
• Asses for internal control risk assessment, process mapping, control identification, evaluation of design & effectiveness testing for business process.
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Substantive testing ACL experience for Credit card, Borrowings & Loans- Accrual reprocessing, interest recalculation, conciliation vs General Ledger.
• Maintain Confidential over policies, standards, and procedures to ensure compliance with corporate security policies, regulatory requirements and adherence to best practices.
• Participate in key initiatives providing subject matter expertise on IS risk and compliance.
• Successful performance on project teams related to the evaluation of ITS compliance for automated controls, access & interfaces related with AML applications.
• Facilitate, and execute post -production migration validation in the implementation of AML Applications.
• Develop and maintain documentation necessary to support the analytic processes within AML Applications implementation process.
• Work with control owners to ensure control accuracy and re mediate any issues related to control exceptions.

Business Process

Confidential

Responsibilities:

• Identification & correction of critical quality areas of Sarbanes Oxley (404) controls regulated assignations of financial sector.
• Perform IT Security Control & Compliance and Risk Assessment activities as required by management & of IS Sarbanes Oxley (404) controls - COBIT - Program changes, user provisioning, operation security- of areas such as operating systems(Windows, Mainframe, Unix & AS400) & database security (SQL, Oracle, Progress), program changes, user provisioning compliance & operations security, firewalls, intrusion detection systems, and web based applications
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, segregation of duties, related with for banking cycles - Savings, Investment & derivatives Credit card, Borrowings & Loans
• Asses for internal control risk assessment, process mapping, control identification, evaluation of design & effectiveness testing for business process.
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Strong experience in Risk Management, SOX Compliance for Oracle Financial E Confidential & R11 for SYS ADMIN, GL, AR, AP modules security & several in house applications for various projects from conceptualization to implementation.
• Substantive testing ACL experience for Credit card, Borrowings & Loans- Accrual reprocessing, interest recalculation, conciliation vs General Ledger.
• Maintain Confidential over policies, standards, and procedures to ensure compliance with corporate security policies, regulatory requirements and adherence to best practices.
• Participate in key initiatives providing subject matter expertise on IS risk and compliance.
• Work with control owners to ensure control accuracy and re mediate any issues related to control exceptions.
• Several companies for Sarbanes Oxley (404) controls & local regulations:

Confidential

Risk Assurance Manager

Responsibilities:

• Identification & correction of critical quality areas of Sarbanes Oxley (404) controls regulated assignations.
• Perform IT Security Control & Compliance and Risk Assessment activities as required by management & of IS Sarbanes Oxley (404) controls - Program changes, user provisioning, operation security- of areas such as operating systems, database management systems, firewalls, intrusion detection systems, and web based applications
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, and segregation of duties, related with financial business process - Corporate Finance, Banking, Investment, Mortgage, Insurance, Sales & Collection, Equities, FX, and Payroll & Financial Report.
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Substantive testing ACL experience
• Assist in conducting quality assurance security risk assessments for new applications, roll out or major changes to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures.
• Work with Confidential teams, Internal Audit and External Auditors on IS audit plan.
• Perform risk assessment and review of internal controls to identify issues, generate process improvements, mitigation strategies and track closure of all open action plans within target remediation date.
• Responsible for preparing and presenting senior management reports and risk metric reports to the business control committee and location operating committee.
• Communicate identified control deficiencies to management effectively, both orally and in writing.
• Strong experience on evaluation of the financial / operative impact.
• Prepared the annual audit projects plan, budget definition, audit management & monitoring
• Direct reporting of findings & recommendations to Financial audit Partners, Local Senior leadership & Headquarters Management.
• Excellent communication with other offices overseas.

SAP R3 BUSINESS PROCESS RISK ASSURANCE

Confidential

Responsibilities:

• Strong experience in Risk Management, SOX Compliance, related with SAP R3 security Perform IT Security Control & Compliance and Risk Assessment activities as required by management & of IS Sarbanes Oxley (404) controls - COBIT - Program changes, user provisioning, operation security- of areas such as operating systems(Windows, Unix & AS400) & database security (SQL, Oracle), program changes, user provisioning compliance & operations security, firewalls, intrusion detection systems, and web based applications
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, and segregation of duties, related with Financial Business Process - Corporate Finance, Banking, Investment, Mortgage, Insurance, Sales & Collection, Equities, FX, and Payroll & Financial Report.
• Asses for internal control risk assessment, process mapping, control identification, evaluation of design & effectiveness testing for ITS & business process.
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Substantive testing ACL experience for Journal entries, Revenue integration.
• Maintain Confidential over policies, standards, and procedures to ensure compliance with corporate security policies, regulatory requirements and adherence to best practices.
• Participate in key initiatives providing subject matter expertise on IS risk and compliance.
• Work with control owners to ensure control accuracy and re mediate any issues related to control exceptions.
• Several companies for Sarbanes Oxley (404) controls & local regulations:

