CECILE NOBLE

**** **** **, *** *** New Britain CT 06053 646-***-**** ad0wee@r.postjobfree.com

Information Technology Audit Change Management Cybersecurity

Experience & Qualifications Snapshot

Multifaceted, integrated audit professional with a strong understanding of compliance, change management, SDLC, project management, automated controls, SSAE18 report reviews, SOX, IT general control reviews, PCI-DSS, DFARS/CMMC, SAP business object reports, Application, and Infrastructure control testing. Proven ability to successfully plan and manage the execution of external and internal audit and compliance projects, delivering quality result and improving internal controls.

Dynamic Team Leader who motivates and drives team members to capture outstanding results by vision, goals, and objectives; providing effective strategies; and developing individual strengths.

Key Areas of Expertise

Leadership – Data Analytics – IT Auditing – Risk Assessment – Project Management

Training/Coaching/Mentoring – Cross-Functional Initiatives – Supply Chain Management – Global Initiatives

PROFESSIONAL EXPERIENCE AND CONTRIBUTIONS

Raytheon Technologies (RTX) 02/2019- Present

Raytheon Technologies Corp. is an aerospace and defense company, which engages in the provision of aerospace and defense systems and services for commercial, military, and government customers.

Audit Manager DT Audit/Controls, Farmington CT

Lead operational ( e.g., invoicing, inventory management), compliance (e.g., DFARS, USG Compliance, HIPPA) and application (e.g., interface, configuration, input/processing/output) audits for compliancy and provide value-added recommendations to improve business control processes.

Provide on-hand trainings and informal/formal performance feedback to audit staffs.

Develop and present DT risk & control audit work programs for specific application/business function/entity to reflect the company’s current risks, government laws/regulations/ policies.

Lead complex audits and provide audit expertise on cybersecurity projects (e.g., CMMC and security awareness) as well as to evaluate confidentiality, integrity, and availability of cloud security.

Perform special projects review such as asset & intellectual property removal assessment during ISP/VSP events with the forensic audit team, SOX program and Collin’s DT compliance team.

Lead multiple site and process audits across the business ensuring alignment with the company Digital Control policies and best practices.

STANLEY BLACK & DECKER 12/2017-11/2018

Stanley Black & Decker is an $11B world-leading provider of tools and storage, commercial electronic security and engineered fastening systems, with unique growth platforms and a track record of sustained profitable growth.

Sr. IT Auditor, New Britain, CT

Planned, performed, and supervised a staff of two on IT and project auditing assignments under limited supervision.

Performed all aspects of engagement execution, including risk assessment, planning, fieldwork, review, report writing including

any exceptions identified and management’s corrective actions.

Led and executed 60% of ITGC audits by partnering with external auditors to evaluate IT general control design, implementation, and operating effectiveness in support of Sarbanes-Oxley compliance.

Provided audit expertise through leading complex cyber audit projects, including cloud security and security awareness.

Trained and developed new hires and interns, in technology audits, as well as technology principles.

Performed complex audit and consulting engagements in emerging technology areas related to Data Lake, Security, additive manufacturing, and infrastructure and IIOT.

Partnered with Industry 4.0 team to define and manage for various value stream, including analytics, IIOT and automation as part of the Value Accelerator Business Unit Rotation member

COHNREZNICK 10/2016-12/2017

CohnReznick LLP is a national professional services firm headquartered in New York, NY.

Consultant- Technology Risk and Compliance, New York, NY

Planned, supervised, and led multiple IT Audit engagements, including system development and package implementation of HIPAA and SSAE18 SOC 1 reviews of varying sizes with minimal supervision within the financial services industry as well as the healthcare, consumer, and industrial products industry.

Evaluated risks associated to and controls over IT infrastructure and computerized application systems, platforms and databases including Oracle, SQL, Sybase, UNIX, JD Edwards, PeopleSoft, OS/400, SAP, and Windows systems.

