Audit Manager Risk Management
Resume:
ERIC C. KRAYTON, CPA, CIA, CISA, CGEIT
*** *. ***** ***** ****, NJ 07719 732-***-**** adzelu@r.postjobfree.com
SUMMARY:
Audit Professional with extensive experience in IT Audits, Financial/ Business Systems Audits, AML audits, and investigations. Strengths include attention to detail, drive to improve efficiencies, reduce costs, and implementation solutions. Areas of expertise include:
Audits: IT & IT General Controls, Financial Operations,
Financial reporting: SEC, IFRS & GAAP Reporting, Banking Compliance Audits, and Regulatory Reporting Audits:
FFIEC 041, FFIEC 031, BSA, AML, Reg O, Basel III, CCAR NYDFS Cybersecurity Regulation (23 NYCRR 500), FINRA, BaFin, SOX, J-SOX, CobiT, COSO, Data Governance, ISO, ITIL, MAR Compliance, PCI DSS, HIPAA, EU GDPR, LPPD, PIPL, LGPD, UK DPA, CCPA, DAMA, SDCL Agile, NIST, cGMPs, GxP, GCP, FedRAMP, DFARS, CIS20, ITAR, CIS-20 Reg YY
Disaster Recovery Planning
Financial Systems Analysis, Design, and Implementation, Flowcharting & Process Mapping; Financial/ Quantitative Analysis
Supervision
Business Risk Analysis, Project & Enterprise Risk Management, Capital Markets Functions Analysis
EMPLOYMENT:
Experis, 100 Park Ave NY, NY 10017 (Project) 05/05/2023 to Present
Audit Manager Consultant with Citibank
As a consultant, my role involved reviewing the testing of internal controls against Reg-y to ensure that the controls were operating effectively and efficiently as designed.
Ensured the firm’s commitment to the regulators is being followed.
Collaborate with ICG Risk and Control teams to address MCA-related data quality issues.
Support operations of the CCB Global Assessment Unit (AU) and MCA Governance Entity (MGE), including control performance and centralized testing of controls.
Makes recommendations to automate/digitize controls, monitoring, and testing, where appropriate, using robotics, data retrievals, and other techniques.
Design solutions to streamline the input of control testing results in the Citi Risk & Controls (CR&C) system, including developing automated tools and enhancements to technology platforms.
Recommend improvements to MCA control and monitoring definitions to make them more efficient, effective, and globally consistent.
Mine data from the CR&C system to develop insightful analytics to improve MCA content and ensure consistency of risk ratings; identify risk and control trends and common themes within CCB across all geographies, product types, and functions.
Build a dashboard to assist visualization of analytics.
SI People, Cranberry Township, PA 16066 (Project) 11/07/2022 to 02/03/2023
IT Audit Manager Consultant with Deloitte in their (Audit & Assurance Group)
As a consultant, my role involved testing internal controls to ensure that the controls were operating effectively and efficiently as designed and that their cyber programs were operating within the requirements of the CIS-20 framework.
SOX Program Governance & Administration.
Participation in and documentation of the Scope & Coverage process.
Assist in coordinating with Internal Audit on the annual SOX testing plan.
Performance of walkthroughs & identification/validation of key controls.
Development of test procedures.
Execution and Documentation of testing.
Reporting of results.
Operational Audits for; Tax, Treasury Cash Management, Accounting, HR, Deposit Ops, Daily Rentals, Proof in Transit, and Legal.
Design IT controls and develops security plans.
Assist in mitigation efforts of open assessment items and open audit items.
Leads in risk committees.
Reviews and recommends security enhancements and presents them to end clients.
Develops IT Standard Operating Procedures (SOPs) to ensure they meet global requirements.
Audit program used TeamMate Plus.
The Judge Group 14 Wall Street 20th Floor New York City, NY 10005 (Project) 6/27/2022 to 10/23/2022
Audit Manager Consultant
As a PNC consultant, I performed audits on the Swap, Loan, and financial securities crimes operations to ensure they adhered to the Swap regulatory requirements.
Participation in and documentation of the Scope & Coverage process.
Assist in the coordination of the Internal Audit plans.
Regulatory Reporting Audits/Assessments of Dodd-Frank’s CFR Title 17 Chapter 1 Part 23 subpart J and audits on treasury cash management processes.
Performance of walkthroughs & identification/validation of key controls.
Development of test procedures.
