• Responsible for the development and continued expansion of an internal IT audit program aligned with identified risks and management expectations, which has led to a reduction of external audit exceptions from sixteen to two in first year of being hired and zero audit deficiencies six years in a row.• Lead the Information Security Management (ISM) program, which includes compliance with CCPA and GDPR.• Served as the liaison between internal and external audit teams, with direct responsibilities over the management of all internal and external audit activities. • Responsible for managing all audit findings, coordinating management responses, and remediation activities, and providing guidance to junior compliance analysts or IT managers who are assigned to engagements.• Conducted on-going ITAC and ITGC controls testing to ensure compliance with prescribed program, and reviewed evidence to ensure audit conclusions are well-documented and based upon a complete understanding of the relevant processes, circumstances, and risk.• Reviewed Oracle Cloud, Mainframe/AS400, BaaN ERP, Hyperion, OneStream, Infor XA, Microsoft Dynamics for compliance with Japanese Sarbanes Oxley (J-SOX) and eliminated J-SOX outsourced testing resulting in company savings of $80,000. In addition, responsible for identifying and remediation of numerous gaps which lead to an unqualified StoreConnect SOC2 report.• Assisted application owners in understanding the associated ITAC and ITGC controls for InforXA and Microsoft Dynamics applications being onboarded.• Oversaw automation of removing terminated employees Azure Active Directory access and annual user access review.• Lead the Change Management program through training and conducting Change Advisory Board meetings twice weekly.

• Performed business and process controls assessments on the organization’s technical ecosystem, including networking (security), operating systems, database environments, change management solutions, interfaces, and application development (SDLC) controls assessments.• Developed and maintained strategic relationships between internal audit function and the organization’s IT organization, and conducted opening, update, and closing meetings with key stakeholders for audit-related projects. • Coordinated meetings, document requests, and performed testing for external audits related to SOC 1 reporting and the annual Financial Audit. Participated in integrated audits and carried out ITGC testing in support of financial statements audits.• Prepared audit risk matrices used to identify, define, analyze, and remediate potential deficiencies while concurrently managing change management, disaster recovery, and IT security initiatives.

• Examined the systems and processes established by Operations to ensure compliance with Securities and Exchange Commission (SEC) regulations that could have a significant impact on operations.• Planned and performed operational and regulatory control reviews of various operations departments.• Reviewed and evaluated the adequacy and effectiveness of the Operations risk management process, system of internal control structure, and the quality of performance in carrying out assigned responsibilities.• Drafted review plans and performed testing, document preparation and research; review and testing of automated processes.• Responsible for timely execution of risk-based operational, financial and compliance reviews in accordance with the annual review plan.• Inspected records, documents, and systems for efficiency, effectiveness, and use of accepted procedures.• Examined and evaluated financial and information systems, documents findings and recommended controls to ensure system reliability and data integrity.• Reported results to senior members of Operations management and / or the Director and recommend changes in or improvements to operations and financial activities.

• Planned and performed technical and analytical reviews, developed audit approach strategies, drafted audit plans, performed audit testing, evaluated and interpreted system controls, reported audit risks, and advised senior and executive management on mitigating identified risks.• Coordinated review of the following process areas: Management of IT Activities, Physical Security, Logical Security, Problem and Change Management, Backup and Disaster Recovery, Operation and Contract Provisions.• Developed and executed strategic and tactical plans to manage budgeted hours, chargeable expenses, and field staff.• Performed and managed internal audits for (SOC) 1 and Statement on Auditing Standards (SAS) No. 94 audit.• Review of general controls utilized in various applications, databases, and operating systems.

• Performed information technology related audits including mainframe security, disaster recovery, capacity monitoring, threat management, vulnerability remediation, and segregation of duties against SPI and PCI compliance standards.• Performed and conducted complex custom analytics as needed by management.• Utilized TOAD to determine whether sensitive personal information existed within Oracle databases, and IDEA for data analysis when data sets contained more than 2M records.• Designed, coded, tested and debugged custom queries using SQL during data analysis to identify fraud.• Worked as lead on various audits, which included developing audit programs through risk assessment, coordinated completion of audits, report writing, and conducted closing meetings with various officers.• Recognized a $31M payment to a consulting firm that required further investigation and resulted in an audit finding.• Identified various deficiencies in operation where revenue was not being recovered and recognized a $31M payment to a consulting firm that required further investigation and resulted in an audit finding.• Assisted company with annual Sarbanes Oxley compliance through identification of business objectives, risk assessment, and internal control identification. Improved IT operations by identifying network security vulnerabilities and segregation of duties issues during two consecutive Sarbanes Oxley Information Technology General Control audits.• Ensured SOX compliance in accordance with COSO / COBIT frameworks in relation to financial and IT processes.• Served as department resource for Microsoft Access to improve operating efficiencies, test accuracy of data, and identify inaccurate data and potential fraud.• Served as Data Analysis Committee member tasked to identify data analysis that could be used during an audit and identify data analysis software that would meet department requirements.