Operating Systems: Windows, LINUX, UNIX, Windows, Databases(MYSQL, DB2,Oracle SQL), Network Devices(Firewalls, Routers etc.)
ERP Applications: Oracle Financials, SAP, PeopleSoft
Tools: MS Office Suite, Visio, Auto Audit, Teammate.
Regulations: SOX, GLBA, PCI-DSS,FFIEC,GAAS
Framework: COBIT, COSO, NIST, ISO.
Execute multiple IT audit projects utilizing COSO and COBIT, NIST, ISO frameworks, perform SOX compliance audit, ITGCs and IT application controls audit, Configuration Database audit, PCI DSS, Audit Readiness, infrastructure audits (Middleware, Databases, Server, Networks and O/S), SOC 1, 2 & 3, SSAE 18, SOC 1 Type 2 Review and Knowledge HIPAA Audit
Performed end-to-end audits, document audit outcomes, per the Institute of Internal Audit (IIA) Standards for the Professional Practice of Internal Auditing, and the Information Systems Audit and Control Association (ISACA) and commonly accepted auditing standards and best practices alike.
Executed SOX and PCI compliance testing for annual compliance to regulatory requirements.
Performed ITGCs, IT Application (ITACs) testing for design appropriateness and operating effectiveness of controls.
Served as the Auditor-in-charge (AIC) and lead complex audits of infrastructures and in house applications
Performed special projects, critical process reviews, administrative activities and special investigations as necessary.
Performed operational, security, financial and compliance IT audits in accordance with COSO and COBIT internal control framework.
Participated in end to end process of all audit phases including planning, kick-off meetings, walkthroughs, documentation and ultimately determine the effectiveness of control environment.
Reviewed internal controls throughout the company by evaluating the design appropriateness and operating effectiveness of controls and recommends relevant modifications.
Participated in disaster recovery procedures across Window Servers 2012, 2014, Mainframe, UNIX, Linux/CentOS, Oracle, MySQL, SQL Server and other infrastructures.
Identified key risks in the risk assessments related to Operations, Procurement, Revenue, Budgeted, and IT processes.
Performed ERP system (PeopleSoft and Oracle Financials) audit, SAP, SOX testing utilizing COBIT and COSO framework, conducted Cybersecurity assessment/audit.
Conducted information systems audits which included ITGC testing, application controls testing, IT infrastructure audit (operating system, network device, databases) and disaster recovery in accordance with best practices.
Executed application security reviews for compliance with business stipulated procedures and segregation of duties.
Documented audit findings and develop effective workable recommendations for business/process owners to mitigate identified risks.
Review of company's IT policies, standards and procedures; provide advice on their adequacy, accuracy, modification and compliance with government guidelines and regulatory requirements
Perform SOX Compliance audit, IT infrastructure audit –Operating System, Servers, networks, Database and critical Applications audit.
Review semi-annual access review, assist with IT internal controls risk assessment and walkthroughs.
Perform cyber security audit, testing preventive, corrective, detective and compensating controls to secure organization assets.
Perform Access Management on Sail Point, Change Management, SDLC, Business Continuity / Disaster Recovery, and Application level controls testing.
Evaluate information systems audit projects, including ITGCs testing and IT Application Controls testing, Infrastructure controls -UNIX, information security review in accordance with department and professional standards.
Perform audit interviews with relevant stakeholders to identify inherent risks and control objectives.
Evaluate IT operational processes, standards, controls and procedures, utilizing current and new technologies to improve business performance and technology controls
Performed continuous monitoring by assessing tools during onsite visits to validate the security questionnaires filled out by the vendors to ensure protection of data at the vendor sites.
Conducted on-site risk assessments based on agreed upon procedures guidelines.
Reviewed key vendor-provided documentation such as SSAE 18 Type-II report.
Reviewed information security service level agreements(SLA)
Assessed technological risks in procurement processes.
Reviewed the access control managements on the vendor site.
Assessed areas such as business continuity and disaster recovery, PCI, physical security, system development, operation, access control, incident management, insider threat, security policy
Escalated issues of 3rd party vendor's non-compliance to the vendor risk management office (VMO).
Planned and executed onsite security/risk assessments for third party vendors.
Performed Data lost prevention analysis of our data at the vendor site.
Validated all controls at the vendor site to ensure there is confidentiality of our data in their custody.
Review all the security policy documentation.
Working with the vendors to ensure risk discovered are remediated within reasonable time.
Performed IT Infrastructure Audit to test default account, vendor update & patches, password setting and unnecessary services running over the applications.
Performed IT general controls testing for Sarbanes-Oxley (SOX) 404 compliance, and Service Organization Control (SOC) reports /SSAE18 (formerly SAS 70).
CISA – Certified Information Systems Auditor.
MCASA – Microsoft Certified Azure Solutions Expert
SMAC – Scrum Master's Accredited Certification
SC4MD – Scrum Certification for Mobile App Developer
CCNA - Cisco Certified Network Associate (CCNA 3.0)
MCP - Installing, Configuring and Administering Microsoft® Windows® 2000 Server
Resumes, and other information uploaded or provided by the user, are considered User Content governed by our Terms & Conditions. As such, it is not owned by us, and it is the user who retains ownership over such content.
Companies Worked For:
Job Titles Held: