Detroit Metropolitan Area
Experienced Information System Auditor who has successfully led risk based global information system audits assessing controls aimed at protecting customer and company business critical information asset. Expertise includes: • Identity and Access Management, Data Protection/security Audits. • Auditing end to end IT processes - Governance, Management, Monitoring and Change Control. • Control gap mitigation guidance and evidence verification including cyber-security vulnerability mitigation. • Vulnerability and patch management audits • Agile Framework, Scrum, Kanban. • Assessing/validating SOX , ITGC, DRBC & Cyber Security Controls for applications, • Auditing Data centers, databases, Servers, assembly, and manufacturing plant floor control machines • IT/Business Integrated Audits • Leading IT Audit and Report Generation. • Business Analysis, and Project Management. Technical Skills: • Fundamentals of Azure Cloud, Kubernetes/Open Shift, • Microsoft Excel - Macros and Pivot Tables. • RDBMS DBs, SQL, Access, PL-SQL and Hierarchical databases, • Power BI data visualization, • Value Stream Mapping Industry Knowledge: PCI-DSS || GDPR || SOC 1&2 || NIST-CSF || ISO-27002-203 || ISO-27001:2013 SSAE-18 || NIST-CSF || ITIL || SOX || HITRUST || GRC
- 02/05/25 - Passed CISSP Exam. - 03/27/25 - Passed AWS Certified Cloud Practitioner Exam. - AWS Solution Architect Associate - WIP - AWS Security Specialist - WIP - Security+ Exam - Work in Progress. - ISACA CRISC - Work in Progress.
• Implemented development controls in enterprise agile and iterative SDLC/change Control process for SAP ERP suite of applications resulting in earlier and easier and cost-effective implementation of access and data security controls into applications. • Successfully implemented KanBan and the practices Backlog Generation, Sizing, Grooming, Release Planning, Daily Standing Up, Release Demo and Retrospect.
Performed audit on information systems and infrastructure resulting in reduced number of control weakness and reduced number of security breach incidents. The following are some of the type of audits I led and executed. • Information System General Control Audits - Access control, Data Security, SoD, Change Control, Information protection, application data and network architecture, IT SoX compliance etc. • Mobile application audits for cyber security, cyber-attack vulnerability • Outside Service Provider audits resulting in improved security for Ford’s information assets. • IT processes end to end audit resulting in improved Governance, Management, Monitoring, and change control. • Manufacturing and Assembly Plant IT infrastructure (DXDs and control processors) resulting in reduced plant down time due to IT system and infrastructure failures. • Audited the usage of emerging technology, helping in identifying new and evolving control weaknesses and threats.
• Developed/implemented SDLC processes resulting in streamlined systematic delivery of IT Solutions. • Implemented Agile Methodology/practices and scaled agile methods resulting in more frequent solution deployment and earlier identification of problems. • Developed/Deployed Web Based and classroom training, and Single-Point-Lessons for learning Agile and Agile practices/ceremonies resulting in improved agility of the IT Solution Delivery business unit.