Stephanie Sims
Jonesboro
Summary
Dynamic IT Audit Manager with extensive experience at US Bank, specializing in compliance controls management and risk assessment. Demonstrated expertise in developing comprehensive audit plans and strengthening security frameworks. Proficient in training teams and executing cloud compliance audits to ensure robust information security and effective policy deployment. Committed to advancing organizational integrity through innovative audit strategies.
Overview
17
17
years of professional experience
1
1
Certification
Work History
IT Audit Manager – Risk and Compliance
US Bank
Atlanta
09.2017 - 03.2025
- Develop annual IT audit plans for upcoming audits
- Perform regular assessments of US Bank IT processes, risks, controls, and compliance, ensuring alignment with leading practices, industry standards, and frameworks (e.g., NIST 800-53, NIST 800-171)
- Evaluate IT risk management practices to ensure the identification, mitigation, and monitoring of key risks across the enterprise
- Conduct a risk assessment to identify potential threats and vulnerabilities
- Ensure appropriate risk mitigation strategies are implemented
- Evaluate the effectiveness of access control systems, such as user authentication, role-based access control (RBAC), and least privilege access
- Assess the use of multi-factor authentication (MFA) and strong password policies
- Assess the security of networks and communication channels, including firewalls, intrusion detection/prevention systems (IDS/IPS), and VPNs
- Ensure network segmentation is implemented, where necessary, to isolate sensitive information
- Check for real-time monitoring of security events, such as through Security Information and Event Management (SIEM) systems
- Ensure that security patches and updates are applied regularly to all systems
- Evaluate how the organization monitors and enforces compliance with security standards and regulations (e.g., GDPR, PCI-DSS)
- Investigate compliance problems, questions, or complaints raised by internal units, customers, and government regulatory agencies
- Develop, communicate, and escalate issue resolutions, providing actionable recommendations to key stakeholders for continued compliance and process improvement
- Assist with the implementation of corporate IT policies and procedures
- Perform sample-based testing to ensure adherence to established policies and manage associated evidence to demonstrate compliance with relevant statutes and regulations
- Provide support for internal and external audits, particularly for corporate audits, global security exception management, and third-party risk reviews
- Assist with the management and oversight of the Governance, Risk, and Compliance (GRC) platform, ensuring that risk assessments and compliance monitoring activities are accurately documented and tracked
- Audit the cloud environment (AWS, AZURE, GCP)
Senior Information Technology Auditor
US Bank (Elavon Payment Services)
Atlanta
08.2013 - 09.2017
- Conducted annual information security risk assessments in the areas of Application Controls, General Computer Controls and FFIEC Multi Factor Authentication
- Developed annual audit plan for upcoming audits
- Executed audit procedures to evaluate internal controls and compliance with standards and policies
- Performed tests and analyses, gather audit evidence, evaluate results, and develop conclusions about the adequacy of internal controls
- Wrote audit recommendation based on audit findings that addressed the root cause of the audit findings for Global Technology Solutions (GTS)
- Worked with management to ensure that management responses addressed the root cause
- Partner with IT Governance to ensure that all IT Controls are identified in the annual audit plan
- Partner with IT Risk Management to ensure all outstanding audit issues are tracked from beginning to closure
- Report on a monthly basis Audit Matrix and Exceptions Matrix to IT Governance to ensure that threshold is been met
- Provide monthly reporting on any outstanding audit issues and exceptions to Executive Management
- Interviewed GTS staff to understand their processes and developed standardize procedures
- Tracked and reported on the status of risk exceptions and risk acceptances
- In addition, followed up on risk exceptions that was about to expire and escalated issued in the weekly EMS IT GRC
- Knowledge of regulatory/compliance frameworks, such as, GBLA, NIST, PCI DSS, COBIT, SOC, SOX
- Developed training materials for new recruits as well as trained new hire
- Oversee the work of staff to ensure that audit performed was adequate
Manager of Information Technology Audit
MARTA
Atlanta
12.2010 - 08.2013
