THOMAS J. LACKAY
* ***** ** *********@*****.***
Brick, NJ 08724 Phone: 732-***-****
PROFESSIONAL PROFILE
IT Audit and SOX Compliance Program Professional with 10 years experience performing Information Technology (IT), SAP, operational and compliance audits. Skilled at utilizing Cobit framework to analyze and assess risk, internal controls, technical infrastructure, security and change management. Strengths include ability to build strong client relationships. Strong track record of interacting productively and amicably in high demand international multi-user environment. Possesses strong analytical, problem solving and management skills with ability to meet tight deadlines with conflicting priorities.
EXPERIENCE
CEPHALON CORPORATION, Frazer, PA 2005 - 2011
Manager, IT Audit & Compliance 2007 – 2011
Managed international IT SOX program including project scope, testing, documentation, remediation and working with external auditors.
Reduced Sox deficiencies to zero working with process owners at locations in France, London, Pennsylvania, Utah and Minnesota. Reduced 2010 SAP deficiencies in Switzerland during second year of Sox by 90 %.
• Assessed key business processes and related IT areas in determining annual audit and compliance initiatives as part of annual risk based strategic plan.
• Developed, maintained and executed IT SOX program for Information technology and business applications resulting in reduced risk to the processes impacting business objectives.
• Audited SAP R/3 authorizations for compliance with SOX regulations, focusing on IT security (Basis) supporting the SAP environment.
• Planned, audited and performed Sarbanes Oxley ITGC and application audits on-site at affiliates in Paris, London, Switzerland, Minnesota and Salt Lake City.
• Effectively supported SOX 404 efforts with PwC to maximize reliance on internal audit testing.
• Provided periodic reporting to Audit Committee keeping them informed of significant findings.
• Developed and maintained effective relationships with senior management, internal and external auditors and business groups and information system associates. Created road show for each site aimed at educating users on SOX 404 regulation and value.
Sr. IT Internal Auditor 2005-2007
Performed audits in accordance with the annual audit plan. Tested the design and operating effectiveness of IT Sox controls in the U.S. and Europe. Eliminated external consulting service costs for SOX audits in Europe and the U.S.
• Planned and executed computer IT audits and third party vendor audits.
• Performed IT control assessments, documented test requirements, and suggested remediation alternatives where required.
• Prepared work papers, audit observations and recommendations.
THOMAS J. LACKAY PAGE TWO
CEPHALON CORPORATION (Continued)
• Ensured project and implementation risks and controls are in place and provided value added recommendations.
• Developed strong relationships with internal and external auditors.
• Prepared written reports and communicated findings to all levels of management in accordance with traditional internal auditing standards (IIA) and requirements under the Sarbanes-Oxley Act.
MERRILL LYNCH / NOMURA SECURITIES, New York, NY 2004 – 2005
Audited the design and operating effectiveness of SOX, IT General Controls and Application General Controls.
• Brought onto engagement to assist with late starting projects. Worked extensive overtime in order to bring engagements with Merrill Lynch and Nomura Securities to a successful completion.
• Identified, analyzed and evaluated Information Technology risks to strengthen internal controls related to Sarbanes-Oxley. Performed audits for information systems used in business systems.
• Evaluated the design effectiveness of controls, tested operating effectiveness of controls and identified control deficiencies.
BRISTOL MYERS SQUIBB, Hopewell, NJ 2001 – 2004
Responsible for Change Management and related Sox Controls with focus on IT related processes in Change Control environment.
• Migrated custom in-house change control system to Remedy Change Control.
• Functioned as the subject matter expert / technical lead for Remedy across complex projects, functions, process flows, and suggested enhancements / improvements.
• Enhanced system approval tables, organizational logic structures, corresponding permissions, and access attributes.
• Chaired the International Change Management meetings for the Pharmaceutical Research Institute and the international change management meetings for corporate Global Shared Services.
• Provided Remedy administration and maintenance including change control licenses training, scheduled outages, managing tickets, categories, types, items, groups, and asset management.
• Reviewed and approved system and infrastructure Installation Qualifications / Operational Qualifications (IQ/OQ) documents.
THOMAS J. LACKAY PAGE THREE
Additional Experience
MERRILL LYNCH, New York, NY Software Configuration Analyst
• Converted applications from Panvalet to Endevor for the Year 2000 project.
SUMMIT / FLEET BANK, Cranford, NJ Software Configuration Manager
• Implemented Endevor release 3.5. Applied upgrades for releases 3.6 and 3.7.
SUMMIT BANK, Cranford, NJ Operations Supervisor
FEDERAL RESERVE BANK, New York, NY Operations Supervisor
EDUCATION
• Computer Science Ocean County College, NJ
PROFESSIONAL TRAINING
• SANS Network Security, Auditing Networks, Perimeters and Systems
• SANS Twenty Critical Security Controls
• Price Waterhouse & Coopers Auditing SAP Systems
• MIS training institute Auditing & Securing SAP ERP Central Component
• Ernst & Young Internal Audit Design
• Testing IT General Controls for Sarbanes Oxley (MIS)