Information Technology Security
Resume:
LAFAYETTE HATCHER, CISA, CICA
******@***.*** 856-***-****
A Certified Information Systems Auditor (CISA) and Certified Internal Controls Auditor (CICA) with extensive expertise in performing various type system reviews such as ISO27001, project management, system development, and IT SOX compliance within diversified Information Technology environments both domestically and internationally.
CORE COMPETENCIES
IT Infrastructure Reviews
COBIT and COSO
System Development
Operating System Security, such as Oracle and SAP
SOX Review
Risk Assessment Analysis
Reviewing Information Security Standards
Project Management
Review Pre and Post-Implementation controls in ERP Systems
Sarbanes-Oxley (SOX)
ISO27001 Policies Reviews
Data Center Operations Reviews
Disaster Recovery Planning
SOC 2 and SSAE16 Testing
SUMMARY OF QUALIFICATIONS
Extensive experience in evaluating Sarbanes-Oxley (SOX) information technology system controls in Section 404, documenting test results and issues arising through testing, and ensuring that all conclusions reached are fully supported i.e. clear, concise, and accurate.
Managed third party security risk by performing vendor security risk assessments.
Worked with outside consultants and auditors as appropriate and closely with cross-functional teams to ensure supporting data is readily available to/from relevant business units and external parties.
Familiar with and reviewed company Information Security Standards.
Assisted company’s business units in preparation for ISO27001 certification.
Ability to gauge the degree of compliance of systems in operation to ISO 27001 standards.
Served as the designated Management Representative and liaison to 3rd party auditors.
Assisted in the development of ISO27001 Information security policies and training program.
Performed controls design assessments of IT Systems Implementations (example: SDLC or Project Controls; conclude on adequacy, completeness and risk focus.
Prepared and executed the SSAE16 and SOC2 Control Tests of third party IT providers, as well as for ADP.
Prepared audit reports and work papers regarding findings and recommendations for policy, procedures, and internal controls improvements.
Partnered with all levels of IT management SOX PMO and Internal and External Audit or ensure that SOX SDLC / SSAE 16 testing is conducted in a cooperative, timely and efficient manner.
Experienced in auditing diversified business information technology environments domestically and internationally for compliance with information technology controls, by conducting various type technical IT infrastructure reviews including general information technology controls reviews, detailed information security reviews, operating system reviews, network security, database, change management, and disaster recovery reviews.
Hands-on experience reviewing all stages of system development projects, including requirements definition, design, architecture, testing, and support.
Excellent verbal and written communication skills in conducting opening and closing meetings with senior management, able to build relationships with all levels of management and staff.
Open to and have extensive travel experience both domestically and international in auditing.
CERTIFICATIONS
Certified Information Systems Auditor (CISA)
Certified Internal Controls Auditor (CICA)
PLATFORM EXPERIENCE
Operating Systems: SAP, UNIX, MVS, AS400, SAP, OS390, racf, Oracle
PROFESSIONAL EXPERIENCE
SENIOR IT AUDITOR - May 2012 to September 2015
BANK OF AMERICA Wilmington, DE
Responsible for performing testing of key controls in accordance with established standards and protocols to determine whether the controls are operating effectively.
Performed Risk Assessment Reviews
Using ISO27001 review of policies and procedures.
Prepare audit procedures and acceptable working papers, which record and summarize audit data and adequately supports conclusions.
Draft audit reports and present findings and recommendations to line management.
Responsible for the follow up on remediation plans within an agreed timetable and ensure that all issues are closed in a timely fashion.
Reviewed Access Management procedures.
Participate in internal planning meetings and regular communications within the Internal Audit Department.
oPrepared audit reports and work papers regarding findings and recommendations for policy, procedures, and internal controls improvements.
IT COMPLIANCE LEAD June 2006 to May 2012
PANASONIC CORPORATION Secaucus, NJ
oManaged third party security risk by performing vendor security risk assessments.
oPerformed Risk Assessment Reviews
in collaboration with process owners, process managers, and IT owners to ensure proper documentation of all policies and procedures applicable to the key controls of significant processes.
Responsible for communicating to the process owners and SOX management any control deficiencies and provide recommendations for remediation.
Reviewed compliance with company Information Security Standards and recommend adjustments where necessary.
Review security within the ORACLE and the SAP FI platform...
Identify, evaluate, document, and monitor the remediation of control deficiencies.
Assist process owners, process managers, and IT owners to remediate any control deficiencies.
Responsible for preparation of audit findings, recommendations, and preparation of audit report drafts to senior management. Also responsible for the follow-up on the status of open recommendations.
Prepared audit reports and work papers regarding findings and recommendations for policy, procedures, and internal controls improvements.
INFORMATION SYSTEMS AUDIT MANAGER December 1994 to June 2006
AUTOMATIC DATA PROCESSING (ADP) Roseland, NJ
Identified and evaluated the organization’s risk areas and provided key input to the development of the annual audit plan.
Prepared and executed the SSAE16 and SOC 2 control testing when required.
Developed and performed audit programs, audit procedures, analyzing data and evidence, documenting subsidiary division’s processes, and procedures.
Assisted External auditors in SAS70 reviews.
Managed third party security risk by performing vendor security risk assessments.
Represented internal audit on organizational project teams such as the disaster recovery committee, information security committee, and with external audit organizations. In addition, I received an award from the audit committee for my efforts in my disaster recovery reviews globally.
Performed data center infrastructure control reviews globally including information security, database, change management, network, and major Enterprise Resource Planning (ERP) systems reviews such as SAP, and Oracle. Also review of UNIX, AS/400 and mainframe systems.
Reviewed and tested compliance and conformity with Company Standards, Policies and Procedures using recognized frameworks like COBIT and COSO.
Tested and evaluated general IT controls in order to recommend improvements and ensure compliance with Sarbanes-Oxley, monitor assessment to ensure that evaluations and remediation are completed in a timely manner.
Recommended procedural changes to improve internal control and/or operating efficiencies.
Responsible for preparation of audit findings, recommendations and preparation of audit report drafts.
Conducted closing exit meetings with all levels of management.
EDUCATION AND TRAINING
BACHELORS OF SCIENCE
PEIRCE COLLEGE Philadelphia, PA
Area of Study: Business Automation Management
ADDITIONAL TRAINING
Disaster Recovery, UNIX Security, Business Acquisitions training.
PROFESSIONAL ASSOCIATIONS
Information Systems Audit and Control Association (ISACA), Philadelphia Chapter
Institute of Internal Controls (CICA)
Willing to extensively travel both domestically and internationally.
Contact this candidate