PROFESSIONAL SUMMARY:

• Seasoned professional CRM (Certified Risk Manager) and Project Manager with significant years of project management consulting; analysis and implementation of the NIST Cybersecurity Framework.; ISO 27001 and 27002; Sarbanes Oxley (SOX) Consulting; and auditing experience focusing in Governance Risk and Compliance utilizing the Lock Path version 2 Key light Platform GRC tool; SailPoint IAM Solution Tool; AWS Cloud Security; as well as the RSA Archer Platform GRC tool; Metric Stream GRC Tool; Fiserv Frontier 5.0 tool; Business Intelligence (BI); Project Management, Access Identity Management and Rigorous Program Management. Privileged Access Management; Application Whitelisting; File Integrity Management; Extensive Senior Project Management in Dual Shore Point experience utilizing Waterfall, Agile, as well as Scrum Software Development methodology.
• Project Management of AWS Cloud Security; PCI Versions 3.1; 2.0 and Version 1 implementation; Project Manager of major SAP ERP implementation projects (WITH BUDGET IN EXCESS OF $25 MILLION DOLLARS) including SAP Financials (FICO); SAP CRM and SAP SRM Solutions including SAP ECC 5.0 to 7.2; HANA; SAP Warehouse Management Systems. ADP Global Payroll and SOX Compliance Software tools implementation and evaluation. Oracle R12 Implementation and Analysis
• Extensive experience in scheduling responsibilities and developing and accurately maintaining integrated master/sub - project schedules, ensuring schedule logic is maintained, coordinating work activities with project team members, progressing schedules and assisting in identifying and resolving schedule conflicts as well as performance of User Acceptance Testing. Extensive experience in analysis and Roll Based Access Control environment and implementation of the NIST Cybersecurity Framework.; Healthcare HIPAA, compliance and development of Standards and Guidelines to adhere to the NIST, ISO 27001, PCI, ISO 27002, SOX, ADP Global Payroll, Dodd Frank Act, HITRUST; The Volcker Rules; Meaningful Use Act and Sunshine Act requirement and compliance. Extensive experience in AWS Cloud Security; Compliance to NERC Version 3 and 5.1 thru 5.4; PCI Version(s) 2 and 3 Standards and implementation and performance of Compliance QSA Auditing. Extensive experience in IT Technical and Functional requirements to fit client’s needs to meet responsibilities for compliance in NIST; PCI; ISO; HIPAA; HITECH and other regulatory Cybersecurity Framework. Compliance to the NEW YORK CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES.

TECHNICAL SKILLS:

Technology and Tools: Project Manager in PCI version 3.1; PCI version 2;SAP ECC 7.2; 7.0;, SAP HANA; SAP COTS packages SAP ECC 5.0 Business One and SAP ECC 6.0 R/3 Functional Conversion; ISO 27001 and 27002; Roll Based Access Control environment; AWL; FIM; PAM; NERC 3 and 5.1; LockPath Keylight GRC version 2; SailPoint IAM Solution Tool; AWS Cloud Security; RSA Archer GRC tool; MetricStream GRC Tool; ControlCase GRC Scan; Qualys Scan; Qualys Guard PCI Scan; PCI ASV Scan; ClearScan; ProCheckUp ASV; Nexus Scan; Nixu Watson Scan Fiserv Frontier 5.0 tool; Oracle R12 Implementation and Analysis; SAP Archiving; ERP; SDLC; Microsoft-Project 2007; IBM Web-Sphere MQ Series; 2003; 2002; and 2000; Access; Oracle R8 thru R12 Financials; SSAE 16 ; SAS 70; Microsoft SharePoint and Microsoft SQL Server; Business Intelligence; Hyperion Financials; ADP Global Payroll; JAVA; DIBS G/L; PRIMAVERA 5.0/8.0/9.1; Vitech (V3) Microsoft VISIO; Excel; Word; Power Point; Lotus Notes; Windows; MS-DOS; HP PPM; RUP; Waterfall, Agile, Scrum Software Development methodology; EDSNET; Win stub; Lotus 123; COBOL; FORTRAN; PL1

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Contracted Certified Risk Management Officer/Security Consultant

Responsibilities:

• Defined systems and application security baselines based on industry best practices, whichefficiently and effectively mitigated risks, while respecting functionality and operational constraints.Monitored AWS Cloud Security compliance with hardening baselines and manage exceptions
• Performed technical security assessments of information systems and applications to identifyvulnerabilities and non-compliance with established security standards and recommend effectivemitigation strategies. Supported engineering groups with security engineering expertise in thedifferent security domains, such as identification and access management, authentication andauthorization, secure design, system hardening, risk management, vulnerability assessment andmanagement, security testing, secure software development. Supported the development andpromotion of information security policies, standards, processes and procedures and monitoringcompliance to the information security policy framework with a focus on information systemsecurity.
• Supported the development of a risk management framework for information system related securityrisks and manage information system related security risks accordingly
• Evaluated emerging risks and information security technologies to ensure an up-to-date informationsecurity risk register and defined and implement effective, state-of-the-art security concepts.

