Information Security Service
Resume:
PROFESSIONAL SUMMARY
Highly-motivated and results oriented Senior IT Audit, Risk and Compliance professional with verse knowledge of risk-based IT audit projects, risk assessment, security audit, audit readiness, management policies, standards, and procedure with successful track record in delivering quality testing, reports and remediation.
KEY AUDIT COMPETENCIES
IT Security and Risk Assessment Vendor Risk Management IT Audit SOX, ISO, COSO, COBIT, NIST, PCI-DSS
IT Governance, Risk & Compliance Infrastructure Security Testing
SAS 70/SSAE 16/service Organization Control SOC1 Type 2 Review Operational Risk and Security Validation.
PROFESSIONAL EXPERIENCES
Senior Technology Risk Advisory – Senior IT Auditor
ERNST & YOUNG, LLP. Dallas, TX January 2019 – Present
Conducts risk-based audits including all aspects of the audit lifecycle, including risk assessment, planning, client coordination, fieldwork, data analysis, workpaper documentation, reporting, and remediation validation.
Leads client engagement, focus on the assessment and evaluation of systems security and the mitigation of IT-related business risks.
Leads security audit/SOX compliance program, design and effectiveness of internal controls, develop and enhance comprehensive test plans, and perform independent testing.
Evaluate IT General Controls (ITGCs) testing using a risk-based approach to identify process improvement opportunities.
Prepare third-party attestation reports, including Service Organization Control SOC 1 and SOC 2, including documenting, validating, testing, and assessing various control systems.
Perform deficiency root cause analysis and assist the client with the development of remediation plans
Collaborate with clients internal and external auditors in the planning and execution of SOX 404 requirements and ensure all deadlines are met with high-quality deliverables.
Maintain relationships with client management to manage expectations of service, including work products, timing, and deliverables
Presents IT status during meetings with the external auditor and the client, and address any follow up from the external auditors.
Create and distribute issues validation status reports to the Internal Audit Team and Executive Management.
Support and coordinates, with the client, the response to the final report recommendations. Briefed the engagement team on the client's Internal Audit environment and trends
Provides guidance and share knowledge with team members about performing procedures especially focusing on complex, judgmental and/or specialized issues.
Collect and analyzes information to detect deficiencies in controls, procedures, and compliance with best practices such as NIST, COBIT, PCI-DSS frameworks.
Offer effective supervision to staff auditors, review their work papers and mentor new hire to bring them up to speed.
Vendor Risk Consultant (Contract)
PROTIVITI/USAA. Plano, TX December 2017 – December 2018
Performed third party risk assessments, identified issues and/or control gaps, and recommended remediation initiatives.
Worked with the appropriate business user and technology owner to ensure that for any identified risks, the required mitigating action is developed and executed
Implemented service level agreements (SLA's) with third party business unit owners and reported on KPIs using the predetermined SLA's.
Evaluated supplier control effectiveness by reviewing policies, procedures, systems and processes to identify control gaps.
Actively participated in decision making with third parties and company management for mitigating identified deficiencies and seek to understand the broader impact of the decisions made.
Conducted annual third-party vendor management training for all third-party business unit owners
Senior Audit & Compliance Analyst (Contract)
BLUE CROSS & BLUE SHIELD of TEXAS. Richardson, TX February 2017 – December, 2017
Conducted file reviews and audits according to federal guidelines (MAR, HITECH, HIPPA).
Effectively and independently performed on-going monitoring and testing of healthcare services activities to ensure compliance with applicable laws and regulations.
Completed periodic system validation and testing of transactions, processes, and controls that independently evaluates the adequacy, comprehensiveness and effectiveness of compliance functions. Includes: selecting appropriate samples, tracking timely delivery and maintenance of review papers, monitoring testing status, completing final review reports and updating all applicable documentation as applicable to each test.
Reported to senior management within Legal & Compliance and the business regarding compliance matters related to healthcare. Oversees and conducts scheduled regulatory compliance reviews.
Provided guidance and advice to the various business units on an on-going basis regarding process and practice in health care and how changes in laws and regulations impact them.
Discussed and reviewed all potential test findings with Compliance Management and the Business Unit.
Identified control deficiencies in business-level procedures or policies; make recommendations, and issue final reports based on findings. Identified deficiencies and recommended solutions to complex issues.
Liaised with business personnel on all compliance matters pertaining to consumer regulatory requirements
Third Party Risk Manager
ATLANTIC AVIATION/MIC GLOBAL SERVICES, LLC. Plano, TX January 2016 – February, 2017
Reviewed existing/new third- party services and data in scope of the assessment and analyzed engagement risk ratings
Conducted formal end to end Information Security Risk Assessments (review of questionnaires, third party security audit reports and evidence.)
Documented risk assessment in a formal report, including any identified deficiencies in third party's Information Security program. Worked together with the TPRM team and stakeholders to review the assessment and escalate any issues.
Worked with operating units and partners to get additional information and to properly vet any issues prior to finalizing the report.
Follow-up with internal security team on internal controls to ensure the right controls are in place to support company engagement with vendors
Assessed remediation plans and non-compliance acceptances where Information Security standards compliance cannot be achieved.
Partnered with other Information Security teams, operating units and technology to ensure that risks are clearly articulated in a manner that is understood by business and technology audiences
Served as a subject matter expert and process ambassador as it relates to TPRM related processes, procedures, and workflows.
Devised an efficient and effective means of tracking vendors' issues, which enhanced the TPRM function's issue tracking matrix.
Contributed immensely towards the design and implementation of a risk calculator which facilitated the initial vendor review process.
Senior IT Auditor
FIDELITY INVESTMENTS. Westlake, TX March 2013 – December 2015
Assisted in the execution of the annual internal audit plan as directed and prepared reports to communicate audit results to management and made recommendations as appropriate.
Evaluated IT infrastructure in terms of risks to the organization and established controls to mitigate loss.
Conducted audit using (COSO and COBIT frameworks) to conduct practical system testing.
Performed IT General Controls audit and IT Application Controls testing and risk-based IT audits in core IT functions.
Provided independent audit support in conjunction with the Company's SOX 404 assessment.
Tested and documented financial and information systems for data integrity and quality.
Assisted in the preparation and periodic review of a comprehensive Company risk assessment.
EDUCATION
Bachelor of Science – Political Science & Public Management – University of Benin
Contact this candidate