Freelancer profile translated to English.
Back to original languageAbout Sara
4 years of experience in IT audit and cybersecurity consulting (EY, Société Générale, Deloitte). Specializing in GRC, ISO 27001, SOC2, ISAE3402, IT internal control. Engaged with banking, insurance, and industrial sectors.
- IT Audit
- SOC Report Review - ISAE 3402/SSAE 16 SOC 1 Type I & Type II and SOC 2 Type I
- IT General Controls Review - SOX Act based audit
- IT Internal Audit / Compliance Audit
- CIO Consulting
- System and Organization Controls (AICPA Framework) (SOC 1 & SOC 2) and ISO42001 ISO27001 standards.
Review of IT general controls including assessment of application and data access, application change/development, and IT operations of the systems concerned, in support of key controls at the assertion level. IT application controls.
French
Native or bilingual
Arabic
Native or bilingual
English
Fluent
Remote only
Primarily works remotely
Experience
- DeloitteSenior IT AuditorSeptember 2025 - Today (9 months)– Delivered cybersecurity governance advisory and IT control assessments for clients across banking and insurance sectors. – Assessed client security frameworks and produced actionable remediation roadmaps adopted by client teams.
- Ernst & YoungSenior IT AuditorOctober 2022 - September 2025 (2 years and 11 months)– Delivered cybersecurity governance advisory and IT control assessments for clients across banking, insurance and manufacturing sectors. – Assessed client security frameworks (access management, change management, IT operations) and produced actionable remediation roadmaps adopted by client teams. – Performed compliance gap analyses against ISO 27001, SOC2 and ISAE3402, translating regulatory requirements into prioritized client recommendations. – Identified systemic security risks across enterprise applications through SQL-based data analysis, enabling evidence-based advisory. – Led client-facing engagements across France, UK and Switzerland, coordinating with technical and business stakeholders to align governance practices. – Produced structured audit reports covering risk exposure, control weaknesses and remediation roadmaps for C-level and operational audiences.
- Ernst &YoungSenior IT AuditorCONSULTING AND AUDITSOctober 2022 - August 2025 (2 years and 10 months)Saint-Ouen, FranceAs an IT consultant and auditor, I worked on IT audit assignments in various sectors such as: energy production and distribution, banking, insurance, automotive manufacturing, and asset management. My responsibilities and achievements were as follows: With my clients, I was able to: Analyze databases using SQL for data analysis. Identify IT risks related to organization, architecture, and security. Review IT process controls: change management, logical access, operations management. Review IT projects and propose recommendations. Perform ISAE 3402 certifications and PCAOB audits for subsidiaries at client sites (Switzerland, UK, etc.). Perform audits on the quality of data extracted directly from the information system (filter, query, and completeness); Write and formulate IT audit recommendation reports concerning internal IT control. Internally, I focused on improving productivity by: Implementing and presenting Helix General Ledger Analyzer Data Utility 2024. Developing a Python script for client data analysis to optimize audit controls. Achievements: First junior to train the EY audit department team on an internal data analysis tool: Helix General Ledger Analyzer Data Utility 2024. First junior to independently lead 3 statutory audit assignments. First junior to upskill senior auditors from other EY entities on EY France audit methodologies. First junior to develop scripts to optimize audit control tasks.
Recommendations
Be the first to recommend Sara
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- MS Auditing, Management Accounting & Information Systeme, (MS Audit, Management Control, and Information Systems), specializationSKEMA Business School2022MS Auditing, Management Accounting & Information Système, (MS Audit, Contrôle de gestion, et systèmes d'information), spécialisation
- Specialized Master 1Université de Toulon,Toulon2021Master 1 Spécialisé
Certifications
- CISAISACA2026
- ISO27001PCEB2026