SUMMARY:

• Professional IT auditor and Controls specialist with years of experience in audit, risk assessments, In - depth knowledge of Sarbanes-Oxley Act (SOX), Service Organization Control (SOC) SAS 70 /SSAE 16 Reviews, HIPAA Compliance, IT General Controls, security assessment (SAP, PeopleSoft), COBIT, FISCAM, FISMA & NIST 800-53 Frameworks.
• Extensive background in all stages of audit including: planning, studying, evaluating, testing of controls, reporting and follow-up.

TECHNICAL SKILLS:

• Microsoft word
• Excel
• SharePoint Based System
• SAP
• Oracle Financial and use of automated scripts
• TAF
• IDEA
• CSAM
• ACL
• Team Mate
• Audit Management System
• Audit Command Language (ACL)
• MS Visio
• VM ware
• ACF2 & RACF

PROFESSIONAL EXPERIENCE:

Confidential, MD

Senior IT Auditor

Responsibilities:

• Have in depth experience performing audit with IT general controls (ITGC) such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS).
• Experienced in performing Application control in Retail Banking, Insurance industry by checking Authorization control, interface control, computation control and data validity check.
• Performed audits using COBIT, COSO, PCI DSS, OMB Circular A-123 Financial Statement Audit.
• Completed Sarbanes-Oxley (SOX) Section 404 testing of critical systems and applications that financially impact the company and communicate with the Company’s external auditors on general computer control related matters and SOX test procedures.
• Tested compliance with company policies and procedures to ensure it conforms to industry standards and applicable such as ISO and ITIL frameworks.
• Tested and evaluated the effectiveness and adequacy of General Computer controls on the Organization’s policies and procedures.
• Conducted risk assessments over areas of the global information technology environment to highlight major technical risks and gaps over such environments
• Performed Audits over application security involving the Company’s ERP systems. (SAP, People Soft, Oracle Financial, Deltek Cost Point, People soft) and execute audit strategy.
• Performed SAS 70 (SSAE16) reviews for large clients in the Manufacturing, Energy, Healthcare and Financial industry.
• Evaluated effectiveness of control activities in order to provide reasonable assurance regarding client’s achievement of their business objectives including, accounts payable, accounts receivable and cash disbursements.
• Past audit assignments include Global Data Privacy review, Data Center Reviews, Pre-and Post-Application Implementation Reviews, Internal Fraud assessments, IT infrastructure and application review and Special Controls.

Confidential, va

IT AUDITOR

Responsibilities:

• Identified and communicated IT audit findings to senior management and clients.
• Reviewed IT infrastructures databases, operating systems and network devices.
• Conducted testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit and Service Organization Control (SOC) SSAE 16 Review, using COBIT and FISCAM frameworks
• Identify some Key controls and evaluated existing controls using best practices such as COSO, COBIT, ITIL, ISO27002 best practices criteria to define standard requirements for achievements of key IT and business objectives.

Confidential

IT AUDITOR

Responsibilities:

• Extensive experience in IT auditing with emphasis on commercial public companies and federal government departments using ITGC, Application Controls, COBIT and FISCAM frameworks.
• Review enterprise security program. Validates IT control implementations, performs risk-based audit.
• Performs walkthrough on controls. Reviews CAP; validates remediation control.
• Performs IS audit on routers, switches, firewalls and remote access.
• Conducted root cause analysis of vulnerabilities and coordinates with appropriate stakeholders to remediate findings on IT audit engagements within schedule and budget constraints.
• Leads IT Implementation and testing of internal controls over financial reporting: Sarbanes Oxley Act (SOX), performs Walkthroughs of controls and evaluates operating effectiveness of controls.
• Performed audit of IT general controls such as access control, change management, IT Operations, disaster recovery and platform reviews (Windows and UNIX OS)
• Performed various audit engagements using COBIT and FISCAM frameworks, both in commercial and government entities.
• Experience in performing Application control in Retail Banking, Insurance industry by checking authorization control, interface control, computation control and data validity check.
• Performs internal and external IT risk assessments, conducted gap analysis against industry standards, and provided recommendations on mitigation options
• Evaluate segregation of duties over application security involving the company's ERP systems (SAP, PeopleSoft, and Oracle Financials) and execute audit strategy.
• Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by the information Systems Audit Control Association (ISACA).

Confidential

IT Risk and Compliance Analyst

Responsibilities:

• Provided quarterly risk and compliance auditing of the following IT areas: Desktop deployment (group policies, security software), Enterprise Network Services (network, firewall and VPN deployment), IT Security department (cyber security procedures and policies)
• Followed established cyber security controls guidance in compliance with SOX and GLBA
• Provided expertise and analysis toward certification and accreditation activities
• Managed multiple cyber security and risk reviews per quarter
• Provided expertise and guidance to teammates and management during development of the risk and compliance program
• Provided significant support to management in the review of corporate internal controls and procedures.
• Prepared tax returns and tax queries on audited accounts. Identified and evaluated procedures and policies in tax reporting processes.
• Prepared audit paperwork in accordance with standards and requirements.
• Reviewed the company financial reporting systems and policies to check if the financial reporting were accurate, complete and in accordance with established audit standards and requirements