Jesus David Celaya
IT SOX Audit Associate
Monterrey, Nuevo Leon, Mexico
12+ Years Exp
Summary
Jesus is a highly experienced IT SOX Audit Associate with 12 years of expertise in IT control management. Jesus excels in evaluating and analyzing Third-Party Risk Management for IT Vendors and Suppliers and oversees the review and management of official documentation from IT Vendors, ensuring compliance with CCM, SIG, SOC 2 Type II Reports, IT Security Policies, NIST compliance, PCI, and compliance attestations. He effectively presents risk findings to upper management, delivering comprehensive reports and risk mitigation and improvement recommendations. Jesus successfully manages projects related to Risk, Audit, Compliance, and Governance for multiple clients, ensuring successful project delivery and client satisfaction. He leads Internal Audit projects, Compliance initiatives, and ISO Internal Audits, ensuring compliance with established requirements and providing recommendations for improvement. Jesus demonstrates expertise in creating and managing official company policies and documentation, ensuring alignment with regulatory standards and industry best practices.
Technical Skills
Detailed View
Security Controls
ISO 27001 Standard
Information Technology
Computer Audit
Information Security
Microsoft Excel
Other Skills
English
Spanish
Work Experience
IT Auditor Senior
EY GDS
Full Time | 01/05/2021 - 01/05/2023
Mexico, MX
- Led the implementation of security controls and projects to ensure compliance with information security requirements from internal and external parties.
- Managed and responded to third-party assessments and audits, providing necessary evidence and addressing any identified gaps or issues.
- Successfully executed internal projects focused on information security, risk management, process improvement, and learning and development.
- Served as the lead implementor for audit and compliance projects, conducting gap analyses and implementing necessary measures to achieve compliance.
- Created, managed, and reviewed official company policies and documentation, ensuring alignment with regulatory standards and industry best practices in information security.
IT Compliance Analyst
People Thrust
Full Time | 01/05/2020 - 01/05/2021
Mexico
- Managed the evaluation and analysis of Third-Party Risk Management for IT Vendors and Suppliers, conducting assessments to review the maturity level of their security controls.
- Oversaw the review and management of official documentation from IT Vendors, including certifications, CCM, SIG, SOC 2 Type II Reports, IT Security Policies, NIST compliance, PCI, and attestations of compliance.
- Served as the Manager of a custom Company Learning Platform focused on IT White Hat Ethical Hacking and development, overseeing its implementation and effectiveness in providing relevant training to employees.
- Presented risk findings from the Vendor Assessment Process to upper management, delivering comprehensive reports and recommendations for risk mitigation and improvement.
Senior Security Consultant Internal Auditor
Atos
Full Time | 01/02/2017 - 01/05/2020
Mexico
- Managed projects related to Risk, Audit, Compliance, and Governance for multiple clients across the US, ensuring successful project delivery and client satisfaction.
- Led Internal Audit projects and Compliance initiatives related to client managed services, conducting thorough assessments and providing recommendations for improvement.
- Served as the lead responsible for ISO Internal Audits in North America, overseeing the recertifications for ISO 27001 and 14001 standards, and ensuring compliance with established requirements.
- Managed non-conformity projects for ISO, PCI, and Internal Audits at a corporate level and for client services, effectively resolving issues and implementing corrective actions.
- Acted as the Project Manager for Risk Analysis and Risk Management projects, developing comprehensive action plans and working closely with stakeholders to mitigate risks and enhance overall risk management practices.
- Created and managed official company policies and documentation, ensuring alignment with regulatory standards and industry best practices.
Information Security Analyst
Marcatel
Full Time | 01/09/2015 - 01/02/2017
Mexico
- Led the implementation of security controls for the ISO 27001 information security standard, ensuring compliance with industry best practices and regulatory requirements.
- Implemented information security controls and initiatives to enhance the overall security posture of the organization and protect sensitive data.
- Served as an Internal IT Auditor, overseeing certification and recertification efforts for compliance with relevant standards and regulations.
- Successfully managed projects for the implementation of Risk Analysis and Risk Management initiatives, identifying potential risks and developing strategies to mitigate them.
- Created and managed official company policies and documentation, ensuring alignment with industry standards and best practices in information security.
Lead ISO Auditor
ProtektNet
Full Time | 01/12/2011 - 01/09/2015
Mexico
- Served as an Auditor and Consultant for the ISO 27001 standard, ensuring compliance with information security controls and requirements.
- Implemented security controls to align with the ISO standard and ensured compliance with the LFPDPPP law for data protection.
- Conducted Risk Management and GAP Analysis for clients, identifying potential risks and gaps in their information security practices.
- Created and managed official company policies and documentation, ensuring they met regulatory requirements and industry best practices.
Education
Industrial Engineering and Production Systems, Bachelor's degree
University of the Valley of Mexico
Master of Business Administration
University of the Valley of Mexico
Major in Financial Engineering
Certifications
ISO 27001 Lead Auditor
EY | Issued On : {getDate(e?.issued_date)}
