A professional risk base IT Auditor with years of experience in conducting audit, risk assessment, ITGC controls, Internal and operational audits, Attestation engagement, and Audit readiness. Have IT audit projects such as compliance testing of Sarbanes-Oxley (SOX), Application Controls, IT Infrastructure, SDLC, Audit and Service organization Control (SOC) SAS 70 /SSAE 18 Reviews, for various clients across the industries.
IT Audit and Sarbanes Oxley Compliance (SOX 404), SSAE 18, HIPAA, PCI (DSS), ISO 27001, NIST 800-37, NIST 800-53 frameworks and standards, Assessment of Internal Controls, Cloud audit, Fraud Investigation and IT Incident Analysis, Risk Assessment & Management, Change
Management, Security Maintenance, Policies and Procedures.
-Performed audit with IT general controls such as, access control, change management, IT operations, disaster recovery and platform reviews (Windows and UNIX OS).
-Performed application controls assessment in retail banking and Insurance industry by checking authorization control, interface control, computation control and data validity check.
-Test over 250 in scope applications and tools in SOX audit.
- Performs internal and external IT risk assessments; conducted gap analysis against industry standards, and provided recommendations on mitigation options.
- Lead integrated audits for evaluating network related issues; identifies IT related risks assessments and updated various risk and controls files to ensure firm wide identified risks were adequately addressed by control activities.
-Perform root cause analysis with process owners to identify source of deficiencies
-Track audit ,review audit evidence documentation of 5 associates in team,
-Coordinate and lead remediation efforts for respective business units; develop action plans and monitor efforts for remediation.
-Evaluate segregation of duties over application security involving the company 's ERP systems (SAP, PeopleSoft, and Oracle Financials) and execute audit strategy-Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by the information Systems Audit Control Association (ISACA).
-Evaluation of SLA for cloud audit procedure and post migration evaluation for , SaaS-sales force,SAP/4 hana
-Provides IT risk assessments and SAS 70 /SSAE18 and has conducted review of data centers, extranet, telecommunications and intranets to access controls and ensure availability, accuracy and security under all conditions.
- Communicates with the company's external auditors on general computer control related matters and SOX test procedures.
-Information gathered is reviewed and analyzed extensively, and then compiled into a written summary report.
-Framework and policy & procedure projects:
-Maintain,review, improve existing policy and procedure , standards compliance to ensure it address company risk.
-Proactively identify risk, perform risk analysis-impact analysis,likelihood assessment.
-Categorize risk in terms of threat and treat accordingly base on tolerable, transfer or terminate,
-Provide and recommend agreed risk treatment with timeline for implementation.
-Interpreting and implementing framework controls, security policies and training associates.
-Prepared IT audit program to include access control, change management controls and application controls; and identify deficiencies in design and operating effectiveness of control and provide recommendation.
- Performed all stages of audit planning, fieldwork, executive, reporting and follow up.
- Conducted testing of Sarbanes-Oxley (SOX) and HIPAA Audit.
- Participated in team kick-off meetings and drew up audit plans
- Reviewed of IT General Controls (ITGC), and various applications, databases, operating systems and network devices
- Performed and document audit activities in accordance with professional standards such as COBIT, COSO and internal control frameworks. Knowledge of Control Objectives for information and related Technology (COBIT) framework developed by information Systems Audit Control Association (ISACA)
- Provided IT risk assessments and SAS 70 /SSAE18 and has conducted review of data centers, extranet, telecommunications and intranets to access controls and ensure
availability, accuracy and security under all conditions
- Communicated with company's external auditors on general computer control related matters and SOX test procedures
- Information gathered is reviewed and analyzed extensively and then compiled into a written summary report.
- Assisted in IT management in identifying gaps between policy and process, developing recommendations to remediate control weaknesses and be responsible for developing and
maintaining IT control metrics related to compliance activities.
- Conducted IT audit fieldwork and walkthrough of controls; perform detailed testing, analysis of controls, validations, and creation of clear and accurate documentation of workflows in IT process and report of test results and exceptions.
- Performed IT general controls and application controls reviews and monitor segregation of duties and other key management controls.
-Provide technical support to computer system, trouble shoot, check cable connection, anti malware, rebooting.
-Have in-depth experience performing audit with IT general controls (ITGC) such as access control, change management, IT operations, disaster recovery and platform
reviews (Windows and UNIX OS).
- Completed Sarbanes-Oxley Section 404 testing of critical systems and applications that financially impact company and communicate with Company's external auditors on general computer control related matters and SOX test procedures.
- Conducted risk assessments over areas of global information technology environment to highlight major technical risks and gaps over such environments.
- Performed Audits over application security involving Company's ERP systems and execute audit strategy.
- Performed SAS 70 (SSAE18) reviews for large clients in Manufacturing. Energy, Healthcare and Financial industry including conducted a root cause analysis of vulnerabilities and coordinates with appropriate stakeholders to remediate findings on IT audit engagements within schedule and budget
- Prepared audit scopes, reported findings and presented recommendations for improving data integrity and operations.
Evaluate Internal control system
- Recommend appropriate action to mitigate weaknesses
- Review Application of accounting standard, legislation compliance for five office branches financial reporting.
- Ensure compliance with internal control policies
- Advising on guidelines and proactively make recommendation to improve internal check and balance in transaction authorization.
- Performed periodic audit and spot checks
- Follow up on external auditors' recommendations.
- Investigate fraud cases.
- Support in generating liquidity risk evaluation report.
- Assessment and classification of branch loan stocks.
-Generate report to evaluate bank capital risk.
- Evaluates customer credit worthiness evaluation report.
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Many factors go into creating a strong resume. Here are a few tweaks that could improve the score of this resume:
Job Titles Held: