SUMMARY

• Over Six years of experience in Compliance analyst /SOX Analyst /testing, A - 123 Audit and SOC audit. A vast experience with internal controls, IT risk governance, IT risk management, IT general and application control testing. Affinity with SOX (Sarbanes-Oxley) and Internal Controls.
• Familiar with the concepts of Corporate Governance, the quality of financial reporting, SEC, PCAOB, Auditing Standard No.2, COSO, COBIT and ITGI IT Control Objectives for Sarbanes-Oxley.
• Thorough understanding of the Software Development Life Cycle (SDLC) and their variants; employed best practices in project management and business requirements gathering.
• Many years of experience as a Compliance Officer and an expert in risk analysis, controls implementation, monitoring, and resolution expert. Conducting Risk Analysis, Business Process Analysis, resulting in design and Implementation of new \enhanced internal controls for regulated or non-regulated multi-national and local businesses and their I.T. environments (i.e. Sarbanes-Oxley (SOX)). Documentation of associated policies.
• Designing business controls and requirements for development of risk assessments, working with application owners,
• Successfully added new service offerings to the clients for compliance to Sarbanes Oxley (SOX), HIPAA, GLBA, and Privacy Laws; information system security risk assessment; process change control; IT audit; technology risk management; SAS 70 (vendor risk management related) and SAS 94 audit support
• Develop and track project plan, milestones, critical path tracking, assigning project tasks, and negotiation of project tasks between departments.
• Lead SOX projects starting with discovery through pre-audits, scoping with the company’s leadership followed by planning to identify key controls, design, implement and test them for the Management.
• Successfully deliver IAM infrastructure professional service solutions to clients.
• Critically reviewed Controls Documentation against standards and guidelines for SOX, NIST 800, SAN 20, COBIT, PCI DSS, HIPAA, ITGI and ISO 27001.
• Audited controls for Level 1PCI DSS compliance.
• Independently served as a subject matter expert to NIST/PCI / PII / SOX compliance teams.
• Helped BDO Audit Teams to map HIPAA Administrative Safeguards ( ) and Technical Safeguards ( ) to COBIT Control Objectives and actual internal controls so that controls testing done for SOX could be reused.
• Reviewed SAS70, SOC1 (Type1 and Type2, SSAE16), SOC2 and SOC3 reports for Third Party Risk Management and Compliance.
• Prepared and maintained Executive documents, case studies, analysis, risk assessment documentation, provideQAexpertise with all facets of client in compliance with legal andregulatory authorities and records and recommends management best practices.
• Implemented systems and tools for the Sarbanes Oxley project management.
• Performed all the reporting of the project status locally, regionally and at Group level.

TECHNICAL SKILLS

• SAP and PeopleSoft ERP Systems
• Firewalls switches and routers
• Windows
• Unix (Linux
• AIX
• Solaris) Data Analysis
• Information security management
• SDLC
• ITGC and Application control Audit
• SOX compliance
• SSAE16 Report
• COSO
• COBIT and FISCAM frameworks
• Audit command language (ACL)
• Teammate Audit management system
• MS SharePoint
• MS Office suits (word excel utlook
• Power Point and access) Internal Audit Risk Assessment
• Internal Audit Engagement Planning and Execution

PROFESSIONAL EXPERIENCE

Confidential, CT

SOX Compliance Analyst

Responsibilities:

• The focus was on using new processes and technologies required to manage the increased workload and documentation requirements associated with Sarbanes Oxley corporate governance activities.
• Strong critical thinking, problem solving, and time management skills with proven success at handling multiple responsibilities and projects.
• Oversee company's compliance-related initiatives, including PCI and SOX
• Worked with Management Testers.
• Worked extensively on the RSA Archer (GRC) tool used for managing and automating the risk assessment process
• Prepared the Audit Reports for CIO every week as part of the Management Reporting.
• Was involved to a great deal with deep dives for application owners for Confidential Testing.
• Designed and implemented process controls necessary for compliance with the Sarbanes and Oxley Act.
• I have strong understanding of internal controls in order to identify control objectives and assess control risk for review and testing.
• I have in depth knowledge of the different sections of Sarbanes-Oxley law and the different forms required, like 8K, 10Q, 10K.
• Worked extensively on the COSO, COBiT and Sox 404 regulations.
• Manage operations within the Identity and access management (IAM) environment, including application patching and upgrades and certificate management.
• Worked extensively on Audit issues related to Control inefficiencies, segregation of duties.
• Establish IT compliance frame work covering IT platform applications, processes and procedures to ensure compliance with industry standards and best practices.
• Worked on End User Computing (EUC) Remediation procedures.
• Worked with the various management segments related to Access Management, Change Management and Logging & Monitoring segments of the control activities and Remediation’s.
• Developed corporate wide policies and local procedures around Access Management, Change Management and Logging & Monitoring.
• For Access Change, have written a complete enterprise wide procedure whether the user-manager (Manager/Director/VP) or the designate should login to the system and perform the Review Process or should the designate send the list in an excel spreadsheet to the user-manager.
• Monitoring and controlling Identity Management applications access to IT financial systems
• Audited controls for Level 1PCI DSS compliance, SOX, and IT General Controls (ITGC).
• Interfacing regularly with senior management to determine goals and priorities to produce timely results.
• Provided consulting services in PCI / SOX Scope design and identifying applications, databases and infrastructure.
• Partnered with company’s Qualified Security Assessor to facilitate audits and follow up remediation.
• Managed the tracking of compliance gaps and remediation.
• Provided SOX status reports on a daily basis to Upper Management.

