Senior Manager
Resume:
**** ******* ****** ****, ******, GA, *****, USA
Cell : 678-***-**** Email: ************@*****.***
Experience and Skills Summary:
Exceptional Enterprise IT Risk Assessments & Governance, IT Internal Audit, IT Security, Assurance and Attestation and Compliance Professional with Strong Record of Successfully Managing Large and Medium Scale Projects For Public and Private Organizations. Over 15 years of Financial, Information Systems and Regulatory Compliance audit and assurance experience, gained during association with Ernst & Young, American Express Bank and KPMG.
Ability to lead large complex Global - Risk based IT Projects (Enterprise IT Risk Assessments, IT Governance & IT external & internal audits) across industries (Banking, Insurance, Claims, Asset Management, Manufacturing and Health Care) and projects addressing Planning, Scoping, Budgeting, Resourcing, IT Risk and Controls and Reporting.
Mitigate risk across multiple operational, compliance, and strategic areas, including testing internal controls and developing plans in alignment with COSO, COBIT 4.1 & 5, ISO 27000, ITIL frameworks and best practices.
Experienced working for American/Canadian Fortune 500 clients with hands-on exposure to formulating IT Road Maps, Global IT Risk Registers, Implementation Plans, Change, Incident, and Problem Management Policy and Procedures, Information Security Policy in alignment with ITIL and ISO 27001 and Computer Operations Policy, IT Risk Assessments, Regional Audit Plans, and training presentations.
Managed several SOX-404 (ICFR) and financial statement audits for large and medium sized, multilocation, public and private organizations.
Managed number of Advisory Services engagements and projects e.g. Internal audit, IT security, SOCR attestation (SOC 1, SOC 2 SOC 3).
Drive projects to timely delivery within budget via effective collaboration to meet client needs.
Dynamic leader of internal teams and effective communicator, conflict resolution & negotiator with Senior Executives, multi-national audit committees, 3rd-party Service providers and all levels of cross-functional staff.
Strong interpersonal skills to build/ maintain ongoing business relationships.
Certifications and Education:
Certified Information Systems Auditor designation (CISA)
Certified Risk and Information Systems Control Certification (CRISC)
IT Governance Certification: COBIT 5
Windows Server Management Certification –Microsoft
Programming Certification C++
Certified Internal Audit Certification (CIA) (last course in progress)
Bachelor of Arts- Statistics, Economics (Double Major).
Work Experience
September 2014 – To-date
Senior Manager, Advisory Services, Risk and Assurance practice, Ernst & Young, Atlanta.
Experienced auditor and project lead to number of financial industry clients e.g. banks, Insurance, Claims Management, asset management and mortgage clients.
Managed several SOX-404 (ICFR) and financial statement audits for large and medium sized, multilocation, public and private organizations.
Managed and lead number of Advisory Services engagements and projects e.g. Internal audit, IT security, SOCR attestation (SOC 1, SOC 2 SOC 3), Enterprise and IT Risk assessments, IT Governance and operational reviews.
Managed and lead several advisory services projects, assisting the organization in vendor selection, IT solution identification and implementation testing. Currently, assisting a global financial institution in the implementation and security validation of its new ERP (PeopleSoft) customization.
Managed and lead several Business process evaluation, testing and rationalization projects. This involves identification of business process redundancies, identification of complex, more effective and efficient controls for testing.
Internal audit engagements performed using the Top Down Risk Assessments approach based on COSO and CobIT internal controls and IT Service Management framework e.g. ITIL.
Primary responsibilities as project lead includes overall project management, planning, resource management, budgeting, engagement economics, supervision, client interaction, managing clients’ expectations, detail reviews, issues analysis, management and audit committee reporting and timely feedbacks.
Provides continuous guidance and supervision to team members, assisting them in setting the scope, objectives, timelines and expectations.
October 2012 to September 2014
Senior Manager, Technology & Security Risk Services, Ernst & Young Toronto and South West Ontario Region, Canada.
Experienced auditor and advisor to number of financial industry clients e.g. insurance, banking, asset management, mortgage servicing clients etc.
Primary responsibilities include overall project management, e.g. Team planning events, Post Interim events, budgeting, resource management, managed internal and external client expectations, detail reviews, issues analysis, management and audit committee reporting, timely feedbacks.
Managed SOX-404 advisory assurance integrated engagements focusing on IT security, business process reviews and application controls testing.
Considerable experience in Business Process Testing and Application controls testing (through participation in large Integrated - SOX 404, NA52109 and S.3416audits).
October 2006 to September 2012
Manager, Advisory Services, Ernst & Young Toronto and South West Ontario Region, Canada.
Primary responsibilities include overall project management e.g. planning, resource management, supervision, detail quality reviews, reporting and regulatory compliance for accounts and clients in the portfolio.
Served clients from manufacturing, financial, pharmaceutical and insurance sectors, working on external and internal audits, SOCR reporting and regulatory compliance reporting under attestation standards.
Performed enterprise risk assessments review and advisory engagements to help clients develop a comprehensive and robust risk management system.
