Stephen W. Parker - CISA, CRISC

*** *********** ***** *: 256-***-****

Madison, Alabama 35758 C: 256-***-****

acwsdd@r.postjobfree.com

IT AUDITOR / CONSULTANT

Produce and execute detailed IT audit plans, and deliver results and recommendations to senior management. Develop and execute IT audit and security assessment reviews to ensure compliance with internal policies and procedures, government requirements, and industry best practices.

Expertise includes:

IT audit ITIL, CobiT & ISO standards Security, Compliance & Controls training and education Risk Management SOX and IT regulatory compliance Vulnerability & assessment scanning tools

PROFESSIONAL EXPERIENCE

UBS (Union Bank of Switzerland) 1/2016 – 4/2016

Associate Director, IT Risk Management

Identify and analyze IT risks, and provide guidance to process owners for mitigating and managing the risks. Develop, track, and communicate action plans to senior management, and provide assistance toward issue closure.

Rezult

IT Consultant with Surgical Care Affiliates 8/2015 – 11/2015

Conduct Sarbanes Oxley (SOX) Information Controls testing across diverse IT environment, communicated results to senior management, and provide guidance for implementing appropriate corrective and beneficial IT controls and security solutions to ensure SOX compliance.

VACO

IT Consultant with Mapco and Delek 9/2014 – 1//2015

Conducted SOX Information Controls testing across diverse IT environment, communicated results to senior management, and provide guidance for implementing appropriate corrective and beneficial IT controls and security solutions to ensure SOX compliance.

Carrier Corporation –Home office – Madison, AL 2004 - 2014

Mgr. IT Business Consultant

Implemented a value-added IT security and controls culture within Carrier by auditing the IT environment and infrastructure, identifying security weaknesses and controls gaps, and introducing constructive and effective solutions. Delivered on-going IT security, controls, governance, and compliance consultation, training and awareness.

Conducted on-site IT audits and risk assessments at Carrier sites throughout global regions (North America, Asia, Europe, Middle East, and Africa).

Developed and conducted IT security and controls, and compliance reviews

Produced management reports pinpointing identified issues and suggested recommendations to resolve problems

Developed risk mitigation plans and assist IT site managers to remedy identified control, compliance, and security weaknesses

Defined and documented metrics to measure solution implementation progress

Reported results and compliance progression to regional executives, CIOs

Institutionalized and managed successful global corporate-wide IT SOX compliance program.

Developed and executed SOX controls testing scripts

Developed and provided SOX training to global IT managers

Assisted site SOX controls testing and develop remediation plans to address any control weaknesses and issues, and follow-up with recommended implemented solutions

Maintained metrics to gauge progress addressing open issues closure

Provided regular status reports to executive management

Implemented company-wide IT risk management, governance, and compliance model.

Developed and delivered Web-based IT security and controls training presentations to global IT managers

Designed training templates to address and explain updated IT policies and changes within the IT security, controls, and compliance environment

Provided on-going consultation on an as-needed basis to address any outstanding IT security, controls, and compliance questions or concerns

Assisted UTC and Carrier IT Security organizations develop, document, and implement IT security policies, procedures, and standards.

Provided training throughout the Carrier IT global community

United Technologies Corporation (UTC) – Home office – Madison, AL 1999-2004

Senior Information Systems (IS) Auditor

Developed annual audit plans based on completed IT based risk assessments. Executed audit steps identifying control, security, and compliance weaknesses. Reported findings to executive IT management and worked jointly with IT owners to implement agreed upon beneficial solutions.

Managed IT UTC Division global audit projects.

Conducted IT general controls and security audits, Web-hosting reviews, Business Impact Analysis (BIA), Business Continuity and Disaster Recovery (DR) plans, throughout UTC business units.

Developed and presented IT related observations to business unit CIOs

Worked cooperatively with management to develop recommendations and action plans to resolve control and security weaknesses, and improve the efficiency and effectiveness of business processes

Performed SOX readiness reviews.

Executed pre- and post-implementation reviews of ERP (SAP, BaaN, J.D. Edwards) and E-commerce applications.

Supported ERP business case implementation projects.

Assisted with IT business unit strategy.

Assisted with annual IT audit budget development and execution.

Conducted company-wide IT risk assessments in concert with regional global-wide IT directors.

Allegheny Teledyne, Inc. – Huntsville. AL 1998-1999

Information Systems (IS) Auditor

Evaluated and reported the adequacy and effectiveness of internal controls within diverse IT environments.

Assessed compliance with Company policies and procedures, applicable laws and regulations, and consistency with management’s goals and objectives.

Provided assistance to clients by recommending, developing and implementing corrective action plans to remediate and resolve identified issues.

Assessed adequacy of IT controls and security, and achievement of organizational goals during ERP implementations.

Reported findings and developed and communicated recommendations to senior management.

Reviewed Y2K compliance and business contingency planning efforts and reported deficiencies to senior management.

Provided recommendations to Y2K IT project managers

Assisted operational and financial auditors retrieve and analyze data resident within information systems (tables and databases) utilizing ACL data analytical reporting tool, to evaluate the adequacy of data integrity and strength of internal controls.

Facilitated IT policy development and provided strategic direction regarding corporate information, server and PC protection (physical and logical access), virus protection, software license agreements, and internet and email usage.

CERTIFICATION & PROFESSIONAL MEMBERSHIPS

Certified Information Systems Auditor (CISA)

Certified in Risk and Information Systems Control (CRISC)

Information Systems Audit and Control Association (ISACA) North America and North Alabama chapter member

EDUCATION

B.S., Business Administration – Auburn University – Auburn, AL

Contact this candidate