IT Auditor

Abhishek Singh, CISSP, MBA

608-***-**** *****.****@*****.***

Analytical and experienced IT Auditor with an expertise in risk assessment

SUMMARY OF QUALIFICATIONS

• 8 years of experience in IT audits for various verticals including financial services, retail, high tech,

education, manufacturing, and health care.

• Proven track record of assessing system/network availability, security, and data integrity to identify,

manage, and reduce risks and ensure general compliance.

• Extensive background in all stages of audits, including planning; study, evaluation, and testing of

controls; reporting; and follow-up.

• In-depth knowledge of Sarbanes-Oxley Act (SOX), HIPAA, PCI, GLBA, ISO 27000 and business processes.

• Acute understanding of networking, hardware, software, and data centers, as well as emerging technologies,

such as biometrics and mobile devices.

CERTIFICATIONS

CISSP (2005), Pursuing CISA

EDUCATION

• MBA UW Madison School of Business, WI (2009)

• Bachelor of Science, Computer Science; UNSIET, Jaunpur, India (2001)

PROFESSIONAL EXPERIENCE

UW E- Business Consortium, Madison, WI

2007 - 2009

IS Assistant for this consulting and research organization with more than 300 members.

• Work with members and management to ensure a system is in place which ensures that all major risks are

identified and analyzed, on a biannual basis.

• Plan, organize and carry out the internal audit function including the preparation of an audit plan which

fulfils the responsibility of the department, scheduling and assigning work and estimating resource needs.

• Consulted member companies to identify IT related risks throughout development phases. Areas include

networks, operating systems, ERP, databases, security, and disaster recovery.

• Make recommendations on the systems and procedures being reviewed, report on the findings and

recommendations and monitor management's response and implementation.

• Conduct CRM and legacy system reviews to support products and ensure business objectives are met.

• Helped members in performing general controls oversight and review to verify compliance with SOX, PCI,

HIPAA provisions and professional standards.

• Ensure audit tasks are completed accurately and within established timeframes.

McAfee Inc*, Delhi, India

2006 - 2007

Tech Lead – Security for this enterprise security software leader.

• Identified and evaluated risks during review and analysis of System Development Life Cycle (SDLC),

including design, testing/QA, and implementation of systems and upgrades.

• Prepared audit scopes, reported findings, and presented recommendations for improving data integrity and

operations.

• Conducted reviews of data centers, extranets, telecommunications, and intranets to assess controls and

ensure availability, accuracy, and security under all conditions.

• Created test cases for PCI, HIPAA, SOX, GLBA

• Used ACL to administer computer aided audit tests (CAAT).

• Liaise between in-house managers/IT department and external financial and operational auditors.

• Prepared recommendations for all levels of management, considering materiality, pertinence and documentary

evidence.

(*Previously Solidcore Systems now a part of McAfee Inc.)

Nokia, Hyderabad, India 2005 - 2006

Subject matter expert for this telecom leader.

• Performed operational and financial integrated audits and pre- and post-implementation reviews.

• Helped establish annual audit plan for core competency areas using risk assessment methodology.

• Reviewed systems for adequate management controls, efficiency, and compliance with policies, regulations,

and best practices. Made recommendations when necessary.

• Created flowcharts to document business systems and processes for IT audit reports.

• Coordinated with various departments to create remediation plans for deficiencies found during audit.

• Maintained respectful and effective communications and relationships with management and staff of areas

under review.

HCL, Noida India

2004- 2005

Network Security Analyst for this global IT Services leader

• Developed the scope for operational, information technologies, and security audit projects and

selected/developed appropriate audit steps necessary to promote effective audit coverage for the manager's

approval. Helped establish annual audit plan for core competency areas using risk assessment methodology.

• Provided assurance that operations and processes conform to current client’s policies and procedures

• Coordinated with various departments to create remediation plans for deficiencies found during audit.

• Identified control and processed weaknesses, documented main control points and provided evidential support

for report recommendations.

• Performed risk assessments of enterprise software such as ERP & CRM systems, Databases, network

infrastructure, operating systems etc for the clients and presented findings to the executives

DC Info Solutions 2001 – 2003

Systems & Network Engineer for this IT consulting firm

• Performed Network and Server implementations for small and medium size businesses

• Conducted risk assessments and provided compliance consulting

• Participated in the development of new information systems to ensure that efficient and effective controls

were incorporated.

TECHNICAL SKILLS

• Windows NT/2003, UNIX, ACL, MS Project, MS Office (Word, Excel, PowerPoint), Linux, Solaris, Novell,

Sequel, Oracle, firewalls, routers/switches, LAN/WAN, TCP/IP, VPN, HTML

• Canvas, CoreImpact, Snort, Metasploit, Nessus, Nikto, nmap, ISS, Retina

PUBLICATIONS

Published various security related paper on notable knowledge bases. Some of the prominent works are listed below:

• DoS Attacks Demystified, Security Focus Knowledgebase

• SE Linux Demystified, IT Observer & Linux Journal

• Demystifying IPSec, CCecure.org & Infosec writers Knowledgebase

References available upon request

Contact this candidate