Location
CanadaRate
Years of experience
8+About
I am an experienced and results-oriented professional with a robust background in IT Audit, Regulatory Compliance, and Internal Controls. Throughout my career, I have demonstrated a strong understanding of IT governance frameworks such as NIST, GDPR, CCPA, ISO, SOC 1 & 2, SOX, HIPAA, PCI-DSS, and COBIT, among others. My expertise extends to conducting comprehensive audits in complex IT environments, ensuring adherence to regulatory requirements and best practices. I excel in communicating audit results and recommendations to stakeholders, fostering strong relationships with clients and internal teams. My skills include managing IT compliance programs, overseeing vulnerability assessments, and leading SOX, PCI-DSS, and SOC 2 recertification efforts. I am adept at navigating GRC platforms and am committed to staying abreast of emerging trends in IT audit and cybersecurity regulations. My proficiency spans IT management, systems development, implementation, and maintenance, supported by a thorough knowledge of business processes. I am skilled in conducting audit research, drafting detailed reports, and collaborating effectively across departments to drive process improvements. With certifications including CISA and a strong educational foundation in Business Administration, I bring a disciplined approach to project management and risk assessment. Fluent in English, Italian, and basic Spanish, I leverage exceptional communication and interpersonal skills to deliver high-quality results under tight deadlines.Tech Stack
Audit, Cybersecurity, GRC Platforms, IT Consultant, MS Office, WordPressExperience
- Orchestrating risk-based IT audits by collaborating with IT and business management to develop control narratives, testing strategies, and schedules.
- Conducting audit procedures including leading interviews, analyzing evidence, and documenting findings in meticulous work papers.
- Overseeing compliance programs for SOX, PCI-DSS, and SOC 2, ensuring adherence through testing, readiness assessments, and gap analyses.
- Spearheading enterprise-wide vulnerability management efforts, ensuring robust engagement and coordination with stakeholders.
- Supporting audit reporting and managing issue remediation efforts, including tracking and addressing IT-related findings.
- Coordinating and maintaining compliance documentation within GRC tools, ensuring controls are adequately designed and reviewed.
- Conducting security awareness training sessions for new hires, enhancing organizational resilience against cybersecurity threats.
Employment history
• Participate in the planning of internal audits by collaborating with IT and business management to develop control walkthrough narratives, the matrix of key controls, testing approach, and schedule.
• Executing audit procedures including leading interviews, requesting, reviewing, and analyzing evidence, and documenting test steps in detailed, well-supported work papers.
• Support audit reporting and issue remediation efforts, including tracking the status of open issues and other IT-related findings.
• Overseeing the SOX, PCI-DSS & SOC 2 compliance program.
• Conducting testing, readiness assessment & gap analysis on PCI-DSS, SOX & SOC 2 annual recertification process.
• Leading interactions with external auditors.
• Manage the enterprise-wide vulnerability program
• Ensure full engagement coordination with auditees and other staff
• Planning and leading collaborative risk-based IT audits and concluding whether risks are appropriately managed through the existence of effective control or other techniques.
• Coordinating and maintaining management’s compliance process controls documentation and review controls regularly to ensure adequate design and identification of key controls for processes that affect the company.
• Supporting stakeholders in determining the appropriate treatment of identified risks and gaps, identifying appropriate action plans for risk remediation.
• Defining and documenting business process responsibilities and ownership of the controls in the GRC tool.
• Conducting security awareness training for new hires.
• Supported the IT Internal Audit Program including control testing, execution, and reporting of results for cyber security review.
• Executed test plans to assess operating effectiveness of control processes pursuant Sarbanes-Oxley (SOX)
• Developed and communicated recommendations to correct control deficiencies, provide ideas for process enhancements, and follow up on audit findings to ensure they are addressed by process and control owners in a timely manner.
• Oversaw and monitored IT Control and Security change programs.
• Interacted effectively with clients, stakeholders, and team members in a wide variety of settings.
• Developed and proposed recommendations for control and efficiency improvements.
• Maintained business relationships with appropriate levels of management to ensure that Audit is aware of changes in business activities and objectives, and a necessary Audit response is developed.
Education history
We've delighted 83 clients with our IT recruitment and software development services.
Read about a few of them below...