top of page
TECHNICAL EXPERTISE

Certified Information Systems Auditor (CISA).  Executed more than 300 IT risk and control reviews including dozens of security control reviews.   Expert in identifying and evaluating IT risks against corresponding controls across an array of systems, processes and methodologies (see below).  Expert in all aspects of standard audit methodology (both internal and external) from scoping, testing (both control design and operation), risk/control analysis and documentation to reporting and remediation.

Audit Standards/Methodologies & Regulatory Frameworks

  • ISACA’s IS Audit & Assurance Standards (Expert)

  • Sarbanes-Oxley (SOX) Section 404 (Expert)

  • PCAOB’s Auditing Standard #5 (Advanced)

  • IIA’s International Professional Practices Framework (IPPF) (Advanced)

  • SSAE 18 – SOC 1 & SOC 2 Reports (Advanced)

Governance & Control Frameworks

  • COBIT v5 (Expert)

  • COSO (Advanced)

  • ITIL v3 (Advanced)

  • NIST Cybersecurity Framework (CSF) v1.1 (Advanced)

  • SWIFT Customer Security Controls Framework (CSCF) (Advanced)

  • Payment Card Industry Data Security Standard (PCI DSS) (Intermediate)

  • ISO 27001 and 27002 Information Security Management/Controls (Intermediate)

  • ISO 270017 Information Security Controls for Cloud Services (Intermediate)

  • Center for Internet Security (CIS) Controls (Intermediate)

  • NIST SP 800-53 Security & Privacy Controls (Intermediate)

Systems & Processes, Digital Technologies

  • Application Systems.  Formerly recognized as an SAP Technical Auditor at Deloitte (firm designation).  Additionally, have evaluated dozens of other applications over my career.

  • Infrastructure Systems.  Evaluated scores of different infrastructure systems and tools from a control perspective.  Worked extensively in Microsoft shops (i.e. Windows (both client and server-side), SQL Server, Active Directory, etc.).  Intermediate proficiency with UNIX and Oracle.  Have extensive experience evaluating controls across all aspects of the IT infrastructure environment (i.e. operating systems, databases, firewalls and other network devices, web servers/applications, virtualized environments, cloud computing and data centers), as well as the latest security technologies.

  • Business Processes.  Executed scores of business process control reviews (including automated controls within the supporting application) across all the major business processes including financial reporting, order to cash, purchase to payables, inventory management and HR/payroll.

  • Other Technologies.  Very strong level of proficiency in the entire Microsoft Office suite including MS Project and Visio. 

bottom of page