$46  / per hour

Years of experience



I am an experienced and results-oriented professional with a robust background in IT Audit, Regulatory Compliance, and Internal Controls. Throughout my career, I have demonstrated a strong understanding of IT governance frameworks such as NIST, GDPR, CCPA, ISO, SOC 1 & 2, SOX, HIPAA, PCI-DSS, and COBIT, among others. My expertise extends to conducting comprehensive audits in complex IT environments, ensuring adherence to regulatory requirements and best practices. I excel in communicating audit results and recommendations to stakeholders, fostering strong relationships with clients and internal teams. My skills include managing IT compliance programs, overseeing vulnerability assessments, and leading SOX, PCI-DSS, and SOC 2 recertification efforts. I am adept at navigating GRC platforms and am committed to staying abreast of emerging trends in IT audit and cybersecurity regulations. My proficiency spans IT management, systems development, implementation, and maintenance, supported by a thorough knowledge of business processes. I am skilled in conducting audit research, drafting detailed reports, and collaborating effectively across departments to drive process improvements. With certifications including CISA and a strong educational foundation in Business Administration, I bring a disciplined approach to project management and risk assessment. Fluent in English, Italian, and basic Spanish, I leverage exceptional communication and interpersonal skills to deliver high-quality results under tight deadlines.

Tech Stack

Audit, Cybersecurity, GRC Platforms, IT Consultant, MS Office, WordPress


  • Orchestrating risk-based IT audits by collaborating with IT and business management to develop control narratives, testing strategies, and schedules.
  • Conducting audit procedures including leading interviews, analyzing evidence, and documenting findings in meticulous work papers.
  • Overseeing compliance programs for SOX, PCI-DSS, and SOC 2, ensuring adherence through testing, readiness assessments, and gap analyses.
  • Spearheading enterprise-wide vulnerability management efforts, ensuring robust engagement and coordination with stakeholders.
  • Supporting audit reporting and managing issue remediation efforts, including tracking and addressing IT-related findings.
  • Coordinating and maintaining compliance documentation within GRC tools, ensuring controls are adequately designed and reviewed.
  • Conducting security awareness training sessions for new hires, enhancing organizational resilience against cybersecurity threats.

Employment history

Senior GRC Analyst, FIDELITY NATIONAL FINANCIAL January 2019 – Present

• Participate in the planning of internal audits by collaborating with IT and business management to develop control walkthrough narratives, the matrix of key controls, testing approach, and schedule.
• Executing audit procedures including leading interviews, requesting, reviewing, and analyzing evidence, and documenting test steps in detailed, well-supported work papers.
• Support audit reporting and issue remediation efforts, including tracking the status of open issues and other IT-related findings.
• Overseeing the SOX, PCI-DSS & SOC 2 compliance program.
• Conducting testing, readiness assessment & gap analysis on PCI-DSS, SOX & SOC 2 annual recertification process.
• Leading interactions with external auditors.
• Manage the enterprise-wide vulnerability program
• Ensure full engagement coordination with auditees and other staff
• Planning and leading collaborative risk-based IT audits and concluding whether risks are appropriately managed through the existence of effective control or other techniques.
• Coordinating and maintaining management’s compliance process controls documentation and review controls regularly to ensure adequate design and identification of key controls for processes that affect the company.
• Supporting stakeholders in determining the appropriate treatment of identified risks and gaps, identifying appropriate action plans for risk remediation.
• Defining and documenting business process responsibilities and ownership of the controls in the GRC tool.
• Conducting security awareness training for new hires.

IT Auditor, BORROWEL May 2016 – January 2019

• Supported the IT Internal Audit Program including control testing, execution, and reporting of results for cyber security review.
• Executed test plans to assess operating effectiveness of control processes pursuant Sarbanes-Oxley (SOX)
• Developed and communicated recommendations to correct control deficiencies, provide ideas for process enhancements, and follow up on audit findings to ensure they are addressed by process and control owners in a timely manner.
• Oversaw and monitored IT Control and Security change programs.
• Interacted effectively with clients, stakeholders, and team members in a wide variety of settings.
• Developed and proposed recommendations for control and efficiency improvements.
• Maintained business relationships with appropriate levels of management to ensure that Audit is aware of changes in business activities and objectives, and a necessary Audit response is developed.

Education history

George Brown College 2016 Associate Degree – Business Admin & Marketing
Download profile as PDF

We’ve helped 83 clients with IT recruitment and software development.

Read about a few of them below...

DevsData LLC Reviews 5.0 stars 37 reviews
Powered byClutch logo
Powered byClutch logo
See more testimonials
Similar blind CVs/resumes

I agree to and accept that DevsData LLC will provide better user experience by collecting, analyzing and cataloging information about Internet electronic addresses that I have connected with my devices and about the type of my devices (such as the type and version of software) as well as by making automatic decisions (not involving sensitive data). The agreement applies for the legally binding period, or until either the user or DevsData LLC withdraws from the agreement. Withdrawing from the agreement will result in removing the user's data. Please see our privacy policy.

We use cookies to provide the best experience for you. >More about cookie policyarrow

Book a call with our team

For software development projects, minimum engagement is $15,000.

Prefer email?
Quote mark

Best back-end engineers I've ever worked with...​

“I interviewed about a dozen different firms. DevsData LLC is truly exceptional – their backend developers are some of the best I’ve ever worked with. I’ve worked with a lot of very well-qualified developers, locally in San Francisco, and remotely, so that is not a compliment I offer lightly. I appreciate their depth of knowledge and their ability to get things done quickly. “


Nicholas Johnson




Thank you

We'll get back to you within 1 business day.