Internal Audit & ERM at California Casualty

California Casualty is a $300M affinity insurance provider based in San Mateo, CA. As Senior Internal Auditor from September 2019 to November 2022, I built and matured core risk and compliance programs across the organization — spanning enterprise risk, IT security, data privacy, and vendor management.

Conducted Enterprise Risk Management (ERM) work in preparation for the annual Internal Audit Plan, assessing internal controls across multiple departments in accordance with IIA and ISACA standards.

Supported regulatory compliance for the Department of Insurance (DOI), ensuring adherence to state-mandated audit standards and reporting obligations.

Performed ITGC control testing and Cybersecurity Audit (NIST) to assess infrastructure vulnerabilities.

Executed audits of five Palo Alto Firewalls to ensure configuration alignment with best practices; performed Business Continuity & Disaster Recovery control testing and access management reviews.

Operated the Vendor Risk Management (VRM) Program using multiple security monitoring systems to assess third-party risk.

Assisted third parties in performing network security audits including Social Engineering and Network Penetration Testing.

Led the Internal Audit Data Analytics program using Arbutus Analyzer to improve audit report analytics; conducted fraud investigations across finance, underwriting, and claims departments. Additionally Identified duplicate vendors invoices , addresses and suspicious transactions.

Performed operational reviews covering Sales, Data Privacy (CCPA), Customer Service, and Purchasing & Payables.

Prevented a major data breach through proactive risk mitigation across IT infrastructure, vendor risk, and cybersecurity audit programs.