Perform due diligence sanctions reviews on trade finance activities to ensure the process is effective.
Escalation of all significant sanctions-related matters to the audit and compliance committees.
Reporting results to audit committees, compliance committees, OFAC, and FinCEN.
Design IT controls and develops security plans SOX Readiness.
Assist in mitigation efforts of open assessment items and open audit items.
Perform case review/investigation findings and prepare case files for review.
Perform Database searches to aid in the resolution of investigations.
Examine financial statements/transaction data and other documents to identify unusual transaction patterns.
Perform Data protection impact assessments against EU GDPR, LPPD, PIPL, LGPD, UK DPA.
Report Suspicious Activity.
Investigate, analyze, and report cases of fraud and transactional abuses.
Utilized (SQL) to identify unusual activities.
Maintaining financial and sanction policies.
Work with internal Trade Surveillance and external Law Enforcement based on findings.
Audit program used TeamMate Plus.
MBO Partners, 20405 Exchange Street, Suite 301 Ashburn VA 20147 (Project) 4/26/2022 to 6/03/2022
Audit Manager Consultant with KPMG in their (Audit & Assurance Group)
As an Audit Manager Consultant, my primary responsibility involved testing of internal controls to ensure that the controls were operating effectively and efficiently as designed.
SOX Program Governance & Administration.
Participation in and documentation of the Scope & Coverage process.
Assist in coordinating with Internal Audit on the annual SOX testing plan.
Performance of walkthroughs & identification/validation of key controls.
Development of test procedures.
Execution and Documentation of testing.
Reporting of results.
Perform Data protection impact assessments against EU GDPR, LPPD, PIPL, LGPD, UK DPA.
Design IT controls and develops security plans SOX Readiness.
Assist in mitigation efforts of open assessment items and open audit items.
Audit program used TeamMate Plus
SSI People, Cranberry Township, PA 16066 (Project) 11/01/2021 to 3/27/2022
Sr. IT Auditor Manager Consultant with Deloitte in their (Audit & Assurance Group)
As a Sr. IT Audit Manager Consultant, my role involved testing of internal controls to ensure that the controls were operating effectively and efficiently as designed and that their cyber programs were operating within the requirements of the CIS-20 framework.
SOX Program Governance & Administration.
Participation in and documentation of the Scope & Coverage process.
Assist in coordinating with Internal Audit on the annual SOX testing plan.
Performance of walkthroughs & identification/validation of key controls.
Performed audits on treasury cash management processes.
Development of test procedures.
Execution and Documentation of testing.
Operational Audits for; Tax, Treasury Cash Management, Accounting, HR, Deposit Ops, Daily Rentals, Proof in Transit, and Legal.
Reporting of results.
Design IT controls and develops security plans.
Report Suspicious Activity.
Investigate, analyze, and report cases of fraud and transactional abuses.
Utilized (SQL) to identify unusual activities.
Assist in mitigation efforts of open assessment items and open audit items.
Leads in risk committees.
Reviews and recommends security enhancements and presents them to end clients.
Develops IT Standard Operating Procedures (SOPs) to ensure they meet global requirements.
Audit program used TeamMate.
HCL America, 200 Lucent Ln, Cary, NC 27518 (Permanent) 04/17/2017 to 10/14/2021
Sr. Manager Audit and Compliance Sr. Manager: Supports the IT Enterprise Group during the pre-implementation and post-implementation phases to ensure that HCL clients comply with all relevant regulatory matters.
Perform assessments on companies implementing Cyber frameworks and on Personal Privacy data compliance requirements, including CCPA EU GDPR, LPPD, PIPL, LGPD, NIST 800-53, and UK DPA.
Work on value-adding activities such as knowledgebase update & management, Training, coaching analysts & conducting interviews/participation in hiring drives.
Conduct periodic internal reviews or assessments to ensure compliance with procedures.
Conduct or direct the internal investigation of compliance issues.
Assess product, compliance, or operational risks and develop risk management strategies.
Identify compliance issues that require follow-up or investigation.
Disseminate written policies and procedures related to compliance activities.
Verify that software technology is in place to provide oversight and monitoring in all required areas adequately.
Serve as a confidential point of contact for employees to communicate with management, seek clarification on issues or dilemmas, or report irregularities.
Maintain documentation of compliance activities, such as complaints received or investigation outcomes.
Consult with corporate attorneys as necessary to address complex legal compliance issues.
