CYBER SECURITY RISK & COMPLIANCE
GLOBAL ENVIRONMENTS RELATIONSHIP MANAGEMENT SYSTEMS INTEGRITY PROJECT MANAGEMENT
Dynamic and highly motivated Cyber Security Risk & Compliance Professional, skilled in aligning business and information technology objectives and maintaining information security.
Extensive experience designing, implementing and testing security controls in accordance with various frameworks & standards such as COBIT, COSO, NIST, PCI, ITIL practices, ISO27001, HIPAA/HITECH, DEA, GLBA, IT-SOX, and SSAE 16 SOC 1 & 2 (type I, II).
C A R E E R P A T H & P E R F O R M A N C E
MERCURY INSURANCE 2018 – Present
(Auto & Home Insurance)
SPECIALIST – INFORMATION TECHNOLOGY AUDIT
Responsible for the management and delivery of IT and business process audits to ensure business risks were recognized and appropriately managed before the company was adversely affected. Activities included scoping, budgeting, meeting with process owners, developing testing procedures, audit testing, reviewing staff work, conducting meetings to present deficiencies, writing final report and work papers sign off. Served as liaison to external auditors regarding internal IT audit issues and procedures.
Lead and manage multiple IT Audit Assessments & Consulting projects such as: IT General Controls, SDLC controls, Computer Operation controls, Data Security & Privacy, Cyber Security, Application Security, IT Governance, and Network Security.
Assist in managing and delivering Company’s annual PCI Assessment.
Validate IT SOX testing performed by the various IT teams across the organizations.
Knowledge of the primary AWS services (EC2, ELB, RDS, Route53 & S3)
Provide timely reporting of IT controls deficiencies to upper management, completion of deficiency assessment and development and monitoring of remediation plans in conjunction with management to technical and non- technical audiences.
Prepare IT audit reports detailing results of audits and provided recommendations for remediation, as well as follow up review of corrective action plans
Evaluate SSAE 16 reports to identify compensating controls for third parties’ deficiencies.
Communicate project status and results in both verbal and written settings to senior management.
Ensure Cyber Security policies are adhered to and that required controls are implemented and facilitated continuous monitoring system.
Knowledge of security best practice standards such as the Center for Internet Security (CIS) Top 20 Critical Security Controls, NIST Cyber security Framework, and FFIEC Regulatory Cyber security Standards. SHAIKH QADIR
+1-909-***-**** PAGE 2 OF 2 firstname.lastname@example.org RSM US LLP 2013 – 2018
(Top 5 Public Accounting Firm)
SUPERVISOR – INFORMATION TECHNOLOGY RISK ADVISORY
Managed engagements totaling over $1 million in annual revenue within the following industries: financial services, payroll services, health care and pharmaceutical, media and entertainment, retail and manufacturing, distribution and logistics, gaming and government municipalities.
Managed multiple engagements over the testing of IT General and Application controls in support of external financial audit engagements. Clients include those requiring compliance with SOX utilizing UNIX, AS-400, SAP, Oracle, JD Edwards, and People Soft environments.
Rapidly moved up to take on complex SSAE 18 SOC 1 and SOC 2, Type I and II audits requirements (assurance reports, risk control testing, and other components) at well-known national corporations, working directly with leadership to create and execute strategic, systems-centric IT audit roadmaps covering newly installed technical solutions.
Sarbanes–Oxley (SOX) Managed engagements to scope, facilitate, and perform procedures to prepare clients for external financial audits and compliance with the Sarbanes-Oxley Act (SOX) by overseeing the performance of risk analyses, documenting control gaps, developing action plans to address control gaps, and designing and executing test procedures based on the COBIT framework.
Coordinated and Led information security Reviews with a regulatory focus on HIPPA, PCI, Red Flags Rules and adherence to HITRUST, NIST, COBIT, and COSO frameworks.
Led Information technology and cyber security reviews for financial institutions in accordance with FFIEC and ICFR guidelines with emphasis on GLBA, IT Governance, Logical and Physical Security, Change Management, Online Banking, Application Security, Business Continuity Planning, Disaster Recovery and Vendor Management.
Differentiated RSM US LLP among client auditors with streamlined process (focused interviews with minimal follow-up, diligent presentation of issues, and suggestions for improvement). Applied lessons learned and post- audit reviews to ensure client satisfaction.
o Educated C-suite leaders on regulatory changes, using contact list to update clients on industry impacts. DENTSU AEGIS NETWORK 2012 – 2013
(Media & Advertisement)
ERP SYSTEM SUPPORT & SECURITY CONSULTANT
Managed Donovan Data System (Media & Advertisement ERP System) for various business units.
Managed a team of security experts to ensure the appropriateness of IT security controls and user access rights.
Tested and investigated internal control environments to ensure regulation compliance, recommending process improvements where needed.
+1-909-***-**** PAGE 3 OF 3 email@example.com E D U C A T I O N
BACHELOR OF SCIENCE IN ACCOUNTING
CALIFORNIA STATE POLYTECHNIC UNIVERSITY, POMONA, CA C E R T I F I C A T I O N S
CERTIFIED INFORMATION SYSTEMS AUDITOR (CISA) – ISACA, LICENSE # 16133325 CERTIFIED INFORMATION SYSTEM SECURITY PROFESSIONAL (CISSP) – EXPECTED 2020