Chris Etwaroo, New Jersey, 609-***-**** ad4qrq@r.postjobfree.com

Dear Hiring Manager/Director,

I am extremely interested in the IT Audit position, I have years of Banking and Telecoms experience which includes IT Audit, IT Operations Audit, Security Controls, Telecoms Audit, System Administrator, GRC, Risk Assessment, SOX 404 - Sarbanes-Oxley, SOC 2, Project Manager, ITGC and Compliance Testing.

Accomplishments

10 years of experience in IT Audit-Revenue Integrity Audit, Database Audit, Computer Operations Audit, Security Controls, Sox & Compliance Testing, and Information Technology General Controls (ITGC).

Invaluable experience with ISO 27001/2 and Information Technology General Controls (ITGC) – Logical and Physical Access, Change Management, IT Operations Audit, Compliance & GRC.

Hands-on experience in IT General Controls (ITCG), IT Application Controls (ITAC), SOX 404, SOD, Software Development Life Cycle (SDLC), Access Control, Change Mgt, & Computer Operations.

Perform IT Application Controls (ITACs) and IT General Controls (ITGCs) including testing, and assessing the operational effectiveness of controls.

Perform IT audit process, including planning, fieldwork, reporting, and follow-up based on audit findings. Perform Business Continuity and Disaster Recovery audits including Data Center Audit.

Review Applications/databases, and perform IT general and application controls including SDLC, access controls, change management, segregation of duties (SOD), Operations, and Controls testing to verify compliance with SOX section 404.

IT Auditor/Integrity Audit - discovered thousands of dollars in Revenue Leakage in the Billing Systems and thousands of ghosting subscribers, not in the Billing. Excellent experience with IT SOX general controls.

Project Manager for implementing Verizon Fraud Alarming Application-ENFORCE (integrated 5 different applications into a Centralized System) utilizing Agile methodology.

Summary of Skills

Examine internal IT controls, evaluate the design/operational effectiveness, determine risk exposure, and implement controls/develop remediation strategies to address deficiencies/weaknesses.

Conduct assessments of IT risk and controls, including general IT controls and applications within Information systems. Assist in the design and implementation of effective controls. Governance, Risk & Compliance-GRC.

Excellent knowledge of IT General Controls (access control, provision process, backup/restore, job scheduling, change management, physical/logical controls, problem/incident management, SDLC, etc.).

Design and develop controls to mitigate risk, and document internal control weaknesses or inefficiencies.

Testing- User access provisioning/de-provisioning, password requirements, system authentication, access review, Batch job processing (success/failure), Backup and recovery procedures, Incident handling, etc.

Knowledge of ISO, SOX, COSO, COBIT, Audit Board, NIST, SOX-404, SOC2, SQL, ACL, MS Office, etc.

International experience in 10 countries including the US, Canada, Germany, Ireland, Brazil, and Mexico.

Education & Professional Certifications

Master of Business Administration (MBA) ISO 27701 Privacy Information Mgt. Systems (PIMS)

ISO 27001 ISMS Certified Internal Auditor (CIA) Certified Information Security Professional (CISP)

ISO 27002 ISMS Certified Lead Implementer (CLA) Certified Professional Project Management (PPM) Certified Software Test Engineer (CSTE) Certified Info Systems Security Manager (CISSM)

ISO 22301 Certified Business Continuity Professional Certified Risk and Crisis Manager (CRCM)

Fellowship of the Institute of Canadian Bankers(FICB) Certified Professional Trainer (CPT)

Thank you very much in advance for your time, and I look forward to discussing my experience with you.

Sincerely yours, Chris Etwaroo

Professional Experience

IT Auditor-Consultant – CP CAN Consulting 5/2019 - Current

Project Management towards Website Enhancement/Security. Provided Auditing for JC Jones Advisory Services & Robert Half to Banks, performing SOX Audit on IT Dependency Reporting, interfacing with PwC and Leadership at the bank. Liaison between external auditors (PWC) and Operational Support personnel.

Perform SOX Audit against the report logic, input parameters, Change Control Process, and ITGC, and validate the output against the source data. Revenue Integrity Audit, IT Audit, Revenue Assurance and Leakage, Fraud Management, Project Management, Quality Control/Assurance, Business Continuity-Planning Audit, Risk and Compliance, and Control/Compliance Testing.

Consultant 2018 - 2018

Rockland County Health Dept-Government & Crick Zone

Functionality includes Process Flow, Documentation, Procedures, Report Generation, Training, etc.

Project Manager towards the implementation of the website implementation.

Project Manager/System Specialist - Fraud and Revenue Assurance, Verizon 12/2007- 2017

Project Manager for the implementation of Verizon Fraud Alarming Application-ENFORCE

(Integrated 6 different applications into a Centralized System). Test Lead for Fraud Contingency System.

Integrity Auditor-Consultant, CAPE Technologies, Digicel, ASK4Solutions 2002 - 2007

Performed Analysis, technical survey, scoping, and project deployment towards the

implementation of Revenue Assurance - Fraud Applications, Revenue Integrity Audit.

Performed Operational-IT Audit within the Switch, Gateway, and Billing Systems and was responsible

for implementing the Minute’s Reconciliation between the Switch & Billing Systems.

Director of IT, GT&T/ATN 1992 - 2001

IT Director for ATN/GT&T, I was responsible for Information Technology (IBM-AS400) which

supports the enterprise goals, including Billing, Fraud Investigation, and IT Audit, and managed a staff of 53.

Design and implement effective controls (ISO 27001 Implementation & Audit), performed SOX 404 Audit.

Performed Telecoms Operational - IT Audit within the Switch, Data Mediation, Billing Systems, Rating, Bill Cycles, Invoices/Bills, Rates, Usage, Control Testing, ITCG testing/IT Operations Audit.

Information Technology General Controls (ITGC) – Logical & Physical Access, SDLC Controls, Change Management, IT Operations/Computer Operation Controls, evaluate and test IT controls.

Identified the weaknesses in Systems and networks and implemented an action plan to prevent security breaches in the technology. CDR/IPDR/Billing & S2B Reconciliation Audit, Billing & Validation Audit.

Bank of Montreal, Toronto, Canada 1985 – 1990 Corporate Security/Security Administrator/Application Support

Support Banking Applications, Database Audits, and Rate Change Audits and provide access controls for internal and external Banking Applications, compliance testing, encryption testing, and implementation.

Security and Control Evaluation, Bank of Nova Scotia, Canada 1990 – 1991 Evaluation of new applications under development and functional control systems to ensure compliance

with the Bank's security policies and standards. Perform Testing Controls, Compliance Testing, etc.

Education and Professional Certifications

Global Association for Quality Mgt -Certified CISP, CIA, CFA, CLA, PPM, CRCM, CISSM 2014 - 2022

QAI Global Institute, Software Certification, Certified Software Test Engineer

Hawthorne University 1996

Master of Business Administration (MBA)

York University, University of Toronto, and Queens University

Fellowship of the Institute of Canadian Bankers (FICB)

Ryerson University, Toronto, Canada, Business Systems and Programming

Contact this candidate