Senior GRC Analyst
Capital One
Total years of experience :5 years, 9 Months
Planning and leading collaborative risk-based IT audits and concluding whether risks are appropriately managed through the existence of effective control or other techniques.
• Supporting stakeholders in determining the appropriate treatment of identified risks and gaps, identifying appropriate action plans for risk remediation.
• Defining and documenting business process responsibilities and ownership of the controls in the GRC tool.
• Monitoring current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
• Creating risk assessments, track mitigation efforts and develop risk metrics and risk reports.
• Leading identification and implementation of enhancements to TPRM program.
• Executing audit procedures including leading interviews, requesting, reviewing, and analyzing evidence, and documenting test steps in detailed, well-supported work papers.
• Overseeing the SOX, PCI-DSS & SOC 2 compliance program.
• Conducting testing, readiness assessment & gap analysis on PCI-DSS, SOX & SOC 2 annual recertification.
• Leading interactions with external auditors.
• Maintaining business relationships with appropriate levels of management to ensure that Audit is aware of changes in business activities and objectives, and a necessary Audit response is developed.
• Coordinating and maintaining management’s compliance process controls documentation and review controls regularly to ensure adequate design and identification of key controls for processes that affect the company.
Conducted end to end IT process and application audits which includes conducting walkthroughs, creating the audit risk assessment and scope; developing, executing, and documenting the audit testing plan; discussing results with Management, drafting audit reports, and tracking audit issues to completion.
● Participated in the development of the risk control matrix (RCM) that summarizes and assesses the key risks, control objectives, control activities, and related test procedures.
● Executed test plans to assess operating effectiveness of control processes.
● Performed IT related, Sarbanes-Oxley and operational audits in accordance with the Institute of Internal Auditors (IIA) Professional Practices Framework.
● Conducted regular validation of design and effectiveness of internal control infrastructure, identifying control improvements, gaps, and issues with control execution within IT processes.
● Documented the audit walkthroughs and tests in the electronic workpaper system, ensuring steps are completed timely, with supervisory review.
● Prepared audit summaries and review audit results with senior management, providing observations and conclusions.
● Conducted IT General Controls (ITGC) and business controls testing to support the ICFR program and annual audit of Financial Statements
● Maintain updated knowledge of rules, regulations, and standards in the fields of internal audit, IT technology and related matters of interest to the department.
● Follow-up on outstanding findings to assess timeliness and appropriateness of actions taken by management.