Performed data analytics using ACL for testing of automated reconciliations, segregation of duties reviews and interfaces which saved 30% time for Financial Audit Team.

Performed thorough review of work papers to ensure that procedures had been completed, conclusions had been supported, and firm quality control procedures had been adhered to.

Managed large clients, such as Stanley Black &Decker, ensuring that audit assessment was completed with high quality and in a timely manner

AMERICAN INTERNATIONAL GROUP 5/2012-10/2016

AIG is an American multinational finance and insurance corporation.

Senior IT Auditor, New York, NY (9/2015-10/2016)

Performed complete walk-throughs of IT processes, risk, and controls, including reviewing of application security, PCI -DSS, general computer controls and segregation of duties.

Documented clear and concise narratives, flowcharts using Visio, depicting processes and various application controls such as user provisioning and recertification processes.

Coordinated with Business Process Owner ensuring that documentation, testing, remediation, and the appropriate controls associated with the framework are identified and documented appropriately; supported BPO’s with compliance efforts by educating them on internal control needs and requirements.

Worked closely with subject matter experts in planning and developing analytical methods for data collection, data variables, storage, analysis, statistics, and presentations. Maintained and updated risk and control matrixes; creating control testing programs and testing key internal controls in accordance with company policy and best practices.

Peridoically meet with business stakeholders and third parties to discuss upcoming /current strategic initiatives, laws, regulations, policies, emerging technologies, risks etc. impacting the business units.

IT Compliance Analyst III- Global Claims Technology (GCT) (5/2012-9/2015)

Executed pre-and post-implementation audit review for SDLC, both agile and waterfall projects, and change management and provided monthly projects status reports to all stakeholders from project readiness start date until completion. Developed, maintained, and delivered training for the application teams regarding Fed Supervision requirements based on repeated self-assessment and audit findings.

Coordinated the disaster recovery exercise for GCT ensuring that application teams were prepared for testing by identifying, evaluating, documenting key risk indicators and data structures, and designed and developed relational databases for collecting data prior to testing. Created an Access database to review the DBA activities via Guardium, ensuring that no unauthorized changes took place.

EMPIRE BLUE CROSS BLUE SHIELD 05/2011- 04/2012

Blue Cross Blue Shield Association is a federation of 36 separate United States health insurance organizations.

Consulting-Underwriting Audit Associate, Group Integrity Department, New York, NY

Communicated with sales, administration and claims to assess the status of pending contracts for termination.

Audited the activities of various businesses for compliance with plans, policies and procedures ensuring that company procedures were being followed.

BRIGHT HORIZONS FAMILY SOLUTION 10/2009- 11/2010

Bright Horizons Family Solutions is a United States–based child-care provider.

Client Service Associate, New York, NY

Generated and analyzed center use and registration reports to understand client use, registration levels and the reasons behind the results. Reviewed and updated employee timecards to ensure hours, pay rules and calculation were correct using Procare Payroll System.

TEACHERS INSURANCE AND ANNUITY ASSOCIATION 4/2007-4/2009

Teachers Insurance and Annuity Association is the leading provider of financial services in the academic, research, medical, cultural and governmental fields.

Compliance Analyst, New York, NY

Performed testing and analysis at each stage of the SDLC to ensure compliance with internal Sarbanes-Oxley 404 and SAS70 processes to determine efficiency, performance, accountability, and cost effectiveness.

Collaborated with IT management to create methodology as it relates to identifying and implementing risk assessment.

EDUCATION

BACHELOR OF BUSINESS ADMINISTRATION, Finance, and Investment, 2009, Baruch College, New York, NY

MASTER OF SCIENCE, Cybersecurity Management and Leadership Program, 2022, University of New Haven CT

ADDITIONAL INFORMATION

Proficient in MS Office, C#, RSA Archer, IBM Guardium, Open page, ACL, Tableau, Python Teammate, Service Now, SAS, Oracle, SQL,

Sybase, UNIX, JD Edwards, PeopleSoft, OS/400, SAP and Windows Systems.

Contact this candidate