SUMMARY:

• IT professional providing over 12 years of IT experience. Ability to work independently, or as part of a team, In - depth knowledge and application and project cycles, extensive background in all stages of audits, including planning; study, evaluation, and testing of controls; reporting; and follow-up. Experience in managing implementation and monitoring of SOX, HIPPA, PCI, FFIEC regulations.
• Over eight years’ experience in developing standards and policies for organizational structure. Advanced knowledge in Architect Application security and project managing various IT architectures from development through to production. Advanced knowledge in managing application vulnerabilities and identifying OWASP top 10 and SANs top 20 vulnerabilities and coaching applications through to remediation’s. Advanced knowledge in IT Architecture and auditing including but not limited to, SQL databases, Routers, switches, firewalls, Cyber Security, Data Breach programs,
• Organizations infrastructure posture assessments, incorporating industry leading practices overall industry spectrum, with an emphasis in Financial institutions. Advanced experience in assisting completion of external audit and Federal Regulation assessments, in effort to assist organizations to meet industry standards. Seeking a challenging position with a dynamic organization where I can add value and continue utilizing my practical knowledge of Information Technology.

TECHNICAL SKILLS:

SKILLS: Program/Project Management SOX and MAR Microsoft Excel and Access Change Acceleration Process Building effective relationships Testing Methodologies Project Management PMP - Prep Influence & Negotiation Business Dynamics Penetration Testing (SANS) Coaching/Mentoring Diversity Risk Management Leadership Essentials

PROFESSIONAL EXPERIENCE:

Confidential, New York

IT Security Consultant

Responsibilities:

• Performed 3rd party vendor review in efforts to ensure there are Industry Leading Security practices are being performed within the vendors IT infrastructure and the appropriate due diligence is performed when vendors are integrated into organizations IT infrastructure.
• Security reviews
• IT Audit
• IT information system implementation.
• IT Consulting.
• Developed and implemented 3rd Party Practice for Hospitals.
• Audit information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy, security and regulatory compliance.
• Evaluated IT infrastructure in terms of risk to the organization and evaluates controls in order to recommend improvements to current risk management controls
• Audited controls over existing systems and ensuring full compliance with regulatory guidance and internal policies & procedures.
• Maintains a working knowledge of applicable Federal, State, and Local laws and regulations as well as policies and procedures of Logical in order to ensure adherence in a manner that reflects honest, ethical and professional behaviors.
• Review the system architectures and made recommendations on capacity planning.
• Collaboration with Auditors and Team Leaders to identify and suggest creative, simple, value-added potential improvements in business and technology processes and department administration.
• Assistance with tracking and implementation of prior audit recommendations.
• Responsible for executing IT follow-up audits.

Confidential, Chantilly, VA

Senior IT Auditor

Responsibilities:

• Audit information systems, platforms, and operating procedures in accordance with established corporate standards for efficiency, accuracy, security and regulatory compliance.
• Assisted in implementing and auditing Arcsight.
• Evaluated IT infrastructure in terms of risk to the organization and evaluates controls in order to recommend improvements to current risk management controls
• Audited controls over existing systems and ensuring full compliance with regulatory guidance and internal policies & procedures.
• Works closely with management and co-sourced audit service providers in assessing and reporting on controls over Information Technology.
• Assisted in the review of the entire IT Security and Cyber Security Posture and assisted in performing Cyber Security Audit.
• Discusses potential findings and recommendations with Regulators and Confidential Executives and/ consulting auditors as soon as practicable during the audit prior to discussion with credit union operations officials.
• Discussed audit conclusions with the Audit Executives and External Auditors in efforts to appropriately communicate issues to State Regulators. Prepared audit findings and assistsin preparing a formal written report of the audit showing the purpose andscope of the completed audit, the conclusion any findings and related recommendations.
• Reviewed the status of corrective actions taken to improve deficient conditions as generally recommended and providing guidance to specific business units in implementing recommendations.
• Reviewed all prior findings reported from Internal audit and External Auditors and assisted in formalizing a process in efforts to create a robust audit process and effectively monitor issues identified.
• Recreated the Audit process and adding major initiatives that reflect Industry Leading Practices and rebuilding and enhancing an Audit Dashboard Overlay that will allow automated reports and organizing audit reporting functions.

