Responsible for managing a group of professionals within the Risk Advisory practice and overseeing the execution of SOX, SOC, and other attest services (e.g. HITRUST, HIPAA, AUP, etc.) at a national level. My experience in this position includes:• Lead the implementation of successful SOX 404 compliance programs, which included leading organization wide scoping efforts, control optimization, development of process documentation, and testing of key technology and business controls to help minimize the overall compliance cost and impact on the day-to-day operations.• Lead attestation engagements (e.g. SOC 1, SOC 2, AUP) and other risk advisory engagements (e.g. HITRUST, NIST, HIPAA).• Manage a team of assurance professionals, providing mentorship, coaching, and professional development, resulting in a highly effective and motivated team.• Build and maintain relationships with executive leadership and stakeholders of a diverse portfolio of SASS and Risk Advisory clients.• Develop and execute risk-based audit plans, ensuring coverage of critical areas and adherence to industry standards and regulations.• Present audit findings and recommendations to Audit Committee, executive leadership, and other stakeholders and assist in the risk based decision-making process.• Organize initiatives to enhance the efficiency of audit processes (e.g. planning, execution, and analysis of audit findings).• Manage a diverse portfolio of SOC and SOX audit projects, ensuring timely completion and alignment with established budgets, milestones, and organizational priorities.• Collaborate with cross functional teams on necessary projects.

Responsible for managing a group of professionals within the Florida Advisory Services practice and coordinating the delivery of Advisory solutions for all Florida based clients. My experience in this position included:• Assisting organizations to determine how to leverage special attestation reports in order to meet their compliance, regulatory, or client requirements following an efficient, and cost-effective approach.• Scoping, planning, and delivering Internal Audits for large public and private companies from the risk assessment process through the reporting phase.• Pricing, directing, and managing risk assessment engagements to help identify risk exposures from an operational, information technology, regulatory compliance, and/or corporate compliance standpoints.• Preparing audit reports and recommendations, communicate results to management and assist them with developing corrective action plans, including root cause analysis.• Coordinating engagement across multiple industries including technology, healthcare, not-for-profit, and financial services.• Actively participating in the design, development, and support of Grant Thornton’s SOC.x application as part of a select team of national Subject Matter Experts.

While working as a Risk Advisory Senior Associate I supervised the delivery of SOC reports, internal audits (IT and operational), IT audits, and other risk management services. I was also responsible for talent development of new associates and assisting with business development activities. My experience in this position included:• Overseeing the performance of System and Organization Controls ("SOC") examinations under SSAE-16 / SSAE-18 Attestation Standards including Financial Reporting controls (SOC 1) and AICPA Trust Services Criteria (SOC 2 & SOC 3).• Overseeing the performance of SOX compliance audits including Business Process Controls, ITGCs and/or Application Controls, Logical Security, Change Management and SDLC processes, Infrastructure, and System Implementations.• Overseeing a team of professional resources to ensure performance metrics are established and met throughout the execution of planned audit work.• Actively develop, train, coach, and provide feedback for the performance assessment of team members.• Establishing and developing effective working relationships with clients, anticipate client needs, and opportunities for improvement of business processes.

While working as an IS Assurance Senior Associate at BDO, I supervised the delivery of internal audits (IT and operational), IT audits, risk management services, and ITGC testing assistance to the Florida financial audit teams. I was also responsible for talent development of new associates and assisting with business development activities. My experience in this position included:• Designing planning consideration documents, audit programs, and assessing the impact of aggregated deficiencies related to SOX compliance audits of Publicly Traded Companies.• Performing integrated audits and reviews of general IT controls, system access security, and application system controls to help ensure that business processes address financial reporting risks and SOX compliance.• Working with management and Internal Audit to evaluate, communicate, and make practical recommendations to address audit findings.• Educating management and process owners on the importance of controls, an effective control environment, and risk mitigation strategies.• Conducting specialized audit engagements such as System Implementations, Financial Application Reviews, Segregation of Duties Assessments, Logical Access Reviews, and Automated Application reviews to both support integrated audits and as stand-alone agreed-upon procedures.• Reviewing staff workpapers and assisting in the development of new IS Assurance staff.• Performing specialized testing and data analysis using CAATs, and general audit software (e.g. IDEA, Access, etc.).

I worked as an IT Auditor at PAAST CPA where I was responsible for the execution of internal audits (IT and operational), compliance audits for financial institutions, and other risk management services. My experience in this position included:• Performing audits and reviews of IT General Controls (“ITGC”), IT governance, system access security, and application system controls of financial institutions to help ensure processes are in compliance with existing FDIC and OCC regulations.• Evaluating the adequacy of logical security controls of IBM iSeries (“AS/400”) systems for financial institutions and service providers. • Interviewing appropriate client personnel to identify internal controls that mitigate identified business risks.• Communicating any control issues, process inefficiencies, or operational risks, recommending appropriate solutions, and performing follow-up audits.• Performing and analyzing vulnerability assessments.• Developing audit programs and workpapers, and conducting entrance and exit meetings with management.• Managing intern’s performance of audit assignments, reviewing workpapers, preparing audit reports, and providing training and guidance to new auditors.