- Managed audit reviews and processes that included risk assessment, planning, audit program development, execution of audit procedures and communication of audit releases to senior manager
- Reviewed and evaluated corporate processes and policies
- Work with management to identify process improvements that lead to cost savings, revenue enhancement and improved risk management
- In addition, communicated control issues and best practices to management
- Conducted risk assessments to identify all auditable activities and evaluated the nature and significance of risk exposures within Technology
- Communicated findings and recommendations to management, determined root causes of issues and committed to implementing management action plans and track findings through remediation
- Provided training and mentored audit staff
- Delivered internal audit reports that were clear, concise and identified root cause which added value to the audited area
- Assisted the Director of Information Technology Audit in preparing the budget for the team
Senior Information Technology Auditor
MARTA
Atlanta
01.2008 - 12.2010
- Implemented IT Audit plans by performing audit reviews of computerized application systems and data processing related activities and completed them within established timeframes
- Served as the lead auditor-in-charge on projects as directed by the Director of Information Technology Audit
- Performed consulting engagements by participating in System Development Life Cycle projects
- Knowledge of regulatory/compliance frameworks; such as, PCI DSS, COBIT, SAS 70/SSAE 16, and FTA
- Conducted detailed network, operating system, database, application vulnerability assessments and security configuration audits
- Conducted integrated audits (IT and Operations) that included pre and post implementation reviews
- Developed formal written reports to effectively communicate audit results and recommendations to management
- Acted as liaison between the department and key business partners/business executives in the development and execution of the audit plan
- Evaluated internal controls and procedures for safeguarding assets, ensuring system security and integrity of data were protected
Education
MBA - Master of Business Administration
University of Phoenix
Atlanta, GA05-2004
BS - Computer Science
Tennessee State University
Nashville, TN05-1995
Skills
- Compliance controls management (PCI, GLBA, SOX, SOC)
- Training development
- Information security
- Successful policy deployment
- Risk assessment
- IT audit assessment planning
- Cloud compliance auditing
Certification
- CISA (Certified Info Systems Auditor)
- CRISC (Certified Risk & Mgmt. Systems Control)
Selected Achievements
- Designed comprehensive information security data classification, processes, and best practices for compliance with the Payment Card Industry Data Security Standards (PCI DSS) and Gramm-Leach-Bliley Act (GLBA) mandated requirements.
- Collaborated with disparate teams to produce data mappings that resulted in first ever data classification for the company.
- Improved stakeholders’ understanding of data life cycle management, which is foundational to security management.
- Built and deployed IT Audit policies, practices, and standard operating procedures based on COBIT.
- Partnered with Lines of Business and Internal Audit to standardize controls and testing procedures across the company.
- Realized cost savings due to reduced use of external auditors as a result of increased reliance on our standardized audits.
- Developed and implemented enterprise security policies/standards based on industry standards, such as PCI DSS, NIST, SOX, SOC, FFIEC.
- Heightened employees’ awareness of multiple layers of security and mutual responsibility to reduce overall breach risk to the company.
- Designed SOP templates to address audit recommendations.
- Provided Technology with a standard template for writing procedures.
Timeline
IT Audit Manager – Risk and Compliance
US Bank
09.2017 - 03.2025
Senior Information Technology Auditor
US Bank (Elavon Payment Services)
08.2013 - 09.2017
Manager of Information Technology Audit
MARTA
12.2010 - 08.2013
Senior Information Technology Auditor
MARTA
01.2008 - 12.2010
MBA - Master of Business Administration
University of Phoenix
BS - Computer Science
Tennessee State University
Similar Profiles
Missy MannMissy Mann
Third Party Risk Consultant at US BankThird Party Risk Consultant at US Bank
Jessica LANGE-CONNERSJessica LANGE-CONNERS
Small Business Specialist III at US BankSmall Business Specialist III at US Bank
Helene Beri AbandaHelene Beri Abanda
Customer Experience Specialist at US BankCustomer Experience Specialist at US Bank