Pufang Leimgruber Jin Legal resident of the USA

Jacksonville Florida adg7j2@r.postjobfree.com 904-***-**** www.linkedin.com/in/leimgruber

Senior Vice President of IT Auditing

Comprehensive risk focus and forward-thinking, change-oriented professional with extensive experience in leading team to transform the internal audit function to serve the ever-changing landscape, develop and drive high-performing audit function with data analytics and automation for Shanghai Stock Exchange (one of the top-ranking equity market in the world). Demonstrated expertise in uncovering areas of vulnerability, recommending process improvement, keeping good relationships with all level of stakeholders. Proven expertise in:

ITGC, Application Control and other internal control Audits

GRC (Governance, Risk Management & Compliance)

Audit Scoping, Planning, Testing, Reporting & Documentation

Unix/Linux/Windows system, C/C++, SQL, Python, Cybersecurity

Project management, Team Leadership

Information Security Program Development & Management

Data standard, quality, security management, Data governance

COBIT, ISO 2700x, NIST, SOX Section-404

SDLC, Business Analysis & System Design

KEY PROJECTS

Appointed by the Chinese Securities Regulation Commission (CSRC) to design and formulate information security auditing regulations for securities and future industry, which includes more than 1000 controls and covers IT governance, compliance, data and security requirements.

Leading IT compliance auditing regarding regulatory and internal control requirements which includes IT governance, IT general control; Managing business and IT processes auditing; Leading Information security management system auditing, to identify and assess key risks, analyze gaps and develop effective remediations;to ensure technology policies and objectives in alignment with firm’s objectives and provide reports on the system’s effectiveness to senior management.

Working with IT leaders and business leaders to design, establish, and implement ISO2700x information security management system while conducting internal security audits.

Cooperating with the Accenture China and IBM PMO to execute national stock trading system project while leading requirement analyses, and software infrastructure/network design.

Designing a high performing IP (H323) phone software for China Unicom; Developing accounting system software for China Construction Bank and Nanjing commercial bank.

PROFESSIONAL EXPERIENCE

Shanghai Stock Exchange –Shanghai, China (2002 - 2019)

Senior Vice President, Global Business, 2018 to 2019

Oversaw all activities associated with the share-holding stock exchanges of Shanghai stock exchanges, including China Europe international exchange AG, Astana international exchange, and the Pakistan stock exchange in collaboration with the regional directors. Attended audit committee meetings of various exchanges while reviewing information security strategy and implementation as well as audit plan and reports to ensure consistency.

Key Contributions:

Collaborated with the share-holding exchanges to improve internal control system by conducting detailed audits, to establish risk management framework and execute corrective measures; to support pre-IPO, IPO and policy formulation with business development.

Achieved shareholders’ agreement and subscription agreement with the Astana International Exchange by effectively leading negotiation of a share subscription.

Senior Vice President IT Auditing, Risk Control & Internal Auditing Department, 2005 to 2017

Formulated all documentation and reports based on findings, recommendations, and opinions while devising and implementing an effective audit approach to conduct investigations efficiently. Managed end-to-end IT security audit processes to ensure the smooth running of operations and align overall environment, access control, system development, system implementation, data management, cybersecurity, and emerging technologies with relevant measures. Analyzed the effectiveness of internal control and provided innovative recommendations that add value to the company by ensuring alignment with legal, regulatory and internal control requirements, and Information security governance.

Key Contributions:

Led 1) IT compliance auditing regarding regulatory and internal control requirements; 2) business,IT, data management processes auditing; 3) Information security management system auditing.

Managed audit planning, testing, reporting, following up and verification of issue closure to fulfill gaps as per risk-based assessment.

Cooperated with the information security committee in headquarter to plan and establish the information security management framework of sub-companies.

Assessed and improved the internal control of various business areas/functions by auditing inter-departmental processes in business units or IT departments and recommending changes.

Provided support and practical solutions to business units or IT departments in identifying potential risks, realizing control measures, and establishing risk control matrix.

Executive Manager Software Engineer, IT Department, 2002 to 2004

Key Contributions:

Joined national stock trading platform development and launched the new system successfully.

EDUCATION & CREDENTIALS

Master’s Degree in Software Engineering

Shanghai Jiaotong University, Shanghai China

Bachelor’s Degree in Computer Science

South east Jiaotong University, Chengdu China

Certified Information Systems Auditor (CISA), Cobit Foundation

Contact this candidate