Management Consultant, IT Auditor, IT Compliance Consultant.
Resume:
Mathew Eapen Ridgewood NJ
Highlights
Highly organized and innovative IT auditor / Risk Analyst. Self-starter with the ability to adapt quickly in areas of limited prior experience. Problem solving skill and experience working in complex, global IT and business environments. Strong ability to influence others and mentor junior staff members. Interact effectively with all levels of management. Consistently exceed expectations of management and client.
Areas of Audit Experience
Pre-Post Implementation
Application Level Controls
IT General Controls
Project Management
Risk Assessment Modeling
Vendor Management
Vendor Selection
SAS70/SSAE16/SOC
Regulatory Reviews.
Issue Assurance
Risk mitigation
User Provisioning/ Access Controls
Role Based Entitlements
Payment Processing
Privacy
Data Loss Prevention(DLP)
PCI Compliance
GLBA
Investment Banking
Wealth Management
SOX Section 404
Change Management
Business Continuity Planning
Record Management.
Root Cause Analysis
White Board Presentation
Process/ Design Analysis
Computer Skill
Word, Excel, PowerPoint, Access, Outlook, Visio, MS Project.
Education & Certification
BBA-Temple University
CISA
Information systems audit courses at NYU
Courses at Learning Tree Int’l: Introduction to Windows 2000
Administration, Internet/ Intranet Security, TCP/ IP and Web Security
Euro Money Training: FX, Swaps, Energy Trading.
Volunteer:
Mentor (technology and Finance) at the Junior Achievement of NJ.
Contact
**********@*****.***
Professional Experience
KPMG [Feb 2016- Present]
Senior IT Compliance Consultant
Managed the 2016/2017 annual SOC review for KPMG from Project Management to planning to the final issuance of the report.
Conduct walkthrough of business & IT processes, identify areas for improvement, and created documentation in the form of narratives, procedure documents, process documents & flow charts.
Completed an end to end risk assessment to test the design & operating effectiveness of Entity Level Controls & IT General Controls.
Document narratives and develop testing methodology for new process. Test security controls against authoritative standards like NIST, COBIT & ISO 27001.
Collaborate with Business Partners, IT Management, External Auditors and Department Heads on acquiring certification for SOC1/SOC2 & SAFE HARBOR.
Conduct Global Privacy and Global Risk Assessment reviews to ensure protection of personally identifiable information and compliance with statutory requirements of multiple global jurisdictions.
Incorporate the use of the eGRC Archer Platform for tracking of policy, compliance, remediation tracking & risk management objectives.
Manage the issue assurance processes to track and validate that key risk issues facing the firm from all sources (internal audit, regulatory, management identified) are holistically and sustainably addressed.
Ridge Consulting Group [Sept 2012 to Jan 2016]
Manager IT Auditor/ Risk Management Office
Audit Clients: [Bloomberg LLP; Promontory Financial Group; FundTech; Orbcomm; Metlife]
Managed and reviewed the IT applications and infrastructure audits for design and operating effectiveness in accordance with FFIEC, COBIT, ISO, NIST, GLBA, and internal policy/standards.:
Areas covered: Role Based Access, IT operations, IT Security, Governance, Change Management, Patch Management, Systems Interface, Vendor Management, Privacy and Data Leakage Program.
Evaluated data security strategy, policies and protection requirements as it relates to Personally Identifiable Information (PII) and application for a back-office loan processing system.
Prepared and presented (oral and written) regulatory filings, project plans, compliance reporting, and consent order remediation plans to client’s senior management, leadership teams, and to the Audit/ Risk Committees.
Partnered with client in the design, development and implementation of in-house real-time Issues Tracking system that streamlined the collection, reporting and resolution of audit findings.
Assisted a medium sized financial institution to address FDIC, SEC and OCC enquires by designing controls, testing/tracking, and presenting weekly status reports of the remediation plans. Lead a team of senior advisors to create an Internal Audit function. Developed risk register, audit charter, policies/ procedure, and standards. Interviewed potential candidates and mentored junior staff members once on-boarded.
Responsible for the development and execution of the technology risk assessments.
Managed the 3rd party risk assessments and remediation plans.
Managed and performed the SOX404; SSAE16 SOC1/SOC2 reviews.
Maintained Governance, Risk and Compliance [GRC] platform (Matric Stream) to update risk profiles, document audit work papers, extract vendor profiles/ contracts/ performance metrics, tracking and reporting.
Risk Management Clients: [Hudson City Savings Bank, M&T Bank, Robert Half, Protiviti]
Developed/ updated the Business Impact Analysis, Risk Assessment Models, Business Continuity plans, Crisis Management Team Policy.
Assisted in BCP testing and maintenance of the Emergency Notification system.
Documented BCP plans and Operational Risks using the GRC platform (Matric Stream).
Collaborated with a bank’s data privacy office and provided guidance application security and governance matters.
Identified and documented control risk, residual risk, and transfer risk.
Assisted in data security monitoring and reporting (Varonis Data Advantage).
Evaluated the Security Behavior Management tool set (Phishme.com) and assisted in implementation.
Documented systems and control flowcharts for presentation to management.
Extensive use of MS Project (Project Management), Word and Excel for data analysis.
UBS [Nov 2005 - Aug 2012]
Manager IT Auditor
Performed risk based business/ IT audits for the Investment Bank and Wealth Management Groups. These audits included review of: Front-to-back application design, system processes, role-based entitlements, data security, and interface controls. Additional reviews included Pre/ Post-Implementation reviews, Privacy, Data Leakage, Change Management, and Systems End of life evaluation, compliance with the Graham Leach Bliley act (GLBA), SOX, SSAE16, IT Risk Management, and IT Health Checks.
Co-Managed and performed various Global and US business/ operational reviews. These business reviews included Convertibles Bonds, Block/ Program Trading, Options, Prime Brokerage, Equity Arbitrage, Fixed Income, MBS, Anti-Money Laundering (AML), Alternative Real Estate Investment Funds, OTC, Client Reporting, Foreign Exchange, Credit Card, and the Money Market.
Developed and trained audit staff on risk management/ identification for a lunch and learn series.
As part of the audit work designed extensive flows, white-board presentation, Risk Control Matrix, root cause analysis, and weekly status reporting.
Business management had incorporated these tools in documenting the Business Continuity Plans and process documentation.
Coordinated and managed FINRA and other on-site regulatory examinations.
BNP Paribas [Nov 2003- Nov 2005]
Project Management Office
Managed the project teams during the application conversion.
Recruited project staff and consultants.
Developed and maintained detailed project plans.
Worked closely with partners in India and the US on business requirements, design, and project budgets.
Managed project deliverables in line with project plan and reported status to senior project leaders. Monitoring project progress and performance.
Designed and managed the system/process to record issues and to escalate them to responsible parties for tracking and resolution.
Closely monitored project spending as well as Program spending to insure delivery within approved funding.
Assisted in the User Acceptance Testing phases of the project.
Deutsche Bank [Sept 1997- Nov 2003]
Contact this candidate