Analyst

Successfully delivered 30+ audit engagements, including 20+ ITGC/application control audits, 6 project reviews (pre and post implementations), 4 SOX cycles and an AI governance review; assumed primary IT audit leadership role following management turnover, independently planning and executing end-to-end risk-based audits; managed stakeholder interviews, risk assessments, control testing, issue remediation, and direct coordination with audit managers. Integrated GenAI (Microsoft Copilot) into audit workflows to streamline evidence analysis, risk assessment, and reporting, reducing documentation time by over 85% and enhancing audit quality through automated validation of system configurations and code against vendor documentation and industry standards. Assessed IT controls for cloud native infrastructure (AWS, Azure) and API management frameworks (Azure APIM, Postman), evaluating API security, zero trust identity governance (Okta), automated monitoring platforms (Datadog, Dynatrace, Azure Monitor), and enterprise applications (Oracle EBS, ServiceNow, Salesforce); partnered with infrastructure and engineering teams to translate compliance requirements into scalable, risk-based controls aligned with modern technology stacks. Led Software Development Lifecycle (SDLC) audit for enterprise insurance platform (Guidewire), evaluating Agile development controls including project planning, sprint management (Azure DevOps), user acceptance testing, defect tracking, and release management; identified critical control gap and partnered with development teams to implement improved release sign off process in ServiceNow. Performed SOX 404 compliance reviews for 10+ IT general controls annually across change management, access governance, and IT operations; providing quality assurance oversight and detailed coaching feedback to 5 associate auditors; reduced testing errors and rework through standardized documentation guidance and evidence assessment protocols. Evaluated application security controls and secure development practices, assessing static and dynamic application security testing (SAST/DAST) using Fortify for code vulnerability detection; reviewed security defect remediation workflows and integration of security testing into CI/CD pipelines to ensure vulnerabilities were addressed prior to production deployment. Participated in 3-month AI governance compliance audit against NIST AI Risk Management Framework, evaluating 3 product level policies and enterprise AI standards document; identified control gaps in testing protocols, regulatory assessments, and ethics reviews; co-architected internal AI control framework adopted as standard for future AI audits; reinforced expertise by obtaining AAIA (Advanced in AI Audit) certification. Enhanced audit quality and risk coverage by redesigning outdated walkthrough questionnaires to align with updated control frameworks and risk descriptions; deepened interview effectiveness and improved consistency across RBA and ITGC engagements.

Delivered IT security and compliance assessments for financial services and technology clients, evaluating security controls across infrastructure, network, application, and database layers. Designed and implemented automated testing frameworks using Python and Selenium, reducing manual QA efforts by 75% for enterprise client applications across web and desktop. Led remote QA team of 4 engineers executing biweekly regression testing cycles; developed internal training materials and video documentation on automation environment setup and test strategy best practices.

Developed and maintained full stack web applications for the IDNYC municipal card program using Angular, .NET, and SQL Server; implemented automated testing frameworks and CI/CD pipelines (BitBucket, GitLab, Azure DevOps). Built automated data processing system handling 10,000+ employee records daily, including API integrations, database optimization, and error handling for mission critical government operations.

Conducted technology risk assessments for technology and financial services clients, evaluating cybersecurity controls, data governance frameworks, and IT operational resilience across banking, insurance, and fintech platforms; assessed emerging technology implementations including cloud migrations and digital payment systems; mentored junior auditors on risk-based audit methodologies. Developed audit workpapers documenting control design effectiveness, security vulnerabilities, and compliance gaps; delivered risk advisory recommendations aligned with regulatory requirements.

Performed integrated IT audit and SOX compliance testing for Fortune 500 technology clients, evaluating IT general controls (ITGC) across change management, access governance, incident response, and IT operations. Trained associates on Big 4 audit methodologies and documentation requirements for SEC reporting entities.