*Conducts annual audits for SOX and PCI compliance, utilizing industry-standard frameworks such as COBIT, COSO, FFIEC, NIST ISO, and ITIL*Performs Third Party Information Security risk assessments to evaluate the design and effectiveness of controls.*Documents assessment results and executive summaries using Sure Cloud.*Utilizes an internal ISO-based risk assessment process throughout the entire lifecycle, including kickoff, assessment, reporting, and management of findings and remediation responses/dates.*Provides consultation on findings and remediation resulting from other assessments.*Manages the maintenance of policies, standards, and procedures for Third-Party Risk Management.*Evaluates the effectiveness of security controls to ensure compliance with relevant policies, security laws, and regulations for Third Parties/Vendors*Serves as the main contact person during the annual SOX compliance audit and various special projects.*Conducts walkthroughs and detailed testing to assess the appropriateness and effectiveness of Information Technology General Controls (ITGCs) and IT Application controls (ITACS).*Conducts gap analysis on Management Directives(Policies, Standards, Procedures, and Processes) to determine compliance with industry-leading practices*Identifies control gaps in control design and provides recommendations for effective remediation steps.*Executes information security audits to assess the adequacy and effectiveness of designs, following the complete IT audit process including planning, execution, reporting, and necessary follow-up*Develops and executes test plans and RCM (Risk Control Matrix) to comprehensively capture and test controls within the scope of audit projects*Performs IT infrastructure audits, testing Operating Systems, Databases, Network Devices, and Servers*Contributes to achieving IT audit objectives by effectively executing the annual audit plan, assessing the adequacy of designs and effectiveness of internal controls

-Work cross-functionally with the IT and business process teams in various projects, involving quarterly SOX projects (ITGC & Financial Statements), operational audits, and other entity level control audits.-Conduct audits utilizing Office Depot’s audit testing templates via MS Excel as well as High Bond, a comprehensive GRC software tool, to keep track of audits, documentation, work paper references, etc.-Help create the audit program (budget hours, update information, etc.), maintain the audit program, and implement it.-Provide support with the planning, buildout, and continuation of ongoing metrics, key reports, analysis, and control panels to navigate key business solutions.Apprehend and adopt best audit practices in reporting and analysis, such as data integrity, test of design, validation, and documentation. -Assist with other various duties in the department.-Conducting ITAC, third-party assurance reviews (SOC 1/SOC 2), PCIDSS, cloud, risk evaluation and mitigation, strategy implementation and regulatory compliance services.Creating vulnerability report using outcome form Nessus and owasp zap resultRoot and Trend based analysis.-Performed per-implementation and post-implementation review of the System Development Life Cycle (SDLC) to ascertain the design adequacy and operating effectiveness of controls.Reviewing disaster recovery plans (DRP).

-Conducted SOC 1 audits and SOX 404 audits for our client engagement (from the entire audit lifecycle), utilizing a risk control matrix (RCM) tool to evaluate the likelihood and impact of risks, and assess the design adequacy and control effectiveness of the business processes-Utilized the eAudit software to analyze and report on data, including prior year’s audits for a specific business process, attaching work paper references, and reporting on the processes that were tested.-Tested change management controls (data migration from database to AWS), disaster recovery controls (assessing data backup procedures from prior year), access management controls, operational controls, etc.-Documented test findings with screenshots and detailed workpaper sheets prior to notifying the audit manager for a documentation review. -Introduced the team to adopt an agile approach when tracking status activities or action items requiring timely completion, correction, etc. -Led weekly team meetings utilizing an agile approach for status updates to understand where we were in the audit cycle, like if there were any impediments, what was in progress, what was being reviewed, and was completed.-Communicated frequently with the client for updates, documentation requests, etc. -Planned internal audit procedures, carried out fieldwork, and identified weaknesses in the Client’s control systemGood understanding in applicable framework such as NIST, HIPPA, PCI, GDPR, COBIT, SOC, COPPA, GRC, ISO,

Performed risk assessments to thoroughly understand the processes in scope, rated the impact and likelihood of risks occurring, and identified and sought key stakeholders within the company to verify the identification, assessment, and management of the risks.Performed regular audit testing and provide recommendationsProvided recommendations and guidance on identified security and control risks.