Discuss emerging compliance issues with management or employees.
Advise internal management or business partners on implementing or operating compliance programs.
Provide employee training on compliance-related topics, policies, or procedures.
Assist internal or external auditors in compliance reviews.
Prepare management reports regarding compliance operations and progress.
Monitor compliance systems to ensure their effectiveness.
Report violations of compliance or regulatory standards to duly authorized enforcement agencies as appropriate or required.
Oversee internal reporting systems such as corporate compliance hotlines and inform employees about these systems.
Perform due diligence sanctions reviews on trade finance activities to ensure the process is effective.
Escalation of all significant sanctions-related matters to the audit and compliance committees.
Reporting results to audit committees, compliance committees, OFAC, and FinCEN.
Design IT controls and develops security plans SOX Readiness.
Assist in mitigation efforts of open assessment items and open audit items.
Perform case review/investigation findings and prepare case files for review.
Perform Database searches to aid in the resolution of investigations.
Examine financial statements/transaction data and other documents to identify unusual transaction patterns.
Keep informed regarding pending industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes.
Design or implement improvements in communication, monitoring, or enforcement of compliance standards.
Verify that all firm and regulatory policies and procedures have been documented, implemented, and communicated.
Direct the development or implementation of compliance-related policies and procedures throughout an organization.
Report Suspicious Activity.
Investigate, analyze, and report cases of fraud and transactional abuses.
Utilized (SQL) to identify unusual activities.
Review or modify policies or operating guidelines to comply with environmental standards or regulations changes.
Drafts IT Internal Control Language and EU GDPR Language for client’s 3rd party Suppliers and negotiation terms.
Experis, 100 Park Ave NY, NY 10017 (Permanent) 10/2014 to 04/2017
Sr. Audit & Risk Professional: Reviewed auditors' work product and the delivery of client’s engagements for the following type of audits assessments and implementations of internal control programs:
Operational Audits for; Tax, Treasury Cash Management, Accounting, HR, Deposit Ops, Daily Rentals, Proof in Transit, and Legal.
Financial GAAP reporting audits.
Conducted audits on third-party vendors to assess security programs and determine whether data safeguards are in place and their internal controls are operating efficiently.
Conducted audits and assessments on the credit risk modeling and regulated reporting processes for the following portfolios: SBA, Wholesale Nonrecourse, Consumer Credit, and Retail Credit.
Reviewed and commented on third-party Service Provider’s SSAE16 reports, whether to determine if an audit is required due to reported internal control insufficiencies.
Conducts Anti-Money Laundering Audits and Risk Assessments concerning CIP, KYC, Training, Reliance on Third Parties, Foreign Correspondent Certifications, 314a Procedures, Surveillance, Economic Sanctions, Compliance, Monitoring & Investigation (SAR, CTR, and OFAC), and Testifying at Legal Proceedings.
Performed application control audits on banking and trading systems.
Perform general IT and application controls testing against the security frameworks: Cobi, ISO, ITIL, PCI DSS, DAMA, SDCL Agile, NIST, FedRAMP, DFARS, ITAR, and CIS-20.
Regulatory Reporting Audits/Assessments; Supervisory Capital Assessment, Dodd-Frank; stress testing, Basel III, CCAR FRY 9C, FRY 14M/Q/A, FFIEC 041, FFIEC 031, FINA; NYSE Rule108 (Limitation on Members' Bids and Offers, NYSE Rule 342 Offices-Approval Supervision and Control, NYSE Rule 440 Books and Records, BSA, AML, Reg O, Reg W, FCRA, Reg B, 1099 and TCPA.
Conducts IT Transactions Testing on AML Applications (Application controls, Change Management & Security).
Implemented a Comprehensive Capital Analysis and Reviews (CCAR) program.
Performed audits/assessments on the regulatory reporting for Supervisory Capital Assessments under Dodd-Frank involving; Stress testing, Basel III, and CCAR.
Collaborates with Application Managers and Businesses to support the implementation of Quality Plans and institutes Corrective Actions and Preventative Actions.
Report Suspicious Activity.
Investigate, analyze, and report cases of fraud and transactional abuses.
Utilized (SQL) to identify unusual activities.
Performs Health Checks on all U.S. IT applications to ensure that all daily and quarterly Monitoring and Housekeeping items are being completed timely and that they are ready to be audited during this process, ensures compliance with Standard Operating Procedures (SOPs) and that Current Good Manufacturing Practices (cGMPs) are followed.
