Javed Peeran
Moorpark,CA
Summary
I am seeking a full-time opportunity as an IT Audit Manager with 20 years of experience in the financial services industry auditing the security of cloud platforms including its applications, databases, operating systems and servers. Experienced in risk management, IT internal control design and operating effectiveness of cybersecurity control procedures. As a CPA, I am proficient in understanding banking financial transactions and guiding technology projects towards efficient digital transformations of data center applications and services into Amazon AWS, Microsoft Azure & GCP cloud platforms. Reliable and analytical with strong foundation in cloud computing and cybersecurity principles. Possesses solid skills in threat assessment and mitigation, coupled with expertise in cloud infrastructure and network security. Capable of implementing security measures that enhance integrity and confidentiality of cloud environments.
Overview
22
22
years of professional experience
1
1
Certification
Work History
Cloud Security consulting
Active Cloud and Cybersecurity Technologies LLC
04.2024 - Current
- I have provided cloud audit services to “Capco Consulting Services LLC”
- My audit scope included the assessment of the design of cloud security architecture and operating assessment of the related control procedures to mitigate risks:
- Assessed cybersecurity controls in the following areas:
- Assessed the effectiveness of Data Loss Prevention control procedures using Forcepoint in identifying issues and vulnerabilities and a timely process to remediate them
- Comprehensive analysis and reporting to the senior management
- Reviewed the comprehensive nature of User Access Review (UARs), evaluated the results of segregation of duties and least access privileges
- Assessed the effectiveness of password configurations
- As part of infrastructure as code (IaC), reviewed dynamic application security testing (DAST) scans (using Nexus IQ tool), Static application security testing (SAST) scans (using SonarQube tool), and software composition analysis (SCA) scans (using Rapid7 tool) to evaluate security and code quality
- Reviewed security patching processes both within the cloud and vendor applications
- Reviewed the cybersecurity governance process using the FFIEC cybersecurity framework and cybersecurity assessment tool (CAT)
- Evaluated the Expel-Security Operation Center (SOC) tool to help detect and respond to cyber threats, in conjunction with ServiceNow (SNOW) and Splunk performance monitoring tools as part of the incident management process
- Reviewed results of Nexpose for perimeter scans to discover assets and vulnerabilities in network perimeter, Qualys for internal scan in Azure to discover assets and CrowdStrike for GCP scans for threat detection and container security
Cloud Security Project Manager (GRC consulting)
American Express
10.2023 - 03.2024
- Involved in gap analysis of Cybersecurity Risk Initiative (CRI) standard, Assessing the metrics, the dashboard monitoring and effectiveness in mitigating the risk
- Managing all cloud security compliance assessments and remediation of audit findings
- Leading discussions with auditors to understand the significance and criticality of the cloud security audit finding in relation to the agreed upon risks
- To further study the criticality of the IT control procedure, including compensating controls and its impact to agreed upon risk assessment
- Ensuring that the audit scope stays on agreed upon risks during the audit process
Vice President (IT Audit Manager of Cloud security)
SMBC (Subsidiary Jenius Bank)
10.2022 - 10.2023
- Led the audit of Microsoft Azure and GCP cloud platforms in the following areas:
- Led walkthrough discussion to identify control framework around the cloud technology platforms:
- Assessed the effectiveness of application programming interfaces (API)
- Ensured application backups and restores in cloud environment
- Validated IT change management using infrastructure as code (IaC) in Terraform, code deployment using Continuous Integration/Continuous Deployment (CI/CD) in Jenkins and source code management using GIT
- Assessed effectiveness of load balancing, security and scaling of nodes and container management in Kubernetes using Prometheus, Grafana, AWS CloudWatch and Azure Monitor
- Reviewed infrastructure monitoring, incident management generated from APIs, cloud and web applications, vendor application interfaces in compliance to policies and procedures
- Tested IT configuration management process of provisioning of cloud infrastructure and application deployment using Ansible, ServiceNow, Jira and Confluence
- Assessed automation of cloud patch management including third party vendor patch process
- Assessed system integration testing (SIT) and User Acceptance Testing (UAT), identifying testing plans, defects and retesting procedures
- Managed walkthroughs with business stakeholder communication
- Possess experience with audit procedures including planning, data flow diagrams, fieldwork, reporting, preparing audit reports and presentations
- I am highly motivated, possess strong written, verbal communication skills with a service-oriented mindset
- Strong critical thinking and experienced in relationship building skills
- Possess effective time management skills, providing guidance and mentoring experience
- Ability to incorporate data analysis and explain technical, sensitive information in a straightforward manner
Senior Manager – IT Audit Consulting
Robert Half/Protiviti Consulting
01.2022 - 10.2022
- Tested Continuous Control Monitoring (CCM):
- Connector testing between SailPoint (IAM) against Oracle Financial ERP
- New Hires against Active Directory
- Terminations against Active Directory
- New Access against SOX In-scope applications
- Evaluated Citizen Bot Builder (CBB) and POD Bots testing of Entitlements, IT Control Certifications (ITCC) and Manager Access Certification (MAC) reviews
