PROFESSIONAL PROFILE

Driven and results-focused IT Auditor with a proven track record of over 2 years in the field, actively pursuing an opportunity in Information System Audit, and IT Compliance, within a reputable and secure organization. I have successfully executed various projects and assignments throughout my career, such as evaluating new system implementations and conducting internal control reviews, SOX, and IT General Controls Audits.

WORK HISTORY/EXPERIENCE

Fidelity Investments – IT AUDITOR

Westlake, TX • 01/2019 - Current

Working knowledge of internal audit processes generally accepted auditing standards and information systems processes.

Knowledge and experience auditing and supporting operating systems (Unix/MS Windows), databases (Oracle and SQL), business applications, network infrastructure, change control, project management, and IT security concepts.

Works with the vendor to facilitate the completion of the IT Security Questionnaire and forward it to the appropriate IT Security approver for review.

Working knowledge of IT frameworks, such as COSO, COBIT, and ITIL NIST.

Performed audit executions/engagements, including planning and oversight, with supervision from the AVP or VP, while meeting the audit schedule /deadline.

Test and identify internal control weaknesses, regulatory compliance risks, and other areas of risk.

Collaborates with business (vendor) relationship managers and business owners to request necessary and appropriate due diligence documentation for all New Vendor relationships based on services being provided. I will also ensure that the appropriate risk assessments have been completed and are responsible for quality control and assurance and credible challenges of those assessments.

Works directly with businesses to coordinate due diligence efforts on all critical vendors

Performs appropriate and timely follow-up of outstanding due diligence items for all new and existing vendor relationships.

Performs appropriate assessments of due diligence documentation for all new and existing vendor relationships as outlined by policy.

Plan audits and develop design flows, risk assessments, audit findings, and audit reports.

Coordinates with IT Security regarding the review and approval of IT Security Questionnaire.

Coordinates the review and proper execution of all contracts and ancillary documents required of Business (vendor) relationship managers and Legal, and evidence of Legal approval and other assessments are stored in the appropriate repository.

Develop and execute multiple audit programs with minimal supervision and be self-motivated.

Provide objective consulting services to management that add value and improve operations.

Ensures the timely update and maintenance of all vendor information and documentation, process documentation, job aids, and training materials in the appropriate departmental repository according to the policy.

Excellent communication skills (both written and verbal), people skills, and analytical skills.

Computer skills and knowledge of Microsoft Office is required. Knowledge of audit software and tools is preferred.

Capital One – IT Risk and Compliance

Kansas City, MO • 12/2018 - 1/2019

Established IT compliance framework covering IT platform including applications, processes, and procedures to ensure compliance with industry standards and best practices.

Reviewed and tested users' access control - physical access relating to server room or data center, and logical access control relating to various applications, operating systems, databases, networks, and Windows Active Directory.

Performed review and tested IT controls such as incident management, change management, segregation of duties, and data integrity.

Performed review of organizational IT policies, standards, and procedures and provided advice on their adequacy, accuracy, and compliance with government guidelines and regulatory requirements.

Evaluated organization's disaster recovery readiness - DR plan, business impact analysis (BIA), annual testing, and site adequacy; assisted management in the identification and assessment of technology-related risks, reported risk-based controls adequacy; evaluated technology and business-related controls for integrated IT and business auditing efforts.

Coordinated and executed projects and ensured security risks/vulnerabilities are identified, communicated, and remediated.

Addresses reported risk events, and potential risk areas, and ensure these are appropriately mitigated, and the mitigation and//or remediation plans are adequate and stored in the appropriate repository

Performs initial risk review assessment on new vendor relationships based on services provided and potential risk areas identified.

Performs quality assurance assessments and credible challenges as they relate to the new vendor approval process according to policy and standard

Performs initial risk review assessment on new vendor relationships based on services provided and potential risk areas identified

Performs quality assurance assessments and credible challenges as they relate to the new vendor approval process according to policy and standard

Communicated weekly with IT department on the status of outstanding audit recommendations, both internal and external; that facilitated timely remediation.

Performed SOC 1, SOC 2, and SOC 3 report testing in accordance with applicable standards.

Wrote audit program using standard framework including, COBIT, ITAF, NIST, and COSO for best industrial practices.

EDUCATION

Bachelor of Business Administration

Associate of Applied Science.

CERTIFICATIONS & PROFESSIONAL AFFILIATIONS

ADDITIONAL SKILLS

IT General Controls Testing

Sarbanes Oxley Financial Review

Data Center Operations

Business continuity

Storage Management

Disaster Recovery

Third Party Risk Assessment

UNIX/LINUX & SAP experience

Corporate Risk Mitigation

IT Control Design

Extensive Report Writing,

Fact Finding, and Root Cause Analysis

Database Audit

PCI DSS Compliance

HIPPA and PPI assessment.

Contact this candidate