Profiles search
Ken H. Jiang
Cybersecurity & IT Auditor at Southern California Edison
Walnut Creek, CA, United States
Details
Education:
Master of Business Administration (MBA)
Management Information Systems, General
California State University-San Bernardino
2000 : 2002
Continuing Education
Information Systems Auditing
California State Polytechnic University-Pomona
2004 : 2004
B.S.
Finance & Banking
Xiamen University
1995 : 1999
Management Information Systems, General
California State University-San Bernardino
2000 : 2002
Continuing Education
Information Systems Auditing
California State Polytechnic University-Pomona
2004 : 2004
B.S.
Finance & Banking
Xiamen University
1995 : 1999
Experience:
Planning, budgeting, and executing IT compliance audits including SAP security, legacy systems security, application development & maintenance, and IT infrastructure operations controls
Designing and implementing IT general controls (ITGC) from access management, change management, system management, and digital automation perspectives to safeguard company’s production controls environment
Evaluating compliance controls design and control operating effectiveness by sampling and testing system-generated financial data and operational activities
Interacting directly with senior management to assess key strategic projects and evaluate compliance risks
Communicating audit deficiencies to senior management, assisting control owners in remediation plans, compensating/mitigating controls, and tracking findings to closure
Facilitating operational and IT audit data requests from external auditor and internal audit department
Interpreting technical procedures and performing technical assessments of large IT projects to validate compliance and evaluate compliance impact to the current control’s environment
Assessing design of the robotic automation process, and performing compliance impact assessment on various automations (UiPath, Ignio, NIA) before moving into production
Analyzing and monitoring Segregation of Duties (SoD) conflicts to mitigate risks within business processes
Managing timely delivery of Service Organization Controls (SOC) reports for 7 SaaS cloud solutions. Reviewing SOC reports and Complementary User Entity Controls (CUECs) to ensure adequate controls are in place
Creating executive level dashboard and CIO metrics to support senior management's better decision making, using advanced Excel skills (pivot table, formula, and more) and PowerBI
Writing professional and actionable audit reports/memos, allowing senior management to take appropriate action in addressing issues and implementing recommendations
2020 : Present
Southern California Edison (SCE)
Cybersecurity & IT Compliance Advisor
Identified regulatory non-compliance and operational risks utilizing Computer Assisted Auditing Techniques (CAATs), and communicating with clients for remediation and compensating controls
Utilized SAP Governance, Risk, and Compliance (GRC) tool to manage and document compliance test work
Performed Cybersecurity risk assessment on vendor evaluation, cloud computing services, data protection, and website vulnerabilities
Led IT Compliance effort in support of the Customer Service Re-Platform (CSRP) multi-year project, and provided directions and coaching to junior staff members for their career success
Performed risk assessment and compliance reviews for NERC CIP critical systems, including technical reviews (port scans, vulnerability scans, routing protocols, and more) and process consultation
Conducted risk assessment and control testing consultation for critical NERC CIP programs, including AMR, CCM, SSM, SAW, and VAP
Conducted Quality Assurance (QA) review of numerous large IT projects to assess security policy compliance
2010 : 2020
Southern California Edison
Cybersecurity & IT Compliance Sr. Specialist
Led multiple SOX Audit and Financial Statement Audit engagements simultaneously as Senior-in-Charge
Performed IT Control testing including Network Security, Access Control, Intrusion Detection, Program Changes, Program Development/SDLC, and Computer Operations
Performed Application Control testing over business processes, system configurations, account mappings, system access, interface controls, and key accounting reports
Worked closely with engagement managers and partners on audit scoping, planning, budgeting, and status reporting on a regular basis
Chaired engagement status meetings and deficiency discussions with financial audit team and clients
Provided guidance to staff based on KPMG Audit Manual, COBIT, COSO, CMMI, and other leading practices
Developed detailed audit program and conducted pervasive testing over the design and effectiveness of internal controls from financial, operational, and IT perspectives
Accessed overall controls of SDLC process, including feasibility study, software acquisition, request for proposal, design, development, testing, data conversion, and implementation stages
2006 : 2009
KPMG LLP
Sr. Associate
SOX Audit
2006 : 2008
American Honda Motor Company, Inc.
