Director IT Compliance / Sr. IT Auditor Manager with thirteen years of leadership and managerial acumen to address audit issues; provide successful results by remediating and reducing existing IT and financial deficiencies and ensuring enterprise wide compliance with existing SOX, Federal and State guidelines.
Aug 2008 - Present
Director IT Compliance and Services (Contractor)
Worked at nation’s largest specialty retailer of hardwood flooring. This role required building a SOX compliance program from ground up and spearheadingPCI DSS certificationproject; hiring and managing Project Manager and Business Analysts responsible for leading critical enterprise initiatives and setting up a Service Desk team to service 650 employees across 150 stores nationwide and corporate office.
·Reported directly to CIO. Had 4 direct reports (2 Sr. Business Analysts; 1 Service Desk Manager and 1 IT SOX Analyst) and indirect reports (3 Service Desk Specialists)
·Streamlined and implemented new SOX processes and procedures reducing 18 control deficiencies to 1 by end of 1st qtr 2009.
·Established access review procedures and ITIL based Change management / problem and incident management processes and controls that resulted in remediating existing deficiencies and passing Q3/Q4’08 internal audit tests.
·Collaborated with Service Desk Manager to establish service desk processes for Incident / Problem / Change Management; create SOPs / revise existing SLAs; which resulted in increasing customer satisfaction.
·Hired IT SOX Analyst to manage and review the operating effectiveness of existing IT general controls. Reviewed, critiqued quarterly Internal Audit test reports prepared by IT SOX Analyst and provided recommendations before submitting test results to Director Internal Audit and E&Y.
·Performed annual performance reviews for all direct reports.
May 2008 - Jul 2008
Sr. Project Manager
As a Sr. Project Manager at a startup company managed Moblize engagement team to document high level business, functional, and technological requirements.
·Interviewed users and documented “as if” and “to be” process to assist client to design and frame requirements for implementing an integrated solution for the collection and use of drilling and geological data.
·Prepared vendor pre-qualification questionnaire; carried out gap analysis to identify risks to real time deployment; and developed gap analysis and value based need assessment and planning tool to allow client across various business units to rank defined requirements.
Sep 2007 - May 2008
Sr. Project Manager, ARMICS Audit
Dept. of Planning and Budget, Dept. of Criminal Justice Services and Dept. of Veteran Services, Commonwealth of Virginia
Managed and supervised execution of ARMICS (Agency Risk Management and Internal Controls Standards) audit project for various state agencies in Commonwealth of VA. My role involved hiring and supervising consultants; project planning / resource and task allocation / weekly project status reporting / tracking actual against budgeted costs; interviewing, documenting and testing critical financial and business processes.
·Successful execution of $500,000 project. All audits were finished within budgeted project hours.
·Supervised 1 Senior Consultant and 1 Junior Consultant. Performed assessment of agency’s overall control environment by interviewing and documenting key critical business processes.
·Executed tests and managed team’s testing of key fiscal processes that generated transactions in CARS. Assessed adequacy and operating effectiveness of existing controls and identified controls that were required to be implemented to address existing deficiencies.
·Communicated audit finings to agency’s senior management. Obtained acceptance of business risk where applicable.
·Evaluated severity of identified deficiencies; developed and presented corrective action plans to agency senior management.
Dec 2006 - Jun 2007
Sr. Project Manager / Program Manager
Carried out risk and audit assessment for all ECM IT applications to ensure that they were compliant with SOX, PCI DSS, FFEIC and internal Capital One security / IA policies and guidelines. Reported deficiencies and worked with Sr. Managers and Directors to develop remediation plans.
·Finished risk and audit assessments within defined time frame of six months. This resulted in ECM group being able to assess remediation plans impact on various ongoing infrastructure and software development projects.
·Worked with IT directors / Sr. Managers / platform managers and business analysts to review and consolidate Operations and IT risks for various applications to better manage risk exposure and develop focused mitigation plans
·Performed disaster recovery and security audits for various IT environments and applications (UNIX, Windows, client/server, intranet / internet, VRU systems etc.)
Sep 2005 - Dec 2006
Overall responsibility was to ensure 24/7/365 availability ofCapital One credit card website providing service to 14 million credit card customers; testing SOX and internal controls; and translating FFEIC / Credit Card and Banking regulations to business and system requirements for new OAS platform.
·Remediated and successfully closed 6 significant deficiencies identified by Internal Audit within 5 months as noted in the management response. This included developing Disaster Recovery procedures for the current OAS platform; access control reviews for OAS database etc.
·Remediated failed SOX control by developing appropriate audit procedures and carrying out quarterly testing. This resulted in SOX control passing for three successive quarters and reducing the frequency of testing by KPMG.
·Engaged technical resources and various teams to resolve production incidents in a timely manner. Identified root cause analysis of production issues; ensured that all resolution steps were implemented and communicatedincident details to business stakeholders and senior IT managers
·Worked closely with business customers and production services to design and develop SLA/OLA. Identified KPIs to ensure that infrastructure services objectives aligned with the needs of internal customers.
·Other responsibilities included capacity planning, incident resolution management, conducting database audits etc.
Jan 1996 - Sep 2005
Lead / Sr. Business Analyst / Site Engg
Performance Food Group; Performance Food Group; Capital One etc.
Jan’05 – June’05Collegiate Funding Services
IT Project Manager (SOX)
Aug’04 – Dec’04 Collegiate Funding Services
Senior Business Analyst
Oct’03 – Aug’04Capital One
Engagement Manager / Senior Business System Analyst
Feb’03 –Aug’03Capital One
Lead Business System Analyst
July’01 – Feb’03 Center of Information Technology, University of Dallas, TX
Jan’99 – Dec’00 CompuSmart Corporate, Canada
Jan’98 – Jan’99J Sainsbury, U.K.
Business AnalystJan’96 – Dec’97Nemerit Enterprises Ltd., Zambia Site Engineer