Information Security It

Information Security Professional

IT auditor with 3 years of experience, conducting various IT audit projects such as SOX Audit, Audit Readiness, and Compliance Audit. I have also obtained great expertise in testing Application Controls, Risk Assessment, and Information Technology General Controls (ITGCs). Knowledge of COBIT and COSO frameworks and NIST publications.

Education / Certification

Northern Virginia Community College

Associate in Athletic Training

Work Experience

APN Consulting December 2018 - Present

IT Auditor

Ensures compliance with established internal control procedures by examining records, reports,

operating practices, and documentation.

Verifies assets and liabilities by comparing items to documentation.

Completes audit workpapers by documenting audit tests and findings.

Appraises adequacy of internal control systems by completing audit questionnaires.

Maintains internal control systems by updating audit programs and questionnaires, recommending new

policies and procedures.

Communicates audit findings by preparing a final report, discussing findings with auditees.

Complies with federal, state, and local security legal requirements by studying existing and new security

legislation; enforcing adherence to requirements; advising management on needed actions.

Prepares special audit and control reports by collecting, analyzing, and summarizing operating

information and trends.

Maintains professional and technical knowledge by attending educational workshops, reviewing

professional publications; establishing personal networks; and participating in professional societies.

Contributes to team effort by accomplishing related results as needed.

Peer Solutions Group August 2017 - November 2018

IT Internal Auditor

Assisted in plan development and executed compliance, operational, IT and financial internal audits to

determine adherence to guidelines and regulations and evaluate the effectiveness of internal controls

Assisted in the development of all audit processes, including risk assessment, planning, audit program.

Development, execution of audit procedures and communication of audit results to senior management.

Collaborated with the Information Security and Enterprise Risk Management teams to scope IT audits.

Performed data extraction, analytical testing and security reviews using Audit Command Language and other analytical tools.

Worked with teams throughout the company to identify process improvements that lead to cost savings or revenue enhancement opportunities.

Identified control issues and best practices.

Reviewed and evaluated corporate policies.

Protected the enterprise from threats by ensuring that IT controls are implemented in the proper locations and working correctly.

General understanding of IT concepts, IT infrastructure, servers, networking, IT security, virtual machines, databases, encryption, vulnerability management, penetration testing, data centers, load balancers, identity and access management, cloud services and application development.

Standards/ Controls/ Artifacts / Framework Awareness

Access Control, Audit and Accountability, Security Assessment and Authorization, Compliance Testing, Risk Assessment, Change Management, Configuration Management, Contingency Planning; Policies and Procedures, Implementation; Intrusion Detection Systems, Incident Response, Media Protection, NIST 800-53, NIST 800 53A, NIST 800-37, FIPS 199, FISMA, FedRAMP.

Technical Skills / Tools

Tools Proficiency: TeamMate EWP, CSAM, MS Office, Microsoft Windows, Remedy TTS, E-Auth, Spectrum, SharePoint. System's Artifact Libraries, Google Docs, Windows server 2008/2012, Active Directory, DNS.

Contact this candidate