Experienced Audit, GRC, IT Security & Project Management Professional

Mohammad Sharifullah CIA, CISA, CCSA, CGAP, PMP

** *********** ***; Scarborough ON., M1C 5B9 Canada

Tel: 416-***-**** (H), 647-***-**** (C); E-mail: ************@*****.***

EDUCATIONAL AND PROFESSIONAL QUALIFICATIONS

Master of Commerce in Accounting from University of Dhaka - University of Toronto evaluated as equivalent to a four-year Bachelor’s degree, specializing in Commerce and Accounting from a reputed Canadian University offering similar program

Certified Internal Auditor (CIA)

Certified Information Systems Auditor (CISA

Certification in Control Self-Assessment (CCSA)

Certified Government Auditing Professional (CGAP)

Project Management Professional (PMP)

Chartered Accountant (FCA) from the Institute of Chartered Accountants of Bangladesh

COBIT 5 Foundation Certified

Certified ISO 27001 Lead Auditor

PROFILE

Accomplished professional with progressive experience in the fields of IT/Operational Auditing, Governance, Compliance, Risk, Project Management, Accounting and Management Consulting in diversified environments including banking, insurance, utility, manufacturing, consulting (including big four public accounting firm) and government. Recognised facilitator and trainer in audit and project management related learning courses and training sessions. Actively involved in professional activities and served as a board member of Canadian Information Processing Society (CIPS) and ISACA Toronto Chapter for over five years while leading the continuing education and training portfolio. Recognized for values such as passion for learning, positive attitude, unquestionable integrity, teamwork, diligence and tenacity. Areas of expertise include:

Risk-based annual audit planning

Reviewing design and effectiveness of internal control

Building and updating internal audit function following IIA standards, guidelines and industry best practices

Developing audit charter, audit committee mandate and audit committee reports

Designing of audit communication process and templates covering audit plan, scope document, deficiency statement, completion memo and audit reports

Coordinate external audit and regulatory compliance reviews

In-depth knowledge on IT general control and application control review

Superb knowledge in governance, risk and compliance functions; good command on leading control frameworks including COSO, COBIT, ISO 27001, SOX, PMBOK and ITIL

Excellent network within audit, IT and project management communities

Expert knowledge on sampling and data analysis using data warehouse and CAATs

Security assessment, segregation of duties and user profile review

Expert knowledge in conducting and managing SOC reports

Design and implement controls relating to third-party risk management

Excellent knowledge in reviewing large-scale IT projects and programs

Leading and implementation of Governance, Risk and Compliance projects

PROFESSIONAL EXPERIENCE, RESPONSIBILITIES AND ACHIEVEMENTS

Independent Consultant – Security Compliance Project Sep’16 – Dec'17

TD Bank, Toronto

Worked as Project Manager/ Lead for the TD Wealth Diamond On-Boarding Project to on-board all extensive and major applications to the Diamond Platform (to remediate audit findings and comply with the regulatory requirements)

Worked with all the technology teams and business owners including major vendors to on-board over hundred applications

Developed detailed scope and deliverables through felicitation and research

Ensured that all on-boarded applications are in compliance with TD Access and Identity Management policies

Involved in research, data analysis and project status reporting using Microsoft Excel

Worked with all key stakeholders to confirm compliance with their requirements.

Worked on remediation and provided resolution to ensure complete compliance for each application

Country Compliance Lead - Cybersecurity GRC June’15 – Aug’16

Capgemini Canada Inc., Toronto

Worked with the Regional Security Officer in establishing and maintaining an independent security governance model, including the implementation and maintenance of a regional Information Security Management System (ISMS) and participation within the regional security forums

Managed the Information Risk Management (IT Audit) team and conducted several high-profile security audits for large clients

Communicated and ensured regional alignment with the Group’s strategy for the security critical practices

Ensured ISMS process alignment and compliance with the Group ISMS (ISO27001); applicable regulatory, statutory and industry requirements; and contractual obligations

Ensured regional security and regulatory risks are identified, captured, escalated (through governance), managed and reported

Served as the primary point of contact for security and regulatory audits including ISMS, Security, SOC, SOX testing, etc.

Identified interfaces with delivery processes and coordinated with process owners to assure process compliance and effectiveness

Performed monitoring of process owner updates / continual improvement in response to security audit findings and compliance issues

Provided sound advice to drive risk-based regulatory compliance decisions

Supported resolution of the compliance issues and risks with impacts on regional delivery and clients

Managed and led a group of multi-skill professionals including off-shore consultants

Resolved and remediated incident and issues related to security and governance matter for large client/ Projects

Independent Consultant – Governance & Audit Mar’13 – June ‘15

CIBC / KPMG, Toronto

Established independent consulting practice and provided services to a major bank and a big-four consulting firm on the following assignments:

CIBC - Worked on Outsourcing Governance Program (OGP) to build and implement processes and procedures on governance and management of critical business activities outsourced to 200 plus suppliers and vendors around the globe and comply with the regulatory requirements set by Office of the Superintendent of Financial Organization (OSFI) Bill 10.

