PROFESSIONAL SUMMARY:

• Over 15 years of Information Security experience in distributed, heterogeneous, mainframe and client server environments. CISA Certified, ACF2 Certified Administrator, 6.1. Currently working as an Information Security Consultant performing GAP Analysis, Project Consulting Sarbanes Oxley - 404. Previously employed as a contractor for the Unisys DoD Information Technology Security & Accreditation Process Team

TECHNICAL SKILLS:

Technical: Confidential PC compatibles, RSA/Archer, VM, .NET, Confidential Mainframe, Java, AS/400, OS/90, DB2, Unisys A Series/1100, LDAP, DOS/VSE, Radius, Windows NT, Single Sign - On, ACF2, PKI Entrust, UNIX, PeopleSoft, RACF, Encryption, AIX, Oracle Financial s, CA Top Secret, MS Office, LAN/WAN, Group Policy, JCL, Outlook, Ethernet, LDAP, CICS, Lotus Notes, Intranet/Extranet, TCP/IP, Checkpoint Firewall-1, TSO, PeopleSoft, IPX, JD Edwards, CA/7, MQ Series, SNA, Sun Solaris, VTAM, Active Directory-(Hyena), Netware 4x, Keon/RSA, Sniffer Tools (various), Lock Box, COBIT, DITSCAP, & Accreditation Process, ISO/2701, SOC I /II, NIST, HIPAA, Sarbanes-Oxley 404, (SOX), GLBA, Gap Analysis, ISS/SCAN, Penetration Testing, Remediation, SSAE16, NIACAP, SOX SAS 70, Basel I /II, FFIEC Compliance, CA Audit, Federation IT Audit, IA Professional Practice Framework, COSO, Application Level IS Controls, Entity level Control, Entity-wide IS Controls, DISA STIG, PCI/DSS, DIACAP, NIACAP,FISMA, NMAP, MS Project

PROFESSIONAL EXPERIENCE:

IT Audit Assessor

Confidential, Foster City Ca

Responsibilities:

• As a IT Audit Assessor, My duties are to facilitate Risk Assessment programs for technology assessments across the Visa Corporate Enterprise. My core duties also include performing risk and control IT Audit assessments and documentation ( SOX ARCHER PCI,SSAE1 - 2 ), as well as working with the -identified managed service providers to execute and complete Asset Assessments. My duties are to also independently execute and complete Asset Assessments ( Pen-Test results, Third Party, Vendor reviews), and lead workshops to educate system owners and developers to share information about assessment programs.

Confidential, Westborough Ma

Technical Audit Consultant

Responsibilities:

• Documenting / enhancing existing general IT processes by bringing in knowledge of best practices COBIT/COSO Sarbanes / ISACA, ISO 2701, FFIEC,GLBA, SAS - 70, SSAE1
• Identifying existing controls to meet the IT departments control objectives
• Identifying gaps with existing controls and recommending solutions for 3rd party vendors. Preparing and leading various internal audit engagements Reviewing controls within all operating business units and entities, Identifying any control weaknesses, and make recommendations for improvement.

Confidential, Dubuque, IA

IT Audit Security and Compliance

Responsibilities:

• Duties are to oversee and manage controls pertaining to the efficient standardization of policy affecting access Administration, System Security, and IT practices and security procedures and account creation in distributed environments ( RACF, ACF2,TOP SECRET ). Secondary responsibilities are to participate in semi-complex technical support for personal computers, application software, operating systems and access to networks and to effectively identify problems as they occur and take appropriate steps to solve them.

Confidential, Pittsburgh, PA

IT Audit Security and Compliance

Responsibilities:

• Six week emergency backfill, I wasn't available to take the original contract and when the client was let down halfway through I flew in to complete the project. Duties included the reviewing of technical validation activities for the SOX IT audit and assessment compliance initiative, including but not limited to, audit planning, risk assessment, control evaluation, audit test development, testing, work paper documentation, network architecture designs, log data, anti-virus implementations, server configurations and standards and, key management.
• Deliver effective compensating and remediating deficiencies affecting control procedures aligning and adhering to the Bank policy and industry best practice standards, along with drafting written findings and reports and presenting to management throughout the audit engagement.

Confidential, Minneapolis, MN

Information Security Risk, Compliance and Audit

Responsibilities:

• Responsible project management duties designed to develop, implement, and support enterprise-wide information technology security policies, procedures, applications, and systems. Specific duties are to test, document and maintain the program to ensure compliance with Federal and State regulations as well as external guidance (SOX and PCI) and review system-related security plans throughout the network.
• Duties are also to assist in the establishment of a security strategy program to include determining appropriate policy to meet regulatory compliance, risk identification and mitigation, security architecture and necessary infrastructure of the enterprise. Liaison with ISS and Infrastructure IT to coordinate pen testing, patch testing, remediation and adoption of application security best practices. Responsible for coordinating support within their respective BIO team to support ISS pen testing of applications. Infrastructure IT monthly patch testing for on LOB applications and to assist Infrastructure remediation of foundational application vulnerabilities (.NET, JAVA, Adobe PCI/SOX vulnerability remediation process.)

