Audit Professional with financial services, insurance and diversified business experience including extensive expertise in information technology, risk management, and internal controls as well as a Big 4 Accounting background (Deloitte & Touche). Managed large projects including planning and budgeting as well as improving operational efficiencies through reengineering business processes, employing best practices, and implementing new information technology strategies. Responsible for a diverse, multi-site team to provide independent and objective assurance on the effectiveness of IT risks and controls as well as ensuring operational excellence and stakeholder perception. Broad exposure across company businesses and related technology and system infrastructures, tasked with developing industry standards for Audits integrating concepts from IT, financial, SOX and emerging technologies and regulatory frameworks to ensure a sound risk control environment across the corporation.
Operating Systems, Databases, Network, Web Technology)
SOX IT & Business Processes (Narratives & Risk and Control Matrices)
Continuous Auditing of the Mainframe & Distributed Platform Operating Systems and Databases
Independent Contractor January 2013 to CurrentBank of America － New York, NY
One of the world's largest financial institutions providing a full range of banking, investing, asset management and other financial and risk management products and services Managed and directed streamlined IT risk and control assessments across all lines of business for identifying issues and improvements to be implemented including effectiveness of risk mitigation controls.
Provided reporting for senior level management for managing and monitoring the corporate wide IT risk and control assessments (9 key risk & control categories / 77 control questions) including identifying potential audit issues requiring risk acceptance / risk mitigation and follow-up of past due assessments.
MARKUS, CISA Page 2 Key stakeholder in the eTrading controls review including evaluating existence of controls, high level design and control response, existing control testing maturity and conducting some level of independent testing to assess confidence in current implementation.
Responsible for bi-weekly management reporting and monitoring of internal audit issues to final completion, including validating final milestones and action plans.
January 1996 to January 2013CohnReznick － Roseland, New Jersey
IT Audit Practice Big 10 Accounting Firm provides services aligned in three major segments: Accounting and Assurance, Tax, and Business Advisory.
Performed attestation of SOC 1 Type 2 reports based on assertion by independent auditors testing of management's control objectives across diverse businesses and technical environments (e.g., security custody and wealth management, payroll processing, employee benefit plans) to determine the integrity and reliability of testing.
Performed/Assisted with audit fieldwork for ITGC reviews (security, change management, computer operations) to evaluate the effectiveness of client's operational information technology related financial processes and internal control infrastructure in accordance with audit standards and frameworks (e.g., COSO, AU-315), regulatory compliance, etc.
by applying broad technical knowledge and sound business judgment to execute IT audits.
Utilized decision support tool which provided a risk based approach to selecting audit clients for IT assessments based on IT complexity that included high risk scoring factors (e.g., reliance on controls at less than maximum, e-commerce, EDI, client hosted web server, and security).
Vice President January 2011 to January 2013QBE North America － New York, NY
QBE North America is part of QBE Insurance Group Limited, one of the top 25 insurers and reinsurers worldwide.
Managed and directed the IT Audit function by development of a comprehensive audit readiness approach and pre-audit processes to ensure team preparation for upcoming audits, compliance with audit and regulatory requirements and an effective communication plan with IT and the business leaders.
Managed and directed the execution of information technology audits within various computing environments including operating systems, databases, networks, web security, etc., as well as pre-implementation reviews which included major application development activities within the property and casualty insurance business (policy administration, claims, data warehouse), information technology general control reviews of change management, security, and operations, and regulatory compliance (e.g., MAR, HIPAA, PCI-DSS) and governance frameworks.
Built and maintained strong and effective relationships across the organization with Risk Management, Information Technology team, and senior management by aligning goals and objectives and inform them of potential risks by establishing communication, governance and reporting protocols to report on open audit issues and recommend strategies for resolution in a timely and effective manner.
Managed budgeted resources for my team by anticipating expenditures, accurately forecasting resource needs/costs and properly accounting for expenses to meet requirements and achieve fiscal responsibility.
