It Audit Compliance Consultant
Resume:
Gerald Asche
516-***-**** - *********@*****.***
Professional Summary
I am an IT Audit and Compliance consultant with considerable knowledge of NIST, SOX, PCI, PII and NYDFS regulations. I have strong diversified business experience, am able to understand technical concepts, and describe them in plain English. Plus, I have a technical background including administration of Microsoft and Cisco products.
Skills
Proficient in creating compliance documentation
Internal controls evaluation
Expert in corporate audit databases
Audit management
Effective training delivery
Regulatory compliance knowledge
Advanced legal research
Documentation review and revisions.
Regulatory compliance reporting
Work History
08/2021 to 05/2023
IT Compliance Consultant
Abbott Laboratories & Electronic Arts (EA) - Remote
Developed vendor management questions based on NIST and ISO standards for Archer tool implementation.
Coordinated IT GRC policy revisions, including creating a comprehensive Network Security policy and updating Data Classification summaries.
10/2020 to 12/2020
Identify and Access Management Consultant
Bridgehampton National Bank (now Dime Bank) – Hauppauge, NY
Assessed user access for over 500 users across 150+ financial applications in preparation for a major merger.
Gained in-depth knowledge of banking applications, including Fiserv Navigator, Fiserv Director, and Axiom.
08/2019 to 06/2020
IT Audit, Governance, Risk Management, and Compliance Consultant
Equitable Holdings – Syracuse, NY
Ensured compliance with NYDFS Cybersecurity Regulation (23 NYCRR 500).
Reviewed Azure backup procedures and validated test/production environments for penetration testing.
06/2016 to 06/2019
IT Audit Consultant
Estee Lauder Companies (ELC) – New York, NY
Monitored daily change management logs for IT servers, applications, and databases under SOX scope.
Analyzed SIEM reports from IBM QRadar and McAfee FIM, ensuring proper authorization for technical changes.
09/2015 to 06/2016
NIST Compliance Consultant
Presbyterian Hospital – New York, NY
Managed major IT audit based on NIST framework.
08/2014 to 09/2015
Compliance Consultant
North Carolina Department of Transportation (DOT) – Raleigh, NC
Managed implementation of security requirements for new online applications, updated policies for PCI, PII, and NC state regulations, supervised IBM Guardium implementation for DB2 data,.
Served as IT security subject matter expert for RFP evaluations and developed best practice guidelines.
02/2014 to 08/2014
IT Vendor Risk Assessor Consultant
Bank of America – Various IT Vendor locations
Conducted IT security control reviews of contracted vendors based on PCI standards.
Managed RSA Archer modules for policy, risk, compliance, and vendor management, effectively communicating penetration test results as business risks.
01/1990 to 01/2014
IT Audit, Governance, Risk Management, and Compliance Consultant
Various Organizations – New York, NY
Time Warner, CBS Inc., Paramount.
Recent Accomplishments
Developed interview questions for corporate vendors in alignment with NIST, SOX, and ISO standards within the Archer vendor management tool.
Enhanced IT policies to maintain compliance with NIST, SOX, and PCI.
Led projects to certify compliance with federal, state, and industry IT regulations.
Conducted comprehensive IT compliance audits, analyzing networks, operating systems, and ERP software (Windows, Cisco Routers, Linux, UNIX, SAP, Oracle, SQL Server).
Reviewed logs of servers, applications, and databases for SOX compliance, ensuring proper authorization and documentation of changes.
Investigated irregularities, collaborating with technical support teams to verify changes.
Presented detailed reports to senior management, highlighting compliance status.
Utilized ServiceNow and RSA Archer for reporting IT audit and compliance issues.
Education
Bachelor of Arts: Business Administration
Long Island University – Southampton, NY
Contact this candidate