IT Auditor

ALICHIA SCOTT, MBA

**** ***** ***** ** ** Conyers, GA 30094 Home: 404-***-**** email: ********@*******.***

IT SPECIALIST

Driven, technically sophisticated and business-savvy IT professional with more than ten years of information technology experience, working closely with corporate executives and operations to drive compliance to all levels of the organization. Expertise in enforcing corporate policies, developing and refining best practices and implementing due diligence methodologies in order to promote organizational soundness in business operations and reduce risk exposure.

Platforms: Microsoft Windows® operating systems 2000, and XP, Windows Server 2003, Novell Netware, Oracle, UNIX.

Software: SAP, Mainframes, Norton Ghost, Microsoft Office 2003/ 2007, XP, 2003, Attachmate Extra Client 6, Remedy Action Request, NetOp Remote Control, PAL / VPN, Microsoft SMS, Nessus, Norton Virus Protection Utilities, Firewalls, VNC.

PROFESSIONAL EXPERIENCE

RICOH – Norcross, GA 2008-2009

Sarbanes-Oxley IT Audit Consultant

Performed full cycle SOX IT auditing and consulting. Evaluated the effectiveness/efficiency of IT business processes and practices; Operational Internal Controls; Corporate Policies and Procedures and Initiatives instituted by the company to manage, mitigate and control risk.

• Developed test plan and scope, prepared narratives and performed initial walk-through to document process and controls, used a risk base approach to develop and test controls, remediation of deficiencies for following IT cycles to include: Entity Level, Physical Security, Computer Access, Application level, Operating Systems, Database, Network, Access to Programs and Data, Backup, Computer Operations, Program Changes, System Software and Hardware support.

• Tight deadlines met working independently under minimal supervision while ensuring extensive test of controls to satisfy Sarbanes-Oxley requirements.

• Demonstrated strong interpersonal skills in effectively interviewing business process owners in order to gain thorough understanding of business processes.

CHECKFREE CORPORATION – Norcross, GA 2007-2008

Information Technology Auditor

Examined and tested controls within an entity’s information technology infrastructure. Collected and evaluated evidence of an organization’s information systems’ practices and operations to ensure the systems’ assets were secure, data integrity maintained, and systems were operating effectively and efficiently to achieve the organization’s goals and objectives. Perform IT application, operational, regulatory compliance, IT general controls, and logical and physical security audits.

• Planned and conducted complex reviews of the information technology system, SOX compliance, and process improvement audits.

• Conducted in-person interviews with client personnel at all levels of the organization in order to

construct process maps/narratives of the individual business processes such as Structural Analysis Program (SAP) Human Resources process.

• Developed audit project scope and deliverable and specific methods to address the scope. Designed and created work products such as workpaper references, correspondence and engagement documentation. Tested processes and related internal controls.

• Inspected overall internal control processes to evaluate efficiency and effectiveness of processes, procedures, and internal control systems.

• Documented audit results (e.g., written narratives, spreadsheets to test results, complete work programs) in order to justify and support results, and provide guidance for future audits of that area.

• Created draft audit reports that summarize audit findings and recommendations.

• Participated in client status meetings to discuss preliminary audit findings and recommendations.

• Focused on performing risk assessments, reviewed regulatory requirements (e.g., SOX, Federal Financial Institutions Examination Council (FFIEC), Payment Card Industry Data Security Standard (PCI DSS) and Statement on Auditing Standards (SAS70) requirements.

• Utilized Control Objectives for Information and related Technology (COBIT), Committee of Sponsoring Organizations of the Treadway Commission (COSO), Information Technology Infrastructure Library (ITIL), and internal controls design and evaluation methods.

• Worked directly with KPMG staff on various audits and special projects.

• Participated in Six Sigma 101 classes.

AUTOMOBILE PROTECTION CORPORATION – Norcross, GA 2005-2007

Information Technology Auditor

Planned and conducted complex audits of technology systems and operating procedures at all levels of the organization determined by risk severity and regulatory requirements. Prepared reports on findings and provide recommendations as well as improvements in policies, procedures, and internal controls based upon discussion with IT Management.

• Prepared Access Control Review (ACR). Fundamental goal was to reduce risk associated with information technology applications by ensuring that appropriate controls were implemented and functioning properly. SOX compliance testing on IT applications. Reviewed SAS70s for external vendors.

