I am writing to express interest in offering my experience and expertise in Sarbanes Oxley (SOX) audit, IT Audit, Payment Card Industry (PCI) DSS assessment, Personal Identifiable Information (PII) Audit, Information Security audit, project management, and risk management to your company.

I have been working in IT management roles for more than 15 years. I am a Certified Information Systems Auditor (CISA) and certified Project Manager (PMP). I am also a Cisco Certified Design Associate (CCDA) and Cisco certified Network Associate(CCNA). As a highly proficient and experienced professional with a passion for technology, I am skilled in many areas, which will be of use to your company. The following is a summary of these skills:

IT Security Audit
Penetration Test and Vulnerability Scanning Test
Payment Card Industry (PCI) DSS Assessment
BS7799 / ISO 27001 IT Security Implementation and Audit
SAS/70 Assessments
Project Management
Federal Trade Commission (FTC) or Personal Identifiable Information (PII) Audit
Privacy and GLBA Act
Business Continuity Plan and Disaster Recovery Plan (BCP/DRP) Audit
IBM Mainframe Audit
ERP (SAP and PeopleSoft) Audits

Enterprise Risk Management
Process Improvement Projects (SIX Sigma and ITIL)
Oracle Database Consolidation and Disaster Recovery
Operational and application security audit

I look forward to meeting with you to discuss the opportunities for employment with your company.

(Please note that I am a green card holder or permanent resident and am eligible to work for any employer in USA)

Thank you for your consideration.

Sincerely

Executive Summary

More than 15 years of IT audit, HIPAA audit, PCI DSS audit, security, project, technical and risk management experience galvanizing teams in core initiatives including SOX-404 IT Audit, PCI Audit, Information Security, Technology Risk Management, Project Management, Technical Management, and Corporate Compliance while serving as a change agent for efficiency improvements with expertise in Platform and Interface Management.
Significant Achievements

• Obtained certifications of CISA (Certified Information Systems Auditor) and PMP (Project management professional.
• Obtained certifications of CCDA (Cisco Certified Design Associate) and CCNA (Cisco Certified Network Associate).
• Audited the systems for complying with SOX-404 IT Compliance, PCI DSS Compliance, HIPAA Compliance, SAS 70 Certifications and ISO 27001 Certifications.
• Managed and implemented the policies, procedures and controls that are required for HIPAA act.
• Effective manager who motivated and aligned IT auditors through logical achievement oriented thinking and negotiation skills
• Conducted the penetration test and vulnerability scan test using Nessus, Fortify,Rapid7 and Appscan tools
• Managed a team of IT auditors and reviewed the audit work papers of SOX-404 IT Audits and findings matrix.
• Developed audit programs every year.
• Prepared the final audit reports for numerous audit programs.
• Managed PCI (Payment Card Industry) and FTC (Federal Trade Commission) Privacy audit with five auditors.
• Coached the auditors for the latest trends in technology and compliance
• Audited and tested controls for SAP, PeopleSoft, JD Edwards, Oracle, DB2, MS SQL, IBM /390, IBM Z/OS, AS/400, AIX6000, UNIX, Network, IT security, firewall, systems, and web applications
• Established Security Committee offering ISO 27001-certification guidance, while working with external auditors and directing IT security audit procedural policies.
• Conducted integrated, operational, and business process audits and recommended the business process and IT system related controls
• Audited the implementation of BCP and DRP plans and recommended the best practices in the industry
• Designed large IT networks, configured and administered CISCO and PIX firewalls, Routers and Switches.
• Implemented controls and processes based on COBIT/COSO/ISO17799/ITIL methodology
• Harnessed process, procedural, and control quality using Six Sigma methodology
• Performed complex IT Risk Assessments, Vulnerability Assessments, Entity Level Controls Assessments, IT Infrastructure Audits, Business Continuity Planning, Technology Risk Management, SAS70,HIPAA Act

Professional Experience

Confidential, October 2009 - February 2010
IT Security Audit/IT Security Architect consultant
Manage the team of security, network and test engineers to identify the IT security risks in various applications, systems and networks and recommend the practical solutions for fixing the security related issues. Conducted the penetration test and vulnerability scan test using Nessus, Fortify,Rapid7 and Appscan tools .Reviewed Penn Test and vulnerability test and web application security testing results and identified the key issues.

HIPAA and PCI compliance:

Reviewed the systems and processes and identified the gaps relating to HIPAA and PCI compliance. Recommended the policies, procedures and controls to comply with HIPAA and PCI.

Confidential, September 2009 to October 2009
Lead IT Audit and Compliance Consultant
(About Stratify: Stratify is one of the world\'s largest and most experienced electronic discovery service providers)

ISO 27001 and SAS 70 Readiness Audits

Identified the gaps or deficiencies relating to ISO 27001 and SAS/70 controls, developed and implemented ISMS (Information Security Management Systems) and prepared the company for ISO 27001 and SAS 70 certifications. Worked as an advisor for giving practical recommendations to comply with ISO 27001 and SAS70 compliance requirements.

