ALEX TSATURYAN (Available for travel & projects across US)

(I am a US Citizen)
(a_tsaturyan@yahoo.com) / 917-751-5377

Solutions-oriented Audit / Risk / Security Professional with expertise in IT, Security Architecture, SOX,
PCI compliance, IT Risk – Metrics-Reporting, Operating Models, data analytics as well
as extensive experience in system/network security, analysis and integration.

TECHNICAL PROFICIENCIES

Hardware: Windows Server/Client, UNIX - AIX/HP/ Solaris, LINUX, IBM System OS/390, Z/OS
Software: SQL, Core Security (Impact Pro), Remedy, CIS benchmarks, Client / Web
Server, UNIX Scripts, Share Point, PWC Team Mate, Microsoft Office Suite, Microsoft Project, ACL,
Visio, Lotus Notes, RACF, ACF2, Top Secret, IBM WebSphere, JCL, TSO, COBOL, MVS, CICS, SDLC

EXPERIENCE HIGHLIGHTS:
Confidential Sr. Technology Risk Audit/Analyst (04/2015 -)
• SSAE16 reviews. - policies, procedures, and standards
• Validation of asset and control risk remediation actions for completeness and sustainability
• SOX Action Plans – tests, remediation, follow-up and coordination
• Application/Control owners – coordination and
• Key Risk Indicators (KRI) – analysis, evaluation and action plans

Price Water House Coopers LLP, Sr. Auditor - Assurance Senior/Lead Associate. New York City, NY (10/2014 – 02/2015)
• Lead PCAOB Remediation - Inspection Comments corrective actions implementation
• Risk Assessment Program Operating Model (RAPOM) - Evaluation and Streamlining
• Verification of customer nominated target suitability, accuracy, and completion
• Vendor Management Audit and Service Provider Oversight
• Firm’s Remedial Actions – evaluations and assessments
• Engagements with Core teams – Broker-Dealer and valuation applications reviews
• Cybersecurity Practice & NIST 800 – reconciliation of CERT and NIST practice advisories with established clients’ practices

Cloud Computing Services, NJ - Risk, Advisor Lead (05/2014- 09/2014)

• Assets under management transition
• IT Risk - Metrics and Reporting: IT effectiveness, key measurements reporting – visibility integration assurance
• Liaise with Client counterparts for compliance reporting & continually enhancing the risk & compliance framework
• SOX and PCI projects realignment under new management Identifying internal IT controls, assessing their design and operational
effectiveness

CIFC Asset Management, NYC Financial Services 10/2013 – 03/2014

• Overall Risk and SOX strategy implementation.
• Alignment of business and IT controls.
• Identifying internal IT controls, assessing their design and operational effectiveness, determining risk exposures and developing
remediation plans.
• Review of application and database security standardization and utilization practices.
• Audit of corporate physical and environmental controls.
• Third party penetration/vulnerability testing assessment and execution.
• SSAE16 (SAS70) preparation.

GRANT THORNTON, NJ Audit, Tax and Advisory - (02/2013 – 10/2013)

• HIPAA related – transaction standards review, privacy and security requirements, overall risk analysis under Security Rule
• Advisory projects – audit, security, IT review effectiveness. QAR – ISO2700x / COBIT frameworks.
• PCI Related: Guidelines adherence, ROC report preparation, scheduling standards compliance.
• Execute Oracle Hyperion, various application audits.
• Conduct compliance reviews.

Citizen Bank, AVP Audit Corporate Governance, Advisory (2013 – 2013)

• Close cooperation with business lines for IT compliance for overview of business lines preparation for Dodd-Frank - statute
requirements.
• Disaster recovery, resiliency audit, business due diligence engagement – data requirements handling by various group Organization-
wide operations risk matrices mapping through SOX, IT and business groups – tracking/remediation purposes.
• KRI-KPI requirements gathering – as necessary for meeting reporting targets.
• Overview of risk /business management compliance remediation efforts
KPMG LLP, MA Infrastructure Risk / Audit / Security, Advisory Consultant (11/2012 – 01/2013)
• SSAE16 – reports.
• Performed extensive testing and preparation of externally issued reports with details on controls and service provisioning contracts.
• SOX certification preparation.
• Performed multi-site audit/security testing for various external clients, application security assessments, and review of internal
controls effectiveness and operational/ risk management.
• Conducted audit findings remediation testing to evaluate effectiveness and validity of processes.

