Leslie Mariel Arevalo, CISA
Summary
With over a decade of experience in the field, my role as Regulatory Quality Assurance IT Manager at Pfizer has honed my expertise in IT auditing and regulatory compliance. Since joining Pfizer, I leveraged my skills in auditing, IT, and accounting, enhanced by my CISA certification, to tighten controls and enhance data integrity across our global operations. My previous positions at Pfizer Corporate Audit, Loews Corporation, and KPMG solidified my ability to manage complex audits and lead teams effectively. I'm committed to maintaining the highest standards of quality assurance, aligning with Pfizer's mission to deliver breakthroughs that change patients' lives while bringing diverse perspectives to our Level 2 audit strategies.
Overview
13
13
years of professional experience
Work History
RQA Manager - IT Audit, Corporate Compliance
Pfizer
01.2023 - Current
- Leads from planning to conclusion, independent evaluations of Pfizer's GxP Information systems and compliance control processes to ensure Pfizer's GxP risks are properly managed
- Responsible to scope, plan, supervise execution and report on information system, process, and control audits to assess compliance of digital systems and other technologies against regulations and guidelines, in addition to Pfizer standards, integrated with other GxP audit areas
- Served as Digital Audit Lead on the following audits: University of Bristol Non-Routine CRC; Dossier Change Management, Documentation, and PDM System Process Audit; Drug Safety Research & Development Business Line Process Audit; Safety Data Exchange Agreements Process Audit; and Canfield Scientific Vendor Audit
- Serves as Digital SME on Audits Out project to create and present quarterly/annual state of control reviews to summarize key points and to highlight any signals/trends that have emerged
- Executes testing as needed in the Access to Systems & Data/Data Integrity, Computer Systems Validation, Computer Operations, Software Development LifeCycle and Change Management domains
- Presents results of audits to senior management team, including recommendations to address identified risks, requiring strong negotiation and influence skills
- Maintains good working knowledge of general IT controls, processes, and industry standard platforms supporting GxP regulated activities
- Ensures digital audit standards and supporting departmental tools are well calibrated against regulatory expectations and interpretations, and audit outcomes driven to completion, issues escalated, and risks effectively mitigated through design of holistic remediation plans and effective CAPA
- Contributes to continuous improvement programs to enhance audit program, standards, or cross functional alignment of risks
- Mentors and onboarded senior auditors, sharing knowledge and best practices to foster their professional growth within the team
- Serves as Digital RQA SME on Taxonomy Refresh project to expand and review use of existing taxonomy for risk management analysis
- Volunteered to be RQA CoPilot Champion to develop use cases to incorporate Microsoft CoPilot to digital audit testing to quickly adapt to emerging AI technology
- Uses critical thinking in audits to break down problems, evaluate solutions and make decisions.
- Self-motivated, with strong sense of personal responsibility
- Passionate about learning and committed to continual improvement
- Works effectively in fast-paced environments.
- Interviewed potential summer intern candidates and provided feedback
- Skilled at working independently and collaboratively in a team environment
- Develops and maintains courteous and effective working relationships with Business Process Owners and RQA colleagues
- Proven ability to learn quickly and adapt to new situations
- Demonstrates strong organizational and time management skills while managing multiple projects.
Acting Manager/Senior IT Auditor, Corporate Audit
Pfizer
03.2017 - 12.2022
- Performed documentation, testing, and maintain client relationships on information technology engagements
- Interacted regularly with external auditors and Business Process Owners to ensure audit execution, completion, and timely remediation of audit findings
- Performed IT General Controls and Application Controls audit for applications such as Hyperion Financial Management (HFM), Ariba Indirect Procurement, EnterpriseOne, FLEX, Global Data Centers, GetAccess, Pfizer Authorization Limits (PAL), and SAP
- Executed GxP Computer Systems Validation IT General Controls audits to ensure clinical and manufacturing systems are in compliance with FDA 21 CFR Part 11 regulations for applications such as Controlant, My Anti-Corruption Policies and Procedures (MAPP), AXIS 360, Cadency, Global Randomization Administrative and Authoritative Blinding System (GRAABS), Siebel Clinical Trial Management System (CTMS), Secure Consent, and Clinical Supplies Distribution System (CSDS)
- Served as Acting Manager on thefollowing GxP Audits: PVAI Intake (SAAIL Program), KNEAT Core Solution, and AMPS Deployment- PGS Sanford audits
- Performed Deployment/Post-Implementation audits for SAP and EnterpriseOne
- Reviewed third party service providers' controls, by means of SOC reports and Vendor Compliance Assessment Reports
- Lead on Digital Risk Assessment SBF
- Responsible for creating audit records, identifying and summarizing risks from Digital LT interviews, updating audit universe and creating risk assessment records with risk score for annual risk assessment process for CA Digital
- Active participant with Pfizer CRG Latino Community, including during key events such as Hispanic Heritage Month and Latino Mentoring Program.
