• Provide comprehensive PCI, ISO 27001 assessments, and GRC advisory services to enhance client information system security compliance.• Develop and implement compliance monitoring programs to ensure adherence to regulatory and internal policies.• Collaborate with internal security teams to manage network security and mitigate identified vulnerabilities.• Lead risk assessments during mergers, identifying risks and suggesting corrective actions for integration processes.• Review 3rd party/vendor risk management processes to strengthen overall client security posture and compliance requirements.• Provide guidance on policy reviews to ensure alignment with best practices and regulatory standards.• Deliver security training sessions for clients to enhance awareness of compliance and risk management practices.Key Accomplishments: Achieved significant improvements in client compliance ratings through rigorous audit processes/ remediation strategies. Reduced security risks by 70% through comprehensive risk assessments and enhanced security control implementation.

• Designed security programs compliant with PCI DSS, ISO 27001, and CIS frameworks to mitigate risks.• Facilitated annual PCI assessments, managing artifact collections and remediation activities for regulatory compliance.• Reviewed and updated security policies to align with business goals and regulatory requirements.• Conducted business impact analyses to protect company assets based on their criticality and risk profile.• Oversaw updates to business continuity and disaster recovery plans to ensure operational resilience during disruptions.• Managed Security Operation Center (SOC), ensuring timely remediation of identified threats to enhance overall security posture, including EDR, XDR monitoring, and vulnerability management.• Developed and managed OWASP security awareness training for the development team as part of the secure coding initiatives I introduced to the company.• Established a third-party risk management program to evaluate and mitigate risks associated with vendors.• Collaborated with the development team to integrate security requirements throughout the software development life cycle.Key Accomplishments: Increased overall security posture by achieving successful compliance with PCI, CIS, and ISO standards company-wide. Developed and implemented security awareness training programs, resulting in a 90% improvement in employee security awareness ratings.

• Managed SOC 2 assessments from initiation through completion, ensuring compliance with audit requirements and standards.• Conducted PCI assessments for various sectors, ensuring adherence to the Self-Assessment Questionnaire framework.• Supported clients in updating IT policies and developing monitoring programs to enhance compliance efforts.• Established continuous vendor risk monitoring processes, improving risk identification/management for client organizations.• Developed audit test procedures, assessing the operating effectiveness of internal controls through comprehensive testing methods.• Documented exceptions found during audits, providing actionable recommendations for timely remediation of identified issues.• Conducted business continuity tabletop exercises to evaluate preparedness and improve disaster recovery planning initiatives.Key Accomplishments: Led multiple organizations to obtain compliance certifications, enhancing their operational credibility and reputation. Achieved a 95% satisfaction rate from clients on audit support services and remediation strategies provided.

• Planned and executed SOC 1 Type 2 audits, ensuring compliance with applicable GAAP requirements.• Conducted SOX IT general control audits, assessing access management and business recovery control effectiveness.• Evaluated application control audits to determine the design and operating effectiveness of automated controls.• Reviewed segregation of duties to mitigate potential risks and enhance organizational control effectiveness significantly.• Analyzed key reports and documentation to ensure compliance with regulatory standards and audit requirements.• Provided comprehensive audit findings to stakeholders, offering insights for improving internal control frameworks.

• Designed audit programs for many projects to execute audits efficiently by identifying key controls and documenting test plans.• Accomplished a walkthrough with IT management and executed application and IT general controls audits through interviews, observations, and demos.• Participated in IT projects and initiatives to include security and compliance risk controls throughout the system life cycle.• Teamed up with IT infrastructure management to enhance the IT control environment by evaluating and recommending improvements to the IT controls.• Documented and discussed audit findings with IT management and other process owners.• Reviewed the HITRUST reports and coordinated implementations of the auditor’s recommendations.• Assisted other Internal Audit team members by performing peer reviews of their work.

• Carried out Security Assessments for federal agencies and enterprise organizations following NIST 800-53 standard, which covers physical and environmental controls, network, application, data security, and Privacy controls.• Audited SOX IT Controls of public traded companies including the Access Management, Change Management, and Operational controls of SOX applications, databases, Windows, and Linux operating systems.• As a quality assurance team lead, reviewed the team members’ work to ensure excellent service delivery to the client.• Documented the project deliverable and the plan of action and milestone (POA&M), highlighting findings, and recommending remedial actions.

• Planned, executed, and reported service organization control audits (SOC 1 and 2, Type 1, and 2) for multiple clients in financial, educational, and healthcare industries, and data centers.• Accomplished IT security assessment of educational service providers to verify compliance with FISMA requirements following the NIST standard.• Established the IT internal controls and audited the design and operating effectiveness of companies’ internal controls relating to security, availability, confidentiality, processing integrity, privacy, and financial reporting.• Identified ineffective controls and communicated remediation actions to the clients.

• Oversaw the execution and reporting of Information System audits and SOX testing assignments to maintain adequate internal controls over the processing environment.• Carried out Month-end SOX Compliance audit that included change management and logical access controls, prepared month-end compliance audit reports, and followed up on the remediation processes.• Coordinated and participated in monthly password tests to ensure compliance with Security policies.• Trained new employees in SOX compliance testing and monitoring.• Collaborated with DBAs, Security Administrators, System Owners, and Managers to ensure that all the established processes operate effectively.• Monitored Ethics hotline to ensure that they were operating effectively.

• Planned and executed IT and financial audits of multi-million insurance companies, including identification of IT risks and key IT controls and assessing the operating effectiveness of controls using the COBiT framework.• Tested the identified IT controls to determine the effectiveness of the controls in place within the insurance company.• Followed up on exceptions noted during the IT audit to ensure timely corrective actions.• Documented my recommendations in an IT audit report.• Designed audit work programs in the TeamMate Audit Management system.• Interviewed C-level Executives to establish corporate governance, Risk management, and the Company's operations.• Prepared Management Letters and final IT Audit Reports, highlighting recommendations that improved operational effectiveness and efficiency.

• Supported the Finance & Accounting Director with the annual closing process and the annual budget process.• Performed analytical procedures for revenue generation and reporting.• Supported different departments through the reconciliation process of multiple systems’ generated reports.• In charge of the daily monitoring and closing for all the cashiers at Broward County Health Department.• Oversaw the overall monitoring and reconciliation of daily cash receipts from sub-ledgers to the general ledgers within CENTAX and HCMS accounting systems.