Taylor T.

Experience

• 

  SunTrust

  Dec 2011 - Apr 2017

  Senior Information Technology Auditor

  Conducted SOX and PCI compliance audits, ensuring adherence to SEC regulations.Verified control design adequacy and operating effectiveness of IT General Controls (ITGCs) and IT Application Controls (ITAC).Executed risk-based audit approaches for IT projects, determining control design appropriateness.Performed Cloud computing control testing, focusing on security access management, confidentiality, integrity, availability, encryption, and compatibility.Collaborated with external auditors during annual SOX and special projects.Reviewed SDLC implementation during pre and post phases.Conducted IT application control testing on ERP systems (SAP, Oracle Financials) to verify design adequacy and operating effectiveness.Executed IT infrastructure control testing on Servers, Network Devices, Operating Systems, and Databases.Documented work through accurate work papers capturing results of walkthroughs and control tests.Identified control gaps and testing exceptions, providing recommendations for improving the overall control environment.Executed SOC I, II, III, SOC 1 type I audits, and reviewed SOC 1 type II and SSAE18 reports in compliance with management directives and leading practices.Conducted Cybersecurity audit testing for corrective, detective, preventive, and compensating controls, ensuring design adequacy and operating effectiveness.Participated in various walkthroughs and tests of controls, meticulously documenting outcomes of work performed.Developed test programs, test plans, and test procedures, presenting audit results with value-adding recommendations. Show less

• 

  Sun Trust Banks Inc

  Apr 2017 - Aug 2018

  Information Technology Auditor

  Developed and oversaw Information Security program; assessed security posture and led third party risk management and remediation activities. Monitored compliance with security policies; validated documentation and enforced least privilege environment. Facilitated seamless integration of the security program across departments; engaged with business process owners and third parties; communicated security posture to stakeholders. Enhanced security awareness program; guided selection of new technologies; coordinated disaster recovery and incident response planning.•Identified and documented security gaps, implementing remediation steps and initiating continuous monitoring protocols.•Conducted comprehensive Risk Assessment and Business Impact Analysis, identifying and remediating risks through mock audits across multiple departments.•Enhanced effectiveness of vulnerability management program, identifying and communicating security weaknesses from assessment reports and developing proactive mitigation strategies.•Oversaw information security risk exceptions and other incidents, ensuring stability and integrity of organization's information systems. Show less

• 

  Mvnet Technology

  Oct 2018 - now

  Sr. Analyst (Cybersecurity) Technology Auditor

  Implement and administer information security systems, including Security Information Event Management (SIEM) systems, data & access management systems, conduct vulnerability assessments, and maintain robust security procedures; align with best practices and cybersecurity frameworks such as NIST, CIS, and ASD Essential Eight. Collaborate with Information Security Analysts across industries on security trends, product evaluations, and emerging threats; actively participate in CSIRT, coordinating annual incident response testing and documenting results. Conduct regular security control tests and maintain enterprise-wide vulnerability scanning regimen; investigate and mitigate security incidents in line with established policies. Provide information security risk expertise for system risk assessments, recommend strategic changes to Information Security Program (ISP) based on needs and best practices. Serve as security consultant to IT and business units, offering guidance on securing cloud services, infrastructure, and new system evaluations; prioritize continual learning and delivers ongoing security training for all employees.•Spearheaded security awareness programs, boosting company-wide knowledge of best practices and adherence to security policies.•Streamlined incident response process, enhancing company's ability to manage security incidents.•Leveraged Tenable Nessus for vulnerability management, improving overall security posture of company by identifying and remediating vulnerabilities in timely manner.•Executed robust Plan of Action & Milestones (POA&M), addressing security findings, and devising comprehensive remediation plans.•Led security assessments and audits, identifying, and recommending measures to rectify IT infrastructure vulnerabilities. Show less