Confidential, New York, NY

Senior Global Privacy Project Manager/Senior Business Analyst

Responsibilities:

• Specified, implemented and documented information system security Privacy concepts and information securitycontrols for new systems, ADP Global Payroll and operational systems in close collaboration with system owners andengineering groups.
• Delivered information security Privacy support services to architects and system/application engineers byproviding clear, concise and constructive recommendations regarding information system andapplication security.
• Extensive experience in IT Technical and Functional requirements to fit client’s needs to meet responsibilities for Privacy compliance in AWS Cloud; NIST; PCI; ISO; SOX; HIPAA; HITECH and other regulatory Cybersecurity Framework
• Assisted architects, system/application engineers in the identification and implementation of Privacy and other appropriate information security controls and hardening of systems to ensure ADP Global Payroll effectivesafeguarding of Clients information assets. Defined policies, processes, procedures, configurationbaselines and guidelines to ensure appropriate security risk management throughout the systemlife cycle.
• Defined Privacy system and application security baselines based on industry best practices, whichefficiently and effectively mitigated risks, while respecting functionality and operational constraints.Monitored compliance with hardening baselines and manage exceptions for ADP Global Payroll systems.
• Performed technical Privacy security assessments of information systems and applications to identifyvulnerabilities and non-compliance with established security standards and recommend effectivemitigation strategies for ADP Global Payroll. Supported engineering groups with Privacy security engineering expertise in thedifferent security domains, such as identification and access management, authentication andauthorization, secure design, system hardening, risk management, vulnerability assessment andmanagement, security testing, secure software development. Supported the development andpromotion of information security policies, Roll Based Access Control environment standards, processes and procedures and monitoringcompliance to the information security policy framework with a focus on information systemsecurity.
• Supported the development of a Privacy risk management framework for information system related securityrisks and manage information system related security risks accordingly
• Evaluated emerging risks and information Privacy security technologies to ensure an up-to-date informationsecurity risk register and defined and implement an effective, state-of-the-art Privileged Access Management security concepts.
• Supported the development and maintenance of Client’s information security awareness program and program with content dedicated for system engineers to ensure consistent managementof information system security risks.
• Researched and Established the list of Banks and companies that must comply with AWS Cloud and Compliance to the NEW YORK CYBERSECURITY REQUIREMENTS FOR FINANCIAL SERVICES COMPANIES.

Confidential, New York, NY

Senior Global Privacy Project Manager/Senior Business Analyst

Responsibilities:

• Designed, implemented and documented Global information security systems and controls (e.g., file serverencryption, SOX, PCI, endpoint security, vulnerability and compliance management solution, securityinformation and event management).
• Lead Global information security projects as laid down in client’s information security (RSA Archer) strategy and recommended a Privileged Access Management (SailPoint IAM Solution Tool) as a projected tool to satisfy identified strategy in the Roll Based Access Control environment.
• Defined, optimized and executed the vulnerability and patch management process. Developed reports from vulnerability assessment scanners, patch management tools, and emergingthreat information, advised on the risk remediation and monitored the mitigation of identifiedsecurity issues.
• Supported security monitoring and security incident responses with a focus on the implementation ofeffective preventive system security controls as well as containment, eradication and recovery ofinformation systems.
• Assessed system and application security requirements, threats, vulnerabilities and security risks incomplex, heterogeneous systems and throughout their life cycle specifically in Global Payroll.
• Developed, delivered and maintained comprehensive and consistent security solutions to mitigateidentified risks to an acceptable level.
• Specified, implemented and documented information system security concepts and information securitycontrols for new systems and operational systems in close collaboration with system owners andengineering groups.
• Delivered information security support services to architects and system/application engineers byproviding clear, concise and constructive recommendations regarding information system andapplication security.
• Extensive experience in IT Technical and Functional requirements to fit client’s needs to meet responsibilities for compliance in AWS Cloud; NIST; PCI; SOX; ISO; HIPAA; HITECH and other regulatory Cybersecurity Framework
• Assisted architects, system/application engineers in the identification and implementation of PCI, SOX and other appropriate information security controls and hardening of systems to ensure effectivesafeguarding of Clients information assets. Defined policies, processes, procedures, configurationbaselines and guidelines to ensure appropriate security risk management throughout the systemlife cycle.
• Defined system and application security baselines based on industry best practices, whichefficiently and effectively mitigated risks, while respecting functionality and operational constraints.Monitored AWS Cloud Security compliance with hardening baselines and manage exceptions
• Performed technical security assessments of information systems and applications to identifyvulnerabilities and non-compliance with established security standards and recommend effectivemitigation strategies. Supported engineering groups with security engineering expertise in thedifferent security domains, such as identification and access management, authentication andauthorization, secure design, system hardening, risk management, vulnerability assessment andmanagement, security testing, secure software development. Supported the development andpromotion of information security policies, standards, processes and procedures and monitoringcompliance to the information security policy framework with a focus on information systemsecurity.
• Supported the development of a risk management framework for information system related securityrisks and manage information system related security risks accordingly
• Evaluated emerging risks and information security technologies to ensure an up-to-date informationsecurity risk register and defined and implement effective, state-of-the-art security concepts.
• Supported the development and maintenance of Client’s information security awareness program and program with content dedicated for system engineers to ensure consistent managementof information system security risks.

