Risk Management Analyst

IT Audit Manager/Risk Analyst

Qualifications Profile

Highly analytical, performance-driven, and solutions-oriented professional, offering extensive experience in leading all facets of information technology operational and technical audits, general controls, software development, risk management, and information protection and assurance within Fortune 500 companies.

Armed with solid expertise in program, financial, and data analysis, applications controls, and performance assessments. Expert at utilizing system development life cycle in successfully developing and delivering system specifications, audit assignments, and applications. Adept at establishing rapport as well as leading and collaborating with high-performing teams toward operational efficiency and productivity.

Areas of Expertise

Network Configuration

Project Management

Client Relations

Technical Resources Management

Financial Reporting

Account Management Practices Assessment

Continuous Process Improvement

Auditing

Strategic Planning and Implementation

Risk Analysis and Reporting

Professional Experience

Disys Phoenix, AZ

Risk Analyst/Consultant Jun 2017– Nov 2017

Assist the client with its risk and compliance activities, including supporting the company's risk management, compliance, client response, and IT governance processes.

Perform IT risk assessments for 150+ critical Reg Sci and 2000 indirect applications, theirs supporting operating systems and databases.

Understand, research and interpret regulatory and industry standards related to information and Cybersecurity in an effort to understand controls documented in the program and potential control gaps for the firm.

Knowledgeable in the client’s internal policies, standards and controls that impact the information security program.

Partner with Information Risk Management and Internal Audit in addressing questions relating to controls in partnership with process owners/SMEs. Address gaps, enhancements to controls as necessary.

Work across the corporation to assist with risk identification and mitigation activities associated with data protection, technology, and third parties.

Work with applications’ business and IT owners as part of Level 2 function to monitor, track and remediate risk assessments issues

Document risk assessments in the client’s central repository according to client risk assessment process.

Work with applications’ business and IT owners to close out open risk assessment issues in the clients’ central repository and verifying and certifying remediation activities.

EisnerAmper LLP New York, NY

IT Audit Manager Nov 2015–Jan 2017

Keenly oversaw all aspects of general IT and application controls, special projects, integrated audits, SOX attestations, and SSAE 16 assessments for external clients in various business sectors.

Took charge of completing tasks in compliance with IIA, COBIT, and COSO frameworks, as well as approving audit plans and budgets.

Offered technical assistance to the senior management within various businesses in identifying and addressing audit and risk issues.

Capitalized on industry expertise in performing the following:

-Assessment of risks to gain understanding of the IT environment of various companies

-Integration of Cyber risk management assessments, for critical clients’ application and systems;

-Oversight of the audit planning process, which included accomplishing audit risk assessment document (ARA) and managing on-site audit work such as staff work-paper reviews; and

-Development of computer-assisted audit tools including Excel and Visual Basic application for data analytics and operational efficiency and effectiveness assessment improvements.

Presided over engagement teams’ discussions concerning material misstatements risks; as well as regular staff meetings and communication regarding senior and executive management’s audit issues of clients.

Established timelines to assist audit teams in handling assigned areas of responsibility which included documents follow-up, information reporting requests, and program updates.

Made major contributions in achieving operational efficiency and effectiveness by developing viable solutions and value-added recommendations to determine and address issues while implementing process improvements.

Acquired and utilized understanding of internal controls over financial reporting; as well as of general IT control processes and technical configuration best practices in the networks, applications and client-server environments including Windows, AS400, Linux, and UNIX.

Served as a subject matter expert, responsible for leading assigned staff regarding internal and external technical resources utilization.

New York Power Authority White Plains, NY

Supervising Senior IT Auditor Feb 2015–Sep 2015

Ensured conformance with the Institute of Internal Auditors (IIA), North American Electric Reliability Corporation critical infrastructure protection (NERC-CIP) standards, control objectives for information and related technologies (COBIT), and COSO frameworks in completing assignments.

