Post Job Free
Sign in

Lead IT Auditor

Location:
United States
Posted:
June 23, 2009

Contact this candidate

Resume:

MAZHAR FAROOQ

Huntsville, AL ***** * Email: *********@*****.*** * Phone: 256-***-**** (cell)

Permanent Resident of United States of America ( Green Card )

_______________________________________________________________________

PROFILE

Sarbanes-Oxley (SOX) Compliance / IT Internal Audit / Information Technology /

Project Management.

________________________________________________________________________

Experienced IT Internal Audit and SOX with record of increasingly responsible positions, international experience, and Fortune 200 experience. Background encompasses diversified IT Internal Audit, SOX, Information Technology roles and over 8 years of experience in Information Technology. Experience spans the manufacturing sector. Recognized by management as a key performer, a detail-oriented, disciplined, and trusted leader. Master’s degree in Management Information System.

________________________________________________________________________

Education

The University of Alabama (GPA: 3.875/4.0)

Graduate Dean’s List Award in fall 2002 & spring 2003 at UAH

Masters of Science in Management Information System, 2003

The University of Engineering & Tech. - Lahore, Pakistan (GPA: 4.0/4.0)

Bachelor of Science in C.E. 2000

________________________________________________________________________

Professional Background

Lead IT Auditor Sanmina-SCI Corporation 2005 to Present

Key member of the corporate audit team, with progressively increasing responsibilities in IT internal auditing and SOX. Participated in the initial scoping and risk assessment for the company, tasked help to execute year 1, 2 , 3 and year 4 Information Technology SOX testing, with collaboration with Ernst & Young and PricewaterhouseCoopers. In Year 1 and 2 (2005 & 2006) Participated in the planning and development of the Company’s “IT Sarbanes-Oxley 404”Strategy along with management team and SOX IT control testing. In Year 3 and 4 (2007 & 2008) served as Information Technology SOX Project Management Office (PMO). During these year, led the planning and execution of Information Technology SOX testing for the whole company. This included planning for testing, providing training to the test teams, leading tests of design and tests of effectiveness testing, reviewing and approving test results, coordinating with process owners, coordinating with PricewaterhouseCoopers(consulting provider) and KPMG (independent auditor), driving remediation efforts and leading process improvement initiatives. Highlights included:

Reviewed work and supervised and directed staff & interns on audit engagements

Five years of experience in internal auditing doing 40% Information Technology audit, 40% SOX Information Technology audit and 20% Operational / Financial audit

Performing IT General Computer Controls Testing and prepared PBC request list for SOX 404 compliance (Testing Logical Access Security, Segregation of Duties, Computer Operations and Program Change OPS (Data Backup/Recovery) and Data Center Controls) documenting results and completing the work papers.

Performing IT Application Controls Testing for SOX 404 compliance (Testing Application Security, Application Change Management, Data Edit validation / interfaces and data backup / recovery)

Performing quarterly Oracle User Responsibility (OUR) audit, end user computing (EUC) and Segregation of Duty (SOD) audit for Internal Audit Department globally. Documenting results (work-papers). Preparing Audit Report to be presented to audit Committee

Performing annual Dashboard IT Management Audits (SDLC Projects) by reviewing whole years IT projects through out the company by using predefined selection criteria

Expertise in COSO, CoBIT, ITIL, SOX 404, SAS70 and various other standards

Varied IT Audit experience with ERP Systems (Oracle, COpics, MFG/Pro & Millennium), Applications ( COPS, IRMS, AWCS, Hyperion, ED-DI ), Databases (Oracle DBMS, Progress & IMS), Operating System ( windows, Mainframe) Client Server Systems, Firewalls, Intrusion Detection , Software Post Implementation reviews and also completed Detail Audit Reports (DAR) and Summary Audit Reports (SAR) for upper management.

Proficiency using Audit Control Language (ACL) for data manipulation

Proficiency in development and deployment of Policies/Standards/Guidelines/Procedures/Methodologies and Risk Management Frameworks

Key member of process optimization team, exceeding company`s goal by achieving 45% reduction in controls from year 1 to year 4 in IT environment. Also performed several IT Fraud / Investigation Audits.