Senior IT Internal Auditor
Loews Corporation
09.2013 - 03.2017
- Reviewed and evaluated effectiveness and design of established internal SOX IT general controls
- Led and supervised IT audit engagements by creating scope and planning memorandums, audit programs, request lists, reviewing work papers, and communicating findings and recommendations to management
- Conducted operational and financial audits for Loews Hotels by reviewing processes and procedures in place to identify opportunities for improving efficiency of hotels' operations
- Performed annual IT Risk Assessments to assess risks unique to each subsidiary and identify areas of focus for IT's audit plan
- Performed Cyber Security Readiness Questionnaires for Loews's subsidiaries verifying self-assessments through inquiry and reviewing supporting documentation
- Prepared and presented audit reports detailing procedures performed, findings and remediation plans
- Performed forensic audit in Canary Islands, Spain, by conducting investigative interviews, reviewing documentation, and composing summary memos
- Executed system implementation reviews across all subsidiaries
- Conducted PCI compliance audits to verify security of cardholder data at Loews Hotels
- Monitored and trained audit staff assigned to engagements.
IT Attestation Associate, Advisory Services
KPMG LLC
07.2011 - 09.2013
- Performed testing in all areas of IT General Controls portions of audit (Logical Access, Change Management, Program Development, and Computer Operations) of IT systems including JD Edwards, MS Dynamics GP, SAP, MFGPro, Hyperion, and Kronos
- Supervised staff, compiled deliverables and work papers within deadlines and budgetary requirements and served as primary point of contact with client personnel
- Assisted management in identifying and documenting internal controls as part of SOX compliance identified internal control gaps and provided process improvement recommendations
- Conducted walkthroughs with process owners and performed test of design and test of operating effectiveness of business process and application controls including fixed assets, accounts receivables, payroll, and financial statement close for applications such as JD Edwards, MS Dynamics GP, and SAP
- Successfully performed in high-expectation, team-oriented environment while simultaneously managing multiple engagements
- Awarded three KPMG Encore Awards for outstanding achievement and work ethic on client engagements.
Education
Bachelor of Science - Accounting, Minor in Business Information Systems
Lehigh University
Bethlehem, PASkills
- IT Governance
- IT Risk Management
- Information Security
- Operating System Management
- Documentation And Reporting
- Information Confidentiality
- Change Management
- Computer Systems Validation
- Risk Assessment Analysis
- Internal Controls Evaluation
- Client Relationship Management
- Compliance Monitoring
Licenses & Certifications
- Connected Leaders Academy: Management Accelerator Program, McKinsey & Company, Ongoing
- Leadership Essentials, part of Hispanic & Latino Leadership Academy, McKinsey & Company, Issued Feb 2024
- Self-Leadership, McKinsey & Company, Issued Feb 2024
- Team Leadership, McKinsey & Company, Issued Jan 2024
- Business Leadership, McKinsey & Company, Issued Dec 2023
- Certified Information Systems Auditor (CISA): License Number 14118280, ISACA (Information Systems Audit and Control Association), Sept 2014
Languages
Spanish
Native or Bilingual
Affiliations
- Pfizer Latino Community, NYHQ Colleague Resource Group (CRG)
- ISACA New York Metropolitan Chapter, Gold Level
- Healthcare Businesswomen's Association (HBA)
- Pfizer Women's Resource Group - Digital CRG
- Pfizer Women's Resource Group - NYHQ CRG
- Pfizer Global Virtual Connections CRG
- Global Black Community, NYC CRG
- Pfizer Global Asian Alliance - New York CRG
- 2022 and 2024 Pfizer Latino Mentorship Program
Timeline
RQA Manager - IT Audit, Corporate Compliance
Pfizer
01.2023 - Current
Acting Manager/Senior IT Auditor, Corporate Audit
Pfizer
03.2017 - 12.2022
Senior IT Internal Auditor
Loews Corporation
09.2013 - 03.2017
IT Attestation Associate, Advisory Services
KPMG LLC
07.2011 - 09.2013
Bachelor of Science - Accounting, Minor in Business Information Systems
Lehigh University