Description
SUMMARY OF QUALIFICATIONS * Extensive experience in evaluating Sarbanes-Oxley (SOX) information technology system controls in Section 404, documenting test results and issues arising through testing, and ensuring that all conclusions reached are fully supported i.e. clear, concise, and accurate. * Managed third party security risk by performing vendor security risk assessments. * Worked with outside consultants and auditors as appropriate and closely with cross-functional teams to ensure supporting data is readily available to/from relevant business units and external parties. * Familiar with and reviewed company Information Security Standards. * Assisted company's business units in preparation for ISO27001 certification. * Ability to gauge the degree of compliance of systems in operation to ISO 27001 standards. * Served as the designated Management Representative and liaison to 3rd party auditors. * Assisted in the development of ISO27001 Information security policies and training program. * Performed controls design assessments of IT Systems Implementations (example: SDLC or Project Controls conclude on adequacy, completeness and risk focus. * Prepared and executed the SSAE16 and SOC2 Control Tests of third party IT providers, as well as for ADP. * Prepared audit reports and work papers regarding findings and recommendations for policy, procedures, and internal controls improvements. * Partnered with all levels of IT management SOX PMO and Internal and External Audit or ensure that SOX SDLC / SSAE 16 testing is conducted in a cooperative, timely and efficient manner. * Experienced in auditing diversified business information technology environments domestically and internationally for compliance with information technology controls, by conducting various type technical IT infrastructure reviews including general information technology controls reviews, detailed information security reviews, operating system reviews, network security, database, change management, and disaster recovery reviews. * Hands-on experience reviewing all stages of system development projects, including requirements definition, design, architecture, testing, and support. * Excellent verbal and written communication skills in conducting opening and closing meetings with senior management, able to build relationships with all levels of management and staff. * Open to and have extensive travel experience both domestically and international in auditing. certifications * Certified Information Systems Auditor (CISA) * Certified Internal Controls Auditor (CICA) Platform experience
Accomplishments
Highlights:
Keywords
