CISA
Resume:
HECTOR O. RIVERA M.B.A., CISA (Passed Exam) 415-***-**** Home
*** ******* ****** *-****-********@*****.***
San Francisco, CA 94107
Professional Qualification Statement
An accomplished SOX Consultant and Financial/Operational/IT Auditor with over ten years of auditing experience, tax and MIS. Financial services and governmental sectors experience. Strong writing, organizational, oral and interpersonal skills. Advised line management of audit findings and made recommendations for improvements. Worked both in a team and as an individual auditor. Technical knowledge includes, but is not limited to: OS/390, TSO/ISPF, DOS and MS LAN. Familiar with Paisely’s GRC, PWC’s TeamMate, IBM’s Lotus Notes, CA/Examine, WordPerfect, MS-Excel, Word & Visio. Bilingual in Spanish and English. M.B.A. in MIS and Corporate Finance.
________________________________________________________________________________________________
Professional Experience
IT Auditor –Western Union Company, New Jersey 6/07- Present
· Application Development - Determined if application development for projects were in compliance with the System Development Life Cycle Methodology (SDLC) as follows: projects were authorized, project specifications were prepared, programs were properly tested, approved and documented, and implementation was approved.
· Data Security Management (Information Security) - Examined user administration procedures to determine whether the requirements for granting, changing, and the timely removal of access to systems and applications, including remote access capabilities, (i.e. the access request process and necessary manager approval) were in place. Determined if unique user accounts were set up to provide user accountability for use of system resources. Examined minimum password standards to confirm whether they were applied to restrict access, (i.e. required password, minimum password length, password change standards, password composition standards, timeout, and unsuccessful access attempts). Determined if Intrusion Detection Systems (IDS), were in place and monitored periodically.
· Data Center Operations - Reviewed physical access to the data center and data in sensitive areas to confirm that it was appropriately restricted. Examined environmental controls to ensure computer facilities were safe, clean and could support company systems which the business operations depended upon.
· Technical Service Center (TSC) Operations - Determined if incident management procedures were in place and documented these. Obtained a listing of tickets from the HP Service Desk system for the last six months and verified if they were resolved in accordance with key performance indicators (for example, service level agreements), and the appropriate severity levels were assigned based upon the problem. Proper escalation procedures were examined to see if they were in place and that the Technical Support staff had escalated issues when necessary. Confirmed whether the staff had been properly trained on the HP Service Desk product.
· Network and Telecommunications - Obtained documented patch management procedures. Confirmed whether or not security patches were being applied in accordance to the stated criticality level and associated time given to that level as outlined in the patch management procedure.
· Backup and Recovery - Determined if backup and recovery controls had been implemented to ensure network devices, servers, databases and applications were appropriately backed up as required and stored in an offsite secured location.
· Business Continuity Planning – Investigated whether a business continuity plan had been developed and tested. Examined how often the plan was tested and the scope of the tests conducted.
· Risk Assessment - Assisted in the preparation of the annual risk assessments.
· Report writing and issues log - Assisted in the preparation of report writing and the discussion and issues log.
· Management Action Plans – Monitored managements’ resolution of the gaps outlined in the audit reports.
Sarbanes and Oxley Consultant – Nelson and Associates, San Francisco, CA 7/04-5/07
· Performed an application review for SOX key controls and compliance with corporate policy for the Loan Servicing and Account Management System (LSAMS) application.
· Assisted the Sox Assistant Controller in the monitoring of the company’s regions business cycles for compliance with Headquarters SOX standards.
· Documented the Lockbox business cycle, prepared flowchart and performed the walkthrough.
· Documented applications, X & Y and tested for access controls and segregation of duties. Also tested the company’s spreadsheets policy and procedures.
· Inventoried and tested the company’s spreadsheets per PWC’s White Paper standards.
· Testing of general controls in the following areas in the Information System Department: Dealer Set Up, User Security, End of Day Bottom-line Processing, Project Management and System Maintenance and Changes.
· Documented cycles and prepared control matrix for the following: Purchasing, Accounts Payable, Fixed Assets and Payroll. Also, assisted the Consulting Manager in exit conferences for the above cycles.
Tax Consultant Self-employed, San Francisco, CA 1/01-6/04
· Consultant preparing federal and state individual income tax returns.
· Consultant in assisting start-up business for individuals.
· Currently have over 200 clients.
Auditor -Federal Emergency Management Agency, San Francisco, CA (Full Time-Temporary) 9/98-12/00
· Assisted in planning, conducting, and coordinating the performance of all external audits of organizations which receive disaster funds from Federal Government; participated in national internal audits; and represented the Auditor Inspector General (AIG) in dealing with heads of FEMA field organizations on audit matters of common interest.
