Candidates About

Information technology application, infrastructure and general control Audit Professional

Experienced and certified information technology auditor executing information technology application, infrastructure,  general control audits and targeted reviews for banking/ financial services institutions. Demonstrated expertise in audit methodology, risk and control assessments, testing, reporting, project management and communication to successfully deliver high-quality IT reviews. Possess knowledge of Mainframe zOS, Windows, SQL server, Unix/Linux, ACF2/RACF, LDAP/AD, ISO27001, NIST framework and network platforms. Working towards CISSP certification diligently.

Buzzclan LLC ∙ New York, New York                                                                                                                                                          July 2017 - Present

Senior IT Risk and Security Consultant

Presently engaged in Morgan Stanley Wealth and Investment management audit fieldwork and control testing.

State Street Corporation- Corporate Audit ∙ Boston, Massachusetts                                                                               November 2015 - June 2017

Assistant Vice President- Senior Information Technology Auditor- Infrastructure and IT General Controls

Performed Auditor-In-Charge responsibilities for low to moderate complexity audit engagement and staff auditor responsibilities for global end-user computing, open database management systems, Windows servers, cyber perimeter network, job scheduling, network segmentation and annual FED Interagency disaster recovery exercise. Utilized NIST framework.

M&T Bank- Internal Audit ∙ Buffalo, New York                                                                                                              July 2013 – October 2015

Banking Officer- Senior Information Technology Auditor

Performed retail bank/ deposit services portfolio integrated audits, bank-wide horizontal reviews, remediation implementation verification, annual risk assessment of auditable entities and Sarbanes Oxley IT control assessment successfully. Possess knowledge of retail technology environment, branch network operations, deposit account opening process/ deposit products, items processing, ATM and card operations, online and telephone banking channels.

Computer Task Group- Security Services ∙ Buffalo, New York                                                                                  November 2011 – June 2013

Senior Consultant

Developed approach to application /database security controls for Healthcare core administrative application in agile environment to protect institutional data. Provided technical solutions to RBAC logical access, sensitive data (PHI/PII) access, administrative console gap analysis, privileged identity management, logging & monitoring requirements and OS/DB configuration hardening requirements.

TD Bank Financial Group—Internal Audit ∙ Toronto, Ontario, Canada                                                                          May 2011 - October 2011

IT Auditor (Contract)

Conducted control assessments of systems access, change management, code migration, and backup & data recovery for UNIX, Windows/ SQL Server, System I (AS400), Mainframe (ACF2 resource rules).

Canadian Imperial Bank of Commerce—Internal Audit ∙ Toronto, Ontario, Canada                                                          April 2010 - April 2011

IT Audit Manager (Contract)

Performed Bank’s capital market and wealth management technology/ pre-implementation audit planning, scope, risk assessment, fieldwork and reporting. Identified audit issues and participated in audit report writing. Executed successful audit reviews for wall-street system audit including FX/MM (trade, position, and risk management) implementation, information security program (ISP) and identity and access management.

Citigroup ∙ Mississauga, Ontario, Canada                                                                                                                               July 2008 - July 2009

Senior Control Officer (Contract)

Engaged in audit remediation plans involving application, database and infrastructure security issues/ exceptions. Collaborated with various subject matter experts to remediate at-close audit exception and performed corrective action plan to close the exceptions. In addition, executed and maintained risk control self-assessment (RCSA), SSAE-16 external audit activities for the Bank. Formulated remediation action plans for audit related non-compliance issues and conveying them in the monthly status to CIO and senior IT management.

Toronto Montreal Exchange Group ∙ Toronto, Ontario, Canada                                                                                      March 2007 - June 2008

Senior Internal Control Analyst (Contract)

Developed and maintained Risk Control Self-Assessment (RCSA) program. Performed ongoing improvements of internal control framework. Coordinated SSAE-16 service organization type- 2 review and facilitated COBIT 4.1 IT governance framework implementation.

KPMG ∙ Toronto, Ontario, Canada                                                                                                                             August 2006 - February 2007

IT Auditor (Contract)

Conducted Sarbanes Oxley (SOX) 404 internal control assessment over financial reporting (ICOFR) regulatory audit engagement.

Career Note- Previously served as a Business Systems Analyst at Hewlett Packard Enterprise (1995-2006)

Master of Science in Industrial Engineering- University of Houston in 1996

Bachelor of Science in Mechanical Engineering- Rutgers University in 1994