Dianne Co
Pembroke Pines,FL
Summary
15+ years experience financial analytical skills; IT security assessment; financial services auditing; risk management assurance; information system controls; implementation and procedures analysis; effective communication skills with both technical and non-technical stakeholders at all levels.
Overview
1
1
Certification
Work History
Licensed Field Underwriter
Lincoln Heritage Life Insurance
- Interim control testing for the SOX IT SOX General Controls audit for a major client
- Updates and risk control matrix updates to address the infrastructure system and applications which serves as the source for financial reporting information identified and scoped in SOX ITGC testing
- Testing key controls with high and medium risk rating
- Updating in the Risk Control Matrix
IT Audit Contract
K-Force
- Interim control testing for SOX IT General Controls for a major client
- Narrative document updates and risk control matrix updates to address the infrastructure systems and applications which serve as a source for financial reporting information was identified and scoped in for ITGC testing
- Testing key controls with high and medium risk rating updated the Risk Control Matrix.
IT Operational Risk Team Member/IT Operational Risk Consultant
Wells Fargo Bank
- International Risk Management to export data from the SHRP database (system of record) to the Risk Register used to populate data for the monthly divisional reports to provide to the Bank’s Executive Management team
- Participated in weekly project management team meeting to identify audit and regulatory engagement to include in monthly divisional reports
- Reconciled the Risk Register with the SHRP database to ensure entries were accurate to review for duplicate entries prior to creating monthly divisional reports
- CIV team member responsible for performing validation of corrective actions (e.g., Infrastructure upgrade to SHA-2 issued certificates, and Restricting Access to Terra data and UNIX servers); Review of corrective actions to determine if the risk was successfully mitigated (e.g., Active Directory Services Team is required to provide quarterly review for users with privileged access to Windows and UNIX production servers; Responsible for assessing the sustainability of the corrective action (e.g
- Verified an agent was required to be installed on all new servers to allow for the installation of the SHA-2 certificate
- Otherwise, the server would not be able to connect to the network); Assigned responsibility for drafting memos for validation testing results and for making appropriate recommendations (e.g., Develop test scripts for each key control to make certain Currency Transactions Reporting (CTR) application processes were ready for regression testing.
Security Compliance Audit Manager
Alorica, Inc.
- Hired as the company's first internal auditor and was assigned to assess compliance with the American Express contract since the company was in jeopardy of losing the contract which was purchased from Precision Response Corporation while in bankruptcy
- Implement a comprehensive set of controls for Amex and Alorica decided to utilize them for Bank of America and expand them for their other clients; Drafted the Compliance Committee Charter outlining the responsibilities and duties associated with the American Express contract to ensure that various contractual obligations were identified, and the impact of non-compliance was addressed within a tolerable risk level; Developed the audit methodology to identify and prioritize technology and business risks, to evaluate the effectiveness of the risk mitigation strategy and ensure exceptions identified would be addressed promptly for high priority risks
- Drafted the Risk and Control Matrix used to assess the technology and business processes in order to mitigate, Ronan acceptable level, the risk that may have adversely affected the Company's ability to achieve its contractual obligations
- Accomplishments: Used the American Express contract as a baseline best practices model
- Created and Implemented a comprehensive set of controls for testing compliance and identifying areas of non-compliance at Amex
- Alorica decided to extend the same concept to use for their other clients with contracts
- Used for Bank of America and Alorica’s other clients under contract as a business process best practices.
IT Operational Risk Consultant/Internal Auditor
SBA Corporation
- Testing for the Sox IT General Controls Computer Operations System Access, Program Development and Change Management; Assigned responsibility for testing SOX ITGC controls Computer Operations, System Access, Program Development and Change Management
- Assigned responsibility for testing SOX ITGC application controls Tracing transactions through the Great Plains v6.0 and Great Plains V10.0, performing manual calculations and reviewing the SQL and Crystal reports that were generated to ensure the accuracy and completeness of the data reported in the Company's
Senior IT SOX Analyst
Office Depot
- Control Design assessment working with the process owners to identify, define, and document operational IT processes (IT controls, key personnel and systems): Conducted SOX IT control testing to access the the Sox IT General Controls for Computer Operations, System Access; Program development and Change Management; Providing guidance with remediation efforts for exceptions exceeding acceptable thresholds requiring a formal remediation plans Ongoing training efforts with process owners Performed software and system validations during the Oracle E-business system implementation System integration for E-business implementation compliance for SOX and PCI data security standards for formal reports to Senior Management for the E-business implementation for SOX and PCI compliance; UAT test scripts to ensure they contained many scenarios.
Senior IT Analyst
MasTec
01.2018
- Performed security assessment monthly to proactively identify potential security risks and to track exceptions from remediation efforts through retesting and closure
- Testing Oracle High Risk Responsibilities to access if role assigned to users resulted in conflict in the Segregation of Duties (SOD) or role assignments not properly authorized
- Using the V-Lookup functionality, compared users with access to the UNIX databases to the HR termination listing to access if the access was promptly removed upon termination and/or transfer to another role.
Senior IT Operational Risk Consultant/IT Auditor
HEICO Corporation
01.2015
- Interim control testing for the Sox IT General Controls for 20+ subsidiaries; Assigned responsibility for retesting ITGC controls noted with exceptions; Participated in validating corrective action to conclude noted with exceptions; Responsible for conducting roll forward testing for ITGC controls deemed to be high priority risk.
Education
Bachelor Of Business Administration - Management And Accounting
Christian Brothers University
Memphis, TNMaster Of Science - Management Information Systems
St. Thomas University
Miami1997
Master Of Accounting -
St. Thomas University
Miami, FL1995
Skills
- Insurance Underwriting
- Financial Services Auditor
- Risk Management
- Information System Control
- Fraud Examiner
Certification
Certified Financial Services Auditor
Certified Risk Management Assurance
Certified Fraud Examiner
Certified Risk & Information System Control
License Field Underwriter
Timeline
Senior IT Analyst
MasTec
01.2018
Senior IT Operational Risk Consultant/IT Auditor
HEICO Corporation
01.2015
Licensed Field Underwriter
Lincoln Heritage Life Insurance
IT Audit Contract
K-Force
IT Operational Risk Team Member/IT Operational Risk Consultant
Wells Fargo Bank
Security Compliance Audit Manager
Alorica, Inc.
IT Operational Risk Consultant/Internal Auditor
SBA Corporation
Senior IT SOX Analyst
Office Depot
Bachelor Of Business Administration - Management And Accounting
Christian Brothers University
Master Of Science - Management Information Systems
St. Thomas University
Master Of Accounting -
St. Thomas University