IT SOX & Risk Assurance Leader resume
Resume:
Sylvester Greenwood III, CISA
New Jersey *********@*****.*** https://www.linkedin.com/in/sgreenwood-cisa
Professional Summary
Performance-driven IT SOX & Risk Assurance Leader with 15+ years of experience managing technology risk, internal controls, and compliance programs for Fortune 500 and high-growth companies. Proven success leading ITGC & technology audits, risk assessments and remediation projects across hybrid environments. Skilled in Sarbanes-Oxley (SOX 404/302) program management, GRC system integration, and cross-functional collaboration with engineering, security, and finance teams. CISA-certified with Big 4 advisory experience and a strong focus on driving control maturity, continuous improvement, and operational excellence.
Core Competencies
SOX 404/302 Program Management ITGC Testing & Remediation Cloud Compliance (AWS – in progress) GRC Tools (AuditBoard, Workiva, Archer) Risk & Control Frameworks (COSO, COBIT, NIST, ISO 27001) Agile / DevOps Risk Governance Data Analytics & Dashboards Cyber & Privacy Controls Continuous Controls Monitoring GDPR
Professional Experience
PSEG December 2023 – present
Audit Project Leader – Internal Audit
Led end-to-end IT SOX and operational audits for key enterprise systems, infrastructure and cybersecurity processes.
Developed audit planning memos, scoping documents, and risk assessment matrices aligned with BPU and FERC standards.
Presented project status, key milestones, and findings to senior management and Audit Committee stakeholders
Key Achievements:
Enhanced IT risk assessment documentation, improving coverage accuracy by 25%.
Streamlined reporting cadence, reducing audit cycle time by one week.
KPMG January 2022 – November 2023
Senior Associate – Advisory, Technology Risk Management
Co-managed a $1.5 M SOX IT audit engagement for a multinational life-sciences client, overseeing design and operational testing.
Supervised and coached 5 associates on IT audit methodology and client-engagement best practices.
Developed corrective-action plans reducing repeat deficiencies by 30%.
Built process flowcharts and control matrices for previously undocumented systems, enhancing audit readiness.
Prudential Financial July 2021 – December 2021
Project Management Associate, Risk Analyst
Worked with key stakeholders and control partners to ensure that IT risk metrics are collected, analyzed, and reported in a timely and accurate manner
Communicate the results of IT risk assessments to management in a clear and concise way.
Partner with management to develop and implement risk mitigation strategies.
Sumitomo Mitsui Banking Corp – Capital Markets April 2021 – July 2021
Audit Response (Contractor through Infinity Consulting Solutions) - Cyber Security and Information Risk
Managed a remediation project that was focused on enhancing pre-existing IT controls. Created and maintained a detailed project schedule and additional project documentation such as communication plans and decision logs. Responsible for day-to-day management of scheduling ad hoc IT walkthroughs with Subject Matter Experts (SMEs), obtaining and distributing of IT request items to the client’s internal auditors.
Created and presented dashboard to senior level management, which provides them with a snapshot and status of the project on a weekly basis (milestones, risks, weekly accomplishments, upcoming tasks).
Novartis International AG January 2021 – May 2021
Project Manager (Consultant via Axians Redtoo) Information Security and Risk Management (ISRM), Identity & Access Mgmt. (IAM)
Managed Executive Committee/C-Level IT project to evaluate the effectiveness of the Retention-by-Design process and requirements for the top twelve (12) Novartis Crown Jewel / GxP applications with Personally Identifiable Information (PII). Created and managed the project schedule and all related project documentation. Facilitated in-depth sessions with global Application and Business Owners to educate, analyze, and document the adherence to retention/archiving and purging processes, resulting in a new global roadmap and an actionable list of proposed execution projects.