Confidential, Columbia, MD

IT Security Manager

Responsibilities:

• Performing network intrusion detection and responding to security incidents.
• Setup and maintenance of network devices such as routers, switches, or VPN devices.
• Experience using computer security tools and techniques.
• Installing, configuring, and maintaining firewalls.
• Forensic examinations of computers.
• Specifying and implementing security architectures.
• Developed Data Breach Program.
• Developed Cyber Security Program.
• Implemented IT Security functions.
• Implemented Security Policies.
• Implemented Risk Assessments.
• Experience programming or scripting language.
• Leading project teams or work groups.
• Security, network, or systems technical s; or an advanced degree in a relevant field.
• Symantec Endpoint system administration, conversion over to McAfee.
• Monitor and re mediate technology risks.
• Monitor Mobile Device Security (iOS, Android, Blackberry, etc.)
• Manage Network /Visualization Security (OSI Model, Firewalls, VMware, VDI, VLAN's, NAC, etc.)
• Ensure successful implementation, compliance and maintenance of the defined Information Security standards and policies.
• Manage IDS/IPS, DLP, NAC, SIEM, and other Info Sec applications.
• Provide technical support and consultation for enhancement and change to security configuration.
• Maintain documentation and report to management regarding Information Security data and log files.
• Manage IT Security staff and participate in annual budget process.
• Implemented continuous monitoring and IT security audits in efforts to strengthen IT security within the organization.
• Implemented IDS and IPS services.
• Implemented and provided industry leading recommendations to address critical issues.
• Reviewed and identified risk.
• Implemented recommendations to enhance IT Vendor Management.
• Identify major critical security gaps and implemented controls and made recommendations on implementing secure mitigating controls and ensured the appropriate technology was purchased and implemented to mitigate catastrophic issues.
• Review Network security posture and made industry leading recommendations on better securing the network and implemented continuous monitoring controls/audits.
• Developed IT Policies and procedures and configuration standards.
• Optimize Major Incident Handling processes and procedures and acts as major incident commander for significant breaches/incidents that occur on the network.
• Maintains current and thorough knowledge of industry standard Security technologies.
• Supports compliance and other security audits and assessments.
• Maintains a working knowledge of applicable Federal, State, and Local laws and regulations as well as policies and procedures of Logical in order to ensure adherence in a manner that reflects honest, ethical and professional behaviors.
• Review the system architectures and made recommendations on capacity planning.
• Ensure security is established at every technical entity of the organization which supported business functions.
• Reviewed Security architectures.
• Ensure all vulnerabilities identified in Penetration testing and vulnerability scans were remediated in a timely manner.

Confidential, Birmingham, AL

Senior IT Auditor II

Responsibilities:

• IT general processes including software development life-cycle, technology operations, and access management.
• Applications and supported business processes including functionality and data integrity.
• Provide technical support and consultation for enhancement and change to security configuration
• Information security and business continuity including configurations, processes and compliance with regulations as it pertains to Online Banking, Mortgage and Wealth Management.
• Data including extraction, analysis, and reporting utilizing various database, spreadsheet and analytical tools, such as ACL, Excel, and Access.Performed and assist Team Leaders with administrative tasks including:
• Contribution to the development and documentation of audit work programs, planning documents, and audit reports that clearly and accurately indicate of desired objectives.
• Communication and audit tool documentation of process and risk understanding and evaluation, escalating potential issues and solutions to Team Leaders as applicable.
• Collaboration with Auditors and Team Leaders to identify and suggest creative, simple, value-added potential improvements in business and technology processes and department administration.
• Assistance with tracking and implementation of prior audit recommendations.

Confidential, Birmingham, AL

Information Security Engineer III

Responsibilities:

• Responsible for implementing and technically designing Wealth Management Brokerage division.
• Responsible for ensuring Investment banking assets are properly migrated to new platform.
• ATM testing reviews and software implementation.
• Reviewed and implemented banking trading and settlement systems and money transfer systems.
• Responsible for providing technical guidance focused on information security architecture.
• Performed security research, analysis, and design for assigned client computing systems and the network infrastructure.
• Responsible for the prevention, detection, investigation and response with respect to security threats and attacks.
• Facilitates security vulnerability assessments and penetration tests.
• Responsible for working on security alerts, events, and security incidents, including forensic analysis.
• Helps plan configuration changes for major security infrastructure platforms.
• Implements, documents and may help develop formal security programs and policies throughout the organization and monitors compliance to these policies and programs.
• Researches, designs, develops and implements monitoring, response and administration of a variety of network security and remote access service.
• Configures and validates secure systems and tests security products and systems to detect security weakness.
• Contributes general consulting (risk analysis) and project support in the area of information security to IT infrastructure and division computing projects as needed to support new business requirements.
• Participates in the technical aspects of internal security audits and investigations. Manages and maintains a library of security audit tools, and corresponding processes that can be used for system security testing, internal audits, incident response, and diagnosis of security-related system issues. Provides technical engineering services for the support of integrated security systems and solutions.
• Monitors trends in information technology and security that could have an impact on the security of the organization’s products, processes, infrastructure, or customers. Provide advice and guidance to less experienced staff.
• Review FFIEC Assessments and PCI Assessments
• Perform detail 3rd party vendor reviews, including site visit
• Continuously review financial institutions bank regulations to ensure Regions Adheres to guidelines.
• Coordinate Application Penetration Testing and work with Business units on remediation plans before applications are promoted to production.
• Ensure Applications follow OWASP Top Ten guidelines.

