Ivan Ramirez Vega
IT Audit Manager
Apodaca
Summary
With over a decade of experience in IT auditing and cybersecurity, currently serving as IT Audit Manager at ArcelorMittal México. Leveraging certifications such as CISSP and CISA, contributes to fortifying internal controls and enhancing cybersecurity frameworks. Previous roles at O-I include Audit Leader – Cybersecurity, where expertise in risk management and business analysis progressed organizational resilience. Committed to fostering secure, efficient systems while collaborating with teams to align IT strategies with enterprise goals. Values a proactive approach to risk identification and mitigation, ensuring robust compliance and operational integrity.
Overview
16
16
years of professional experience
3
3
Certifications
2
2
Languages
Work History
IT Audit Manager
ArcelorMittal Mexico
04.2024 - Current
- Lead and execute IT and cybersecurity audits covering areas such as IT infrastructure, cybersecurity controls, data management, and business continuity, aligned with NIST CSF and corporate policies.
- Develop and maintain Risk & Control Matrices (RCMs), testing procedures, and audit programs for IT systems, including XDR solutions, Active Directory, M365, SAP, SCCM, and OT environments.
- Perform risk assessments of IT and operational processes, identifying control gaps and recommending remediation plans in areas such as patch management, access management, vendor risk, and incident response.
- Conduct walkthroughs, interviews, and data analytics (Alteryx, Excel, Power Automate, SAP queries) to evaluate design and operating effectiveness of IT general controls and application controls.
- Monitor and follow up on open observations, ensuring timely remediation and alignment with management expectations.
Audit Leader - Cybersecurity
Owens Illinois
10.2016 - 04.2024
- Lead, plan, and execute the IT Internal Audit plan, including SOX compliance and cybersecurity reviews, to identify risks and ensure alignment with industry standards and regulations.
- Perform application controls testing across key Information Systems to assess design and operating effectiveness.
- Develop and apply data analytics to enhance audit coverage and insights for processes such as Travel & Expenses (T&E), Master Data Management (MDM), Procurement, and others.
- Automated SAP ITGC controls testing by developing scripts with the Visual Basic connector for SAP, reducing manual effort, increasing testing coverage, and improving accuracy of audit results.
Information Technologies Auditor
ArcaContinental
11.2014 - 09.2015
- Develop and execute the Information Systems (IS) Internal Audit plan, ensuring comprehensive coverage of IT risks and controls.
- Extract, map, and align control objectives and activities across multiple audit frameworks, including SOX (Sarbanes-Oxley), COBIT, and ISO/IEC 27001:2013.
- Perform application controls testing to evaluate the design and operating effectiveness of key Information Systems.
Senior Software Engineer
Infosys Technologies
11.2013 - 11.2014
- Administered and maintained WebSphere Application Server environments to ensure availability and performance.
- Monitored and supported AIX servers, performing proactive issue detection and resolution.
- Coordinated cross-functional teams to troubleshoot and resolve incidents efficiently.
- Delivered training and onboarding for new team members, improving knowledge transfer and team effectiveness.
Technology Risk Consultant
Deloitte
07.2011 - 11.2013
- Performed IT General Controls (ITGC) audits in support of financial audits, ensuring compliance and reliability of IT-dependent processes.
- Conducted Access and Segregation of Duties (SoD) reviews for enterprise systems including JD Edwards, Oracle, and SAP to identify and mitigate risks of unauthorized or conflicting access.
- Applied data mining and analytics techniques to evaluate Payroll and Finance business cycles, enhancing audit coverage and insights.
- Executed Software Asset Management (SAM) audits to verify license compliance, optimize software usage, and reduce operational risk.
Data Center Senior Analyst
BANREGIO
03.2010 - 02.2011
- Administered and supported Windows and Unix operating systems, ensuring stability and security.
- Installed, hardened, and maintained databases and business-critical applications.
- Managed backup and recovery processes using IBM Tivoli, safeguarding data availability and integrity.
- Monitored and optimized central database performance and critical applications to ensure high availability and efficiency.
Education
Master of Science - Cybersecurity
University of York
York, United Kingdom 05.2001 -
Master - Information Technology Management
Universidad TecMilenio
Monterrey, Nuevo León, Mexico 05.2001 -
BEng - Systems Administration
Facultad De Ingenieria Mecanica Y Electrica
San Nicolas De Los Garza, Nuevo Leon 05.2001 -
Skills
IT Audit Management
Cybersecurity Audits
Risk Assessments
Data Analytics
SOX Compliance
Certification
Certified Information Systems Security Professional (CISSP) – Certification ID: 464861.
Timeline
IT Audit Manager
ArcelorMittal Mexico
04.2024 - Current
Audit Leader - Cybersecurity
Owens Illinois
10.2016 - 04.2024
Information Technologies Auditor
ArcaContinental
11.2014 - 09.2015
Senior Software Engineer
Infosys Technologies
11.2013 - 11.2014
Technology Risk Consultant
Deloitte
07.2011 - 11.2013
Data Center Senior Analyst
BANREGIO
03.2010 - 02.2011
Master of Science - Cybersecurity
University of York
05.2001 -
Master - Information Technology Management
Universidad TecMilenio
05.2001 -
BEng - Systems Administration
Facultad De Ingenieria Mecanica Y Electrica
05.2001 -