PROFILE:

• Result - driven, dedicated and enthusiastic Information Security and Risk management professional with strong capabilities in planning, analyzing, and implementing solutions in support of business objectives.
• Hands on experience with disaster recovery, RMF, Secure Software Development Lifecycle (SSDL) and Vulnerability management.
• Possesses good knowledge in ITGC Audit, Application Control Audit, SOX Compliance Audit, SSAE 18 (SOC 1 & 2) using the applicable framework and standards like COSO/COBIT and ITIL frameworks, SSAE16 (formerly SAS 70), HIPAA, GLBA, SOC, SOX, PCI-DSS, ISO27001, ISO27002, ISO 9001, GDPR,FFIEC, FISMA and NIST 800-SP.
• It is my hope to bring my wealth of experience and commitment to strengthening InfoSec posture and demonstrate strategic abilities to advancing the goals of a forward-looking organization.

SKILLS AND TOOLS:

IT Risk Assessment, IT Control Auditing, Change and Configuration management(Testing /Assessment /Compliance).IT Infrastructure Auditing (OS, Database, Network and Active Directory), IT Operations (Logging and monitoring, job scheduling, and Back-up Recovery) Asset management, Vulnerability Management (Testing/ Assessment), Patch Management, Business Continuity/Disaster Recovery Plan, Incident prevention and Responsive documentation ; SOX 404,SOC,Report writing, review and recommendation. Microsoft SQL Server, Oracle Database, MySQL, and IBM DB2.GRC tools: EMC-RSA. RSA Archer, Risk vision, Good knowledge of ITSM Service Catalog, Service Asset & Configuration Knowledge, Incident, and Change Management using Service Now and Cherwell, Experience with Windows and Linux operating systems, Vulnerability Assessment and Penetration Testing (VAPT) using - Splunk, Nmap, Nessus, Qualys, LanGuard, Proficiency using Microsoft Office Suite (Word, Excel, Outlook, Access, PowerPoint, Visio) and MS Project. Knowledge of tools like Nessus/Nexpose Vulnerability Scanner,Splunk, IPS/IDS,Excel, Outlook, Microsoft Word, PowerPoint, JIRA, SAR/IDM and Planview, ACL, Teammate, SharePoint, and IDEA, WebEx, Go- to meeting, One note, Access, Power BI.

PROFESSIONAL EXPERIENCE:

Confidential

SENIOR INFORMATION TECHNOLOGY AUDITOR

Responsibilities:

• Assessing IT control elements to mitigate IT risks regarding the confidentiality, integrity,and the availability of business information and Interface testing and documentation.
• Perform ITGC to verify compliance with SOX provisions and professional standards around areas of change management, logical access including backup and recovery,job scheduling, problem and incident management.
• Demonstrated and proven experience with using COSO framework to map in- scope key controls,control objectives and control activities in alignment with SOX compliance.
• Responsible for developing accurate and complete audit work papers that adequately support audit findings and documents work.
• Responsible for conducting walkthrough interviews, updating and documenting process flow charts. Identified and tested IT Control and reported issues to the IT Management of the company in precise and concise manner.
• Performed general computer controls review to verify compliance with SOX section 404. Reassessing controls deficiencies and retesting SOX in scope applications and tools and presented findings and recommendations to senior management.
• Reviewed SSAE 16/18 SOC 1, 2, 3 type II report for reliance, and trust service purposes.
• Assisted management in the assessment of project risks and controls deficiencies and increased value by 10% and reduced costs of compliance related activities by 5%.
• Coordinated and participated in planning, execution and reporting of risks to senior management and conducting risk assessment in financial and IT areas and providing value- added mitigation strategies and recommendation of improvement in current standards. And procedures.
• Tested for Change Management Controls ensuring only appropriately authorized, tested, and approved changes are made to applications, databases and OS. Also ensuring changes are tested before applying in production environment. Also ensuring no conflict of duties in the process and appropriate documentation is in place.
• Proactively interacted with POC to gather evidence, resolve audit-related problems, and made recommendations for business and process improvements, document audit report and submit to Audit Supervisor.
• Assisted with the development and testing of effective remediation plans for control deficiencies in addition to identifying areas for improvement and discuss findings and recommendations with the process owners.
• Worked with third party application vendors/ clients to ensure appropriate security standard and compliance with regulations. Ensured all vendor patches are applied and up to date.
• Engaged in ongoing communication with cross-functional partners to ensure company- wide understanding of IT goals, soliciting feedback and fostering cooperation.
• Engaged SAP POC during Pre- ERP audit, Access management and change management testing.
• Performed vulnerability management and appropriate patches installation.
• Ensure work papers and documented evidence are in accordance with professional auditing standards.
• Reviewed Security Logs to ensure compliance with policies and procedures and identified potential abnormalities.
• Conduct security risk Assessment on all new applications, IT Systems or changes to existing IT systems to verify if they satisfy established security baseline before adoption into Corporate Regional offices.
• Monitor security controls post authorization to ensure continuous compliance with the security requirements.

