Compliance SOX Audit Project Manager
Resume:
SUMMARY:
CISA-certified Financial Risk Manager with over 10 years of experience delivering risk, audit, and compliance solutions across Big 4 consulting, financial services, and banking clients. Proven expertise in AuditBoard platform administration, ServiceNow GRC, and SAP GRC for managing ITGCs, SOX compliance, and enterprise risk management programs. Skilled in leveraging SQL and Python for scripting, data processing, and automation of audit workflows. Developed interactive dashboards using Tableau to visualize control performance and risk trends. Executed API integrations between GRC platforms and enterprise systems including Workday, enabling real-time data exchange and workflow orchestration. Hands-on experience with Microsoft Power Automate for process automation and integration enablement. Strong understanding of regulatory frameworks and standards including COSO, SOX, and OAuth 2.0 authentication protocols.
Professional Skills: in-depth knowledge of SAP Security, ABAP/4, SAP Basis, Cyber Security, SOX Auditing, Compliance Risk Advisory and regulatory requirements.
GRC Tools: SAP GRC 5.3 to 1120, Audit Board (SOXHUB, Risk Oversight, Ops Audit), RSA Archer, IBM Open Pages, Metric Stream, Workiva, ServiceNow, Archer, MetricStream, ACL, Accelus, Tableau.
SOX Framework: NIST, ITSM, COBIT, COSO, ISO, HIPPA, HITRUST, ZERO TRUST, ITL, ISO, DSS, CIS, HIPAA, PCI, CAPA, GDPR, SOC1 & SOC2.
Certification: SAP America, CISA (Computer Information System Auditor), Security. PMP – Agile and SCRUM.
Career Break for Parental Support and Caregiving
Took time off to provide essential caregiving and support to my family members during the COVID-19 pandemic.
Stayed current with industry trends and maintained professional development through online courses and networking.
EDUCATION & CERIFICATIONS:
Bachelors in computer science and business management Osmania University
CISA Certified
SAP America – All Modules (boot camp)
Security Certified from Deloitte
PROFESSIONAL EXPEREINCE:
IT Auditor & Risk Consultant April 2024 to April, 2025
Sr. Manager ITPN Consulting, Chicago, IL
Clients: Client Advantage Solutions & Fannie Mae
Integrated AuditBoard and ServiceNow GRC with Workday to streamline financial controls, automate risk workflows, and centralize compliance data across finance functions.
Developed and executed SQL scripts to extract, transform, and load (ETL) risk and compliance data from enterprise systems for audit, reporting, and control monitoring purposes.
Used SQL within AuditBoard to pull, filter, and validate control testing and exception data for internal audits and financial risk assessments.
Automated financial risk reporting by integrating data pipelines between AuditBoard, Workday, and ServiceNow GRC, improving data accuracy and timeliness for compliance tracking.
Built custom data queries and risk dashboards using SQL for continuous monitoring of key risk indicators (KRIs), policy violations, and control effectiveness in financial processes.
Supported SOX compliance and control testing through structured data retrieval and processing from Workday into AuditBoard using SQL-based automation.
Administered the AuditBoard platform, managing system configurations, user access, templates, and workflow automation to support internal audit and SOX compliance.
Designed, configured, and led the integration of SAP GRC Access Control (AC), Process Control (PC), and Risk Management (RM) with S/4HANA Public Cloud, enabling real-time risk analysis, automated access workflows, and enforcement of policy compliance while mitigating Segregation of Duties (SoD) risks in a multi-tenant environment.
Developed and deployed automated workflows in Microsoft Power Automate to streamline control testing, evidence collection, and SOX reporting processes across multiple departments.
Implemented automated controls and SoD monitoring tools within SAP GRC, ensuring effective risk management, incident response, and continuous compliance across operational processes.
Implemented and managed compliance with major frameworks including SOX, GDPR, ISO 27001, and HITRUST CSF, conducting technical control assessments and gap analyses across cloud and on-prem environments.
Configured and customized IBM OpenPages GRC, tailoring workflows, risk assessment processes, control structures, and compliance frameworks across multiple risk domains.
Applied in-depth knowledge of COSO framework and SOX IT General Controls (ITGCs) in evaluating financial reporting risks, IT control design, and operational effectiveness.
IT Auditor & Risk Consultant Sep 2023 - Nov 2023
Manager Jefferson Wells, Pittsburgh, Pennsylvania
Client: Comerica Bank
Focused on key operational, accounting, and financial reporting controls within the assigned areas and scope for SOX reviews. Identified key controls, assessed controls for design deficiencies, updated process documentation, and leveraged platforms like AuditBoard and ServiceNow GRC for centralized control tracking and workflow automation.
Scheduled testing of operating effectiveness in compliance with test plans performed in SAP GRC, with extensive knowledge of modules automating Access Control (AC), Process Control (PC), Risk Management (RM), and Audit Management (AM) while utilizing AuditBoard and ServiceNow GRC to manage testing activities, issue tracking, and remediation follow-up.