Lead recruitment, training and other community activities inside and outside the firm.
Attended several IT Audit integration, PCAOB compliance, IT Security and audit methodology trainings.
September 2004 to September 2006
Senior Consultant, IT Risk & Advisory Services, KPMG Toronto, Canada.
Worked as senior on various financial and non-financial; large, medium and small sized clients. This includes organizations from banking, energy, manufacturing, and tele-communication industries.
Worked as senior on advisory and assurance reviews for the assigned engagements, that primarily includes integrated audits (SOX), financial statement support, CICA Section 5970 / SAS70 reviews, Evaluation of Third Party Reports, IT Security reviews.
Responsibilities includes planning and onsite supervision of staff’s performance and outputs, periodic project update to manager, internal team and client relationship, identification of new opportunities, overall supervision, review of staff work, resolution of review notes etc.
Aug to Oct 2004
SOX Consultant, TD Bank Toronto (Consultant)
Team leader SOX Quality Assurance Team. Primary responsibilities include review of IT process documentations, control matrices, test plans, test results, remediation plans, deficiency analysis etc.
Coordination with IT, business process owners and external auditor to address their issues related to identification of key controls, test plans.
Deficiency analysis of the identified exceptions, on the basis of business risks and overall impact on Financial Reporting and Financial Statements.
Jan 2003 to May 2004
IT Auditor, Banking Inspection Department, State Bank of Pakistan (Central Bank)
Senior auditor in the Banking Inspection Department. Primary responsibilities include IT Audit Inspection of banks, leasing companies, Investment organizations to ensure compliance of the banking and investment regulations.
Overall risk assessment and review of IT general controls during annual inspection of the banks, leasing and investment organizations. Review conducted on the basis of Cobit and COSO audit objectives and frameworks.
Trained a team of IT auditors for the Internal Audit department in State Bank, coordination and assistance to the internal auditors, to inspect the internal IT processes and controls.
1996 to 2002
Manager, Internal Audit & Market Compliance Owner, American Express Bank, Singapore
Risk Assessment, evaluation of Control environment, planning, and review of the Company information systems, business processes, policies and procedures, as part of the Japan Asia Pacific, Australian (JAPA) region. Reviews are conducted with the objective to monitor/follow-up, identify control weaknesses, suggest cost effective measures to strengthen controls and compliance of the Company policies and procedures.
Primary responsibilities involved credit cards, traveler checks, merchant payments and intercompany payments and reimbursement process evaluations and reviews.
Performed several compliance reviews related to banking e.g. US Travel Sanctions, data protection Laws, Anti Money Laundering and Anti-Corruption reviews. Also responsible for training the staff on compliance areas.
Participated in several internal controls and operational reviews and investigations as part of regional corporate audit team in JAPA.
Contributes significantly in the development, implementation and enhancement of new and existing information systems and processes in the Company.
Participates in the development and testing of the company’s Disaster Recovery and Business Continuity plans.
Uses Control Self Assessment and other information System Based tools to perform comprehensive and effective customer interactive reviews.
Ensure all Compliance activities and regulatory requirements are completely integrated into business policies, practices and systems. Perform reviews to ensure that these activities are properly undertaken and complied.
1989 – 1995
Auditor, Klynveld Peat Marwick Goerdeler (KPMG) Pakistan
Complete mandatory Audit and Accounting training period of five years with KPMG, and served in various capacities which included the position of ‘Senior Auditor’. Gained technical Audit experience at KPMG, in a computerized environment, resulting in detailed knowledge relating to international and local accounting and audit practices and standards. Perform audit of large and medium sized Financial and non financial Institutions.
Technology Evaluated
Considerable knowledge and experience in primary ERP’s such as PeopleSoft, SAP, BAAN. Worked in various ERP upgrades, data conversions, implementations and ITGC and ERP security evaluations.
Considerable experience in developing, testing and reviewing various technologies e.g. Windows, MainFrame, AD, AIX. Reviewed databases security for SQL, DB2, Oracle etc. Main focus on security configurations such as access to privileged functions, authentication settings, shared and system accounts security etc.
Hands on experience in several change management, GRC, Access & Identity management and Continuous Auditing tools.
Trainings Attended
Yearly Quality and Financial Audit IT Integration Training.
Cyber Program Management training, EY Atlanta.
SOCR Training, EY Atlanta
PCAOB and other reporting and attestation standard’s workshops, EY, Atlanta.
Trainer Development Workshop, EY, Atlanta.
EY Audit Tool and Methodology changes training / workshop, EY Atlanta.
Situational Leadership, Styles and Competencies courses, EY.
Trainings Conducted
Lead trainer for SOCR Workshops for clients in Atlanta.
Pan Asian Professional Network (PAPN) forum, presentation on diversity and inclusiveness.
Co Host several programs and workshops as Vice President External Affairs, Atlanta Chapter for ASCEND.
Trainer for Skills-400 classes in EY Global Training Centre Cleveland, USA.
Trainer for Experienced Hire Course (Skills-600) EY.
Other Activities:
Squash & Tennis
Contact this candidate