Xin Wen

Proven talent for auditing technology solutions, aligning information technology with organizational strategy to achieve maximum operational efficiency with minimum security and compliance risks. With multinational and multi-industry experience, drive deficiency remediation, continuous improvement and benchmark industrial best practices. Exceptionally dedicated professional with keen interpersonal and communication skills for the diverse modern workplace.

Professional and Industry Experience

Experian PLC, Dallas, US, May 24th 2021 – Present

IT Audit Manager, Full-Time

• Determined business and IT audit scopes relevant to the business need by coordinating with company stakeholders. 
• Managed teams of internal auditors in ensuring audit quality and timeline.
• Led internal audit projects end to end from scoping, budgeting, scheduling, reporting status, executing testing, issue discussion to final reporting by utilizing tools like Microsoft Project, Jira, Confluence, SharePoint and Teams.
• Identified gaps in company policies and provided recommendations against government and industry standard. 
• Responsible to plan internal audit projects against current government regulations, industry standards and company policies.
• Spearhead IT audit work by using Agile practices to set expectations and manage the audit scope.
• Assessed the compliance of Technology Lifecycle Management enterprise wide by utilizing Technology Infrastructure Library (ITIL) framework. 
• Managed expectations with peers, senior managements, and stakeholders by communicating achievable goals, providing regular project status, issue status and remediation strategies and timelines. 
• Achieved or overachieved target scope and timeline by proposing effective alternative solutions (e.g data analytics tools, changing methodologies, align need with the risk, balance efficiency and security etc.) when encountering roadblock and bottleneck.
• In-dept experience in the following areas: access management, System Development Life-Cycle (SDLC), Technology Lifecycle Management Plan (TLMP), Enterprise Architecture (EA) governance, incident management, software licensing management, web server security, email security, disaster recovery, laptop/desktop security, penetration testing.

KPMG LLP, Singapore and Houston, US,  Jan 5th 2015 – Jan 8th 2021

Senior IT Auditor, Full-Time

• Progressive experience acting as the assistant manager on workstreams which includes Information Technology (IT) control scoping, budgeting, scheduling, managing/reporting status, executing testing, issue discussion and reporting.
• Led Sarbanes-Oxley Act (SOX) Internal Audit (IA) and External Audit (EA) system walkthroughs on General IT Controls (GITC), IT Application Controls (ITAC) to identify ongoing compliance issues, process weaknesses, and inefficiencies and coordinate with business owners to analyze impact and establish remediation plans for company’s Internal Controls over Financial Reporting (ICFR). 
• Global experience over United States, Singapore, Malaysia, Brunei across multiple industries like IT, finance, telecommunication, healthcare, oil and gas, transportation, manufacturing and government sectors. 
• Collaborated with a team of 300+ auditors and conducted Service Organization Control SOC 1 (SSAE 16, SSAE 18, ISAE 3402, SSAE 3000, GS007) compliance testing over the critical systems - Multifond, Corona, TLM, GSM, Recontrade, pControl, GTAS, PAXUS, Mig21.
• Conducted SOC 2 attestation based on the Trust Services Criteria (TSC) for Security, Availability, Processing Integrity, Confidentiality, and Privacy established by The American Institute of Certified Public Accountants (AICPA) on workflow technology services systems which includes - Triton (Multi-Asset and Broker-neutral execution management system (EMS)) and ITG Net (financial service communication network).
• Assessed cybersecurity environment in order to determine the appropriateness of company’s procedures designed to provide sufficient cybersecurity coverage in accordance to the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool. 
• Provided Real-Time Assessments over eGift (fund and telecommunication) and FISAML (compliance) systems in order to assess and validate management’s remediation of Matters Requiring Attention (MRA) identified by the Office of the Comtroller of the Currency (OCC) Report of Examination (ROE).
• Carried out Technology Risk Management (TRM Regulatory Attestation) assessment for multiple companies. 
• Supervised and coached both on and offshore advisors, new hires, and interns to ensure quality of deliverables
• Communicated effectively with teams and clients on data transfer protocol, testing status, escalation points, action items, issues, remediations and project scope changes.

Education:                                                                                                                 

1. Bachelor of Computing, School of Computing, Information System, 2011 –2015,   National University of Singapore (NUS)