Management Manager
Resume:
Summary:
Certified Information Systems Auditor with experience in performing IT reviews relating to controls with respect to ITGC, Application Controls, Infrastructure, Security Management, Pre/Post Implementation and Compliance reviews pertaining to SOX, KYC, GLBA, PCI-DSS, HIPA/HITRUST, SAS70/SSAE-16 preparedness. Applied risk assessment methodology based on principles of COSO, COBIT, ITIL and ISO27001 frameworks to identify, assess, evaluate, control and monitor risks within client organization. Prioritized issues based on their significance and impact, and collaborated with business partners to develop practical and cost-effective recommendations. Leveraged Data Analytical techniques (ACL) to enhance risk assessments, report on transaction patterns, and determine completeness of data transmissions.
Family Leave November 2015 – April 2016
Mitchell & Titus – New York, NY – Risk Advisory Consultant July 2015 – October 2015
Client: Bank
Assessed the adequacy, design effectiveness and operating effectiveness of application controls in place in the capture, transfer, validation, and processing of data to generate KYC metric reports.
Reviewed change management, logical and interface controls to ensure that confidentiality, integrity and availability of data were protected while at rest, transit and processed.
Experis, New York, NY – Risk Advisory Service Professional December 2014 – June 2015
Client – Bank, Brokerage
Manage IT SOX Program with focus on the documentation of process flows, identification of key and remediation controls, design of tests to validate the design and effectiveness of controls, and IT SOX reporting.
Performed Infrastructure audits of UNIX, Windows and Tandem Operating System focusing on configuration, security, change controls and performance.
Worked closely with application developers and other internal clients to ensure applications under core portfolios of the client are meeting regulatory requirements and ensuring compliance
Tracked risk remediation results to ensure control deficiencies are effectively addressed and regularly monitored for compliance.
.
Pitney Bowes, Stamford, CT – Senior Auditor May 2013 – November 2014
Prepared, planned, and executed IT audits and internal reviews of ITGC, applications and infrastructure to identify vulnerability and weaknesses in controls.
Utilized COSO, COBIT, ITIL and ISO27001 frameworks to create detailed risk assessments to determine the auditable entities and the scope of the review.
Evaluated Design effectiveness and Operating effectiveness of controls in place to protect the Confidentiality, Integrity and Availability of information.
Reviewed Access controls to firms network, applications, databases, physical locations to validate entitlements granted was commensurate to job roles and responsibly.
Reviewed Secure Works penetration testing reports and compared it to Common Vulnerability Scoring System to determine the criticality and validate the remediation strategy
Presented detailed reports of audit findings to senior IT management, recommended control improvements and tracked the corrective action taken by management. Performed regulatory and compliance audits for International Post offices and prepare SSAE16 reports.
Performed Data Analytics by designing and coding ACL script to reconcile data from transaction feeds to determine completeness of data transmissions.
Experis, New York, NY – Risk Advisory Service Professional October 2012 – March 2013
Client – Bank
Guided the audit department in assessing and documenting various applications within the Bank using application portfolio management guidelines (SOX, Payment systems, GLBA and other regulations).
Reviewed and updated audit programs used for application controls of critical applications to ensure consistency with FFIEC guidance, Bank policies and GLBA requirements.
Accume Partners, Moorestown, NJ - IT Audit Manager July 2004 - July 2012
Clients – Banks, Brokerage, Insurance and Utilities
Provided consultative/advisory service to management and Bank departments by assisting in the development of procedures for departments.
Applied Institute of Internal Auditors (IIA) professional standards and best practices in the performance of the audit function Aligning the audit process to be consistent with the banking regulations and requirements of the FFIEC and other relevant regulatory bodies,
Guided clients in assessing Sarbanes-Oxley IT controls; prepared process narratives identifying controls; identified the key controls and devised test plans to determine if controls are working effectively and being documented appropriately; identified and tracked the status of deficiencies noted; and interacted with external auditors to discuss the sample selection, and the adequacy of controls developed by management.
Performed application systems audits of Banking, HR, Insurance Claims, Accounting, Wired Funds and Brokerage systems to assess the controls surrounding the administration, access controls, input processing, output processing, operations, user support, disaster recovery, and vendor management.
Assessed the process to locate and catalogue sensitive information stored throughout the enterprise; and reviewed the security of data in use, at rest and in transit. Reviewed the strategies implemented to prevent leakage of sensitive information, both internally and externally.
Presented detailed reports of audit findings to senior IT management, recommended control improvements and tracked the corrective action taken by management.
Worked in a team environment to manage, supervise, guide and review the audit work of junior auditors to provide quality deliverables.
Maintained the necessary technical proficiency through membership and participation in professional audit and security related societies, as well as attending related seminars and training courses.
Additional Employment:
RAS Professional - Jefferson Wells, NY, New York October 2003 – March 2004
Auditor/Programmer - Prudential Financial, NY, New York May 1991 - June 2003
Programmer - Manufacturers Hanover Trust, NY, New York May 1989 - April 1991
Programmer - Advanced InfoStructures, NY, New York October 1985 - April 1989
Personal Profile:
PC Applications: Microsoft Office Suite, Visio, ACL, Oracle 11i, Lotus Notes.
Security Packages: Solarwinds, Symantec Endpoint Protection, Network Security Manager, ADAuditPlus,
Bind View, Safe and Secure, MBSA, Nexpose, RACF, ACF2, Top Secret
Education: Bachelor of Arts, Computer Science, Queens College, New York
Certification: CISA, CRISC
Contact this candidate