Rendered technical support in conducting Capability Maturity Assessment for the Department of Energy of the NYPA’s Cyber Security posture.

Created the NERC-CIP training manual for the Internal Audit Department.

Facilitated vulnerability assessments through the development of patch currency tool.

Accomplished all IT audits responsibilities in collaboration with the co-source audit vendor.

Performed data analysis to identify inconsistencies and trends and guide the Financial Team on particular areas

Led staff assessments while guiding the junior staff regarding audit engagement.

Perrigo Allegan, MI

Senior IT Auditor Jul 2011–Jan 2015

Provided keen oversight to all facets of IT audit engagements, which involved preparing audit programs, collecting and reviewing accurate and relevant information, as well as maintaining audit results documentation.

Carried out key tasks which included:

-Completion of assignments, in accordance with IIA standards and other appropriate authorities as well as approved audit plans and budgets;

-Compliance assessment of Sarbanes–Oxley Act (SOX) 404 for IT controls;

-Review of SSAE 16 assessments effectiveness; and

-Analysis of data for inconsistencies and trends to guide the financial team in addressing more rigors on particular areas.

Observed strict adherence to the department guidelines in corresponding audit results, producing formal written audit reports, and collaborating with the affected management regarding findings.

Steered efforts in improving control environment for business units by recommending plans.

United Technologies Farmington, CT

Senior IT Auditor Sep 2007–Oct 2010

Employed keen attention to detail in conducting Statement on Standards for Attestation Engagements (SSAE) 16 effectiveness reviews and SOX 404 compliance assessment for IT controls

Identified the materiality of findings and adequacy of IT operations by applying professional judgment.

Provided corrective action plans to improve operations and control environment for the Business Unit.

Facilitated and partook in exit conferences and UTC ACE initiatives.

Generated formal written audit reports, communicated audit results, and discussed findings with the management in compliance with the department guidelines.

PepsiCo Corporation Purchase, NY

IT Auditor Data Analyst Mar 2005–Aug 2007

Spearheaded IT audit engagements, which involved audit programs preparation, data gathering and analysis, and audit results documentation and reporting.

Adhered to the year’s audit plan in performing domestic and international IT and financial integrated audits.

Drove strategic business units toward operational efficiency and effectiveness, while providing recommendations to improve the control environment.

Assumed full responsibility in creating and maintaining an automated program for post audit monitoring reports compilation and dissemination for senior RMCA management.

Managed the department’s website containing information on methodology, tools, and past audit reports.

Earlier Career

New York University Hospitals Center New York, NY

Senior Financial Analyst

New York City Transit Authority New York, NY

Summer Intern

Morgan Stanley New York, NY

Senior Programmer Analyst

Merrill Lynch/Data Industries Jersey City, NJ

Consultant

Prudential Insurance Co/IBM Global Services Roseland, NJ

Senior Programmer Analyst

Education and Credentials

Master of Business Administration in Finance The City University of New York- Baruch College New York, NY

Master of Science in Computer Information Systems The City University of New York - Baruch College New York, NY

Bachelor of Science in Computer Information Systems The City University of New York - Baruch College New York, NY

Certified Internal Auditor (CIA) Part II and III Certification, In Progress, Expected Completion Date: Apr 2017

CSX Cyber Security Fundamentals Exam, September 2015

Technical Acumen

Operating Systems

IBM 390 UNIX Linux AS400 Windows Microsoft Component Object Model (COM)

Software

Enterprise Resource Planning Applications (SAP and JDE) Mainframe Technologies

Audit Applications (ACL, IDEA, TeamMate, and TeamCentral) Crystal Reports Visio

Domino OneNet WebPublisher STATGRAPHICS

ACCPAC Accounting Software

Programming Language

C++ Java ASP JSP Servlets ActiveX Visual Basic Visual FoxPro JavaScript WebLogic Visual Basic Script XML HTML

Database System

Microsoft Enterprise SQL Server SQL Access Dbase IV

Contact this candidate