Utilized SQL extensively for data extraction, transformation, and analysis from SAP GRC, AuditBoard, and ServiceNow GRC platforms to identify risk trends, control performance gaps, and support audit reporting.
Supported evidence collection and validation for HITRUST certification audits, ensuring alignment with NIST, HIPAA, and ISO 27001 control mappings within the HITRUST framework by integrating control data across SAP GRC, AuditBoard, and ServiceNow GRC for consistent reporting and traceability.
Implemented OAuth 2.0 authentication flows (Client Credentials, Authorization Code Grant) to enable secure, token-based integrations between GRC tools (e.g., AuditBoard, Workiva) and external data sources.
Detected operating deficiencies and proposed remediation strategies using insights gathered from SQL-based analytics across GRC tools, improving issue resolution timelines and audit readiness.
Demonstrated strong understanding of governance frameworks including COBIT, COSO, and ITIL.
Configured and customized SAP GRC systems to align with organizational requirements, and implemented automated workflows and control activities in AuditBoard and ServiceNow GRC to support continuous compliance.
Set up automated controls and workflows across SAP GRC, ServiceNow GRC, and AuditBoard.
Developed automated AWS cloud scripts to integrate SOX applications, enabling efficient control execution, real-time logging, and automated evidence collection across cloud environments.
Identified mitigating controls to minimize risk exposures and reduce the impact of control gaps discovered during testing or audit procedures.
Participated in the implementation of new processes and corrective action plans to ensure SOX compliance, leveraging integrated workflows across SAP GRC, ServiceNow GRC, and AuditBoard to monitor remediation efforts.
Supported upgrades, user provisioning, and environment maintenance to ensure platform stability, data integrity, and readiness for internal/external audits.
ITGC Auditor & Compliance Consultant Aug 2022 - Nov 2022
Lead General Electric, Chicago, IL
Applied data analytics and SQL to identify audit risks, control gaps, and remediation actions; prepared bi-weekly executive audit decks (GE CIO Deck) summarizing key findings, deviations, and remediation progress for EY leadership and client stakeholders.
Managed quarterly SOX, ITGC, business process, and financial controls audits across platforms including SAP ERP, SAP GRC 11.0, Hyperion, Azure, AWS, and custom GAAP engine tools for divisions such as Corporate, Capital, Gas Power, Power Portfolio, and Renewables.
Led the migration from AuditBoard to Workiva as the enterprise GRC platform, ensuring smooth transition of risk control matrices, testing evidence, workflows, and reporting dashboards; provided change management and training support across risk teams.
Oversaw testing effectiveness of internal control remediation plans using tailored sampling strategies; coordinated with external auditors (e.g., Deloitte) on sample expectations and testing execution.
Customized settings for modules such as Controls, Risk, Issues, and Reporting, aligning them with organizational policies and audit schedules.
Utilized Corrective and Preventive Action (CAPA) frameworks to drive quality improvements and remediate recurring audit findings across business processes and IT environments.
Supported development and modernization of AWS-based cloud infrastructure, aligning with audit and risk management requirements for scalable control deployment and evidence logging.
Collaborated with cross-functional teams to ensure compliance with SOX, ITGC, and enterprise governance requirements, incorporating automation and analytics within Workiva and SQL-driven reports to improve control testing accuracy and audit cycle efficiency.
Financial Risk Consultant Feb 2020 - May 2022
Clients: BMO Financial Group, eCommQuest, & SOAProjects, Inc, Chicago, IL (Remote)
Utilized AuditBoard GRC platform to manage SOX compliance, perform control testing, track remediation efforts, and automate evidence collection workflows across finance and IT functions.
Developed and executed complex SQL queries for risk analysis, control monitoring, and financial audit analytics; transformed large datasets into actionable insights for executive reporting and regulatory compliance.
Established hierarchical control structures to reflect enterprise control ownership and enable scalable reporting across global entities.
Integrated Power Automate with AuditBoard using connectors and custom APIs to streamline cross-platform operations such as risk registration and issue updates.
Designed and implemented API integrations between AuditBoard, ERP systems (e.g., SAP), and cloud platforms to automate control testing, enhance data accuracy, and streamline audit workflows.
Led initiatives to automate SOX compliance processes, including automated control execution, continuous monitoring, and exception tracking through GRC tools and cloud-based solutions.
Built data pipelines using SQL and GRC APIs to consolidate and process audit and risk data from multiple systems, supporting timely reporting and risk dashboards for leadership.
SOX Audit & Compliance Risk May 2018 - Nov 2019
(Financial, IT & Business Risks)
Manager Gallagher, Rolling Meadows, IL
Performed IT SOX control assessments (Sections 302 & 404) and ITGC audits aligned with IPPF, COSO, COBIT, ISO, ITIL, and NIST frameworks.
Provided IT compliance oversight and advisory services to internal IT/business units and external audit teams; managed coordination between internal compliance and third-party auditors.