- Audit of entitlements and SOX impact to financial statements
Vice President (IT Audit Senior Manager of Cloud security & cybersecurity)
AmeriHome Mortgage Company Inc
02.2020 - 02.2021
- Lead the development of SOX compliance, IT risk assessment process
- Discussed specific risks of systems and database tables impacting financial statements with various process owners to risk rank and enable an audit plan
- Conducted review of data security controls assessment specifically focused on both cloud and cyber security risks related to employees working from home due to Covid pandemic situation
- Audit Scope included the review of following control processes:
- Identity and Access Management reviewing configuration of OKTA, MFA and secure access to SAAS applications
- Data protection using CASB tools to control access, behavioral monitoring and controlling data from deleting, copying and downloading
- Endpoint Security including antivirus, VPN, encrypting data on endpoints, removable storage devices to protect against data leaks
- Security Awareness using social engineering, phishing exercises
- Incident Detection and Response using SIEM and Rapid7 tools
- Vulnerability and Patch Management identifying lack of up-to-date patches and remediation plans
- CIS controls framework to identify gap analysis and plans for remediation
- NIST Cybersecurity Framework to go deeper into analyzing and remediating risks
IT Audit Program Manager
Farmers Insurance
03.2019 - 02.2020
- Team management 2 Senior Auditors to accomplish all IT Audits, across all ICOFR related applications in the insurance company including 5 subsidiaries
- Provided effective leadership in testing of several ICOFR business and financial controls
Senior IT Auditor
PENNYMAC
02.2015 - 03.2019
- Internal Audit - Key Achievement:
- Validated IT security remediation to vulnerabilities as identified by application and network penetration testing exercises
- Audited data center IT operations processes, infrastructure and application monitoring to identify early detection of potential issues
- Tested all IT SOX General Controls (ITGCs)
Vice President (Senior IT Auditor)
CITY NATIONAL BANK
05.2013 - 02.2015
- Internal Audit - Key Achievements:
- Audited the project deployment of PeopleSoft financial suite and ensured that all project artifacts were properly developed and tested QA and UAT scenarios to ensure a successful and accurate deployment of the general ledger
- Tested all the IT General Control (ITGC) and application audits
IT Compliance Manager of SOX and Project Management Office (PMO)
ZENITH INSURANCE COMPANY
06.2005 - 05.2013
- Company Overview: A leading provider of worker's compensation insurance
- Management testing - Key achievements:
- Reviewed over 100 IT projects and ensured that each project was in compliance to SOX
- Tested all IT General Controls (ITGC) testing
- A leading provider of worker's compensation insurance
Accounting Manager
DIODES INC.
08.2002 - 06.2005
- Company Overview: $800 million publicly traded semiconductor Manufacturing Corporation with 4 subsidiaries
- Performed IT SOX compliance and led the implementation of Oracle Financial e-business suite
- $800 million publicly traded semiconductor Manufacturing Corporation with 4 subsidiaries
Education
M.B.A. - Finance, Computer Information System
DeVry University (Keller Graduate School of Management)
Chicago, IllinoisB.Sc. Bachelor’s degree with Honors - Accounting
ABU
Skills
- SAAS
- PAAS
- Enterprise Resource Planning (ERP)
- Oracle Cloud e-business suite
- Oracle PL/SQL
- Transaction SQL
- SAP
- Peoplesoft ERP
- SDLC
- Jira
- Confluence
- Agile
- Scrum
- MS Project
- AWS
- Microsoft Azure
- GCP
- SOC 1
- SOC 2
- NIST 800-83
- OWASP
- Security Control Assessment (SCA)
- FedRAMP
- ISO
- HIPPA
- Electronic Health Record (EHR)
- HITECH
- PCI compliance
- IT governance
- Data Analytics
- Microsoft SQL
- Excel
- Visualization technologies
- Automation technologies
- Generative AI
Certification
- Certified Information Systems Auditor (CISA), Active, 1083132
- Certified Information Security Manager (CISM), Active, 1013897
- Certified Data Privacy Solutions Engineer (CDPSE), Active, 2110662
- Oracle Certified Professional (OCP), in PL/SQL programming language and Transaction SQL.
- Interconnecting Cisco Networking Devices (ICND1)
- Certified Public Accountant (CPA), California, Active, 87238
- Certified Cloud Security Engineer (CCSE), In progress, EC-Council
Timeline
Cloud Security consulting
Active Cloud and Cybersecurity Technologies LLC
04.2024 - Current
Cloud Security Project Manager (GRC consulting)
American Express
10.2023 - 03.2024
Vice President (IT Audit Manager of Cloud security)
SMBC (Subsidiary Jenius Bank)
10.2022 - 10.2023
Senior Manager – IT Audit Consulting
Robert Half/Protiviti Consulting
01.2022 - 10.2022
Vice President (IT Audit Senior Manager of Cloud security & cybersecurity)
AmeriHome Mortgage Company Inc
02.2020 - 02.2021
IT Audit Program Manager
Farmers Insurance
03.2019 - 02.2020
Senior IT Auditor
PENNYMAC
02.2015 - 03.2019
Vice President (Senior IT Auditor)
CITY NATIONAL BANK
05.2013 - 02.2015
IT Compliance Manager of SOX and Project Management Office (PMO)
ZENITH INSURANCE COMPANY
06.2005 - 05.2013
Accounting Manager
DIODES INC.
08.2002 - 06.2005
M.B.A. - Finance, Computer Information System
DeVry University (Keller Graduate School of Management)
B.Sc. Bachelor’s degree with Honors - Accounting
ABU
Similar Profiles
Uliana SakhashchikUliana Sakhashchik
Engineer Developer at LLC “Cloud Technologies”Engineer Developer at LLC “Cloud Technologies”
NITHIN JOSEPHNITHIN JOSEPH
Sales Account Manager at Cloud Box Technologies LLCSales Account Manager at Cloud Box Technologies LLC
Purnima DurejaPurnima Dureja
Talent Acquisition Specialist at Forescout Technologies (Cybersecurity domain)Talent Acquisition Specialist at Forescout Technologies (Cybersecurity domain)
Stacie LiddellStacie Liddell
CSR at NVACSR at NVA
Kian LaKian La
Pet Sitter at Beth BakerPet Sitter at Beth Baker