Facilitates the preparation and follow-up on internal and external audits.
Conducted awareness and education training sessions to promote best practices, security, and Social Engineering events.
Provides guidance regarding IT risk, recommendations, and courses of action to be taken regarding the remediation and mitigation of the risk.
Develop Policies, Procedures, Standards, Governance Risk practices, and Compliance frameworks.
Advised Management on regulatory compliance issues practices for federal and state regulations.
Monitors and manages internal audits and external audits.
Conducts PCI audits and reports finds to the management and audit committee.
Adecco Finance, Parsippany, NJ (Project) 8/2013 to 1/2014 and 8/2014 to 10/2014
Sr. IT Auditor Consultant with Prudential in the (Enterprise Risk and Control Evaluation (ER&CE) Group
As a Consultant, my Primary responsibility includes independent control testing services to ensure that the Company's Sarbanes Oxley Section 404 Compliance Program is carried out effectively and efficiently. The Analyst, Operational Risk Management, is responsible for assisting the team in carrying out the following program components in coordination with Internal Audit, Corporate Controller, Business Unit Risk, and External Auditors:
SOX & MAR Program Governance & Administration.
Participation in and documentation of the Scope & Coverage process.
Assist in coordinating with Internal Audit on the annual SOX testing plan.
Performance of walkthroughs & identification/validation of key controls.
Development of test procedures.
Execution and Documentation of testing.
Reporting of results.
Design IT controls and develops security plans.
Assist in mitigation efforts of open assessment items and open audit items.
Leads in risk committees.
Reviews and recommends security enhancements and presents them to upper management.
Implemented audit and assessment process efficiencies that produced reductions in operating costs.
Develops IT Standard Operating Procedures (SOPs) to ensure they meet global requirements.
Performs 3rd partly vendor assessments to determine if 3r party vendors meet IT company global standards.
Considers the risks versus potential business benefits of innovation and new technologies applied in the control while enabling the business to take maximum benefit.
Participation in initiatives associated with the implementation of the new Operational Risk Management framework, which may include:
Assisting with implementing operational risk management techniques such as Risk and Control Self-Assessment, Key Risk Indicators, Scenario Analysis, Loss Event Reporting, Model Risk Management, etc.
Helping to promote and build effective Risk Management culture and awareness throughout the organization.
Collebera, Morristown, NJ (Project) 3/2013 to 8/2014
Sr. IT Auditor Consultant with Bank of America Merrill Lynch (Fixed Income Currencies & Commodities and Broker-Dealer Trading
As a consultant, I was responsible for performing IT internal risk assessments and which included the following:
Assisting in the development and execution of a quality assurance testing program focused on identifying
and reporting the adequacy of Information Technology Controls for Broker-Dealer Systems on front and back-office operations.
Identification of key risks and corresponding controls.
Review system artifacts and meet with technology management to conclude on the effectiveness of IT controls.
Identify root causes of potential control deficiencies.
Partner with management in the development of remediation activities.
Generate scorecard reporting to communicate QA results.
Assist Technology Management in the execution of risk assessments.
Provide guidance to ensure assessments are executed consistently.
Review and validate the appropriateness of supporting documentation and accuracy of assessment results.
Generate scorecard reporting to communicate assessment results.
Regulatory Reporting Assessments; Supervisory Capital Assessment, Dodd-Frank; stress testing Basel III.
Support the execution of a PMO quality assurance program.
Review project management office-required artifacts to ensure adherence to firm standards.
Provide recommendations to improve SDLC / PMO control routines.
Generate scorecard reporting to communicate the level of adherence to PMO standards.
Provide structured solutions for retirement products, such as risk transfers, structured settlements, 401K, and Investments.
Intralinks Inc., NYC, NY (Permanent) 6/2012 to 3/2013
Audit Manager
Managed the audit function and performed IT internal/operational audits on the following: data database audits, IT security audits, financial book close audits, and SOX testing for both IT and operational areas. Conducted governance assessments and risk impact assessments based on CobIT and ITIL frameworks.
Created audit programs, SOX testing programs risk assessments programs.
Prepared findings and recommendations, presented them to the audit committee for operational and IT audits, and maintained the department budget.
Implemented internal control efficiencies by integrating functional-level lifecycles into one audit program for operational and IT audits.
Successively managed the prior year’s significant deficiency mitigation and minor deficiencies findings from our year’s old cycle.
