Bridgewater, New Jersey, United States
A results-driven governance, risk, and compliance (GRC) professional with expertise in internal audit, cybersecurity program development, and operational risk mitigation. Proven track record in directing SOX audit readiness, successfully managing external inspections, and designing robust IT risk and control frameworks using NIST CSF and COSO methodologies.
•Directed SOX audit readiness program across 5 critical IT systems resulting in zero critical findings during two successive external audit inspections over two years. •Spearheaded IT assessment and Internal audit response efforts, successfully coordinating a NIST CSF 2.0 assessment, tabletop exercises for incident response and crisis management, and internal audits for cybersecurity, IT asset management, and SDLC. •Designed and deployed an IT Risk Register and control framework, addressing high-priority inherent IT/Cybersecurity risks using a NIST CSF methodology. •Authored or updated 10+ essential IT policies and Standard Operating Procedures (SOPs) and policies, standardizing compliance posture for employees and enhancing annual staff compliance training (including Cybersecurity and Data Handling, Acceptable Use, Risk Management, and TPRM). •Transformed the Third-Party Risk Management (TPRM) process for Cloud/SaaS vendors by standardizing due diligence assessments and control validation processes, which decreased average vendor on-boarding time and mitigated exposure from high-risk suppliers. Oversaw department that assessed 200+ vendors annually. •Managed Development of a high-impact Cybersecurity Awareness Training Program that included phishing simulation campaigns, cyberstrengh assessments, on-boarding and ad-hoc training, and quarterly newsletters.
•Perform detailed accounting analytics, identifying $96K of unbilled commercial real estate revenue, $60K of unbilled mini-storage revenue, $45K of duplicate invoice payments, and $20K of fraudulent vendor spend. •Work under the direction of the Board of Directors and Audit Committee, with the Director of Internal Audit and a field audit team. •Draft audit reports for upper management and the Audit Committee. Assist with Audit Committee presentation preparation. •Execute analytical, operational, and compliance audits for commercial buildings, residential buildings, corporate businesses, mini-storage, and parking lots. •Perform integrated audits, including procedures on system access, change management, security controls, segregations of duties, and operational controls. Adhere to the guidelines set by GAAP, GAAS, COSO, COBIT, ITGC, PII, and PCI standards. •Identify effective/efficient process and control improvements through internal audits. Implement the agreed upon audit actions with the process owners. •Collaborate with the Director of Internal Audit to create the annual audit plan using a governance, risk, compliance (“GRC”) strategy, and management interviews.
• Performed annual financial and operational control assessment for the New York, Mexico and Brazil operations. Identified business process risk points with findings spanning though the Finance, Information Technology, Logistics, Retail Operations, Merchandising, Public Relations, and Human Resources departments. • Facilitated and monitored remediation of the identified business process risk points. Worked closely with process owners using data analytical and policy experience to assist remediation. • Gathered information from business process owners and prepared semi-annual business risk assessments to report to HQ Internal Control in Rome. • Worked with external legal to revamp the lease contract database to provide adequate deadline notification and reduce risk of inadvertent contract expiration. • Drafted the local Business Continuity Plan to manage and document corporate office crisis scenarios. • Managed property and casualty insurance renewal, certificate requests, and incident reporting process. • Administered the corporate travel and purchasing credit cards.
• Performed pharmaceutical manufacturing, operations, research and development, policy, and financial audits. • Lead and performed domestic and foreign audits with limited guidance from supervisors. • Experienced in planning audits, identifying risks, creating audit program, communicating findings, and drafting audit reports. • Implemented automated auditing system for manual journal entries, travel and entertainment (T&E), and purchasing card (P-Card) functions. The implementation of the T&E auditing system led to the discovery of a major fraud amounting to over $200,000. • Trained individuals in the Accounts Payable department to operate the automated auditing system to perform periodic reviews of T&E and P-Card expenses. • Coordinated with external auditors to complete Sarbanes – Oxley testing as per AS5 guidance. • Performed peer review of audit workpapers and audit reports prior to issuance.
• Performed financial audits, reviews, compilations, and due diligence for both large and small companies in a wide spectrum of industries. • Audited SEC filings, including Form 8-K, Form 10-Q, and Form 10-K. • Audited General Ledger accounts including fixed assets, purchases and payables, revenue and receivables, and inventory. • Performed analytical procedures, as well as substantive and analytical testing. • Reviewed financial statements to ensure compliance with GAAP. • Developed test plans for internal controls and assessed the design and operating effectiveness of internal controls through independent testing under Sarbanes – Oxley regulation 404. • Worked in a team environment and trained new staff in basic auditing techniques.