Confidential, June 2008 to May 2009
Project Manager /Lead IT Auditor Security and Compliance
(About TJX: The TJX Companies, Inc. is the leading off-price retailer of apparel and home fashions in the United States and worldwide.)
Managed the team of five IT auditors for carrying out the numerous IT audits. Developed, planned, managed, and executed audit programs for PCI-DSS and FTC Privacy regulations and SOX 404-IT in TJX corporate offices in USA, Canada and Europe.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Audit:

Managed the team of five auditors to conducting the PCI DSS audit and safeguarding the systems that are used to process the credit card Information. Identified and evaluated encryption processes, key management processes, system configuration standards, anti-virus, vulnerability scans, patch management , Penetration test etc., relating to PCI and recommended the controls and processes required to comply with PCI. Audited the systems in Europe, Canada and USA.
Evaluated the 12 high-level requirements and 245 controls given in the PCI standards and identified the deficiencies in the system, and coordinated with external auditors (VeriSign) and process owners to remediate the deficiencies.

• Federal Trade Commission (FTC) Privacy and GLBA act: Managed the audit of the systems that are related to storing and processing of the customer and associate information. Identify the requirements of FFIEC - Information Security IT Examination Handbook, OCC bulletin 2001-35 and GLBA Act to evaluate the effectiveness of the controls implemented in the company.
• Unified or Comprehensive Compliance Audit Program: Created a unified compliance audit programs that made the IT Compliance audit process more efficient and effective , which resulted in a significant cost reduction. The key compliance requirements /regulations of PCI , SOX and FTC privacy regulations.
• Review of IT Security Policies: Reviewed 31 IT Security policies and identified the gaps in the policies. Recommended the best practices adopted in the policies.

Confidential, Feb 2008 to June 2008
Senior IT Audit and Security Specialist
(About World Bank: The World Bank is a vital source of financial and technical assistance to developing countries around the world.)

• ERP( PeopleSoft and SAP) Systems and Application (Benefits) Audit: Conducted the application security and integrated business audit for their ERP (People Soft and SAP) systems and identified the gaps and deficiencies in the applications and systems as per World Bank\'s auditing guidance and standards.
• HIPAA Compliance Audit: Conducted the HIPAA compliance audit for one of their healthcare division and identified the deficiencies.
• SOX 404-ICFR Audits: Project managed the ICFR (SOX-404) audit and identified the risks and gaps in the critical financial systems.

Confidential, Nov 2007 to Jan 2008
Senior IT Audit and Security Specialist
(About Principal Finance: The Principal Financial Group® (The Principal®) is a leading global financial company offering businesses, individuals and institutional clients a wide range of financial products and services.)

IBM Mainframe Audit

Audited the IBM system/390 (MVS/RACF) GDPS/XRC data mirroring, storage systems and other systems and recommended the best practices adopted in the industry.

Privacy and GLBA Acts

Conducted system audits to comply with privacy and GLBA acts. Evaluated the security of systems that hold the personal and customer information. Identified the gaps in the policies and procedures and recommended the solutions to safeguard the customer and personal information.

IT Security Audit

Conducted the IT security audit including firewall, DMZ and LAN/WAN (Secured Sockets Layer and Virtual Private Networks(VPN)) and audited the systems per COBIT and COSO
standards.

Confidential, Aug 2004 - Sep 2007
Senior IT Audit Manager (Compliance and Security )
(About Keane: Keane is a US-based, mid-sized company that offers a broad range of Application, Infrastructure, and Business Process Outsourcing Services.)
Served as a principal liaison between executive and senior management to finalize company's IT and integrated audit programs, reviewed the work papers, test cases and validated critical processes for SOX-404 IT audit while managing three IT auditors. Identified, evaluated, and ranked the risks related to IT systems; identified and documented control gaps for each financial application system; and recommended viable solutions to remedy any significant deficiencies. Recent projects include the following:

• Compliance of Sarbanes Oxley 404/302 Internal IT Controls: Audited and tested controls for PeopleSoft, JD Edwards, Oracle,DB2, Infinium, AS/400, AIX6000, UNIX ( Sun Solaris), Network, IT security, systems, and applications. Spearheaded IT risk management plan, which included the design of low-risk systems. Audited the systems in USA, UK, Canada, Australia and India.
• ERP PeopleSoft and SAP SOX-IT Audit: conducted integrated audits of business functions supported by application systems, Identified and resolved complex auditing and information system issues
• HIPAA Compliance Audit: Audited the systems and applications in HIPAA division and recommended and mitigated the gaps in the application and system.
• Audit of Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP): Audited and recommended best practices adopted in the industry for BCP and DRP
• ISO 27001 IT Security Implementation and Audit: Recommended and assisted in implementing the Information Security Management System (ISMS) framework and developed enterprise-wide security policy. Assisted and coordinated with external auditors for obtaining ISO 17799/27001 certifications for the company.
• SAS/70 Assessment: Assisted in developing controls required for SAS/70 and coordinated with external auditors to obtain SAS/70 certifications.

