A Certified IT Audit professional and Financial Analyst with experience in conducting Risk Assessments, Audit Engagements, Testing Information Technology Controls, Developing Security Policy Procedures & Guidelines, GDPR, SOX, SSAE18/SOC, PCI-DSS & ISO 27001/2.
Performed IT risk assessments and audits of internal initiatives and critical third party/vendor relationships against criteria descending from industry standard information security frameworks and industry regulations, such as ISO/IEC 27001:2013, NIST SP 800-53, SSAE 18, NIST CSF, FERPA, SOX,
PCI-DSS 3.2, and privacy regulations like GDPR and CCPA
• Evaluate the design and effectiveness of technology controls throughout the business cycle
• Identify and communicate IT audit findings and mitigation strategies to senior management, technology leaders and the CISO
• Monitoring and maintaining internally developed controls, researching, and developing new tools to assist in management remediation of audit findings
• Identified and determined the fair market value of Assets and liabilities of all terminated pension plan as of the date of plan termination. (DOPT)
• Assisted in the development of risk treatment plans to address areas of strategic and tactical IT and information risks in both business operations and technology paradigms
• Assisted with the development and maintenance of information security policies and standards
• Supported development of and maintenance of an information security compliance and metrics program for consistent management reporting of risks to sensitive information and technology resources across enterprise
• Managed InfoSec programs POA&Ms including advising on remediation efforts
• Leveraging the existing Governance, Risk and compliance (GRC) tool, Telos Xacta (or an alternative like CSAM or RSA Archer) to track and reconcile findings from assessments, audits, and vulnerability scans
• Monitored and verified data, investigated anomalies and intervened on various processes for report generation
• Maintained confidential participant benefit information
• Provides management planning and control information by collecting, analyzing and summarizing participant benefit data and trends.