Confidential, Cleveland, OH

IT - Internal Auditor

Responsibilities:

• Assist in reviewing application, security, and general controls of the IT function to determine whether (a) controls have been designed according to management direction and legal requirements (b) such controls are effective at providing reliability, integrity, security over the data being processed and (c) financial management and control is adequate
• Assist in conducting operational reviews of the IT function in relation to specific objectives established by Internal Audit management for the purposes of: (a) assessing performance; (b) identifying opportunities for improvement; and (c) developing recommendations for improvement. The scope of these reviews may include all aspects of the IT function, from overall planning and organization to specific operating procedures.
• Assist in collecting, analyzing, interpreting, and documenting information as part of preparing complete, effective and timely IT audit reports.
• Report on results of audits in accordance with department and IIA standards; prepare written reports and documentation of results; communicate results to management verbally and in writing; ensure management action plans address observations and are reasonable.
• With direction of audit management, participates in reviewing the design and development of significant new information systems or applications, and significant changes.
• Provide IT technical guidance and assistance to the Internal Audit Department.
• Prepare computer programs (e.g.., DB2) as required in performing audit assignments to test information system controls and support audit data retrieval requirements.

Confidential, Cincinnati, OH

Senior IT - Auditor

Responsibilities:

• Evaluated and assessed significant merging/consolidating functions and new or changing services, processes, operations, and control processes coincident with their development, implementation and/or expansion.
• Issued periodic reports to the Vice President, summarizing results of IT audit activities.
• Provided a list of significant measurement goals and results to the Vice President.
• Assisted in the investigation of significant suspected fraudulent activities within WS&FG IT infrastructure and notify the Vice President of the results.
• Considered the scope of work of the external auditors and regulators, as appropriate, for the purpose of providing optimal audit coverage to the company at a reasonable overall cost.
• Responsible for executing IT follow-up audits.
• Responsible for executing SQL database audits.
• Responsible for executing IT remediation audits.
• Execution of MAR (Model audit rule) financial and IT audits.
• Ensured risks are appropriately identified and managed.
• Met with various internal compliance groups pertaining to critical IT findings.
• Significant financial, managerial and operating information is accurate, reliable and timely.
• Associates’ actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
• Programs, plans and objectives are achieved.
• Quality and continuous improvement are fostered in the company’s control process.
• Ensured significant legislative and regulatory changes that impacted the Company were recognized and addressed appropriately.
• Assisted in the implementation of the annual audit plan, as approved, including as appropriate any special tasks or projects requested by the Chairman, President, and Chief Executive Officer and the Audit Committee.
• Reviewed audit reports and work papers created by other auditors.

Confidential, Cincinnati, Ohio

Senior IT - Auditor

Responsibilities:

• Developed a monthly scorecard to ensure security measures are in compliance.
• Performed and facilitate Sarbans- Oxley (SOX) IT Controls.
• Provide input for the IT Audit Manager to use in performing the annual risk assessment and developing the annual IT audit plan.
• Performed system implementation testing.
• Ensured that the IT assets of the Company are properly safeguarded and that electronic information is accurate and adequately secured.
• Monitored and audited developer’s access in AS400 and SQL databases.
• Responsible for the organization and retention of evidence documentation.
• Planned and documented projects results; communicated outcomes to internal and external audits.
• Determine compliance with both affiliate and corporate policies and procedures.
• Developed audit programs to test assigned areas based on a thorough risk assessment process.
• Participated in pre-implementation reviews of new systems/products/tools to ensure that there are proper controls over the development phase and that adequate controls are included in the new system.
• Communicated with various levels of management during all phases of work and kept them abreast of control weaknesses identified both during the course of the assignment and upon completion.
• Compiled and document comprehensive audit work papers supporting audit scope, procedures performed and conclusions.
• Performed SOX Section 404 responsibilities, recommending and verifying implementation of control gap remediation plans, daily monitoring and execution of controls; prepare IT areas for audit testing and internal control tests.
• Assisted with analyzing results of penetration test and vulnerability test.
• Checked audit reports and work papers created by other auditors.

Confidential, Cincinnati, Ohio

Data Security Auditor

Responsibilities:

• Administrated NT Accounts.
• Ensured all documentation of evidence garnered is complete and accurately filed
• Analyzed and reviewed security logs.
• Monitored developer access in Mainframe.
• Developed and/or utilized software to perform parallel simulation, file comparisons, data validations, etc.
• Granted password access to Office Managers at all locations
• Supported security and business continuity audit functions by following defined procedures and practices.
• Promoted operational efficiencies and identify cost-saving opportunities.
• Analyzed file conversion procedures and controls and system test plans to determine adequacy and completeness.
• Quarterly systems audit.
• Assisted with penetration testing and vulnerability testing.
• Performed and facilitate Sarbanes-Oxley (SOX) IT Controls.