ITCG - Sox and Compliance Testing
Resume:
Chris Etwaroo 609-***-****, NJ *********@*******.***
Dear Hiring Manager/Director,
I am extremely interested in the IT Audit/SOX Audit - IT General Controls position. I have years of Banking and Telecoms experience, which includes IT Audit, IT Operations Audit, Security Controls, System Admin.,
ISO 27001, GRC, Risk Assessment, SOX 404 - Sarbanes-Oxley, SOC 1 & 2, ITGC & Compliance Testing.
Accomplishments
Over 10 years of experience in IT Audit, Database Audit, Computer Operations Audit, Security Controls, SOX Audit & Compliance Testing, and Information Technology General Controls (ITGC).
Extensive experience across a wide range of IT domains, including IT General Controls, Access Controls, Change Management, Compliance, Risk Assessment, Business Continuity, IT Governance, Data Privacy, Network Security, Fraud Detection, Physical Security, Application Controls, SOX ITGC, and Vulnerability.
Review security policies, procedures, and controls to detect control gaps or weaknesses, and develop and implement effective remediation strategies or control enhancements to address those risks. Extensive experience with preventive, detective, and corrective internal controls.
Conduct audits across key IT control areas, including physical and logical access controls, change management, backup and recovery, data privacy, segregation of duties (SoD), computer operations, and disaster recovery processes, to ensure compliance, security, and operational effectiveness.
Possess a strong understanding of IT internal controls over financial reporting, with hands-on experience performing SOX compliance testing on financial systems, including IT General Controls (ITGC), IT Application Controls (ITAC), and Cybersecurity audits. Strong analytical & Problem-solving Skills.
As a Security Administrator for the bank, I was responsible for access control management, where access was granted based on the principle of least privilege (PoLP) methodology.
Extensive hands-on experience in application security, logical access controls, segregation of duties (SoD), backup and recovery procedures, and computer operations. Skilled in working with ISO standards, including ISO 27001/2, 22301 (Business Continuity), and 27701 (Data Privacy), with practical experience applying ISO 27001:2022 Annex A controls, including partial implementation across security and compliance frameworks
Evaluate the effectiveness of internal controls through both Test of Design (ToD) and Test of Operating Effectiveness (TOE). Perform comprehensive testing of security controls to ensure they function as intended, including controls related to user creation, access modification, user termination, privilege granting, authentication, password management, and segregation of duties (SoD). Conduct Financial Internal Control over Financial Reporting (ICFR) testing to assess compliance and operational effectiveness.
Summary of Skills
Examine internal IT controls, evaluate the design/operational effectiveness, determine risk exposure, and implement controls/develop remediation strategies to address deficiencies/weaknesses.
systems. Assist in the design and implementation of effective controls. Governance, Risk & Compliance-GRC.
Design and develop controls to mitigate risk, and document internal control weaknesses or inefficiencies.
Strong project management skills with the ability to lead cross-functional teams.
Knowledge: ISO, SOX, COSO, COBIT, PCI, HIPAA, Audit Board, NIST, SOC 1 &2, Active Directory, SQL.
Education & Professional Certifications
Master of Business Administration (MBA) ISO 27701 Privacy Information Mgt. Systems (PIMS)
ISO 27001 ISMS Certified Internal Auditor (CIA) Certified Information Security Professional (CISP)
ISO 27002 ISMS Certified Lead Implementer (CLA) Certified Professional Project Management (PPM) Certified Software Test Engineer (CSTE) Certified Info Systems Security Manager (CISSM)
ISO 22301 Certified Business Continuity Professional Certified Risk and Crisis Manager (CRCM)
Fellowship of the Institute of Canadian Bankers(FICB) Certified Cloud Computing Professional - CCCP
Thank you, and I sincerely appreciate your time. Respectfully yours, Chris Etwaroo
Professional Experience
IT Auditor-Consultant – CP CAN Consulting 5/2019 – Present
JC Jones Advisory Services (Community Bank, NA, Buffalo), I performed SOX audits on IT dependency reporting, interfacing with PwC, I served as a liaison between external auditors (PwC) and conducted SOX 404 internal control risk assessments, planning, walkthroughs, and testing.
Robert Half/Protiviti-Data Governance Audit - Commercial Real Estate, Perform SOX Audit against
the report logic, Change Control Process, and ITGC, and validate the output against the source data.
Tevora (Asset Mark) - SOX Compliance Support - Provide project management services for SOX remediation activities for 404a and 404b, SOC 1 & 2, and Governance, Risk, and Compliance (GRC).
Consultant 2018 – 10/2018
Rockland County Health Dept-Government & Crick Zone
Functionality includes Process Flow, Documentation, Procedures, Report Generation, Training, etc.
Project Manager/System Specialist-IT, Fraud and Revenue Assurance, Verizon 12/2007–2017
I was the Project Manager for implementing the Verizon Fraud Alarming Application (ENFORCE),
whereby I held several chartering sessions with IT and the Business contributing to the overall success of the application launch, resulting in millions of dollars in cost savings. Reduce the risk of revenue loss by ensuring necessary controls are in place. As a team member, I was responsible for identifying hundreds of defects, resulting in a cost saving of over a million dollars during 2014-2016. Mobile Data Management testing.
Integrity Auditor-Consultant, CAPE Technologies, Digicel, ASK4Solutions 2002 - 2007
Perform analysis, technical survey, scoping, and project deployment of Revenue Assurance - Fraud Applications, IT Audit - Revenue Integrity Audit. Perform Operational-IT Audit within the Switch, Gateway, and Billing Systems and implement the Minutes’ Reconciliation between the Switch & Billing.
IT Consultant, GT&T/ATN 1992 - 2001
IT Consultant for ATN/GT&T, I was responsible for Information Technology (IBM-AS400) which
supports the enterprise goals, including billing, Fraud Management, Operations, Networks, and IT Audit.
Design and implement effective controls (ISO 27001 Implementation & Audit), performed SOX 404 Audit.
Performed Telecoms Operational - IT Audit within the Switch, Data Mediation, Billing Systems, Rating, Bill Cycles, Invoices/Bills, Rates, Usage, Control Testing, ITCG testing/IT Operations Audit.
Information Technology General Controls (ITGC) – Logical & Physical Access, SDLC Controls, Change Management, IT Operations/Computer Operation Controls, evaluate and test IT controls.
Bank of Montreal, Toronto, Canada 1988 – 1991
As a Security Administrator for the bank, I was responsible for access control management, where access was granted based on the principle of least privilege (PoLP) methodology.
Performed internal and external Banking Applications, compliance testing, encryption testing & Computer Operations. Corporate Security/Security Administrator/Application Support/Operations
Support Banking Applications, Database Audits, and Rate Change Audits, and provide access controls for
Education and Professional Certifications
Global Association for Quality Mgt -Certified CISP, CIA, CFA, CLA, PPM, CRCM, CISSM 2014 - 2022
QAI Global Institute, Software Certification, Certified Software Test Engineer
Master of Business Administration (MBA), Hawthorne University
York University, University of Toronto, and Queen's University
Fellowship of the Institute of Canadian Bankers (FICB)
Ryerson University, Toronto, Canada, Business Systems and Programming
Contact this candidate