Implemented corporate governance and IT governance initiatives standards.
Performed operational control testing throughout the entire organization.
Performed IT general controls testing on change management, problem and incidents reporting management, software development life cycle, Disaster Recovery Planning, physical access and environmental controls, third-party services, Application Security Controls for FRS and NIST, and Security Network Infrastructure, Developer, System Architect, End-User Computing (Spreadsheets).
Mentored and managed internal audit staff.
Rothstein Kass Company PC. 4 Becker Farm Rd Ste 202, Roseland, NJ 07068 (Permanent) 5/2009 to 4/2012
Sr. Advisory Manager
Managed and planned audit engagements and external engagements with a team of 4 auditors.
Reviewed auditors' work product and the delivery of client’s engagements for the following types of audits and assessments: IT general controls testing, business risk, IT audits for CobIT, ITIL, J-SOX, HIPAA, PCI DSS, and MAR, application control, data database, governance, security audits, business operational audits for SOX, COSO and MAR, BSA, AML, Reg O, Reg W, FCRA, Reg B, 1099, TCPA and financial reporting audits for GAAP, and SSAE16 standards, Asset Management and/or Hedge Funds, Credit Risk and Fraud Investigation/Detection.
Performed business and IT risk services engagements and industry regulation for Security and Privacy, including such requirements as Gramm-Leach-Bliley Act, FFIEC Information, Security and Bank Secrecy Act, KYC, and AML.
Conducts Anti-Money Laundering Audits and Risk Assessments concerning CIP, KYC, Training, Reliance on Third Parties, Foreign Correspondent Certifications, 314a Procedures, Surveillance, Economic Sanctions, Compliance, Monitoring & Investigation (SAR, CTR, and OFAC), and Testifying at Legal Proceedings.
Performed application control audits on banking and trading systems.
Performed audits/assessments on the regulatory reporting for Supervisory Capital Assessments under Dodd-Frank involving; Stress testing, Basel III, and CCAR FRY 9C, FRY 14M, FINA; NYSE Rule108 (Limitation on Members' Bids and Offers, NYSE Rule 342 Offices-Approval Supervision and Control, NYSE Rule 440 Books and Records.
Performed project management responsibilities such as tracking project status, monitoring of critical paths and key dependencies, and coordinating staff.
Analyzing and evaluating IT security risks and controls, network vulnerability assessments, firewall, remote access, DMZ, web filtering, Developer, System Architect, and security patch management responsibilities.
Performed infrastructure assessments on firewalls, VPNs, and network devise configurations to determine whether data Privacy is met.
Implemented audit and assessment process efficiencies that produced reductions in operating costs.
Implemented the following control environment initiatives for the following areas: SOX, J-SOX, and MAR.
Implemented a Data Quality and Data Management program for the Capital Analysis and Reviews (CCAR) process.
Implemented IT security standards under ISS Security, DAMA, FRS, NIST, and FFIEC initiatives.
Implemented IT framework under CobIT, ITIL, FFIEC DAMA, and ISO. Implemented internal control processes to meet the Custody Rule for Hedge Funds and Fund Administrators.
Setting control around investment products.
Additional Experience: US Customs Service, Lead Investigator, Tax Manager Vivendi Universal, Director of Tax Strategy at Lucent Technologies, Inc., and Director of Business Tax Systems at AT&T, Interactive Solutions LLC Audit Manager, Greater Community Bank chief auditor, Chief Auditor, and, G R Group Business Resource Solutions, Senior Auditor.
EDUCATION:
Graduate Certificate, Information Systems Design, and Development - New Jersey Institute of Technology, Newark, NJ
Bachelor of Science, Political Science Business Finance, concentration in Accounting - Rutgers University, New Brunswick, NJ
Technical Technology. Skills:
Crystal Reports, Teammate
IDEA, Monarch, Tableau, CAAT, ACL Scripts, ACL Data Analytical Tools, SQL Scripts Risk Navigator, Analytical tools, RSA-Archer Microsoft Access & Excel, ServiceNow, Cyberark, Oracle Identify Manager (OIM), ServiceNow IRM, TeamMate Plus, and Audit Board.
Certifications:
Certified in the Governance of Enterprise IT (CGEIT) Inactive
Certified Information Systems Auditor (CISA)
Certified Public Accountant (CPA) – Inactive
Certified Internal Auditor (CIA) – Inactive
Contact this candidate