Confidential, Fort Lauderdale, FL

Senior Project Manager/Business Analyst

Responsibilities:

• Senior Project Manager/Business Analyst with functional responsibilities in Implementation, testing and verification of the PCI Version 3.1 DSS Requirements and Mitigating Controls. Project Management, Implementation and Compliance oversite for 8 Major Mitigating Controls and testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, securing virtual and cloud environments, and access and identity management within the Roll Based Access Control environment.
• The Eight targeted areas were:
• Application Whitelisting
• Firewall Integrity Management
• Two Factor Authentication (2FA)
• Optimize Firewall Rule
• Enhanced Vulnerability Mitigation Deployment
• AWS Cloud Compliance
• Advanced Persistent Threat Defense (APT)
• Data Loss Prevention (DLT)
• Privileged Account Management (PAM) (SailPoint IAM Solution Tool)

Confidential, New York, NY

S ecurity ConsultantSenior IT Compliance Manager

Responsibilities:

• Established the Controls Excellence Program for end-to-end business process as the Business Process Cycle.
• Led, participated as part of the core Controls Excellence management team focused on managing & leading strategic initiatives for Controls Excellence which increase value to the company and partner with leadership to influence and contribute to a strong optimal controls environment which addressed SAP, IT Compliance in SOX, PCI, HIPAA, HITECH reporting requirements, regulatory requirements and standalone reporting requirements.
• Supported leadership in preparing & reviewing deliverables, reports & presentations to Senior Leadership, including the Audit Committee
• Partnered with Controls Excellence Director and provided support in achieving overall goals and metrics of Controls Excellence, including supporting regular dashboard and Steering Committee requirements
• Participated in setting and achieving Access and Identity Management performance metrics and experience focusing in RSA Archer Governance Risk and Compliance utilizing the Privileged Access Management (SailPoint IAM Solution) Tool
• Led, coached and developed resources to achieve the function’s objectives, including their longer-term career aspirations
• Led, motivated and developed the Controls Excellence Team to prioritize and allocate work in order to complete the review, documentation, and testing of key IT and financial business processes to support the Company’s senior management’s SOX, PCI, HIPAA, HITECH and analysis and implementation of the NIST Cybersecurity Framework.; attestation responsibilities and meet other key Controls Excellence strategic objectives and AWS Cloud.
• Identified, managed and reported on all internal control deficiencies real-time and work with business Process Owners to facilitate the creation of action plans and remediation timetables to correct the deficiencies noted.
• Promoted the philosophy of collaborative team working environment, team development across all activities, and focused on the design of new and improved processes in order to achieve business objectives and continuously improve performance within the Controls Excellence Team.
• Partnered with business units and management to foster an environment whereby Controls Excellence was a strategic controls advisor to the organization and helped management effectively manage key IT, financial & regulatory reporting risks
• Worked effectively with key stakeholders, including external auditors and senior management, to promote alignment across understanding of Key Controls and managing expectations.
• Provided the technical and operational expertise and support to all levels of management for compliance with the Sarbanes-Oxley Act, PCI, HIPAA, HITECH and pronouncements of the Public Company Accounting Oversight Board (PCAOB) and the SEC.

Confidential

Project Manager

Responsibilities:

• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.4 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, securing virtual and cloud environments, and access and identity management.
• Primary areas of focus was
• Platform point of consolidation for governance,
• Analysis and implementation of the NIST Cybersecurity Framework. risk and compliance information of all types
• Access and Identity Management Program development and enhancement seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Governance Risk and Compliance utilizing the Privileged Access Management (SailPoint IAM Solution Tool)
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.