Assistant Vice President and Corporate Officer January 1996 to January 2011AXA EQUITABLE, INC － New York, NY
AXA Equitable is a subsidiary of AXA Financial, which is a member of AXA.
AXA ranks as one of the world's largest global insurance and wealth management organizations.
Managed and directed staff auditors with performing a broad range of comprehensive information system audits and management advisory services within various computing environments, including reviews of general IT controls, technical audits of the mainframe and distributed platform operating systems and databases using state of the art audit tools and techniques, as well as reviews of legacy and vendor business systems, third party administrators, company subsidiaries, networks and telecommunications, and web based technology and E-Business.
MARKUS, CISA Page 3 Managed and directed audit staff throughout major pre-implementation reviews, which included value added audit and control advisory services as a key project stakeholder and team lead for business critical new systems, data center transformation, and infrastructure projects that required analyzing and reviewing current and proposed business and IT processes, as well as project management controls, functional and control design readiness, and future state control environment.
Key project stakeholder and audit team lead for ten staff auditors with the implementation of all phases of the corporate and subsidiary implementation of the ERP / SAP financial modules to support accounting/general ledger, treasury, investments, product profitability, expense management, planning and forecasting (total project cost $32 million).
Subsequently, participated in an enterprise-wide financial reporting re-engineering initiative to accelerate the closing process, reduce cycle time and decrease manual journal entries.
Project team management for MONY's Sarbanes Oxley Compliance implementation (Section 404, & 302) of all IT processes and in-scope business applications.
Performed scoping of company-wide key controls, and designed an innovative SOX strategy for IT testing to ensure compliance with regulatory requirements (PCAOB).
Managed, conducted, and facilitated an enterprise-wide risk and control self assessment to ensure all critical risks and controls are appropriately identified, assessed, mitigated and monitored to provide management and the Audit Committee with assurance that effective controls are in place and functioning throughout the organization.
Implemented advanced automated tools to increase the efficiency and effectiveness of audits, including platform specific operating system assessments, network vulnerability assessments and computer based testing of data for continuous auditing purposes, cost reduction and improving controls.
Participated on task forces and performed special projects for senior and executive management to address corporate initiatives and strategic planning, industry standards and best practices, regulatory requirements that affect operations, corporate and legal responsibilities and audit strategies.
Partnered with senior management with due diligence reviews of potential acquisition targets, providing opinions on possible IT exposures to the organization based on risk and control assessments and reviews of SSAE 16/SAS 70 internal control attestation service.
B.S : AccountingChubb Institute for Computer Technology Long Island University CW Post CollegeGPA: GPA: 3.4 Graduated Cum LaudeAccounting GPA: 3.4 Graduated Cum Laude
Member of the Information Systems Audit and Control Association (ISACA)
Member of the Institute of Internal Auditors (IIA)
Accounting, application development, approach, art, asset management, Auditing, banking, bi, Business Processes, business systems, change management, CICS, CISA, Cisco, closing, CA, computer operations, cost reduction, client, clients, data warehouse, Databases, Database, decision support, due diligence, e-commerce, E-Business, EDI, ERP, executive management, senior management, Financials, Financial, financial reporting, firewalls, forecasting, functional, general ledger, DB2, IMS, Information Technology, Insurance, internal audit, Web Technology, investments, JD EDWARDS, LDAP, team lead, legal, regulatory compliance, LINUX, Mainframe, Managing, management reporting, Access, Excel, Office, PowerPoint, Windows, Word, Enterprise, Network, networks, Operating Systems, OS, operating system, Oracle, OS390, OS/400, payroll processing, PCI, PeopleSoft, processes, project management, protocols, RACF, re-engineering, reporting, Risk Management, routers, SAP, Sarbanes Oxley, SAS, Scanner, sound, SQL, strategy, strategic planning, switches, Symantec, Tax, TCP/IP, team management, telecommunications, Telecommunication, treasury, Type 2, UNIX, Utilities, VPN, wealth management, web server