ALAN JONES

MSIS, CISA, CRISC, PMP, ITIL,

Hebron, Kentucky

859-***-****

adzw9h@r.postjobfree.com linkedin.com/in/alan-jones-professional

SUMMARY

Information Technology Professional with a formal Master’s Degree in information systems: IT Audit, re-enforced with professional certifications in (CISA) Auditing Information Systems w/Top 10% Score, (CRISC) Certified Risk and Information Systems Controls, (PMP) Managing Information Technology Projects, and (ITIL) enhancing Information Technology Service Support and Delivery to include Change Control, Configuration Management, Incident / Problem Management etc. My extensive experience includes: 1) Project Management (SDLC, ERP (SAP, DYNAMICS AX, JDE, and SITELINE/SYMEX) Infrastructure consolidation, Data Mining, and Migration, 2) Risk Management & Analysis, and 3). Auditing Information Systems both nationally and internationally (SOX, COBIT: HIPAA, PCI, FERPA, Social Media, Business Impact Analysis/Disaster Recovery Plan, Business Analysis, Balanced Scorecard, and Project Management / Project Audits). Additionally, my drive, creativity, work ethic, positive approach, professionalism, and superlative communication, will help you to achieve Audit, Risk, and Project cooperation, teamwork, industry best practices, effective remediation of control deficiencies, and quality project deliverables.

PROFESSIONAL EXPERIENCE

ONEMAIN FINANCIAL (Evansville, Indiana) 1/2019 – Present

Information Technology Auditor -Senior w promotion to Lead in 6/2021

Partner with / Lead new IT Audit team to establish and adopt an unnavigated internal IT Audit approach for the largest non-banking consumer loan company in the United States. Promote “outside the box” controls and risk approach utilizing a mixture of ISO, Cobit-19, ITIL, and NIST methodologies. Utilize skill set to perform intense detailed walkthroughs with client team, record client feedback and information in, necessary critical thinking, bold direct communication, and professional relationship development.

Review the practices, testing, and remediation of prior internal SOX, Operations, and Financial Audits, to ensure proper approach, control and audit gaps, and appropriate follow through of test of design and effectiveness.

Utilize experience, skills, training, and education, to achieve annual audit goals.

Maintain accountability as a role model, leader, and educational resource for all clients and departments while performing with passion, devotion, and drive.

Initiate and develop an enhanced audit collaboration with client personnel / personalities, providing seamless I T Audit, and Controls Maturity Measurement.

Planning the client audit to include identifying and ranking risk levels, discovery of mitigating controls and control gaps, test script development, and testing and evaluating the effectiveness of design and effectiveness of execution for each identified control.

Identify and document all key processes using MS Visio flow chart skill set.

Identify and explain key supportive IT Audit Infrastructure and Controls utilizing basic MS PowerPoint topography diagram development skill set.

Perform highly sensitive and detailed, one-to-many, audit interviews and walkthroughs with the client to garner, understand, and compose exemplary and thorough written process narratives to help drive the audit to a successful outcome.

Test all identified controls and any / all pertinent policies, processes, procedures, and standards, for client information systems.

Successfully compose audit report for client. Ensure timely communication with client to best partner and address issues and secure clients remediation plan.

Build new IT Audit documentation and tools to positively impact and enhance department’s ability to undertake IT Audit tasks and objectives.

Lead the department in the adoption and implementation of COBIT 2019.

SCOPE TECHNOLOGY SOLUTIONS LLC (Hebron, Kentucky) 6/2018 – 12/2019

Independent Consultant: Information Technology Auditor, Risk Management, GRC, Cybersecurity, and Project Management

Consulting with clientele per contracted requirements.

