SUMMARY:

• A talented and accomplished professional with extensive experience in managing and coordinating IT internal control compliance efforts to meet financial, operational, regulatory and technology requirements.
• Extensive IT and operational audit/compliance experience
• Skilled in SOX, COSO, CoBit, PCI and FFIEC frameworks
• Experience with software, hardware, DB, and network systems
• Specialist in performing enterprise - wide risk assessments
• Strong project management and organizational skills
• Strategic thinker and internal controls specialist
• Strive to continuously improve processes through efficiencies
• Ability to build rapport with team during projects

PROFESSIONAL EXPERIENCE:

Confidential, San Francisco

IT Internal Audit and IT SOX

Responsibilities:

• Responsible for the leadership and planning of IT audits throughout the Bank and its affiliates.
• Act as a trusted advisor and voice for IT audit/SOX while educating the organization about IT governance and controls.
• Lead IT risk assessment process and develop annual IT Audit Plan.
• Meet regularly and collaborate with the CIO, Deputy CIO, CTO and CISO during the planning process to identify risk areas. Interact with key executives regarding audit progress and remediation of audit findings.
• Supervise the overall planning, execution, and budgeting of the IT audit/SOX plan, as well as individual IT audit projects. Supervise IT Auditors, including internal and co-sourced resources, during control testing and audit report preparation.
• Collaborate with the operational and financial internal audit teams for integrated audit tasks. Communicate with external auditors for audit progress and control testing reliance. Coordinate with Regulators during FDIC examinations.
• Prepare and review audit committee information related to IT audit/SOX progress.
• Act as an IT control expert to assist in remediating control deficiencies related to application security, system security, database security, event monitoring, access controls and various other areas.
• Coordinate IT audit activities and act as a liaison between auditors and executives. Assisted in pre-audit activities to prepare for application security reviews and computer control reviews between Confidential and Confidential .

Confidential - San Francisco

Risk & Controls Compliance - Client & Trading Solutions

Responsibilities:

• Successfully created a centralized compliance office to manage and direct activities for Client & Trading Solutions to ensure compliance with internal and external policies, procedures, regulations and requirements.
• Function as a key negotiator between development managers, business partners, internal compliance program managers, and auditors for IT related regulatory, compliance and control activities.
• Pro-actively established relationships with internal compliance and corporate oversight program managers to anticipate changes or requirements that could impact the development processes and operations of Client & Trading systems.
• Provide periodic reporting to officers regarding compliance with Internal Audit activities, the Business Continuity Program, NPI user access and renewal, SOX requirements, Application Directory updates, and internal control deficiencies.

Confidential - San Francisco

Responsibilities:

• Developed a standardized internal control framework for use across the organization.
• Successfully trained and transferred the majority of Sarbanes-Oxley documentation and testing requirements to over 70 Confidential employees at various levels of management. Areas included information security, operations, IT systems mgmt.
• Successfully reduced Confidential 's IT internal control count from 976 to 410 and reduced the 404 compliance fees more than 2M in year two. Passed external audit with a clean report in seven months.
• Performed business unit planning, budgeting, resource scheduling, and project management. Supervised four managers and six staff, which include FTE’s and contractors.
• Built relationships with IT executives for each business unit. Ensured business unit contacts felt they could confide in RCG and communicate issues and challenges. Built rapport to enable collaboration and two way communication.

Confidential - San Francisco

Enterprise Risk Services - Business Process and Information Technology Risk and Controls

Responsibilities:

• Created and successfully implemented a standardized process that enabled a consistent and common approach to performing internal audits.
• Implemented COSO and CoBit frameworks to perform functional and process oriented enterprise-wide risk assessments. Developed and implemented risk based audit plans to evaluate financial, operational, regulatory, and computer system internal controls.
• Collaborated with auditees to develop appropriate remediation efforts for existing internal control deficiencies.
• Prepared/reviewed COSO rated internal audit reports consisting of an executive summary, observations, recommendations, action plans, best practices and process flows. Jointly prepared audit committee and executive reports to communicate audit plan status, and outstanding and past due findings.
• Coordinated integrated efforts with external auditors for SAS70 and SAS65 reliance. Facilitated internal audit work paper reviews with federal regulators.
• Developed and provided training to colleagues on internal audit standards, audit program development, controls testing, documentation requirements and standards.
• Managed general computer control reviews to support Sarbanes Oxley requirements. Performed engagement planning, budgeting, and resource scheduling. Ensured execution of work plans, and manage daily aspects of client engagement.
• Managed staff during general computer controls testing for UNIX, Windows, and mainframe platforms. Coordinated audits for the areas of IT Strategy & Planning, IT Operations, BCP/DRP, Information Security, Vendor Management, Database Management, Network Support, Hardware Support, System Software Support, and Application Development.
• Performed multiple SysTrust readiness reviews to identify gaps and control deficiencies. Coordinated the revision of control objectives and control activities.

Confidential - San Francisco

Intern - Financial Statement Auditor

Responsibilities:

• Provided assistance to staff and seniors in assessing the processes and controls used to produce financial statements.
• Managed and performed compliance assessments on radar, navigational, cryptographic and communication systems for military bases and surface ships. Received a Confidential Medal for outstanding work performance while supervising five individuals.
• Maintained, repaired, calibrated, tuned and adjusted electronic equipment used for communications, detection and tracking, recognition and identification, navigation and electronic countermeasures.