Worked with IT areas to ensure critical analysis and documentation of processes. Performed IT control testing to confirm compliance with regulatory requirements and corporate policies while identifying and tracking issues through remediation in RSA Archer eGRC platform. Executed regulatory, security, IT, and risk-related projects.Compliance• Gained familiarity with regulatory framework requirements to ensure compliance with FISMA, NIST SP 800-53, FFIEC, HIPAA, GLBA, PCI DSS, FMS Standard (Treasury), DHS 4300A, FISCAM, NYDFS, IRS Publication 1075, and IRS Publication 4812.• Ensured process/control owners met specific requirements related to federal boundaries, including ED Servicing, Treasury, and IRS.• Worked with control owners to update controls as needed based on new or revised regulatory and/or corporate policy requirements.Control Testing• Developed and executed control test plans for 18 IT critical processes and associated integrated controls (including Sarbanes-Oxley).• Performed testing on assigned key control tests to ensure controls were designed and operating effectively.Issue Management• Identified issues and performed remediation validation, including effective and timely communication of issue statuses.External Audit Support• Worked with control owners to gather evidence and support work being performed by other groups.

Performed internal control management and control testing for management self-assessment at one of the nation’s leading education loan providers and servicers. Conducted internal audits, coordinated policy validations, and supported external SSAE 16, Sarbanes-Oxley Section 404 (SOX 404), and compliance audits. Audit Support• Acted as business unit liaison for corporate contracted audits and compliance reviews performed by Protiviti and PricewaterhouseCoopers (PwC) for SOX 404, SSAE 16, and regulatory compliance (Regulation B, Regulation Z, FACTA, and Fraud).• Coordinated more than 30 audits between 2007 and 2011.Internal Control Administration• Performed Internal Control Excellence (ICE) Program Management, leading other team members and following guidelines and procedures defined by Corporate Risk Assessment.• Coordinated internal control documentation updates, including control matrices, process narratives, and flowcharts.• Completed financial, operational, and compliance self-assessment control testing, meeting semi-annual control certification requirements.• Coordinated SOX 404 quarterly control certifications with executive management.• Ensured all issues were identified and documented, sent to Risk Control Committee (RCC) when required, and tracked until resolved.Compliance• Performed internal audits to ensure business areas complied with corporate policies and regulatory requirements.• Coordinated policy validations with business areas to ensure compliance of documented procedures with corporate policies. • Defined parameters for TIL disclosure implementation to satisfy Reg Z requirements, reducing number of disclosures sent from 4,700,000 to 2,350,000 annually and eliminated over 85% of disclosure errors. • Monitored over 14,000 disclosures in five-year time period, identifying accuracy problems and correcting more than 5,000 of them. • Executed monitoring process that identified and corrected 12 system issues affecting disclosures.