Oracle Financial

Confidential

Responsibilities:

• Strong experience in Risk Management, SOX Compliance, related with Oracle EBS R12 security.
• Perform IT Security Control & Compliance and Risk Assessment activities as required by management & of IS Sarbanes Oxley (404) controls - COBIT - Program changes, user provisioning, operation security- of areas such as operating systems(Windows,) & database security (Oracle), program changes, user provisioning compliance & operations security, firewalls, intrusion detection systems, and web based applications
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, and segregation of duties, related with Financial Business Process - Corporate Finance, Sales & Collection, Equities, FX, and Payroll & Financial Report.
• Asses for internal control risk assessment, process mapping, control identification, evaluation of design & effectiveness testing for ITS & business process.
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Substantive testing ACL experience for Journal entries, Revenue integration.
• Maintain Confidential over policies, standards, and procedures to ensure compliance with corporate security policies, regulatory requirements and adherence to best practices.
• Participate in key initiatives providing subject matter expertise on IS risk and compliance.
• Work with control owners to ensure control accuracy and re mediate any issues related to control exceptions.
• Several companies for Sarbanes Oxley (404) controls & local regulations:

QUALITY ASSURANCE

Confidential

Responsibilities:

• Assist in conducting quality assurance security risk assessments for new applications, roll out or major changes to identify weaknesses or security exposures and prescribe solutions to mitigate the risks related to those weaknesses and exposures, based on Confidential objectives, SLA goals related with COBIT, ITIL & PMBOK methodologies
• Assist on planning definition (project chart) and project execution, reporting key results before the end of each project stage & before of the go live.
• Advice of business requirements for enable setting in configurable controls, design of responsibilities according to hierarchies and levels in the companies.
• Identify new business & efficiency areas
• Participate in key ITS initiatives providing subject matter expertise on IS risk and compliance.
• Operate at senior levels in both written and verbal communications interacting professionally with a diverse group, executives, managers, and subject matter experts.
• Interface between Vendor team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from Functional and Non-Functional parties.
• Defined the context of the system by creating various use cases Developed system requirements specifications encompassing Functional and Non-Functional requirements.
• Maintaining credibility and able to analyze situation and develop several potential solutions, adhering to standards and procedures accordingly.
• Provide risk support for migration of any Global Finance processes.

Information Technology Security

Confidential

Responsibilities:

• Successful participation in several financial sector projects in PWC Toronto
• Perform IT Security Control & Compliance and Risk Assessment activities as required by management & of IS Sarbanes Oxley (404) controls - COBIT - Program changes, user provisioning, operation security- of areas such as operating systems(Windows, Mainframe, Unix & AS400) & database security (SQL, Oracle, Progress), program changes, user provisioning compliance & operations security, firewalls, intrusion detection systems, and web based applications
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, and segregation of duties, related with Financial Business Process - Corporate Finance, Banking, Investment, Mortgage, Insurance, Sales & Collection, Equities, FX, and Payroll & Financial Report.
• Asses for internal control risk assessment, process mapping, control identification, evaluation of design & effectiveness testing for ITS & business process.
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Participate in key initiatives providing subject matter expertise on IS risk and compliance.
• Work with control owners to ensure control accuracy and re mediate any issues related to control exceptions.

Information Technology Security

Confidential

Responsibilities:

• Management of System & process practice for the North West region.
• Perform IT Security Control & Compliance and Risk Assessment activities as required by management & of IS Sarbanes Oxley (404) controls – COBIT - Program changes, user provisioning, operation security- of areas such as operating systems(Windows, Mainframe, Unix & AS400) & database security (SQL, Oracle, Progress), program changes, user provisioning compliance & operations security, firewalls, intrusion detection systems, and web based applications
• Perform business process application controls at transaction level - automated controls, configurable settings, interfaces, batch process, and segregation of duties, related with Financial Business Process – Corporate Finance, Banking, Investment, Mortgage, Insurance, Sales & Collection, Equities, FX, and Payroll & Financial Report.
• Asses for internal control risk assessment, process mapping, control identification, evaluation of design & effectiveness testing for ITS & business process.
• Interface between Financial audit team, ITS senior leaders, Confidential teams and Internal/External Audit and regulatory personnel in coordinating the gathering of artifact requests from internal and external auditors to support the respective IS related audits.
• Substantive testing ACL experience for Journal entries, Revenue integration.
• Maintain Confidential over policies, standards, and procedures to ensure compliance with corporate security policies, regulatory requirements and adherence to best practices.
• Participate in key initiatives providing subject matter expertise on IS risk and compliance.
• Work with control owners to ensure control accuracy and re mediate any issues related to control exceptions.