Confidential, April 2001- Aug 2004
International Project Manager - IT Audit and Security
(iBasis: iBasis, a KPN affilaite,is a global leader in international voice, mobile data and prepaid services, iBasis turns the challenges of international telecommunications into new opportunities.)
Developed project management plan from initial design to final implementation, which included collaborating with Senior VPs and Directors to determine strategy and allocating budget and resources; implemented controls and processes required for the Sarbanes Oxley (SOX)-404 IT Audit. Managed and audited the systems in Frankfurt, Amsterdam, Paris, London, Japan, Hong Kong, Singapore, United States, and India. Project managed and implemented VOIP (Voice over IP) applications and solutions across the globe.

• SOX-404 IT Audit: Evaluated the policies, procedures and controls based on COBIT and COSO framework, identified the gaps and recommended the controls required to comply with SOX-404.
• Cardholder Information Security Program (CISP) (Similar to PCI DSS )
• Project managed the efforts of identifying the controls and processes required to comply with CISA (PCI DSS) when they implemented online prepaid-card system. Evaluated and tested the controls and processes relating to credit card data and systems. Identified the gaps in the security of the systems and recommended the practical solutions.
• Implementation of Change Management Process and Control: Assisted in formulatingpolicies and procedures for change management control, system security, and backup for identified deficiencies
• SAS/70 Assessment: Conducted SAS 70 assessments and identified the gaps or deficiencies and also recommended the solutions to remediate the deficiencies .
• Global IT Security Audit Project: Project managed and audited the security of the systems and networks in remote locations and identified the gaps and risks in the network and systems

Confidential, Mar 2000-April 2001
Technical Lead/Project Manager (Network and Security Management)
(About AT & T Wireless: AT & T is the largest communications holding company in the world by revenue.)
Managed a group of 10 network consultants and engineers for the design and implementation of a complex network; implemented Lucent's design of layer 3 IP-based networks for AT & T Wireless systems in 91 locations

Confidential, Mar 1996- Mar 2000
Network Manager/Controller
(About AL Futtaim: It is a group of 40 trading companies dominating many market segments in the UAE, Bahrain, Kuwait, Qatar, Oman and Egypt.)
Managed the IS team with a group of software, system, and network consultant; led team of consultants for several information systems related projects

• System Migration from IBM AS/400 to ERP SAP R/3 System: Solved the Y2K issues within one year while managing a 20-member team; implemented controls required for internal audit and government security regulations
• ERP SAP R/3 Audit: Implemented logical security and change management controls
• Network and Security: Designed the LAN and WAN network and implemented IT security using PIX firewall and IDS

Confidential, Jan 1995- Apr 1996
Assistant Automation Manager

Education
Master of Business Administration/Technology Management
Bachelor of Engineering - Major: Computer Science

Certifications
CPISM-Certified PCI Security Manager (Awaiting certification)
CISA-Certified Information System Auditor ISACA 2005
PMP-Project Management Professional 2001
Six-Sigma Green-Belt Course, Keane - (awaiting certification) 2008
ISO 27001 Information Security Management System Lead Auditor (awaiting certification)
Cisco Certified Design Associate (CCDA) 2000
Cisco Certified Network Associate (CCNA) 1999

Training Courses
CISSP Certification Course - IT Security Course - ISC2 2005
ISO 27001:2005 Information Security Management System Lead Auditor Course 2006
Database Auditing, Security, & Compliance-ISACA Chapter 2007
Risk Management Framework- PMI Chapter 2005
CISA Course-System, Network, Security, BCP and DRP - ISACA Chapter 2004
Project Management - PMI Chapter 2000
ERP SAP R/3 Basis and Security - Dubai 1999
ERP SAP R/3 Sales and Distribution Module - Dubai 1999
ERP SAP R/3 Material Management Module - Dubai 1999

Technology Profile
Audit and Project Management Tools
ACL, Visio, MS Project, Business Objects, CA Top Secret, Crystal Reports,
Audit or Risk Management Software
Galileo,Saxena, SOax Toolkit 4.0 ( Axena), AutoAudit software
Frameworks/Change Management Tools
COBIT/COSO/ISO 27001/ITIL, Quest STAT change management tool for PeopleSoft and AS/400 and SAP Transport Management System (SAP TMS)
Systems and Software
SAP ERP R/3, PeopleSoft, Oracle E business Suite,JD Edwards, RS6000, IBM AS/400, DEC VAX 4000, IBM 3090, IBM 390, HP 9000 UNIX/Linux systems, Windows 2000/NT, MS Exchange,MS SQL, Oracle, DB2, PL/SQL, Developer 2000, RPG/400, ABAP/4, UNIX, C and VOIP,SIP ,SS7 Systems.
System and Network Security
Checkpoint/PIX Firewall, Router, Layer 3 Switches, Active Directory, LDAP, IDS, VPN, IPSec, PKI, digital signature, SSL, SET, encryption and cryptographic systems
Vulnerability and Event Correlation Tools:
Rapid 7, Symantech Enterprise Security Manager (ESM), Nessus,Sara, Qualys, Whitehat and Arcsight.