Phares K. Sekalala BA Acc, CFE, CISA, CPA

Toronto ON +1-905-***-**** adn9vb@r.postjobfree.com

Risk Assurance - Cyber Security – Internal Audit

CAREER ACCOMPLISHMENTS

• Managed Compliance assessments /reviews (PCI-DSS, SOX, ISAE 3402/SSAE 16, AT101 SOC reporting) for initiation to report sign-off for various high-profile companies in different Industrial sectors.

• Directed setting up IT Internal controls frameworks and documentation methodologies at Honda Finance, TD bank, RBC, Wealth One and various Credit unions and Insurance companies to support as well as sustain the effective control environment for attaining respective annual Internal Controls (SOX/ NI52-109) Compliance certifications.

• Introduced and implemented the Advanced Honda Corporate Governance (AHCG), and other FS compliance programs, including Basel II, Financial Institutions Anti-Money Laundering Act (FINTRAC–Cdn)/ (FINCEN–U.S.)

• Championed and manager PwC and BDO Risk, Technology and Security Assurance Services with a client portfolio of over 50 clients in vast industrial sectors.

• Successfully worked as a virtual CISO for a start-up Tech Company.

• Through Powers Resources Corporation: Wrote and published CPA, CMA and CIA educational and training materials. PROFESSIONAL EXPERIENCE

GFL Canada IT Audit Manager March 2020 to Present

• Manage all aspects of IT Audit including SOX IT Audits. Cyber Security reviews, Operational audits, Data analytics, 3rd party SOC reports review and handling all aspects of IT Audit processes and procedures.

• Acted as a hybrid between an IT audits and CPA/ operational audits, and I am responsible for successfully executing on both the SOX/ NI52-109 and Internal Operational Audit Programs and Plans.

• Responsible for IT Vendor Management including Vendor selection due diligence, monitoring and risk Assessment.

• Assess and report on the design and effectiveness of entity controls, ITGCs and application controls and identify, assess and report on deficiencies by testing performance of IT controls against company policies, external regulations (incl. SOX or Bill 198), system requirements and IT risk and control frameworks (e.g. COBIT, ITIL, COSO, ISO, Cybersecurity);

• Prepare and/or assist with documenting audit findings and recommendations through written memos or audit reports that mitigate risk, improve operations and reduce costs;

• Monitor, validate and report on the implementation status of management action plans resulting from audit engagements and SOX/Bill 198 assessments/ SEC reporting;

• Provide advisory services, investigations and other ad hoc projects;

• Provide effective communication and education of the internal control policies;

• Provide support to the business to implement IT and operational improvements;

• Liaise with external auditors to provide support for internal IT controls and SOX assessments and to discuss any internal audit issues;

• Manage assigned IT and Operational audit projects and staff ONLINE BUSINESS SOLUTIONS Senior Security Consultant March 2019 to March 2020

• Head PCI and Cyber Security audit assessments for medium to large corporations while reporting to OBS PCI director. Orchestrated strategies for business development while responding to Canadian PCI-DSS RFPs and carrying out client PCI- DSS gap assessment/readiness.

• Provided support in Global (United States and Europe) PCI-DSS assessment reviews for various companies, including TD Bank, RBC, Conduent, Estell Lauder, JC-Penny, Citi-Bank, The Cheesecake Factory, and Hertz.

• Develop and refined (process reengineered) IT Security standards and processes controls in-line with best industry frameworks (ISO 27001/27002, PCI DSS)

• Defined assessment /audit scope by reviewing, documenting and understanding clients’ high-level system architecture and data flows

VERIZON SECURITIES Senior Security Consultant October 2017 to March 2019

• Devise and implement plans to handle all Canadian PCI-DSS mandates as resident Canadian QSA while reporting to Verizon North American /Global PCI Manager.

• Orchestrated strategies for business development while responding to Canadian PCI-DSS RFPs and carrying out client PCIDSS gap assessment/readiness.

• Provided support in Global (United States and Europe) PCI-DSS assessment reviews for various companies, including TD Bank, RBC, Conduent, Estell Lauder, JC-Penny, Citibank, The Cheesecake Factory, and Hertz. BDO CANADA TRS/ RAS Controls Manager (Contract) January 2015 to October 2017

• Managed all aspects of the Technology, Risk, and Security (TRS) and Risk Assurance practice covering the System Process Assurance (SPA), GRC/ Compliance Assurance and Controls for a wide range of clients looking at IT Security and performance Risk Assessment against best industry frameworks like COBIT, ISO 27001/27002, PCI DSS, HIPPA, PRICEWATERHOUSECOOPERS (PWC) TRS/ RAS Controls Manager January 2013 to February 2017

• Managed the Technology, Risk and Security Assurance Service Controls teams. My role was to manage all aspects of the Technology, Risk, and Security (TRS) and Risk Assurance practice covering the System Process Assurance (SPA), GRC/ Compliance Assurance and Controls for a wide range of clients mainly looking at:

• Facilitate my clients design and implement IT risk and control solutions that reflect a complex and fast- changing technological landscape and leverage investment in IT for maximum business benefit and adherence to set regulations using frameworks like COBIT, PCI-DSS, ISO, HIPAA, NIST and Privacy, Cyber Security/ vulnerability assessments.

• Enabled my clients build internal and external confidence in their business performance, both financial and non- financial, through the provision of independent advice and assurance. Third Party Assurance using recognized standards e.g. ISAE 3402/SSAE 16, AT101 SOC reporting.

• Facilitated my clients in their design, implementation, testing and optimization of their internal control environment, including the provision of advice, Policy and procedures updates, Business continuity and Disaster recovery plans and Controls design and effectiveness assessment: SOX /CEO/CFO certification.

• Provided support to clients for obtaining effective, value oriented, future-facing Internal Audit assessments and conducting field audits of all with emphasis on Data security in all its form (Data at rest, Data in transit and Data in use).

• Successfully worked as a virtual CISO for a start-up Tech Company. Additional experience

• SOX/Internal Audit IT Consultant at Johnson and Johnson Medical (2012), and at SiriusXM Radio (2011 to 2012),

• SEC Reporting/SOX Project Lead at Honda Canada Finance Inc. (2008 to 2011),

• SEC Reporting/SOX Consultant Advisor at XM Radio (2007 to 2011),

• SEC Reporting/SOX Project Lead at Hydrogenics Corporation (2005 to 2007),

• SEC Reporting/SOX Consultant at Jefferson Wells International (2004 to 2005),

• SEC Reporting/SOX Consultant at MCI (Canada) Telecommunications (2004),

• Finance Consultant at Assante Advisory Services Ltd. (2002 to 2004),

• Accountant at Jewelstone Systems Inc. (2002),

• Financial Accounting Manager at South-Africa (SA) Alliance Air (1995-2002)

• Lead Auditor (Senior) at PricewaterhouseCoopers(PwC) (1992-1995 EDUCATION AND CREDENTIALS

Middlesex University, London UK: Bachelor of Arts (Hons) in Accounting: 2002 Certifications

• ISO 27001 Lead Implementer Certification: 2019

• PCI – DSS Qualified Security Assessor (QSA):2016

• Certified Information System Audit (CISA):2013

• Certified Fraud Examiner (CFE): 2001

• Certified Public Accountants (CPA): 2001

Award

PWC CEO 2013 annual award: Team Category

Contact this candidate