STATE STREET BANK & TRUST, MA SOX (ITRCA) Infrastructure Audit / Risk Consultant (11/2011 - 08/2012)
• Methodologies: ISO 17799 / 27001, COBIT, NIST SP 800
• Planned and supervised various audit and special engagements with an emphasis on infrastructure, SSAE16 reporting and risk.
• Supervised a group of staff auditors on several engagements.
• Strategic audit planning and execution across business lines, a key player in both maintaining and developing new audit programs.
• Executed special projects, gap analysis for the assets at risk processes.
• Performed review of internal controls effectiveness and operational/ risk management.
• Conducted investigations of allegations related to fraudulent activities.
• Obtained extensive exposure to traditional engagements, including various operational and compliance assignments.
• Prepared and monitored audit programs, assisted management in design and monitoring of SOX compliance programs.
• Conducted SOX ITGC walkthroughs, testing, report preparation and special audit engagements.
• Performed mapping/alignment of SOX (ITGC) with SSAE16 (SAS 70) external audit programs, leading to enhanced program
effectiveness in SOX compliance plan.
• Conducted testing for various flavors of UNIX, Windows, IBM z/OS, Oracle, DB2 and AS/400 platforms.

GRANT THORNTON, NJ Audit, Tax and Advisory IT Infrastructure / Audit / Risk Consultant (08/2009 - 11/2011)
• Conducted comprehensive IT infrastructure, system, network, databases and application control reviews in support of audit and risk
assessment initiatives.
• Worked closely with client risk and support groups in performing penetration, intrusion and vulnerability assessments.
• Designed, implemented, documented and conducted Sarbanes Oxley / Section 404-related control testing.
• Liaised with operational and financial groups to perform integrated audits, including divestiture/restructuring projects.
• Developed and implemented continuous (data analyzing) audits providing management with independent anomalies/comparative
status analysis.
• Mitigation control initiatives - follow-up projects. Streamlined audit preparation and execution aligning complex multi-group
requirements into straight-forward framework.
• Developed GRC project requirements.

AMERICAN INTERNATIONAL GROUP, NY Insurance and Financial Services IT Auditor (01/2007 – 07/2009)
• Audited multi-platform IT infrastructure with input throughout entire lifecycle.
• Prepared audit risk matrices, in addition to handling change management, disaster recovery, IT security and asset management.
• Developed and administered risk assessments and reviews for audits, IT projects and applications utilizing COBIT, CI Security, in-
house and external risk matrices.
• Produced and tested SOX-related controls, and coordinated federal agency reviews with external auditing groups.
• Established QAR (Quality Assurance Review) program implementation; achieved uniform adherence to standards, and streamlined
audit activities resulting in reduced redundancy and wider audit coverage.
• Developed and conducted (ASA - CAAT) Audit Survey Analysis; enabled customized and streamlined audits, resulting in wider
coverage and shorter/targeted execution.

INTERNATIONAL BUSINESS MACHINES, NY Programmer, System Administrator (1999 – 2007)

• Handled all aspects of system integration, Web Sphere administration and product security. Led group for IBM internal and external
clients support activities.
• IBM system integration team in providing multi-platform support for Web-Sphere products
• HIPAA Implementation compliance – certification of records for some clients. Performed configuration design, planning, installation,
customization, upgrade and ongoing maintenance.
• Administered user accounts and system access.
• Supported, coordinated and reviewed change management and user acceptance testing. Performed security control validation,
review of ACL (access control list).
• Change Management, UAT (User Acceptance Testing) - support/coordination/review.
• Gained extensive experience working in a complex, multi-platform development and processing environment.
EDUCATION AND CREDENTIALS:
Bachelor of Science – Information Technology. University of Maryland University College
CISA – Certified Information Systems Auditor
IBM WebSphere Middleware - Certified Professional
Certified Project Manager, Advanced IT Audit - New York University
LANGUAGES: English, Russian