INTERSTATES CONTROL SYSTEMS (Cincinnati, Ohio) 5/2017 – 4/2018

Senior Cybersecurity Analyst

Interfacing with internal leadership and external clients to develop regulatory policies & procedures, ensuring secure process controls of network design, providing technical and design recommendations for the implementation of firewalls and other network security and compliance controls, and providing technical documentation of network traffic as well as security system (firewall) solutions. Performing Operational Technology (OT) and Information Technology (IT) cybersecurity assessments while building value-added relationships promoting the design, documentation, and implementation of the following:

System Security configuration controls for common operating systems

Maintaining the ability for attack mitigation and incident response.

Developed technical content and presentation(s) for cybersecurity training and requirements.

Developed cybersecurity controls assessment form (CCAF) for auditing Internal, and Client facing, project managers and projects.

Maintaining cyber security policies and implementing procedures.

Assisting internal management and external clients with the development of remediation plans.

General Data Protection Regulation (GDPR) review, analysis, preparation, controls audit, and remediation.

Assisting with client network scanning /packet capture to eliminate rogue access points.

TEMPUR SEALY INTERNATIONAL (Lexington, Kentucky) 12/2016 – 2/2017

Senior Global Information Technology Auditor

Formally preparing organization for its first formal Internal Information Technology Audit in four years by assessing current IT Control status, future IT Control status goals and objectives, and establishing an effective and efficient plan to reach those IT Control goals and objectives.

Reviewed current IT Policies and Procedures for control gaps and made recommendations for effectively and efficiently implementing necessary documentation to tighten weak policy and procedural areas.

Reviewed current ITGC Controls, for gaps, substandard documentation, and developed recommendations for improving and tightening IT Audit Controls and standards by utilizing COBIT, ITIL, PMP, ISACA, IIA, and COSO frameworks.

Participated as Internal IT Audit liaison for corporate wide MS Dynamics AX 09/12 Project Implementations for Poland, Canada, and United States to include: Role Based Access tool purchase and implementation, improving Change Control Risk Identification and Ranking, Data Migration, Security, and Project Management procedure and strategies.

Completed SSAE16 SOC 1 and 2 report management for multiple outsourced vendors to include bridge letter, 107GL document review and consolidation with management response documentation.

SCOPE TECHNOLOGY SOLUTIONS LLC (Hebron, Kentucky) 4/2008 – 2/2017

Manager: Information Technology Auditing and Project Management

Consulting with clientele per contracted requirements for Information Technology Auditing and Information Technology Project Management. Information Technology Audits include compliance with client's Internal Audit Charter and Internal Audit Plan, Risk Assessment, and Regulatory mandates from SOX, PCI, FERPA, and HIPAA. Performed IT Audit engagement from preparation, kick-off meeting, interviews, walk-throughs, risk assessment / evaluation, scoping of audit, testing (ITCG, Security, Disaster Recovery, Business Continuity, and COBIT, ISACA, IIA, PMP, and ITIL standards and best practices), formal report writing, submission, and advising. Information Technology Project Management includes ERP, SDLC, addition of software functionality, Data Mapping, Data Formatting, Data Migration, Business Continuity, Disaster Recover, and Infrastructure Consolidation. Project Management contracted points of entry included: Initiation, Planning, and Managing. Successfully lead and managed variable sized project teams (5 -250).

Initiated and developed enhanced audit transparency, communication, and collaboration with client personnel / personalities, providing seamless I T Audit, and Controls Maturity Measurement.

Utilized creativity and experience to offer effective recommendations for exceptions and deficient control / process areas for small – medium sized organizations.

Evaluated the proper design of internal controls and minimized the “cost to control” while maximizing the “value of control” while increasing External Auditor use of controls testing (10% up to 52%).

Audited policies, processes, procedures, and standards, for client information systems, controls, and governance: establishing process and procedure maturity levels within a 4-year period.

Established an I T Audit Scorecard resulting in enhanced cooperation, motivation, and success, towards developing and maintaining best-practice controls: reducing expenditures on external audit by 25%.