• Prepared and administered System Control Review Process (SCRP). SCRP validated that the security and controls documentation for applications and infrastructure components were accurate and complete.

• Performed System Development Life Cycle (SDLC), Change Management, implementation and operation reviews.

HCA NORTHLAKE MEDICAL CENTER – Tucker, GA 2001-2005

Senior Network Specialist

Provided Network and IT Security support for 120 bed facility with multiple technologies such as Meditech and 3M Coding Software, selected to serve as Lead in Active Directory conversion for Northlake due to background and experience with PCs, allowing for smooth conversion resulting in zero downtime and reduce the need for using costly outside vendors and services.

• Upgraded / built Windows 2000/2003 Server with Active Directory (i.e. transferring all files, applications, and folders to the new server). Administered several medical computer systems with CPT/ICD 9 codes, etc.

• Maintained user information with Active Directory Enterprise Directory Manager used to create users, workstation, and GPO’s.

• Planned and directed personnel in deploying desktop software installations. Mentored, manage and developed IT staff to understand and support new technologies.

• Server Administrator for Windows 2000 Professional, Windows 2003, NT Server 4.0, Novell Netware 3.0/4.1x, and Microsoft Exchange Server.

• Security Coordinator: Developed new policies, procedures and security manuals including information on HIPAA and Sarbanes-Oxley. Ensured that security procedures were implemented and enforced.

• Installed and maintained security systems to safeguard against accidental and intentional disclosures or destruction of data. Monitored and ensured the integrity and optimum performance of security network. Reviewed and implemented security requirements for applications, networks, and files; included encryption, remote access, and virus prevention.

• Administrator of SUS server, Norton Anti-Virus server, and Backup Exec server, each configured to email team when problems occurred.

• Performed new technology analyses and recommended resources to satisfy new requirements. Project coordination for all new products such as PC Anywhere, Track-It 4.0, TS Census, Backup Exec, and upgrading all PCs to Windows 2000 and XP. Installed / maintained Host mainframe applications and network printers. Configured and installed Cisco routers.

• Provided monthly mandatory PC/Security training classes for orientation of new employees as well as a separate class for existing employees.

STATE OF GEORGIA GENERAL ASSEMBLY – Atlanta, GA 2000-2001

Novell Network Administrator

Provided Network and Desktop support for State of Georgia House Representatives. Installed, configured, and supported a local area network, wide area network, Internet system or a segment of a network system. Performed necessary maintenance to support network availability.

• Managed Backup Exec for NetWare and NT. Merged new NetWare servers into NDS tree and maintained user accounts.

• Configured TCP/IP, DNS, and WINS for servers and workstations. Provided help desk and PC technical support for the entire call center (2000+ users). Included hardware installs such as hard drive, memory, and peripherals.

• Installed all network software, hardware, and telecommunication equipment and provides on-going technical support.

• Diagnosed and resolved problems and assists users in the everyday operation of complex hardware and software systems.

SUNTRUST BANK, INC – Atlanta, GA 1996-2000

Technical Support Analyst

Provided first level technical phone support for 25,000+ employees for SunTrust Bank. Selected to serve as Y2K Representative for SunTrust Solution Center due to background and experience with PCs, allowing for a smoothly running and error-free department.

• Configured, updated, installed, and troubleshot software, hardware, and network issues that utilize Windows 95, Windows NT, and Windows 2000, IBM Mainframe/AS-400 Platforms.

• Performed security administration by validating passwords using NetWare Admin, CLANT Domain Server, Windows 2000 Active Directory, TSO, and TPX.

• Manipulated remote, network, and local Hewlett Packard and Lexmark printers using NetView, CICS, TSO, and VPS.

• Administered support for MS Exchange/Outlook, GroupWise 5 and TAO 4 email, by updating IP addresses, mailboxes, profiles, and passwords.

EDUCATION

MBA, Technology Management – American InterContinental University, Dunwoody, GA - 2004

B.S., Computer Information Systems – Herzing College, Atlanta, GA - 2001

CERTIFICATIONS – PROFESSIONAL AFFILIATIONS

• CompTIA Network+ Certified Professional

• ISACA CISA Exam pending estimated completion December 2009

Contact this candidate