Confidential

Project Manager, Senior Business Security Analyst

Responsibilities:

• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.2 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, securing virtual and cloud environments, and access and identity management.
• Primary areas of focus was
• Platform point of consolidation for governance,
• Analysis and implementation of the NIST Cybersecurity Framework.
• Risk and compliance information of all types
• Seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Access and Identity Management enhancement
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform and the Privileged Access Management (SailPoint IAM Solution Tool)
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• AWS Cloud Security
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.

Confidential

Project Manager, Senior Business Analyst

Responsibilities:

• Removing sensitive authentication data and limit data retention.
• Protecting the perimeter, internal and wireless networks.
• Securing payment card applications.
• Monitoring and controlling access to IT financial systems.
• Protecting stored cardholder data.
• Analysis and implementation of the NIST Cybersecurity Framework. experience focusing in Governance Risk and Compliance utilizing the Lock Path version 2 Key light Platform GRC tool
• Finalizing remaining compliance efforts and ensure all controls are in place.
• Vulnerability Management
• Oracle R12 functionality and Compliance Analysis
• Access and Identity Management
• Directly responsible for implementation team of 16
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Change Management Compliance and Process Implementation
• Business Intelligence (BI)
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Reviewed and improved ADP Global Payroll Standards
• Consulting in the research, design and implementation of The Dodd Frank Act and The Volcker Rules requirements.
• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.1 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
• Primary areas of focus was
• Platform point of consolidation for governance,
• Analysis and implementation of the NIST Cybersecurity Framework. risk and compliance information of all types seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.

Confidential

Business Analysis

Responsibilities:

• Directly responsible for implementation team of 10
• Oracle R12 Implementation and Analysis
• Compliance to NIST
• Compliance experience focusing in Governance Risk and Compliance utilizing the Lock Path version 2 Key light Platform GRC tool
• Analysis and implementation of the NIST Cybersecurity Framework.
• Vulnerability Management
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Access and Identity Management
• Writing and maintaining process procedures and controls
• Compliance to NERC Standards
• Business Intelligence (BI)
• Monitoring and controlling Identity Management applications access to IT financial systems Change
• Monitoring and compliance to ADP Global Payroll Standards
• Management Compliance and Process Implementation
• SSAE 16 Compliance

Confidential, Princeton, NJ

Project Manager

Responsibilities:

• Removing sensitive authentication data and limit data retention.
• Protecting the perimeter, internal and wireless networks.
• Securing payment card applications.
• Monitoring and controlling access to IT financial systems.
• Protecting stored cardholder data.
• Finalizing remaining compliance efforts and ensure all controls are in place.
• Vulnerability Management
• Directly responsible for implementation team of 18
• Consulting in the research, design and implementation of SOX and The Dodd Frank Act and The Volcker Rules requirements.
• Change Management Compliance and Process Implementation
• Analysis and implementation of the NIST Cybersecurity Framework.
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Business Intelligence
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Compliance Monitoring of implementation of the Fiserv Frontier 5.0 tool

Confidential, Robbinsville, NJ

Project Manager, IT Corporate SOX Compliance

Responsibilities:

• Project Manager SOX Compliance and Senior SAP Subject Matter Expert responsible for the IT System transition from E-Synergy to the COTS package SAP ECC 6.0 R/3 ($6 million dollar budget). Responsible for the successful planning and execution of the SAP Archiving, conversion and implementation project including defining project approach and gaining client, client engagement manager and project team member’s buy-in for 28 Solutions including SAP Financials (FICO) SAP CRM and SRM Solutions including SAP HANA environment.
• Dual Shore point responsibility managing the custom built combination of the best local and off-shore talent to bring the client the highest quality
• Change Management Compliance and Process Implementation
• Analysis and implementation of the NIST Cybersecurity Framework.
• Vulnerability Management
• Writing and maintaining process procedures and controls
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Business Intelligence
• Compliance to NERC Standards
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• Using Rigorous Program Management/RPM led and directed implementation team of 23 contracted consultants and employees, responsible for the successful implementation of the Business Suite Module. Communicated project status, milestones and issues to project owners.

Confidential, Miami, FL

Project Manager

Responsibilities:

• Senior SOX Project Manager, SAP Project Manager and Subject Matter Expert responsible for the ERP transition from MAS 500 to SAP COTS package SAP ECC 5.0 Business One ($8 million dollar budget). Direct implementation responsibility for the Business Suite Module. SAP Business Suite provided the company with industry-specific applications. Overall responsibility for the successful planning and execution of the SAP project for 24 Solutions including SAP Financials (FICO) SAP CRM and SRM Solutions in the SAP HANA environment.
• Dual Shore point responsibility managing the custom built combination of the best local and off-shore talent to bring the client the highest quality
• Compliance Monitoring of implementation of the RSA Archer Platform GRC tool version 2 Platform GRC tool
• Directly responsible for implementation team of 15 responsible for the Business Suite Module.