Uploaded File
Francis
francisocon90@gmail.com
703-498-8640
7713 Riverdale Rd #103
New Carrollton, MD 20784
IT Auditor
5 years experience W2
0
Recommendations
Average rating
99
Profile views
Summary

Professional IT auditor and Controls Specialist with years of experience in audit, risk assessments, in-depth knowledge of Sarbanes-Oxley Act (SOX), HIPAA, PCI DSS, IT General Controls (ITGC), SAS70/SSAE 18 attestation, and ERP security assessment (SAP, PeopleSoft & Oracle Financial) NIST 800-53 Frameworks. Extensive background in all stages of audit including planning, studying, evaluating, testing of controls, reporting, and follow-up.

SKILLS:

?ords, Excel, SharePoint Based System, SAP, Oracle Financial Team Mate, Audit Management System, Audit Command Language (ACL), MS Visio, Lotus Notes, and Working Knowledge of HUD Book 4350.

PROFESSIONAL AFFILIATIONS:

Member: Information Systems Audit and Control Association (ISACA) and Institute of Internal Auditor.

Experience
IT Auditor
Professional/Consulting Services
Feb 2019 - present
  • Performed IT Audit with emphasis on commercial public companies and federal government departments using ITGC, Application Controls, PCI DSS, COBIT, COSO, ISO 27001, and NIST 800-53.
  • Performed PCI audit and HIPAA audit for commercial companies and healthcare providers.
  • Conducted root cause analysis of vulnerabilities and coordinated with appropriate stakeholders to remediate findings on IT audit engagements within schedule and budget constraints.
  • Led IT Implementation and testing of internal controls over financial reporting: Sarbanes Oxley Act (SOX). Performed walkthroughs of controls and evaluated the operating effectiveness of controls.
  • Performed audit of IT general controls such as access control, change management, IT Operations, disaster recovery, and platform reviews (Windows).
  • Performed SSAE 18 (SAS 70) SOC 1 Type 2 report reviews for organizations within Insurance, Health, Financial Services, and other industries.
  • Performed various audit engagements using COBIT and FISCAM frameworks both in commercial and government entities. Also, performed SOX 404 annual compliance testing.
  • Planned IT audit engagements including preparing and monitoring the budget as well as scheduling and coordinating resources needed to complete the audits.
  • Evaluated segregation of duties over application security involving the company's ERP systems (SAP, PeopleSoft, and Oracle Financials) and executed audit strategy.
Auditing COBIT Compliance SOX NIST COSO Change Management PeopleSoft Regulatory Compliance Testing Regulatory Reporting Sarbanes-Oxley ITGC IT Audit General Controls
Remove Skill
Staff IT Auditor
Information Technology
May 2016 - Jan 2019
  • Evaluated IT and business processes for effectiveness and efficiency through obtaining an understanding of key business processes and internal controls.
  • Reviewed internal policies, procedures, existing laws, rules, and regulations to determine applicable compliance and the adequacy of underlying internal controls.
  • Performed IT general controls such as access control, change management, IT operations, disaster recovery, and platform reviews (Window and UNIX OS).
  • Identified risks associated with IT infrastructure, operations, and applications including pre/post-implementation audit reviews for ongoing IT projects along with current legacy applications.
  • Liaised between in-house managers/IT department and External Financial and Operational Auditors.
  • Performed assessment of IT internal controls as part of financial statement audit, Internal and operational audits, Attestation engagement, and Audit readiness.
  • Conducted testing of Sarbanes-Oxley (SOX), OMB Circular A-123 Audit, and Service Organization Control (SOC) SSAE 16 Review using COBIT and FISCAM frameworks.
  • Reviewed IT General Controls (ITGC) and various applications, databases, and operating systems.
  • Extensive knowledge of ERP systems (SAP and Oracle Financials), Microsoft Dynamics, and NetSuite.
Auditing Change Management COBIT Compliance Project Management Sarbanes-Oxley Operational Audits IT Audit General Controls ITGC
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Associate's in Information Systems
Ashworth College
Certifications
Certified Information System Auditor (CISA)
Skills
Auditing
2021
4
Change Management
2021
4
COBIT
2021
4
Compliance
2021
4
General Controls
2021
4
IT Audit
2021
4
ITGC
2021
4
Sarbanes-Oxley
2021
4
Operational Audits
2019
2
Project Management
2019
2
COSO
2021
1
NIST
2021
1
PeopleSoft
2021
1
Regulatory Compliance Testing
2021
1
Regulatory Reporting
2021
1
SOX
2021
1
CISA
0
1
Financial Advisor
0
1
Microsoft Excel
0
1
Risk Assessment
0
1