Summary
Overview
Work History
Education
Certification
Timeline
Generic

NELVYS PAMELLA PORRAS RIVERO

Summary

Systems Engineer with solid experience in IT audit, project management within business risk consulting, information security, business continuity, technology risk management, and evaluation of IT controls for SOX Act compliance for SEC-listed companies. Recognized for strong leadership in team management, assertive communication, problem-solving, emotional intelligence, and effective time management. Known for being responsible, proactive, organized, committed, with a consistent willingness to collaborate and contribute to team environments.

Overview

15
15
years of professional experience
4
4
Certifications
2
2
Languages

Work History

Senior Auditor

Kompleye LLC
03.2025 - Current
  • Lead end-to-end audit engagements for HITRUST and SOC 1 / SOC 2 Type 2 assessments, including planning, scoping, fieldwork, reporting, and client communication.
  • Coordinate with clients to define audit scope, reporting frameworks, and timelines, ensuring alignment with AICPA and HITRUST CSF standards.
  • Manage evidence collection and testing of controls across security, availability, confidentiality, and privacy domains.
  • Supervise junior auditors and consultants, providing guidance on methodology, control evaluation, and documentation.
  • Present audit findings and recommendations to client stakeholders, including executive leadership and technical teams.
  • Support quality assurance (QA) processes and contribute to the preparation of management representation and assertion letters.
  • Collaborate with cross-functional teams to ensure timely delivery of audit milestones and final reports.

Cybersecurity Project Leader

NTT DATA Colombia
05.2023 - 03.2025
  • Lead Cybersecurity projects end-to-end—from pre-sales and value proposition development to financial oversight and successful delivery—within Digital Technology and Cybersecurity domains.
  • Drive innovation in Cybersecurity service offerings and strategic positioning.
  • Manage diverse Cybersecurity initiatives, including strategy definition, SOX compliance, segregation of duties, IT asset management, application assurance, penetration testing, and Security Operations Center (SOC) management.

IT AUDITOR

Frontera Energy Corp.
07.2019 - 05.2023
  • Plan and define scope and risk assessments for IT audit plans, including Cybersecurity, Business Continuity Management Systems, IT regulatory compliance audits, and ITGC evaluations aligned with NI 52-109 compliance.
  • Support audits and advise on process improvements based on industry best practices.
  • Lead project planning, execution assurance, and closure of audit engagements.
  • Prepare and present audit findings and recommendations to the Board of Directors, CFO, and IT Services management.

SENIOR IT CONSULTANT

EY S.A.S
09.2017 - 07.2019
  • Plan, supervise, and execute consulting and audit projects focused on evaluating IT controls, process controls, information security, risk management, and business continuity across government, financial, and service sector entities.
  • Conduct IT audits for SEC-listed companies to ensure compliance with the Sarbanes-Oxley (SOX) Act.
  • Prepare and manage project estimates and budgets, ensuring alignment with execution timelines and deliverables.
  • Oversee project planning, execution assurance, and audit closure activities.
  • Guide junior consultants in applying methodologies, developing recommendations, and structuring deliverables across various projects and clients.
  • Lead work meetings, track progress, and present results to stakeholders.
  • Deliver IT risk and cybersecurity consulting services across multiple industries.
  • Main Clients: BBVA, Falabella, Macy´s.

SENIOR IT AUDITOR

KPMG Advisory Services S.A.S
05.2013 - 09.2017
  • Plan, supervise, and execute consulting and audit projects focused on evaluating IT controls, process controls, information security, risk management, and business continuity across government, financial, and service sector entities.
  • Prepare and manage project estimates and budgets, ensuring alignment with execution timelines and deliverables.
  • Oversee project planning, execution assurance, and audit closure activities.
  • Guide junior consultants in applying methodologies, developing recommendations, and structuring deliverables across various projects and clients.
  • Lead work meetings, monitor progress, and present results to stakeholders.
  • Deliver IT risk and cybersecurity consulting services across multiple industries.
  • Provide design and implementation consulting for security access in business applications.
  • Conduct IT audits for SEC-listed companies to ensure compliance with the Sarbanes-Oxley (SOX) Act.
  • Main Clients: Abbott Laboratories US, American Express, AB-Inbev, Pacific Rubiales Energy, Ecopetrol.

Technical Support and IT Auditor

06.2010 - 05.2013

Education

IT Risk Specialist - undefined

Universidad Externado de Colombia

Systems Engineer - undefined

Universidad Autónoma del Caribe

Systems Technologist - undefined

Politécnico de la Costa Atlántica

Certification

CISA (Certified Information Systems Auditor), ISACA, 2025

Timeline

Senior Auditor

Kompleye LLC
03.2025 - Current

Cybersecurity Project Leader

NTT DATA Colombia
05.2023 - 03.2025

IT AUDITOR

Frontera Energy Corp.
07.2019 - 05.2023

SENIOR IT CONSULTANT

EY S.A.S
09.2017 - 07.2019

SENIOR IT AUDITOR

KPMG Advisory Services S.A.S
05.2013 - 09.2017

Technical Support and IT Auditor

06.2010 - 05.2013

IT Risk Specialist - undefined

Universidad Externado de Colombia

Systems Engineer - undefined

Universidad Autónoma del Caribe

Systems Technologist - undefined

Politécnico de la Costa Atlántica

Similar Profiles

CREATE PROFILE
NELVYS PAMELLA PORRAS RIVERO