KPMG - Worked with Information Risk Management team to support several assignments on SOC reporting, financial audit support on ITGC/ITAC and advisory assignments.

CIBC - Worked with the Technology Governance Risk and Control group to assist management in supporting IT SOX compliance testing of operational and financial controls. Major responsibilities included identifying the key controls, develop/review the design and assess operational effectiveness of the controls

Sr. Audit Manager, Projects Feb’12 – Feb’13

CIBC, Toronto

Worked as Auditor-in-charge for several large projects concurrently with the responsibility of managing and supervising project audit work and coordinating other audit groups including operations, technology, finance, data analytics, retail banking, etc.

Developed and reviewed audit scope and plan, executed and supervised audit testing, summarized and communicated findings, assisted management in developing effective remediation action plan and present summary report to the senior management.

Conducted peer review of audit working papers and conclusions Updated audit methodology and developed several templates for effectively summarize the audit working papers, performance and status reporting.

Demonstrated strong leadership within Internal Audit and excellent relationship with the clients, external auditors and project managers while performing the audits.

Acquired good understanding of the relevant policies, procedures and guidelines on governance, project management framework, business case, funding, new initiatives, SOX testing, legislative compliance and reporting

Senior Operations Auditor Sep’07 – Feb. ‘12

Workplace Safety & Insurance Board, Toronto

Supervised audit planning and execution, reviewed working papers, finalized audit report and executive summary, and presented the findings to senior management

Managed junior auditors and co-op students and successfully delivered several audits including Employer Classification (including summarizing and analyzing of processes), Actuarial Valuation of Benefit Liability, Executive Expense (Reporting to the Integrity Commission), etc.

Involved in research and data analysis using data warehouse, excel and ACL Performed several high profile management assignments including updating the ‘Audit Committee Charter’ and audit processes in line with the Institute of Internal Auditors (IIA) standards, guidelines and industry best practices

Worked as the champion in the implementation of control Self-Assessment (CSA) facilitation sessions as part of audit assignments

Represented internal audit in several initiatives and organizational changes

Senior Consultant - IT Audit Feb’05 – Sep’07

KPMG LLP, Toronto

Worked for the Information Risk Management (IT Audit) team and conducted several high profile audits and advisory assignments for multi-national and national corporations.

Reviewed IT general controls and key application controls in several integrated audit assignments to support Financial Statement audit and SOX certification for major banks, financial services, investment companies, retailers and technology service providers

Conducted AICPA SAS – 70 and CICA Section 5900/5970 reviews for several large clients

Conducted several security and access review assignments following ISO 27001

Completed several in-house knowledge tests and training courses on SAP, Oracle, Unix, SOX, IT General Control, SAS 70/ CICA Section 5970 and Advanced SAP Training in Atlanta, USA.

Led teams for most of the assignments, reviewed the work of the consultants and junior staff and assessed their performance

Senior Audit Specialist Mar’02- Feb’05

Aviva Canada Inc., Toronto

Reviewed several IT policies, standards, processes and procedures and provided advice on their adequacy/ potential areas of improvement

Completed a comprehensive review of a large program on implementation of Oracle Financials consisting six projects covering all significant phases and areas including project initiation and planning, project governance, reporting, outsourcing of application management services, conversion, testing, security, operational readiness and post-implementation review

Conducted several Quality Assurance Reviews of large and complex IT projects related to insurance, e-commerce, information security and regulatory compliance jointly with IBM QAR Teams and independently

Conducted several project benefit realization review including features and functionalities, controls and security, user satisfaction and system performance and reliability

Reviewed and brought significant improvement in IT Procurement, Vendor Management, Technical Security Standards, Assets Management and BCP/DRP

Involved in planning and execution of risk based audits related to the operations and information technology services

Worked as the Project Manager in the implementation of audit automation software suite ‘Auto Audit’

Supervised junior staff, reviewed their deliverables and prepared their periodic performance assessment

Participated in the selection process and interviewing the candidates for junior staff positions and contractors

Information Systems Auditor May’98–Mar’02

Workplace Safety & Insurance Board of Ontario, Toronto

Audited several systems under development covering all phases including project initiation, cost-benefit analysis, project scope, technical specifications, design documents, project plan, testing, reporting and post-implementation review

Worked with the Y2K project teams and provided continuous advice on project management, conversion, testing and business continuity plan

Participated in the implementation of COBIT and all the audit assignments have been conducted following the COBIT control model and guidelines

ADDITIONAL SKILLS

ERP – SAP, Oracle (working knowledge)

Computer Assisted Audit Technique - ACL on Windows

Audit / GRC Automation Software – Teammate, Resolver Risk, Resolver Net, Auto Audit, Risk Navigator, Issue Track, Workforce LE and Snap! Designer.

Excellent references may be provided upon request

Contact this candidate