A professional IT Auditor with years of experience in conducting audit, risk assessment, ITGC controls, Internal and operational audits, Attestation engagement, and Audit readiness. Have IT audit projects such as compliance testing of Sarbanes-Oxley (SOX), Application Controls, IT Infrastructure, Audit and Service organization Control (SOC) SAS 70 /SSAE 18 Reviews, for various clients across the industries.
IT Audit and Sarbanes Oxley Compliance (SOX 404), SSAE 18, HIPAA, PCI (DSS), ISO 27001, NIST 800-37, NIST 800-53 frameworks and standards, Assessment of Internal Controls, Fraud Investigation and IT Incident Analysis, Risk Assessment & Management, Change
Management, Security Maintenance, Policies and Procedures.
-Performed audit with IT general controls such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS)
-Performed application controls assessment in retail banking and Insurance industry bychecking authorization control, interface control, computation control and data validity
- Performs internal and external IT risk assessments; conducted gap analysis against industry
standards, and provided recommendations on mitigation options
- Lead integrated audits for evaluating network related issues; identifies IT related risks
assessments and updated various risk and controls files to ensure firm wide identified risks were adequately addressed by control activities
-Evaluate segregation of duties over application security involving the company's ERP systems (SAP, PeopleSoft, and Oracle Financials) and execute audit strategy-Knowledge of Control Objectives for information and related Technology (COBIT)
framework developed by the information Systems Audit Control Association (ISACA)
-Provides IT risk assessments and SAS 70 /SSAE18 and has conducted review of data centers, extranets, telecommunications and intranets to access controls and ensure availability, accuracy and security under all conditions
- Communicates with the company's external auditors on general computer control related matters and SOX test procedures
-Information gathered is reviewed and analyzed extensively, and then compiled into a written summary report.
-Prepared IT audit program to include access control, change management controls and
application controls; and identify deficiencies in the design and operating effectiveness of control and provide recommendation.
- Performed all stages of audit planning, fieldwork, executive, reporting and follow up.
- Conducted testing of Sarbanes-Oxley (SOX) and HIPAA Audit.
- Participated in team kick-off meetings and drew up audit plans
- Reviewed of IT General Controls (ITGC) and various applications, databases, operating systems and network devices
- Performed and document audit activities in accordance with professional standards such as COBIT, COSO and internal control frameworks. Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by the information Systems Audit Control Association (ISACA)
- Provided IT risk assessments and SAS 70 /SSAE18 and has conducted review of data centers, extranets, telecommunications and intranets to access controls and ensure
availability, accuracy and security under all conditions
- Communicated with the company's external auditors on general computer control related matters and SOX test procedures
- Information gathered is reviewed and analyzed extensively and then compiled into a written summary report.
- Assisted in IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and be responsible for developing and
maintaining IT control metrics related to compliance activities.
- Conducted IT audit fieldwork and walkthrough of controls; perform detailed testing,analysis of controls, validations, and creation of clear and accurate documentation of workflows in IT process and report of test results and exceptions.
- Performed IT general controls and application controls reviews and monitor segregation of duties and other key management controls.
-Have in-depth experience performing audit with IT general controls (ITGC) such as access control, change management, IT operations, disaster recovery and platform
reviews (Windows and UNIX OS).
- Completed Sarbanes-Oxley Section 404 testing of critical systems and applications that financially impact the company and communicate with the Company's external auditors on general computer control related matters and SOX test procedures.
- Conducted risk assessments over areas of the global information technology environment to highlight major technical risks and gaps over such environments
- Performed Audits over application security involving the Company's ERP systems and execute an audit strategy.
- Performed SAS 70 (SSAE18) reviews for large clients in the Manufacturing,Energy, Healthcare and Financial industry including
Conducted root cause analysis of vulnerabilities and coordinates with appropriate stakeholders to remediate findings on IT audit engagements within schedule and budget
- Prepared audit scopes, reported findings and presented recommendations for improving
data integrity and operations.
Evaluate the Internal control system
- Recommend appropriate action to mitigate weaknesses
- Review Application of accounting standard, legislation to record keeping and financial
- Ensure compliance with internal control policies
- Advising on guidelines and proactively make recommendation to improve internal check and
balance in transaction authorization.
- Performed out periodic audit and spot checks
- Follow up on external auditors' recommendations
- Investigate fraud cases.
- Support in generating liquidity risk evaluation report
- Assessment and classification of branch loan stocks
- Generate report to evaluate bank capital risk
- Generates customer credit worthiness evaluation report
Prospective License: Series 7 & 63
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Job Titles Held: