IT Governance Experienced Manager and SAP Controls Assurance Lead, IT Risk Assurance
PRICEWATERHOUSECOOPERS (PwC), U.K. - Mid East Practice
Total years of experience :21 years, 8 months
IT Governance Experienced Manager and SAP Controls Assurance Lead, IT Risk Assurance
Advises large organizations in the government and private sector in identifying key technology risks posed to the organization and implement effective controls in reducing, removing and managing the impact associated with these risks.
Specializes in SAP BASIS and Segregation of Duties and provides services to a wide range of local clients. Have has developed experience in the Oil & Gas, Consumer service and Health Care sector . Has experience in delivering end to end SAP Post Implementation review for large scale SAP environments with a user base of 150 plus.
IT Risk Resilience
Experienced in the implementation of governance and control frameworks (including COBIT 5).
Worked closely with senior project steering committees to identify risks and mitigation strategies.
Advised organizations on COBIT/ITIL frameworks with objective of performing Enterprise IT Risk Assessment.
Governance & Controls Advisory
Provides guidance to large government organizations in designing effective IT governance forums through re-engineering of technology processes and formulation of key IT templates, process flows, policies and process narratives.
Benchmarked IT Governance, Risk, Processes and Procedures through utilization of proprietary IT Risk Diagnostic tool.
SAP Security and Controls
Developed key automated Health care control solutions sets, used by the UAE practice for auditing SAP systems, primarily in relation to SAP Business Processes and BASIS.
Delivery of SAP Post Implementation review and Internal Audits Delivery is inclusive of both audit and non audit clients focusing on recommending improvements to the SAP control environment.
IT Internal Audits
Direct all aspects of IT audits, including strategy, resource planning, operations, information security, applications, networks, databases, hardware/software, change management, and business continuity. Identify / develop opportunities for business expansion by creating IT proposals, engagement letters, and scope.
Drive high-level performance and productivity via Business Process/Service Management// Project Risk Assurance reviews such as Top Down & Bottom Up Reviews as well as Point-in-Time Project health / milestone monitoring, Go-Live Risk Readiness, and Executive Program Advising. Deliver projects on-time and within budget by expertly managing engagement economics and a team of up to 10 direct reports.
Subject Matter Expert in Risk Assessments based on performing Enterprise IT Risk Assessments (Application & Infrastructure) and formulate 3 Year IT Audit strategy on basis of IT Risk Universe and Auditable entities.
Standardized analyses of approach, scope, plan execution, and citations by creating templates for IT Governance, SAP, Business Continuity and Disaster Recovery, Project Assurance, and Data Integrity review, allowing quick turnaround of proposals.
Achieved 70% success rate of translating proposals to wins, based on developing the internal audit practice through high-quality proposals.
Maximized resource productivity and improved client satisfaction levels, work quality, recovery rates, and new business wins, by developing a comprehensive Skills Matrix to effectively manage bookings.
DELOITTE & TOUCHE, Mid East -- UAE Practice ● 2008-2013
Worldwide group providing auditing, consulting, financial advising, risk management, and tax services.
Enterprise Risk Services Manager
Managed all evaluation activities associated with IT Audit Risk Assessments and scope of External and Internal IT Audit engagements, including review of working papers. Identified and communicated potential risks, audit findings, and potential impact to all stakeholders, including clients, Executive Boards, and Audit Committees. Reviewed full range of working papers to finalize audit files for partner scrutiny, including Design and Operating Effectiveness of Control Testing, SAP/Oracle Automated and IT Controls: Change Management; Access Security; Data Center; Network Operations; Computer Generated Reports, Interface and Data Migration Testing.
Managed 8 direct report staffs.
• Optimized IT Governance practices for major IT departments, in alignment with industry best practices such as COBIT and ITIL.
• Virtually eliminated internal audit findings, reducing from 55 to 5 in just 6 months, by introducing full repository of remediation controls for IT Governance, Security, Operations, Program and Change Management to assist clients in strategy development and informed decision-making.
• Contained audit costs while increasing compliance by reducing incident / problem tickets 50%.
• Produced significant annual cost savings by reducing compromised / lost data and unauthorized access by mitigating risk via meticulous planning and implementation of critical business processes and technical controls for security breaches and disaster recovery.
• Maintained economic and budgetary standards by closely monitoring projects, WIP, and billing pipeline for audit fee collections and revenue levels.
• Extended Regional ERP practice and business development activities and internal initiatives by supporting stakeholders in completion of proposals, procedures, engagement letters, and sales.
• Delivered training programs with objective of identifying automated controls per Deloitte IT Risk Based methodology.
• Earned multiple performance awards, including National Audit Excellence and highest bonus.
PRICEWATERHOUSECOOPERS (PwC), Toronto, Canada ● 2005-2008
Global network of firms providing assurance, tax, and advisory services.
Experienced Senior Associate
Evaluated client's Self-Assessment processes and developed SOX and Bill 198 Controls, Issues log, and Project / Update Plans for continuous process improvement. Conducted Controls Audits via COBIT and COSO framework, Security analyses of SAP (BASIS) and Oracle, as well as Network, OS, Database, Active Directory, Windows 2003, AS/400, and SQL. Ensured compliance with CICA Section 5970 and AICPA SAS70. Directed 3 -member team.
• Re-engineered entire IT department to align with JD Edwards Application, and seamlessly managed change by introducing effective IT policies, procedures, templates, and delivering comprehensive training to 75+ middle and senior management staff.
• Orchestrated all aspects of field work for multiple clients, from formulating project budgets and conducting independent audit reviews to guiding clients in optimal information systems, resource management, and controls for maximum efficiency and risk mitigation.
• Contributed as key team member in completion of ITGC sections of SAS70 report.
• Captured consistent client wins annually valued at $100, 000, and turned around Management Letter reports by expertly developing a database of key risks and recommendations used as a bench mark to customize solutions for client needs.
• Awarded National SAP Training, based on exceptional Sales & Distribution training.
Resume Continues
TD SECURITIES, Toronto, Canada ● 2003-2005
Capital market products and services provider to government and institutional clients with 65, 000 staff.
Credit Portfolio Management Analyst
Implemented and managed Credit Risk Business Unit across all Global Releases, including project budgets, resource & cost allocation, deliverables, cost / benefit analyses, and key milestones / critical path planning. Formulated comprehensive change management procedures to implement BASEL II projects and meet all requirements. Monitored Risk Issues Logs across all projects to rank degree of risk and corrective actions.
• Centralized multiple credit applications into a single web application platform.
• Ensured successful global roll-outs by introducing manuals for effective testing of all business and technical contingencies and obtaining stakeholder support.
• Provided 24/7 support for Credit Risk applications by expertly increasing First Level Incident Resolution by negotiating productive service level agreements.
• Recognized by the Investment Banking Business Director for ability to deliver major project on time and within budget despite organizational challenges.
IBM GLOBAL SERVICES, Toronto, Canada ● 2002-2003
Leading worldwide technology, service, and business consulting business.
Senior Technical Support Analyst
Set up comprehensive policies and procedures for effective management of incidents, problems, change, and support by effectively using in-house methodologies.
• Achieved 90+% first level call resolution rate by creating functional documentation to define production severity procedures based on expert analysis of global revenues and objectives related to call center operations.
• Earned cash award for consistent top 3 ranking in call resolution rates out of team of 15.
TECHNICAL PROFESSIONAL DEVELOPMENT & EXPERTISE
* Management Excellence Training: Dubai, UAE
* COBIT 4.1 & 5 Foundation Workshop: Dubai, UAE
* IT Enterprise Risk Assessment Workshop: Dubai, UAE
* IT General & Automated Controls (SAP/Oracle) Workshop: Dubai, UAE
* SAP BASIS and Oracle Security and Business Process Audits: Toronto, Canada
* Effective Communication Strategies: Toronto, Canada
* Process and Project Management Fundamentals: Toronto, Canada
* Sarbanes Oxley Audits: Toronto, Canada
1996 B.S. in Management Information Systems Binghamton University [State University of New York], USA