Performed internal Security and Compliance activities for the IaaS Public Cloud environmentCollaborated with security architects and technical security teams to define and implement security processes and procedures based on industry-standard best practices and compliance requirements.Performed risk management of public cloud security exceptions and corporate directive deviationsPerformed program management for IBM Cloud for Government FedRAMP complianceManaged cross team activities to maintain IC4G FedRAMP annual authorization Performed planning and development of work programs, identified recommendations for continuous improvement in global processes and controls, communicated results, and followed up on issues.Conducted Internal assessments, awareness and strategy development, and risk assessments.Reviewed and assessed controls to ensure compliance with ISO 27K, NIST, SOC2, FedRAMP, PCI, HIPAA, GDPR.Completed special requests for IBM’s Cloud Management and the CSO of VPC NextGen Cloud.

Performed Operational audits and projects related to IT systems, functions, and processes in accordance with the IIA, GAGAS, and National Institute of Standards and Technology (NIST) principles and practicesDesigned and implemented project risk assessmentsDeveloped audit programs and questionnaires to conduct audit planning and fieldworkCompleted process flowcharts and internal control mapsReviewed and documented IT functions, processes, and controlsDeveloped recommendations for internal control improvementReviewed systems and accesses for proper segregation of dutiesAudited Application Controls according to the IIA's Global Technology Audit Guide (GTAG)Audited Information Technology General Controls (ITGC)Reviewed change management processes and associated standard operating proceduresConducted data analytics through diverse methods using ACLMonitored status of projects, and communicated with IT staff and management to resolve issues

Developed and executed test procedures to validate control design and operation effectivenessDocumented process and control reviews for SOX 404 complianceDeveloped a risk assessment and facilitated the completion of royalty auditsDeveloped FCPA audit programs and conducted reviews of APAC and EUMEA entitiesParticipated on Enterprise Risk Assessment projectsCompleted Access Review projects

Coordinated and supported control owners in the implementation of Novartis financial controls for two legal entities and a Shared Service Center (SSC).Conducted the annual self-assessment on financial and corporate level controls (CLC’s)Reviewed business processes, Standard Operating Procedures, and internal controlsIdentified risks and operational inefficiencies, and implemented controls to mitigate themConducted non-financial compliance projects related to contract management, responsible procurement, due diligence, business continuity planning, and segregation of duties.Ensured compliance and trained personnel on Anti-Bribery, Code of Conduct, Data Privacy, and Fair Competition policiesCoordinated with business process owners to ensure full compliance with SOX 404

Conducted on-site and desk financial and programmatic audits (including ARRA grants) according to general auditing standards and accounting procedures (US GAAS / GAAP)Lead multiple high value projects / audits (up to $20 Million) by myself and as part of a teamReviewed budgets, expense allowances, contractual agreements, and information systemsAnalyzed management practices and proceduresSuggested financial and program improvementsImplemented a paperless audit tool / database (TeamMate) to increase division efficiencyDesigned and implemented a risk assessment model to conduct the annual audit planTrained and conducted quality reviews on work completed by junior auditors

Identified high risk vendorsPlaned and organized audit schedules and locationsConducted covert compliance reviews throughout the state of TexasGathered information and reviewed accounting records Interpreted Federal regulations and policiesCommunicated with vendors and management regarding compliance issuesCollected vendor billings and audit disallowancesTestified in vendor Fair Hearings

Reviewed engineering grants and contracts of private entities for the construction and replacement of railroad equipment and other transportation projectsConducted field audits at construction sites to verify materials, equipment and labor used according to contract and budget requirementsExamined activities, practices, and procedures for compliance with Federal guidelines