· As a team member, performed audits, reviews and conducted examinations of a sensitive and investigative nature involving grants, cooperative agreements, contracts, loans, and other government assistance provided to State and local governments or private sector companies.
· Conducted complex segments of assigned audits of Disaster Assistance Program (DAP) grants, cooperative agreements, contracts, loans, and other disaster response and recovery operations and activities and assured conformity with detailed audit programs. Prepared audit reports.
Accountant -Webster Drug Store, NY, NY 12/97-6/98
· Maintained general ledger and subsidiary accounts and prepared financial statements.
· Kept records of financial transactions for establishment through the use of spreadsheet and word processing software.
· Verified, allocated, and posted details of business transactions to subsidiary accounts in computer printouts.
· Evaluated the adequacy of accounting systems and internal controls.
Internal Revenue Agent -Internal Revenue Service, Brooklyn, NY 7/95-11/97
· Conducted independent field audits and investigations of income tax returns to verify or amend tax liabilities.
· Examined selected tax returns to determine nature and extent of federal audits to be performed.
· Analyzed accounting books and records to determine appropriateness of accounting methods employed and compliance with statutory provisions. Secured taxpayers’ agreement to discharge tax assessment.
· Investigated documents, financial transactions, operational methods, industry practices and such legal instruments as vouchers, leases, contracts and wills, to develop information regarding inclusiveness of accounting records and tax returns.
Accountant – Webster Drug Store, NY, NY 1/94-7/95
· Maintained general ledger and subsidiary accounts and prepared financial statements.
· Evaluated the adequacy of accounting systems and internal controls.
Management Information Specialist – Housing and Urban Development , Newark, NJ 7/91-4/92
· Researched, analyzed, reviewed, assembled and verified information needed to process and certify payments for subsidized housing units.
· Prepared, reviewed and analyzed project files.
EDP Auditor -Empire Insurance Group, New York, NY 9/89-6/90
· Evaluated design of computer systems to assure effective functioning within company guidelines and methods had adequacy of controls to detect problems, proper documentation and adequate backup in the event of failure.
· Evaluated safety and security of the data center and related areas to assure the company’s data and records were adequately safeguarded.
· Developed and wrote audit programs for data center reviews.
· Provided technical support to financial auditors and external auditors.
· Used audit software to improve efficiency of audits and expand scope of review while reducing resources needed to complete each project.
· Provided reports to management on results of computer audits.
· Recommended improvements on controls and safeguarding data processing assets and/or records.
· Maintained professional EDP proficiency by ongoing training and education to improve and streamline audit effort.
Auditor -NatWest Bank, Jersey City, N.J. 11/87-9/89
· Supervised audits of assigned departments.
· Participated in on-site audits, usually when problems of a complex nature were anticipated and/or occurred.
· Reviewed and/or assisted in the preparation of detailed reports of audit findings.
· Presented irregularities or exceptions to the appropriate audit personnel.
Senior Internal Control Analyst – Chase Manhattan Bank, New York, NY 4/85-1/87
· Conducted internal control reviews at Chase, which required performing compliance examinations in operational and/or proof procedures and reporting to line management.
· Developed recommendations for management based upon existing or potential weakness of accounting and internal control procedures.
Accountant/Auditor – City of New York, New York, NY 11/80-4/85
· Conducted financial and operational audits on City Union Benefit Funds .
· Studied and evaluated system of internal controls to determine timing, nature and extent of compliance.
· Verified maintenance of accurate, dependable accounting records and prepared financial summaries.
· Developed recommendations for management based upon existing or potential weakness of accounting and internal control procedures.
EDUCATION:
University of Detroit, Detroit, Michigan. May 1992-1993.
Pace University, New York, NY.
M.B.A. in MIS/Corporate Finance. G.P.A.: 3.20/4.00. Major-MIS G.P.A: 3.70/4.00.
Fordham University, New York, NY. B.S. in Accounting.
SKILLS: Hardware: IBM 4381, Novell and Windows LANs, IBM PS2.
O/S: OS/MVS, TSO, DOS, Windows 2000, Unix.
Windows Training: Network Essentials, Windows 2000 Server, SQL, Network Infrastructure and Active Directory.
Other courses: Local Area Networks, Internet, Unix, Network Security.
Software: Trained in Paisely’s GRC, Lotus Notes, PWC’s TeamMate , CA/Examine, WordPerfect,
MS-Excel, Visio & Word. Learned ACL through workbook & CD.
Bilingual -fluent in Spanish/English.
Contact this candidate