PROFESSIONAL PROFILE
Driven and results-focused IT Auditor with a proven track record of over 2 years in the field, actively pursuing an opportunity in Information System Audit, and IT Compliance, within a reputable and secure organization. I have successfully executed various projects and assignments throughout my career, such as evaluating new system implementations and conducting internal control reviews, SOX, and IT General Controls Audits.
WORK HISTORY/EXPERIENCE
Fidelity Investments – IT AUDITOR
Westlake, TX • 01/2019 - Current
Working knowledge of internal audit processes generally accepted auditing standards and information systems processes.
Knowledge and experience auditing and supporting operating systems (Unix/MS Windows), databases (Oracle and SQL), business applications, network infrastructure, change control, project management, and IT security concepts.
Works with the vendor to facilitate the completion of the IT Security Questionnaire and forward it to the appropriate IT Security approver for review.
Working knowledge of IT frameworks, such as COSO, COBIT, and ITIL NIST.
Performed audit executions/engagements, including planning and oversight, with supervision from the AVP or VP, while meeting the audit schedule /deadline.
Test and identify internal control weaknesses, regulatory compliance risks, and other areas of risk.
Collaborates with business (vendor) relationship managers and business owners to request necessary and appropriate due diligence documentation for all New Vendor relationships based on services being provided. I will also ensure that the appropriate risk assessments have been completed and are responsible for quality control and assurance and credible challenges of those assessments.
Works directly with businesses to coordinate due diligence efforts on all critical vendors
Performs appropriate and timely follow-up of outstanding due diligence items for all new and existing vendor relationships.
Performs appropriate assessments of due diligence documentation for all new and existing vendor relationships as outlined by policy.
Plan audits and develop design flows, risk assessments, audit findings, and audit reports.
Coordinates with IT Security regarding the review and approval of IT Security Questionnaire.
Coordinates the review and proper execution of all contracts and ancillary documents required of Business (vendor) relationship managers and Legal, and evidence of Legal approval and other assessments are stored in the appropriate repository.
Develop and execute multiple audit programs with minimal supervision and be self-motivated.
Provide objective consulting services to management that add value and improve operations.
Ensures the timely update and maintenance of all vendor information and documentation, process documentation, job aids, and training materials in the appropriate departmental repository according to the policy.
Excellent communication skills (both written and verbal), people skills, and analytical skills.
Computer skills and knowledge of Microsoft Office is required. Knowledge of audit software and tools is preferred.
Capital One – IT Risk and Compliance
Kansas City, MO • 12/2018 - 1/2019
Established IT compliance framework covering IT platform including applications, processes, and procedures to ensure compliance with industry standards and best practices.
Reviewed and tested users' access control - physical access relating to server room or data center, and logical access control relating to various applications, operating systems, databases, networks, and Windows Active Directory.
Performed review and tested IT controls such as incident management, change management, segregation of duties, and data integrity.
Performed review of organizational IT policies, standards, and procedures and provided advice on their adequacy, accuracy, and compliance with government guidelines and regulatory requirements.
Evaluated organization's disaster recovery readiness - DR plan, business impact analysis (BIA), annual testing, and site adequacy; assisted management in the identification and assessment of technology-related risks, reported risk-based controls adequacy; evaluated technology and business-related controls for integrated IT and business auditing efforts.
Coordinated and executed projects and ensured security risks/vulnerabilities are identified, communicated, and remediated.
Addresses reported risk events, and potential risk areas, and ensure these are appropriately mitigated, and the mitigation and//or remediation plans are adequate and stored in the appropriate repository
Performs initial risk review assessment on new vendor relationships based on services provided and potential risk areas identified.
Performs quality assurance assessments and credible challenges as they relate to the new vendor approval process according to policy and standard
Performs initial risk review assessment on new vendor relationships based on services provided and potential risk areas identified
Performs quality assurance assessments and credible challenges as they relate to the new vendor approval process according to policy and standard
Communicated weekly with IT department on the status of outstanding audit recommendations, both internal and external; that facilitated timely remediation.
Performed SOC 1, SOC 2, and SOC 3 report testing in accordance with applicable standards.
Wrote audit program using standard framework including, COBIT, ITAF, NIST, and COSO for best industrial practices.
EDUCATION
Bachelor of Business Administration
Associate of Applied Science.
CERTIFICATIONS & PROFESSIONAL AFFILIATIONS
ADDITIONAL SKILLS
IT General Controls Testing
Sarbanes Oxley Financial Review
Data Center Operations
Business continuity
Storage Management
Disaster Recovery
Third Party Risk Assessment
UNIX/LINUX & SAP experience
Corporate Risk Mitigation
IT Control Design
Extensive Report Writing,
Fact Finding, and Root Cause Analysis
Database Audit
PCI DSS Compliance
HIPPA and PPI assessment.