Carlo P. Casagrande, Cissp, Cism, Crisc, Cisa, Cdpse Email & Phone Number

St. Petersburg, Florida, US

• Administer, review and update firm-wide information security practices, including IT general controls, CIS controls, and IT, privacy and cybersecurity standards and procedures
• Support the IT organization through identification of gaps in the control framework and recommendation of mitigating controls
• Create testing program for key controls to mitigate redundant efforts and audit impact on resources
• Maintain list of key IT controls to ensure compliance with regulatory requirements, such as SOX and PCI.DSS, and enforce management accountability
• Liaise with internal and external auditors to ensure reliability and accuracy of information sharing for SOX, SOC1 and FICCA audits related to IT and InfoSec controls
• Review and approve exception requests for deviations to IT security policies

New York, NY, US

• Performed and directs operational, compliance and IT risk assessments, including mitigation strategies
• Worked independently and with teams to manage projects and provide timely milestones and reporting
• Created new risk assessment procedures and reports and led execution of these assessments
• Provided IT best practices recommendations and works closely with technology teams through design, testing and and implementation phases to validate technology and process updates
• Reviewed policies and procedures to ensure a confidentiality, integrity and availability of systems
• Analyzed vendor risks related to acquisition of a digital technology company and communicate findings

London, GB

• Led project teams in reviewing change management/SDLC processes (Agile and Waterfall), identity and access management, business continuity and incident handling using a risk-based approach
• Managed six to eight engagement teams simultaneously over a book business of 1-2 million USD, from audit planning and execution through presentation of audit reports to clients
• Audited media ratings clients on the effectiveness of IT controls and provided SOC2+ reports around compliance with the AICPA Trust Services Principles for Security and Processing Integrity
• Provided formal counseling relationship to two individuals, including training, goal setting, mentoring, preparing and presenting annual reviews for the Southeast Advisory round tables
• Promoted to senior, then manager during tenure at EY

US

• Cross-trained in application of Sales and Use Tax and Unemployment Compensation taxation
• Directly managed relationships with taxpayers and representatives from CPAs to CEOs
• Supervised and trained new staff, including education and field audit direction
• Promoted to Tax Auditor III after one year of service

Jersey City, NJ, US

• Performed operational audits for business units providing trillions of dollars in security transaction settlement and asset services
• Mitigated risks by executing risk control assessments, evaluation of internal controls effectiveness, development of audit plans, testing and reporting
• Promoted to Internal Auditor II

Fort Lauderdale, FL, US

• Supervised and trained tellers and representatives
• Prepared SARs and CTRs in compliance with BSA/AML regulations
• Performed audits of internal controls and cash reconciliations for the retail bank location
• Promoted to specialist after cross-training as teller and sales representative