Information Security Service

Salman Quader, CISA ** Olsen Street Valley Stream, NY 11580

https://www.linkedin.com/in/salquader 646-***-**** *********@*****.*** TECHNOLOGY AUDIT & RISK PROFESSIONAL

Technology & risk professional with 6+ years of experience in the IT audit and risk space. Background consists of, financial service clients such as global investment banking, community banks, workers compensation, private equity, and exchange settlements. Experience includes current employer, CNM LLP in acting as the lead senior for annual SOX programs, pre- fieldwork activities, leading weekly collaborative status meetings between the client and external auditors, project management activities, reviewing workpapers of staff, testing and documenting of the design and operating effectiveness of automated controls. Collaborative individual who fosters a team-building atmosphere. Change agent who strives for improvement, professional development and seeks a challenging work environment. PROFESSIONAL EXPERIENCE & ACCOMPLISHMENTS

CNM, LLP – New York, NY January 2019 – Present

ITS Senior Associate

Lead pre-fieldwork activities (e.g. creation of budget, engagement team kick-off meeting agendas, creation of client request list, sample selections, tailoring of audit procedures).

Serve as senior in-charge of NY audit engagements, which includes management of staff members, review of staff workpapers, and primary liaison between audit directors and client personnel.

Perform risk assessments, gap analysis, and controls rationalization, resulting in the implementation and enhancement of key controls, while reducing the number of application controls, resulting in compliance cost reduction and workflow efficiency.

Prepare and lead weekly SOX coordination status meetings between internal audit, external auditors and the client.

Manage bi-weekly budget vs actuals and investigate inefficiencies and overages amongst teams. Reclass hours, where needed to ensure overall budget is in line with engagement plan.

Review the current IA reports, identify the current open deficiencies, work with management and IA to help remediate open deficiencies or come up with an action plan to reduce the risks.

Lead walkthroughs with business process owners, control owners. application owners to gain an understanding of system generated reports and IPEs, IT application controls, and general IT controls (ITGC).

Prepare and document concise workpapers, including the test of design, test of operating effectiveness, and conclusions over automated controls. Perform code review of the configuration of automated controls and IPEs/Reports.

Assist senior management with strategic cost reduction plan to help reduce SOX advisory fees due to negative pandemic implications for FY20. Resulting in reducing of 60 hours from our advisory fees. New York Community Bancorp – New York, NY November 2016 – January 2019 IT Auditor – Internal Audit

Analyze, test, and document internal IT controls, including IT general controls, SOX critical and application controls, input/output, processing, access, change management, backup and recovery capabilities, databases, information security, operating systems, networks, servers, service provider risks.

Prepare effective and clear work papers, which support the work performed and conclusions reached. Responsible for updating firm audit work paper standards, demonstrating updated procedures and standards to IT Audit teams during monthly staff meetings.

Utilize data analysis tools and data acquisition/reporting procedures to parse heavy data sets to create efficiency in testing and documentation.

Communicate with senior management to help prepare audit planning memos, provide information on planned audit coverage, timeline, and budgeting. Maintain active communication regarding status of deliverables, progress of the audit, and observations/findings for wrap-up and finalizing audit report.

Coordinate with external auditors (KPMG/Crowe Horwath) and regulators with regulatory findings, external audits, and risk assessment engagements.

Conduct online research for industry standards updates, best practices, audit programs, while being able to incorporate new information into our teams current and future engagements. KPMG, LLP – New York, NY November 2015 – November 2016 IT Attestation Associate – Risk Consulting July 2014 – July 2015

Evaluated clients’ key IT processes such as change management and systems development, computer / data center operations, and logical access and security. Identify and test IT General controls that support key IT dependent controls embedded in various business process cycles.

Performed reviews of automated and manual application controls; reviews include performing walkthroughs to assess and test of design and the testing of operational effectiveness of the business process controls.

Was responsible for the coordination and oversight of workload of two first year associates, 3 summer interns and off-shore India team by distributing areas for testing, reviewing work-papers, and providing value-added feedback.

Supported senior management with engagement planning, budgeting, scheduling, tracking, including milestones markers, meetings, and on-boarding/off-boarding.

Engagements included: Corporate integrated Audits, Non-Integrated Audit, SOC1 reports, and AT601 Reports. Cliental consist of financial service and retail clients.

Worked closely with financial audit team with creating and updating business process flow narratives.

Participated in on-campus recruiting activities as well as review resumes of potential candidates to join Advisory, Audit, and Tax practices firm wide.

Ernst & Young, LLP – Dallas, TX July 2015 – November 2015 Senior, IT Risk Assurance – FSO Advisory

Assisted senior management with engagement kickoff, planning documentation, resource management, engagement wrap-up.

Participated in cyber security assessment engagements with primary role being mapping/comparing controls against national cyber standards such as FFEIC, NIST, ISO27001.

Tested and documented ITGC narratives, testing and processes for Internal Audit Engagements.

Staffed on three external audits in which roles and duties include: leading application controls and ITGC walkthroughs, review and provide comments for documentation completed by staff level, weekly PMO tasks such as engagement status tracking, budgeting, managing relationship between client and management. EDUCATION & PROFESSIONAL DEVELOPMENT

Certified Information Systems Auditor (CISA)

ISACA – #19156879

B.B.A. – Computer Information Systems

Zicklin School of Business – Baruch College - 2013

B.B.A. – Finance and Investments

Zicklin School of Business – Baruch College - 2010 TECHNICAL COMPETENCY SKILLS

Windows Server 2003/2008, Mainframe/AS400, Linux/UNIX, SAP BO, SQL Server, Sybase, Miser, Monarch, MS Access, Oracle databases, Workiva, AuditBoard, TeamMate/TeamTech, Various Financial Applications, Industry leading audit methodologies such as COSO/COBIT, Familiar with external audit methodology, familiar with PCAOB audit standards, FISCAM, ISO 27001

LANGUAGES

Bengali, Hindi, Urdu, Arabic

Contact this candidate