• Provided IT Audit, Privacy and cybersecurity services to help companies determine their information security risk and maturity level.
• Strong knowledge of business processes in various industries such as Banking/Financial, Manufacturing, Retail and Health Care.
• Experience preparing and presenting deliverables and findings in a clear, logical and concise manner to upper management (CIO, CFO, and Controller).
• Experience developing cybersecurity and compliance policies, standards and procedures that align with industry recognized frameworks such as ISO27001
● NIST CSF, GDPR, etc.
• Experience working with GRC tools such as Archer, LogicGate, ServiceNow OneTrust, etc.
• Strong knowledge of multiple cybersecurity, compliance and privacy frameworks such as NIST CSF/800-53/171
● PCI DSS, HIPAA, ISO 27001
● HITRUST, COBIT, CMMC, SOC 1&2, IT SOX, CCPA, GDPR, FDA Medical Device Cybersecurity Pre-Market and Post Market Guidelines etc.
• Experience performing third-party vendor security risk assessment from vendor profile to identify inherent risk to full validated security risk assessment to determine residual risk. Drafting report with recommendations and vendor action plans.
• Experience with Generative Artificial Intelligence (AI) developing and tuning Prompts and working with multiple Large Language Models (LLMs) such as ChatGPT, Llama, DBRX and Machine Learning.
• Experience reviewing third-party/vendor attestation/assessment report such as SOC 1&2, ISO27001
● HI

• Provided Chief Information Security Office (CISO) on demand service to help companies determine their information security maturity level.
• Strong technical knowledge of cybersecurity and IT audit frameworks and regulations such as NIST 800/CSF/171
● ISO 27001
● FDA Cybersecurity Pre-Market & Post Market, IRS-1075, MARS-E, COBIT, SOC1/SOC2, PCI DDS, HIPAA, CJIS, CMMC, FFIEC, SOX, SOC 1 & 2, DEA EPCS, HITRUST, etc.
• Experience with cloud environments security and audit controls for MS Azure, Office 365, AWS, GCP, G-Suite, etc.
• Experience with privacy domestic and international regulations such as GDPR, CCPA and US states privacy laws.
• Strong knowledge of business processes in various industries such as Banking/Financial, Manufacturing, Retail, Technology, Energy, Services, and Health Care.
• Built vendor security program for multiple organizations and responsible for conducting security reviews for third party vendors and internal developed applications.
• Experience preparing and presenting deliverables and findings in a clear, logical and concise manner to board of directors, upper management (CIO, CFO, etc.).
• Experience preparing reports that identify deficiencies, recommend alternative procedures for problem areas, and monitor all major exceptions until they are resolved.
• Provided quality service to clients by serving as a resource and responding to questions and/or concerns, providing information, and assisting in the evaluation of efficiencies while

Member of the Enterprise Risk Services management team and responsible for managing fortune 500 and medium size client engagements for private and public companies. Lead services such as Sarbanes-Oxley 404 IT audits, SAS 70 examinations, and individual projects resulting from major organizational changes, implementation of new technologies, or reliance on third-party service providers.
● Selected Clients Served: -Pentair Inc -Flexsteel Industries -Hawkins Inc -Communication Systems Inc -American Medical Systems -Northern Tool & Equipment -Federal Reserve Bank of Minneapolis -MDU Resources Inc -Royal Bank of Canada, Dain Rauscher -Bremer Bank -Marquette Financial Companies -Hartford Life Insurance -MidCountry Bank -Woodbury Financial Services -United Health Group -Ameriprise -ShopNBC -Dairy Queen

Lead IT audits engagements for Fortune 500 companies and medium size companies to evaluate the compliance with company policies and procedures, the adequacy of internal controls and the accuracy, integrity, and confidentiality of information processed areas.
● -Prepared IT audit planning, scope, budget and detailed fieldwork for the IT audit engagements. -Supervised staff during fieldwork, responsible for the day-to-day operations of the engagement. -Reviewed IT audit workpapers from staff. -Discussed findings, recommendations and agreeing action plans with senior management. -Prepared reports that identify deficiencies, recommend alternative procedures for problem areas, and monitor all major exceptions until they are resolved. -Lead SAS70 Type II engagements -Provide quality service to internal clients by responding to questions and/or concerns, providing information, while ensuring compliance with company policy and internal controls. -Reviewed the system of internal controls around the financial systems to comply with Sarbanes Oxley Section 404 act.

Performed IT audits to evaluate the compliance with company policies and procedures, the adequacy of internal controls and the accuracy, integrity, and confidentiality of information processed.
● -Prepared IT audit planning and IT audit programs and detailed fieldwork for the different audits. -Discussed findings, recommendations and agreeing action plans with senior management. -Prepared reports that identify deficiencies, recommend alternative procedures for problem areas, and monitor all major exceptions until they are resolved. -Provided quality service to internal clients by serving as a resource and responding to questions and/or concerns, providing information, and assisting in the evaluation of IT operational efficiencies while ensuring compliance with company policy and internal controls. -Reviewed the system of internal controls around the financial systems to comply with Sarbanes Oxley Section 404 act. -Provided advisory services for Information technology product purchase and development issues. -Performed jointly IT audit with staff from different culture on international locations such Europe and Latin America.

Performed on-site IT audits to evaluate the compliance with company policies and procedures, the adequacy of internal controls and the accuracy, integrity, and confidentiality of information processed in the following areas.
● • AS/400 mainframe computer.
• Netware, Windows NT and Unix Servers.
• Lotus notes.
• Comprehensive Banking System (CBS)/Fiserv.
• Network LAN/WAN.
• Firewall.
• Intrusion Detection System (IDS).
• Remote Access.
• Computer Operations.
• Change Management.
• Electronic Banking System (Internet Banking, Telephone Banking, ATM, POS, ACH and Wires).
• Internet and Intranet Web sites.
• Contingency Plan.
• Data Center Physical Security.
● -Assisted the Internal Audit Manager in developing the IT audit function.
-Prepared IT audit risk planning and IT audit programs and detailed fieldwork for the different audits. -Discussed findings, recommendations and agreeing action plans with senior management -Prepared IT audit reports that identify deficiencies, recommend alternative procedures for problem areas, and monitor all major exceptions until they are resolved. -Provided quality service to internal clients by serving as a resource and responding to questions and/or concerns, providing information, and assisting in the evaluation of IT operational efficiencies while ensuring compliance with company policy and internal controls. -Performed all information technology audits in accordance with Federal Financial Institution Examination Council (FFI