Confidential, Milwaukee WI

SOX Finance and IT Compliance Analyst

Responsibilities:

• Identifies risks/issues, escalate as appropriate and drive to resolution
• Provides high level updates to Director of IT Finance on weekly/monthly basis
• Provides other misc. tasks and responsibilities as assigned
• Developed and manage IT audit performing technical audits of operating systems and ITGC.
• Audited controls for PCI DSS compliance, SOX, and IT General Controls (ITGC).
• Ensuring compliance with Company policy.
• Executed IT governance, automatic control and general computer controls tests.
• Worked with Business, technology and operations teams towards compliance of Corporate IT Control Policies and regulatory (NIST, SOX 404, PCI-DSS, SAS 70) requirements.
• Supporting internal auditing for compliance areas such as NIST/ PCI / SOX.
• Involved in monitoring and auditing PCI / SOX documentation.
• Ensuring that in scope applications in compliance for PCI /SOX controls.
• Managed PCI Audit projects for EMEA, ASIA and US regions.
• Conducted quantitative/qualitative analysis.
• Provided advisory and consulting services on PCI for technology risk /application development / business teams.
• Managed projects extensively on improving IT, financial and business processes for reliable financial reporting; value chain including vendors (supply chain), direct store distribution, and customers (delivery chain) of the clients; as a part of SOX and other SAS 70 a( vendor audit) compliance initiatives for several clients, supported by a regime of consistent policies, procedures, standards and guidelines.
• Coordination with the SOX Leaders on SOX 404 Gap Identification/Assessments and to support remediation procedures for applications, testing and the implementation of the new policies and procedures.
• Worked closely with Business Leaders for Collection, Review, Validation, Consolidation of SOX Tollgate Information and Reporting to IT Controller on continuous and periodic basis.
• Transformed business requirements to technical models using Sarbanes Oxley (SOX) methodologies - Use Case Diagrams, Data Flow Diagrams, Activity Diagrams and Sequence Diagrams.
• Experience in designing reports with performance tuning metrics and ability to troubleshoot Issue/problem resolution in post upgrade scenario

Confidential, Cleveland, OH

I.T. Risk Analyst

Responsibilities:

• Developed and maintained IT Risk Dashboard, Gained knowledge of existing IT Risk scenarios, Gained knowledge of existing IT Risk controls
• Reviewed new regulatory guidelines from SEC and compared against existing controls, policies and processes. Identified gaps, proposed new controls to close gaps and drive creation and adoption of the controls
• Documented assessment results in IT Risk register
• Developed metrics and IT Risk KRIs for specific processes, tracked, monitored and provided regular reports on the metrics
• Documented and reported status of agreed upon remediation plans, owners and commitment dates
• Documented and maintained IT policies and standards
• Sarbanes Oxley Implementations (Project Team Management or Participation) on major processes and sub-processes, including flowcharts, personnel interviews, narratives, control matrices, identification of control points and control activities, walkthroughs, detailed testing, gap identification and remediation steps to be performed.
• Responsible for the day-to-day conduct and completion of audits and Sarbanes-Oxley (SOX) compliance procedures.
• Assisted in the identification of opportunities for operational and control improvements with the objective of mitigating risk and improving performance.
• Assisting management with the implementation of controls and adherence to the Company’s processes and procedures.
• Developing programs to test the operating effectiveness of key controls identified.
• Documenting the results and conclusions of the testing procedures performed and communicating areas of concern or potential operating weaknesses to the Internal Audit Manager(s) and management as necessary.
• Communicating with external auditors throughout the entire process.
• Keeping abreast of changes within key areas of the Company while understanding the impact of the changes on SOX/JSOX compliance regulations.
• Partnering with management to effectively resolve issues identified through audits.
• Developed technical procedures, methodologies, metrics, checklists, and standards. Identified, documented, and applied best practices for software quality assurance.
• Responsible for conducting the testing of internalSOXcontrols over financial reporting in support of management's assessment of the effectiveness of same controls.
• Involved in risk Based Testing Approach, by testing the identified break points introduced by each upgrade. E.g. Testing ofSOXkey controls validated.
• Maintained mechanisms to determine measure and reported to management an accurate view of IT risk