Oversaw the development and maintenance of a centralized Control Library, mapping controls to applicable regulations, business units, and risk categories.
Supported HITRUST certification and cyber risk initiatives by aligning security controls with HIPAA, ISO 27001, and NIST mappings, and maintaining cloud security strategy and frameworks.
Utilized AuditBoard to manage audit lifecycle, control testing, and issue remediation tracking; contributed to analytics strategy aligned with E&Y Global AuditBoard roadmap.
Automated audit reporting and risk analysis using Python and SQL scripts, enabling efficient data extraction, transformation, and control performance evaluation.
Developed and led audit analytics strategy to identify trends, control gaps, and business development opportunities in risk and compliance.
Implemented OAuth2 authentication protocols to ensure secure, token-based access for API integrations, protecting sensitive audit and compliance data during transmission.
Delivered audit findings and recommendations to executive stakeholders through clear reporting and presentations; influenced decisions with risk insights and cross-functional collaboration.
Led cross-functional teams in the execution of IT and audit programs, ensuring resource performance, timely delivery, and alignment with KPIs using project management tools (e.g., RAID logs, schedules, status reports).
Manager IT Security – Governance, Risk and Compliance Feb 2018 - May 2018
Kraft Heinz, Chicago, IL
Completed global SAP and non-SAP project implementation activities within defined timelines.
Built and maintained strong relationships with offshore teams, providing clear direction and assigning tasks effectively.
Ensured adherence to Kraft Heinz Security standards, including compliance with Sarbanes-Oxley (SOX) and internal audit requirements.
Provided project team leadership and subject matter expertise to support consistent application of SAP Security practices.
Collaborated with Process Area IS Leads, Internal Controls, Audit, and Business Process teams to ensure successful implementation of policies, standards, and guidelines.
Delivered project activities according to scheduled milestones and reported progress to management in a timely manner.
Communicated security resource requirements to management for assigned projects.
Monitored service delivery resources and activities to ensure compliance with Service Level Agreements (SLAs).
Identified areas for process improvement and proactively recommended enhancements.
Acted as a Subject Matter Expert (SME) for security design and implementation issues within assigned areas.
Led the design, development, testing, and implementation of security roles in alignment with project timelines.
Drafted control deficiencies and recommendations, and presented Potential Audit Findings to audit client management.
Ensured adherence to the Kraft Heinz Security Template and best practices throughout assigned projects.
Managed activities related to Audit, Compliance, and Risk Management, ensuring alignment with company standards.
Ensured compliance with SOX and other audit/control requirements within the security domain.
Sr. Manager Risk Advisory, SOX Audit & Global Compliance, TAX
(IT, Business, Financial, Legal, & HR risks)
Mondelez International, Deerfield, IL May 2015 - Sep 2017
Led the end-to-end lifecycle of Security, Audit, and Compliance technologies, engaging global stakeholders across Tax, Audit, and Compliance functions to align technology solutions with strategic business objectives.
Managed configuration and administration of modules within GRC platforms, including Controls, Operational Audits, Risks, Issues, and Workstreams, ensuring consistent governance structures.
Spearheaded the SAP GRC implementation from version 5.3 to 11.0 (Phases 1 & 2), including Access Control, Process Control (PC), and Continuous Controls Monitoring (CCM), replacing legacy SOX repositories like OpenPages FCM.
Used SQL for data extraction, transformation, and control effectiveness reporting; developed automated pipelines for risk data consolidation across GRC systems.
Created and maintained Tableau dashboards for real-time audit, compliance, and control monitoring across regions and systems; improved visibility into deficiencies and remediation status.
Managed $6.5M capital and $495K expense budget for global GRC implementation; created business cases, secured stakeholder alignment, led RFP/vendor selection, and collaborated with procurement on contract finalization.
Implemented 174 automated CCM rules across three global SAP instances (Americas, EEMEA/MEU, Asia-Pacific), supporting GDPR, SOX, and internal control transformation initiatives.
Enhanced SOX reporting and Controls Self-Assessment (CSA) efficiency with new tools and automated dashboards; supported follow-up on management action plans and consolidated deficiency reporting.
Utilized AuditBoard for workflow automation, control testing, risk tracking, and audit reporting across global finance and IT functions.
Worked closely with the Global Finance CoE, BPE, and IS teams to design multi-year roadmaps, plan cutovers, lead cross-functional system upgrades, and identify cost-saving and compliance-enhancing improvements.
Participated in defining product capabilities and translating business strategies into functional requirements for Tax, Audit, and Compliance systems, ensuring alignment with corporate risk posture and regulatory expectations.
PRIOIR EXPERIENCE:
Financial Risk Consultant
Accenture Consulting, Chicago, IL (Full time Employee)
Clients: ConocoPhillips & Unilever
Financial Risk Consultant
Deloitte Consulting, Chicago, IL. (Full time Employee)
Contact this candidate