Directed all aspects of the project including the creating and managing the project plan, risks assessment, issues, mitigations, and change requests with the global core and extended project teams
Forged critical partnerships with the Records and Information Management (RIM) team to develop a repeatable and standardized framework
Created and presented Executive-level Steering Committee dashboard to senior-level management on a reoccurring basis, providing them with the overall status, accomplishments, and decision items needed to ensure project success
Mizuho Securities USA LLC May 2020 – December 2020
Audit Coordinator (Contractor through Michael Page)
Information Technology Security Management (ITSM) Audit and Governance
Created and presented SOX dashboard to senior level management, which provides them with a snapshot and status of the project on a weekly basis (milestones, risks, weekly accomplishments, upcoming tasks)
Implemented internal testing process of SOX IT controls to validate the design and operating effectiveness of the in-scope SOX IT controls
Forged critical partnerships with the external audit team to develop a repeatable and standardized framework that could be utilized to manage all external auditors with whom Mizuho currently conducts business
Managed system inventory project that was focused on refreshing pre-existing Configuration Item (CI) records with new data and deleting CI records that consisted of applications and infrastructure assets subject to termination. Created and maintained a detailed project schedule and additional project documentation such as dashboard to communicate status updates with senior level management.
Created and presented SOX dashboard to senior level management, which provides them with a snapshot and status of the project on a weekly basis (milestones, risks, weekly accomplishments, upcoming tasks)
CohnReznick LLP May 2016 – May 2020
Manager, Technology Risk and Cybersecurity July 2019 - May 2020
Risk and Business Advisory Practice
Oversaw multi-million-dollar GRC and IT SOX audit programs across energy, life-sciences, and retail sectors.
Generated $900k+ in Advisory revenue by expanding client relationships and engagement scope.
Developed control-tracking dashboards, reducing external-auditor requests by 25%
Senior Consultant, Technology Risk and Cyber Security May 2016 - June 2019
Risk and Business Advisory Practice
As Senior Consultant, was selected to lead and manage one major audit project for a practice focused on the financial industry.
Demonstrated exceptional leadership skills through guiding team to focus on the client’s objectives; tracked progress to ensure project milestones were completed on time, on budget, and with desired results.
Increased efficiency by creating standardized dashboard templates and audit documentation process to apply to current/future projects
Co-managed a SOC 2 assessment on behalf of the Internal Audit department
Managed two project management staff
American International Group, Inc. December 2006 – May 2016
Manager I, IT Audit/Technology Infrastructure January 2014 – May 2016
Internal Audit Group
Directed audits across application and infrastructure domains (Windows, UNIX, mainframe) to assess SOX ITGC and change-management controls.
Coordinated with external auditors to achieve reliance and reduce redundant testing efforts.
Executed continuous-monitoring activities and reported emerging IT risks to audit leadership.
Senior Technology Auditor – Internal Audit Division December 2006 – December 2013
Performed application audit projects on key financial systems for the Corporate IT and Property & Casualty divisions of Internal Audit Department:
oAssessed input, process, and output controls and inspected the internal and external system interface
oPerformed infrastructure audit projects for the Corporate IT, Property & Casualty and AIG Global Services divisions of the Internal Audit Department including Firewalls; Database (e.g., MS SQL Server, IBM DB2, Oracle RDBMS); Operating Systems (e.g., Windows, UNIX, Linux); Mainframe (e.g., Top Secret, RACF); Cloud Technology (e.g., VMware)
oEvaluated key change activities for key business entities such as AIG Global Services and Corporate division. Developed and presented quarterly risk assessments to the client
oEnsured issues identified from audit reports were closed and verified according to the remediation target dates
oExecuted Sarbanes-Oxley (SOX) IT General Controls testing for the Corporate IT division of Internal Audit Department. Evaluated SOX and UAT testing performed by key members of the Corporate division and provided valuable feedback
oTrained summer interns in AIG’s internal audit methodology.
Education & Certification
MS, Information Systems - New Jersey Institute of Technology (NJIT)
BA, Information Technology – Rutgers University - New Brunswick
Certified Information Systems Auditor (CISA) – ISACA
Novartis ICE Silver & Bronze Certifications - Agile and Waterfall Project Management
New Jersey Life Insurance
Technical Proficiencies
Operating Systems: Windows, MacOS, UNIX, Linux
Applications: AuditBoard, Workiva, Archer, ServiceNow, CyberArk, SAP, Active Directory, Tableau, Power BI, Oracle, SQL Server
Frameworks: COSO, COBIT, NIST, ISO 27001, SOC, SOX 404
Programming / Tools: Python, R, Java, HTML, Alteryx (in progress)
Contact this candidate