External IT Auditor
SOX Advisory
2007 : 2007
DreamWorks Animation
Consultant
Designing and implementing IT general controls (ITGC) from access management, change management, system management, and digital automation perspectives to safeguard company’s production controls environment
Evaluating compliance controls design and control operating effectiveness by sampling and testing system-generated financial data and operational activities
Interacting directly with senior management to assess key strategic projects and evaluate compliance risks
Communicating audit deficiencies to senior management, assisting control owners in remediation plans, compensating/mitigating controls, and tracking findings to closure
Facilitating operational and IT audit data requests from external auditor and internal audit department
Interpreting technical procedures and performing technical assessments of large IT projects to validate compliance and evaluate compliance impact to the current control’s environment
Assessing design of the robotic automation process, and performing compliance impact assessment on various automations (UiPath, Ignio, NIA) before moving into production
Analyzing and monitoring Segregation of Duties (SoD) conflicts to mitigate risks within business processes
Managing timely delivery of Service Organization Controls (SOC) reports for 7 SaaS cloud solutions. Reviewing SOC reports and Complementary User Entity Controls (CUECs) to ensure adequate controls are in place
Creating executive level dashboard and CIO metrics to support senior management's better decision making, using advanced Excel skills (pivot table, formula, and more) and PowerBI
Writing professional and actionable audit reports/memos, allowing senior management to take appropriate action in addressing issues and implementing recommendations
2020 : Present
Southern California Edison (SCE)
Cybersecurity & IT Compliance Advisor
Identified regulatory non-compliance and operational risks utilizing Computer Assisted Auditing Techniques (CAATs), and communicating with clients for remediation and compensating controls
Utilized SAP Governance, Risk, and Compliance (GRC) tool to manage and document compliance test work
Performed Cybersecurity risk assessment on vendor evaluation, cloud computing services, data protection, and website vulnerabilities
Led IT Compliance effort in support of the Customer Service Re-Platform (CSRP) multi-year project, and provided directions and coaching to junior staff members for their career success
Performed risk assessment and compliance reviews for NERC CIP critical systems, including technical reviews (port scans, vulnerability scans, routing protocols, and more) and process consultation
Conducted risk assessment and control testing consultation for critical NERC CIP programs, including AMR, CCM, SSM, SAW, and VAP
Conducted Quality Assurance (QA) review of numerous large IT projects to assess security policy compliance
2010 : 2020
Southern California Edison
Cybersecurity & IT Compliance Sr. Specialist
Led multiple SOX Audit and Financial Statement Audit engagements simultaneously as Senior-in-Charge
Performed IT Control testing including Network Security, Access Control, Intrusion Detection, Program Changes, Program Development/SDLC, and Computer Operations
Performed Application Control testing over business processes, system configurations, account mappings, system access, interface controls, and key accounting reports
Worked closely with engagement managers and partners on audit scoping, planning, budgeting, and status reporting on a regular basis
Chaired engagement status meetings and deficiency discussions with financial audit team and clients
Provided guidance to staff based on KPMG Audit Manual, COBIT, COSO, CMMI, and other leading practices
Developed detailed audit program and conducted pervasive testing over the design and effectiveness of internal controls from financial, operational, and IT perspectives
Accessed overall controls of SDLC process, including feasibility study, software acquisition, request for proposal, design, development, testing, data conversion, and implementation stages
2006 : 2009
KPMG LLP
Sr. Associate
SOX Audit
2006 : 2008
American Honda Motor Company, Inc.
External IT Auditor
SOX Advisory
2007 : 2007
DreamWorks Animation
Consultant
Company:
Southern California Edison (SCE)
Years of Experience:
17
Spoken Language:
Mandarin
Skills
Auditing, Business Continuity, Business Process, Business Process Improvement, CISA, CISM, CISSP, COBIT, Compliance, Computer Security, Consulting, COSO, Cyber-security, Disaster Recovery, Enterprise Risk Management, Excel Advanced, Financial Risk, Governance, GRC, Information Security, Information Security Management, Information Technology, Internal Audit, Internal Controls, ISO 27001, IT Audit, IT Risk Management, IT Strategy, Leadership, Microsoft Excel, PCI DSS, Penetration Testing, Risk Assessment, Risk Management, SAP, SAP Implementation, SAP Security, Sarbanes-Oxley, Sarbanes-Oxley Act, SAS70, SDLC, Security, Security Audits, Segregation of Duties, SOX, SOX 404, SSAE 16, Visio, Vulnerability Assessment, Vulnerability Management
Profile Photo