Assisted Internal audit to successful execution/ testing of the initial testing at key manufacturing sites in Europe and Asia in different areas (Sales, Inventory costing, Physical Inventory, Warranty Reserve and Payroll) in 2003 & 2004.

In the area of financial audit I help internal Audit team to Extract/Run reports/balance sheets and financial statements from Oracle, find the related information to support their audits from different oracle databases and oracle modules.

Assisted Internal audit to successful execution of NARFC ( North America Regional finance Center) control testing for SOX 404 compliance

Helped internal Audit team in Human Resource, Corporate and Payroll testing

Updated / documented HR Process flows company wide and finished Test of Design ( TOD) walk through for 2008.

Internal Auditor (IT) Sanmina-SCI Corporation JAN. 2004 TO DEC. 2004

Experienced in Disaster Recovery Planning (DRP), high-availability solutions, backup and recovery, performance tuning and capacity planning. Participated in full Disaster Recovery Exercise (in the SunGard Recovery Center in Carlstadt, NJ) and tested ICON, ISIS, COPS, Site Minder, Hyperion, FTP Services, and the Tele-Comm kit for the Sanmina-SCI and Provided detailed operational documentation of the complete Disaster Recovery procedures as performed and verified during the Exercise

Designed / Developed and managed Control-self assessment Tool (Interactive Excel Sheets with Visual Basic programming at back end) for SOX 404 compliances, In order to receive information on different company process on quarterly basis worldwide. Also designed and Developed reporting section of Control-self assessment Tool (Interactive Excel Sheets with Visual Basic programming at back end) for SOX 404 compliances, in order to represent brief summary to KPMG for their final review along with all Major and Minor detail and key supporting documents.

Developed and managed the databases (MS Access) of past audit findings, risks, and recommendations and incorporated “smart search” features in the databases.

Developed and managed the databases (MS Access) for Sarbanes Oxley 404 data. Information managed in the databases were such as Controls, Risks, testing status, and mappings to accounts and assertions.

Successful implementation and maintenance of the first SOX document management system

Graduate Research Assistant – UNIVERSITY Of Alabama (UAH) Aug. 2002 to DEC. 2003

Developed and managed a large marketing database project in MS Access to manipulate approximately 2 million customer’s purchase records to determine the purchasing behavior of customers across different K-Mart stores.

Information System Intern & Web Development Intern

Grey Development Group Phoenix, AZ & MCC Mesa, AZ Jan. 2002 to Aug 2002

Developed the schedule sheets for the company. Maintained the responsibility of up keeping and repairing the lab and the staff’s PCs (Including the installation of motherboard, CPU, hard disks, and networks).

Completed various internet web development projects using Microsoft Front Page, Photoshop, Dream-waver, Flash and HTML text editor tools. Also Maintained and updated hundreds of HTML pages.

Computer Skills

IT Audit: Various O/S Configurations, Top Secret, Physical Security, Logical Security,

Systems Development

Languages: HTML, C++, Java, FORTRAN, JavaScript, DHTML, PHP, ASP, SQL

Software: Microsoft Word, Excel, PowerPoint, Access, Visio, Project, Visual Studio,

FrontPage, Outlook, Photoshop Macromedia Dreamweaver, Director, Flash,

Fireworks, Freehand, Cold Fusion, Monarch, Crystal Reports

ERP Systems: Oracle, COpics, MFG/Pro & Millennium

O/S: Windows 95/98/2000/NT/XP, UNIX

Training: Microsoft SQL Server 2000 Database training – Atlanta, GA

ACL (Enterprise wise Data Access & Analytics) training – Orlando, FL

IIA Operational Auditing training - Miami FL

CERTIFICATIONS/AFFILIATIONS

Candidate for CISA exam, June 2009

Active Member of Information Systems Audit and Control Association (ISACA) & Institute of Internal Audit (IIA)

International Travel experience includes in Europe, Asia, Middle East and North America.



Contact this candidate