Completed clients SSAE16 SOC 1 and 2 report management for multiple outsourced vendors to include bridge letters, 107GL document reviews, and consolidation with management response documents.

Successfully lead and managed Information Technology Project Teams (5 -250) in the execution, organization, motivation, and fulfillment of producing quality deliverables.

Provided Project Guidance, when requested, which positively impacted schedule and budget of ERP and SDLC initiatives resulting in 100% correction of over budget and behind schedule projects.

Averaging 4.73 evaluation rating during 8.5 years of (CCER) Consultant Client Evaluation Reviews: organizational high mark.

BEMIS INC (Oshkosh, Wisconsin) 3/2006 – 4/2008

Supervisor: Information Technology Internal Auditing / SAP Controls & Compliance Team Lead

Built and supervised (1-2 auditors) internal Information Technology Audit function, within twenty states and three continents, for national leader in industrial / consumer packaging industry (four-billion dollars in revenue). Performed the IT Audit function from engagement preparation, kick-off meeting, interviews, walk-throughs, risk assessment and evaluation, audit / system scoping, testing (ITCG, Security, Disaster Recovery, Business Continuity, and COBIT, ISACA, IIA, PMP, and ITIL standards and best practices), formal report writing and submission, advising on remedial areas and concerns, and remedial controls testing.

Planned, conducted, and managed organizations first domestic and international Sarbanes Oxley 404 (SOX) audits including financially integrated risk assessments, general controls, application controls, and security.

Performed audit engagement opening / closure meetings, including formal written reporting with impact analysis and recommendations for remediation, and built IT Audit relationships.

Enhanced scope of organizational I. T. Audits, while supervising /coaching I T Audit team during audit engagements.

Conceptualized, developed, and implemented organizational “I. T. Audit Scorecard”: increasing corporate enthusiasm to excel in achieving vital I.T. Audit controls on an annual basis.

Advisor to SAP project committee on identifying project risks, filling key project management needs, and establishing necessary I T Audit project controls.

Completed formal training on Auditing SAP controls while advising SAP project committee on identifying project risks, filling key project management needs, and establishing SAP Project Audit Plan for 6-year implementation within entire geographical location of organization.

Assisted in uncovering fraudulent financial activity and recovery of $250,000.

FANNIE MAE (Consultant) COMSYS / TSFG (WASHINGTON, D.C.) 4/2005 – 4/2006

Senior Project Manager of Restatement Operations / Project Auditor

Successfully managed and motivated project team (two hundred members) in developing parallel application(s) to remedy seven-year restatement of financial reporting.

POMEROY I.T. SOLUTIONS (Hebron, Kentucky) 4/2003 – 3/2005

Manager of Change Control /Internal I.T. Auditor / Project Manager /Business Systems Analyst,

Successfully directed and managed the Change Control process as Change Manager for all I.T. infrastructure and application improvements. As corporation’s first Internal IT Auditor, assisted in uncovering 60-day fraudulent financial activity and recovery of $5,000. Successfully achieved “passing grade” for companies first external I. T. SOX Audit including “role model” status for corporate audit function and change control process.

EDUCATION AND CERTIFICATIONS

Master of Science Information Systems, Concentration in I.T. Auditing

Pinnacle Honor Society Member: Advanced Proficiency with Microsoft Office Applications

Northern Kentucky University (Highland Heights, Kentucky)

Bachelor of Science Degree in Business Management and Marketing

Minnesota State University (Mankato, Minnesota)

CISA: Certified Information Systems Auditor: ISACA

CRISC: Certified Risk and Information Systems Control: ISACA

PMP: Project Management Professional: -Southwestern Ohio Chapter Member

ITIL: Info Tech Infrastructure Library: Foundation Certification

PERSONAL INTERESTS AND AFFILIATIONS

Florence, Kentucky Good Will: Led and participated in local clothing donation drive.

First Church of Christ: Contributing to important community causes.

Contact this candidate