Confidential

COMPLIANCE AUDITOR

Responsibilities:

• Monitor security controls post authorization to ensure continuous compliance with the security requirements.
• Monitored security infrastructure for policy violations or security events and participates in problem management activities.
• Led several audits in the areas of change control, user access management, disaster recovery and business continuity, Data center security, Remote access, wireless and SAP.
• Implemented process improvements to SOX testing, resulting in efficiency in review time,desirable and reliable financial reporting.
• Worked with the Vendor Management Office and Head Strategic Sourcing & Vendor Management to formulate holistic strategy around key third parties
• Reviewed SDLC, manual and automated controls, and oversaw the implementation of corrective action plans while maintaining communication with all levels of management
• Met with process owners and other point of contact to remediate audit findings/exceptions and as follow up to ensure system and process security.
• Performed assessments of application controls and IT general controls such as access control, change management, operations, disaster recovery and job scheduling.
• Performed SSAE 16 SOC 1, 2, 3 type II report for the third-party vendors.
• Work with Network Administrators for effective implementations of adequate Firewall protection and Network segmentations in compliance with PCI-DSS.
• Supported the development, implementation, and monitoring of data confidentiality, system integrity, system reliability, recovery methods and procedures
• Coordinated daily 15mins meetings with the team to stay abreast of arising issues, pushbacks and impediments that may affect deliverables and test schedule and effectiveness.
• Led bi-weekly IT SOX status dashboards with my team so that we can all be on the same page and know the overall status of our work, key milestones and remediation breakdown.
• Performed ITGC Audit to include key controls like Access control (Logical and Physical access control), Change Management control and IT Operation control(job scheduling, backup and recovery), network and Asset mgt and Documentation.
• Conducted LDAP security controls assessment to prevent exposure of passwords for authentication and safeguard of sensitive information.
• Performed IT infrastructure control testing(Operating system,Database and Network devices-Active directory and Firewalls).

Confidential

IT AUDITOR

Responsibilities:

• Developed and maintained system security documentation in accordance with ISO and NIST guidelines.
• Performed internal and external IT risk assessments, conducted GAP analysis against the industry standards and providing recommendations on mitigation options.
• Adept in testing design and effectiveness of internal controls by completing walkthrough and test ofcontrol of simple and complex business processes, recommend solutions, agree on action plans withthe management and perform follow-ups. Actively participated in Improvement of the efficiency of the audit department by 10% through ensuring audit tasks are completedaccurately and within established timeframes saving the company 15% in quarterly auditing cost.
• Tracked the results of prior audits and facilitating appropriate corrective action.
• Performed risk assessments, including identification, evaluation and documentation of IT business risks and controls.
• Reviewed work papers and reports, documenting and analyzing the audit evidence.
• Reviewed the company business continuity plan to determine the business strategy, the risks and the impact of unexpected disruptions.
• Review and testing of segregation of duties (SOD) and accessing control in application to ensure compliance with SOX.
• Implementation and assessment of security and business process control in the application including segregation of duties, structural authorizations, access restrictions, role and profile assignments.
• Tested application controls, including both logical and physical access, controls to ensure the effectiveness of functionality, good reporting, and interfaces.
• Consistently met and exceeded deadlines and performance expectations as set forth by the management.
• Performed Active Directory control test by reviewing group policies,domain controllers and password policy.

Confidential

IT AUDITOR

Responsibilities:

• Developed and executed test procedures to ensure that controls are operating as intended and provide an objective, independent, risk-based evaluation of the adequacy and effectiveness of the company’s technology, operational and financial controls.
• Planned and executed IT-related audit engagements and risk assessments with a focus on strategic, operational and regulatory/compliance related risks.
• Assisted in planning activities, development of audit program, and execution of external audits and IT control assessments in the areas like IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, application controls, and regulatory/compliance requirements.
• Identified and communicated IT audit findings to clients. Conduct follow-ups to appraise adequacy of corrective action taken to improve deficiencies.
• Implemented assessment of security and business process control in the application including segregation of duties, structural authorizations, access restrictions, role and profile assignments.
• Prepared work paper documentation to support audit work with evidence of deficiencies in controls, duplication of effort, extravagance, fraud or lack of compliance with laws, government regulations and management’s policies and procedures.
• Managed audit committee communications,correspondence with legal counsel and regulators,and communication with C-suite executives.
• Held meetings with subject matter experts identified as contact persons for processes being audited.
• Interface with internal data center design teams, server hardware teams, environmental health and safety teams to promote standards that maintain consistency and reliability in services delivered.
• Create risk assessment and modeling approaches to solve cyber-security issues so that organizations can build security framework and sustain a healthy security posture.
• Analyzes external and internal security threats, failed systems development and system processes and explores their respective risk mitigation solutions through policies, best practices, operational procedures, and applicable regulations.