Stephen Bernardo

Operations Associate

New York, New York, United States10 yrs 7 mos experience

Highly StableAI Enabled

Key Highlights

Over 8 years in IT auditing and risk management.
Passionate about emerging technologies like blockchain and AI.
Completed Forward Program by McKinsey to enhance future skills.

Stackforce AI infers this person is a technology risk professional with expertise in IT audit and compliance across various industries.

Contact

Skills

Core Skills

It Risk ManagementIt Audit

Other Skills

ISO 27001Security RiskAudit BoardClient RelationsAI GovernanceInterfacesSAP AuditITGCIT RiskCISAInformation System AuditJupyterStatisticsIdentity and Access Management (IAM)Security Principles

About

Not your typical check-in-the-box risk professional. I am an intellectually curious and highly motivated technology risk professional with over 8 years of combined experience in IT auditing and technology risk management, emphasising standards such as SOX, ISO 27001, and SOC within public accounting and industry. My professional journey allowed me to work in a multinational environment and hone my cross-functional communication skills, which are key for successfully delivering IT audit and risk projects. I am passionate about driving positive change through IT auditing and learning more about emerging technologies such as blockchain and AI. I am pursuing IT or Technology Audit, Technology Risk Consulting, and Risk Compliance opportunities. Recognizing the rise of emerging technologies and the need to upgrade my skills, I intend to take additional certifications, such as the CISSP (ISC2), CRISC (ISACA), CCSK (CSA), and CET (ISACA), in the near future. I also intend to take the US CPA (NY state) exam and PMP certification by 2025. Outside of my profession, I am enthusiastic about discussing topics such as sustainability, AI, big data, and active networking. I recently completed the Forward Program by McKinsey and Company to sharpen my skills for the future of work. Note: My views are my own and do not represent any employer (past or present) or organizations I may be affiliated with.

Experience

10 yrs 7 mos

Total Experience

3 yrs 6 mos

Average Tenure

8 mos

Current Experience

Amazon

Risk Manager

Sep 2025 – Present · 8 mos · United States · On-site

I will be responsible for supporting access controls risk management and security compliance programs. Scope includes data privacy and security controls as well as fraud and abuse.

ISO 27001Security RiskIT Risk Management

Grant thornton llp (us)

IT Assurance Senior Associate

Oct 2022 – Present · 3 yrs 7 mos · New York City Metropolitan Area · Hybrid

I was responsible for leading and delivering a comprehensive range of IT audit services, testing and assessing information system controls based on AICPA and PCAOB standards. Scope includes IT General Controls (application, operating systems, and database), SoD, IT application controls (ITACs), IPE, SOC evaluation, new systems implementation, and cybersecurity inquiries. Applications covered include ERPs (such as Oracle, NetSuite, and Microsoft), home-grown systems, and hosted applications. Industry exposure includes life sciences, financial services, higher education, non-profits, manufacturing, technology, start-ups, private holdings, and consumer electronics. I also gained exposure to GRC platforms such as Audit Board and Workiva.

Audit BoardClient RelationsIT Audit

Shell

3 roles

IT Risk Advisor

Promoted

Nov 2021 – Sep 2022 · 10 mos

Promotion from my previous role. Was responsible for evaluating design and operating effectiveness of current IT SOX environment (ITGC, ITAC, IPE) to ensure that financial statement risks per PCAOB standards are adequately addressed. Tasks include coordinating scope, leading walkthroughs, risk and control identification, evaluating ITGC design and operating effectiveness, and control testing.
During my time in this role, I gained exposure to various technologies used by the company, including SAP (S4 HANA/ECC), SaaS applications (Salesforce), Data Analytics (Alteryx), and mainframe applications. I also had the opportunity to gain first-hand experience in evaluating machine learning (part of the AI umbrella) from the systems involved to the algorithm itself.

AI GovernanceClient RelationsIT Risk Management

IT Risk Analyst

May 2019 – Nov 2021 · 2 yrs 6 mos

Client RelationsInterfaces

IRM Compliance Specialist (IT Auditor)

May 2017 – Apr 2019 · 1 yr 11 mos

I was responsible for coordinating and executing the design and operating effectiveness testing of IT General Controls (ITGC) at all layers. Tasks included walkthroughs, testing controls, evaluating deficiencies, and verifying remediations. In-scope systems include SAP, legacy applications, and hosted platforms.

SAP AuditClient RelationsIT Audit

Kpmg

2 roles

Associate - Advisory (Risk Consulting)

Aug 2015 – May 2017 · 1 yr 9 mos

I was responsible for executing risk advisory engagements such as internal audits, SOX, fraud and misconduct investigations. Procedures included walkthrough discussions, narrative and flowchart documentation, design and operating effectiveness testing, and consolidation of findings. I gained exposure to various Industries, including financial services, manufacturing, pharmaceuticals, and privately owned companies. I also gained exposure in IT audit testing, including ITGCs, ITAC, and IPE.

SAP AuditClient RelationsIT Audit