SUMMARY:

• I am a highly motivated and experienced Information Systems Auditor and Risk Control specialist with years of experience in audit, risk assessments and In - depth knowledge of Sarbanes-Oxley Act (SOX), HIPAA, PCI DSS, IT General Controls (ITGC), SAS70/SSAE16 Attestation, NIST 800-53 Frameworks.
• Extensive background in all stages of audit including: planning, studying, evaluating, testing of controls, reporting and follow-up.
• Good understanding of control frameworks: COSO, COBIT and ISO 27001.
• In-depth experience of Government and Industry related regulations/ laws and reports that involve Information Security: SOX 404, PCI DSS, HIPAA, and SSAE 16.
• Proficient in administering Computer Assisted Audit Techniques (CAAT) to analyze data through the use of software tools such as Microsoft Access, TOAD for my SQL, Sharepoint and IDEA.
• Business continuity and disaster recovery plans review.
• Payment Card Industry Data Security Standard.

TECHNICAL SKILLS:

• Microsoft Office Suite (Word, Excel, PowerPoint, Access)
• Share Point Based System, Team mate, Lotus Notes and Visio

PROFESSIONAL EXPERIENCE:

Confidential, New York

Senior Risk Assurance Services

Responsibilities:

• Conducted SOX compliance testing on application controls.
• External Information Technology audit services.
• Involved with Confidential working group as Internal auditor creating Risk and Control audit methodology for clients with various industries.
• Implementing and testing of internal controls under SOX, performing walkthrough of controls and evaluation operation.
• Identifying relating mitigating controls and ensuring management has an adequate control environment, includes SOX process documentation, executing test plans to evaluate effectiveness of SOX controls and monitoring remediation of SOX deficiencies.
• Manage IT related aspects of financial statements audits, SOX engagements and Service Organization Control Reports (SOC1 & SOC2).
• Project planning participation with project managers, business analyst and team members to analyze business requirement and outline propose IT solution for clients across various industries.
• Testing of ITGC controls such as Access Control, Change Control, Incident Management Controls, Mainframe Application Controls and UNIX Enterprise Controls.
• Consulted with Audit owners on how to respond to audit observations and findings.
• Status report on all open Audit items
• Performed Identity Access Management within the Logical Security Administration to ensure compliance with access provisioning, entitlement of access and privileged access reviews respectively.
• Performed IT risk assessments, operational and IT audits for private and public clients.
• Reports areas of risk or compliance deficiencies of client’s company to responsible business owners, remediation activities discussed, and final reports issued to senior management.
• Built experience with automated applications controls and manual business process controls.
• Performed SOX compliance Audit for various industries and Data Centre Walkthrough Audit.
• Performed walkthroughs, develop test plans and collects information related to systems operations to determine the design appropriateness and the operating effectiveness and management of corrective action.

Confidential, Cherry Hill, NJ

Risk Control Specialist, Business Service Risk and Assurance Tester

Responsibilities:

• Conducted IT compliance testing to assess risk, evaluate internal controls, safeguard assets and analyze IT controls supporting financial reporting and operating procedures.
• Performed testing on all applications in the bank, both internally developed and vendor developed applications to ensure compliance.
• Conducted Information Systems Control reviews on platforms and operating procedures in accordance with the established corporate standards for efficiency, accuracy and security.
• Reviewed areas identified for improvement by staff and by self, and in conjunction with IT Compliance Management, developed viable business solutions to mitigate the risk.
• Evaluated IT Compliance gaps and work with management to recommend solutions to improve policies, procedures and efficiency of controls by using applicable frameworks like COSO, COBIT, and PCI DSS.
• Performed audit of IT General Controls such as, Access Control, Change Management, IT Operations, Disaster Recovery and Platform Reviews (Windows and UNIX OS).
• Performed Application Control Assessment in retail banking by checking authorization control, interface control, computation control and data validity check.
• Evaluate Segregation of Duties over application security involving the company's ERP systems (SAP, PeopleSoft, and Oracle Financials) and execute audit strategy.
• Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by the information Systems Audit Control Association (ISACA).
• Conducted SOX 404 and GBLA annual compliance testing on all the internal controls in the bank.
• Carried out sampling methodology to validate population analysis.
• Reviewed Vendor Risk Assessment report.

Confidential, Cranston Rhode Island

IT AUDITOR

Responsibilities:

• Reviewed the Access Control policy of the organization (Logical and physical) to determine its adequacy and effectiveness.
• Documented physical access controls to computer resources by evaluating existing environmental security conditions and available emergency procedures.
• Ensured audit tasks are completed accurately and within established timeframe by using applicable frameworks such as COSO, COBIT, PCI DSS, FISCAM and NIST 800-53.
• Reviewed the adequacies of key systems and application controls - Access control, Data Integrity, Segregation of duties, disaster recovery, and change management among others.
• Testing and Documentation of key SOX and IT General Controls, leveraging a defined process compliance monitoring process.
• Established the control points for every phase of system implementation as defined by the SDLC methodology - end user buy-off, testing in development and not production environment, adequacy of testing etc.
• Tracked, monitored, and reported all Internal Risk Control Self Assessments (RCSA) in compliance with policies and standards.
• Evaluated IT and business processes for effectiveness and efficiency, through obtaining an understanding of and documenting key business processes and internal controls
• Reviewed internal policies, procedures, existing laws, rules and regulations to determine applicable compliance and the adequacy of underlying internal controls.

Confidential, Rockville, MD

IT AUDITOR

Responsibilities:

• Performed various IT auditing with commercial public companies, financial institutions and hospitals.
• Performed IT General Controls (ITGC) auditing for various organization in areas such as, Access Control, Change Management, IT Operations, Disaster Recovery and Platform Reviews (Windows and Unix OS).
• Performed PCI DSS auditing by testing all the IT controls to ensure confidentiality, integrity and availability of sensitive and confidential information systems.
• Reviewed enterprise security program.
• Validates IT control implementations and performed risk-based audit.
• Performed walkthrough and detail testing on controls and validates remediation control.
• Performed IT audit on network infrastructures such as Routers, Switches, Firewalls and Remote Access to access current vulnerabilities.
• Performed auditing of various organizations to ensure compliance with the relevant government regulations and guidelines (i.e. PCI, Sarbanes - Oxley Act, SAS 70, COBIT/COSO.GLBA, HIPPA, ISO, etc.).
• Testing of ITGC controls such as Access Control, Change Control, Incident Management Controls, Mainframe Application Controls and UNIX Enterprise Controls.
• Performed MAR testing and assist process owners to perform their own self -testing.
• Developed relationships with process and control owners to ensure ownership of controls are understood and managed.
• Performed testing and assist IT control/process owners in SOX control testing.
• Assessed Segregation of Incompatible Duties within change management environment.
• Reviews of privileged access to Sailpoint