Confidential, Minneapolis, MN

IT Audit Security and Compliance

Responsibilities:

• Tasked specifically to develop, execute, and monitor enterprise-wide information security from policy through implementation to ensure that business information is secure from unauthorized access, protected from inappropriate alteration and is physically secure. In this position my duties serves as the process owner for all ongoing activities that provide appropriate access as well as protection of confidentiality and integrity of client, employee and proprietary business information in compliance with federal/state laws and regulations as well as Ameriprise’s SOX and ISO policies. Some of my duties entailed participating in security investigations and providing on-going communication to senior management as well as identify root causes of security events, propose solutions, close out and document investigations, ensure confidentiality and appropriate personnel are involved in the investigation.
• Also, I was assigned to participate in activities/reporting required for regulatory and contractual information security obligations, and coordinate tasks that are performed within the infrastructure (system administration, network administration, application support, etc.) for security updates and initiatives. One of my major responsibilities was to maintain up-to-date industry knowledge through formal/informal, industry associations and research of latest technologies critical to the success of the company’s data security program, and to continuously work to identify and improve security solutions to defend the company against data security threats.

Confidential, Bloomfield Hills MI

IT Audit Security and SOX Compliance

Responsibilities:

• Duties assigned to assess and evaluate mainframe environment and security infrastructure as controlled by CA ACF2 security system. Used NIST to map mainframe security controls for Confidential ’s Medicare Program. Determine the effectiveness of key internal controls, including new (development) and existing processes,
• Drive assessment of the significance of control gaps or deficiencies and actively participate in improvements to processes and the remediation of control deficiencies. Manage facilitation for key assessors and reviewers within the company to meet ongoing compliance requirements. Provide guidance for the process of maintaining high quality control design documentation and periodic effectiveness testing of key controls.

Confidential, Tallahassee, FL

IT Audit Security and Compliance

Responsibilities:

• Performed a eight week general assessment of the end clients current Confidential mainframe security infrastructure as controlled by the Confidential - RACF security system based upon a competent and professional review of the existing security architecture, operation, organization and security audit findings.
• Performed quantitative analysis conveying primary security metrics such as user id counts, logging rates, enforcement levels, numbers of privileged users, number of users with security-bypass authority, new password requirements, obsolete user id counts, etc. review of critical mainframe applications as their security is handled via RACF (dataset profiles/protections, access to CICS transactions, Started Task and Batch processes, etc.). Provided the client with formal document describing the findings and recommendations resulting from this security assessment.

Confidential, Commerce Bank, Mt Laurel NJ

IT Audit Security and Compliance

Responsibilities:

• Performed medium to complex information security reviews of new, modified, or critical applications, utilizing the information security review process to develop and present findings and plans that prevents, curtail, and minimize security vulnerabilities and incidents.
• Member of team that is responsible for functions necessary for the central, global administration, management, monitoring of rights, managing access to objects, maintenance, and operation of the Bank environment, ( RSA ARCHER ) . Work within the TDBank Commerce Access and Identity Management team and coordinate with other cross - functional infrastructure teams to provide primary engineering support for IDM, Radius, Oracle, Tivoli, Entrust Grid, Site minder, Authentication and Authorization Services for centralized Web access management system that enables user authentication and single sign-on, policy-based authorization, identity federation, and auditing of access to Web applications and portals.
• Also conducts SOX SAS 70 security reviews and PCI risk assessments of applications and infrastructure with industry standard security tools and methodologies based on federal, regulatory, external, and internal audit requirements (Ernest & Young).
• Participates in security projects that support the Information Security Program by using standard industry best practices, as well as the updating of company and program management methodologies and templates for projects. Participated in initializing corporate awareness policies supported by regulatory compliance as well as providing enterprise wide metrics and statistics on incidents and security threats for management to demonstrate that its current corporate security compliance assurance process is up to date and compliant.
• Also functions as a subject matter expert for securing networks, systems, and applications, and provides internal clients with security solutions in the design and operation of new and existing technologies.

Confidential, Sacramento, CA

IT Audit Security and Compliance

Responsibilities:

• Responsible for identity management, implementing products for security awareness, command line email encryption. Responsible for designing and implementing security architecture and audit of network security controls and programs to protect the integrity, confidentiality, and availability of information resources. Supervising the audit project with responsibility for managing team members’ performance and quality of output to meet the overall project objectives. Leveraging in-depth knowledge of key IT focus areas (such as IT services and business processes, data centers, remote operating sites, network infrastructure, system software, both externally and internally facing business applications, and others) to ensure the team’s successful development of their project’s risk assessments, design of the SOX and SAS 70 audit program, and drafting and delivery of the audit reports ( Confidential and Touche).
• Reviewing audit work programs and testing documentation to verify that it is produced in accordance with the Information assurance professional practice framework . Duties also included the Influencing and negotiating the process of improvements needed with business owners. Providing recommendations on the design of controls, ensuring that identified control gaps are assigned for resolution. Verifying management’s resolution of completed action items. Developing and providing to team members by sharing audit/content expertise in conjunction with proactively identifying emerging areas of risk affecting all IT controls, based on professional interpretation and effective understanding of any outstanding area deficiency findings, and to effectively address those areas before they become audit findings.