SUMMARY

I am a team-oriented Information Technology professional with over 20 years of IT experience ranging from Production Control to IT audits. I have audit experience in SAS70, COBIT, HIPAA, the Gramm-Leech Bliley Act (GLBA) and Sarbanes-Oxley (SOX) requirements. I am also well versed in project management, training and awareness programs, customer service skills development, and disaster recovery planning.

TECHNICAL SKILLS

IT Security and Controls
IT Audits (COBIT, SAS70 II, SAS70 Infrastructure)
Application/Infrastructure Control Reviews
Technical Writing
Training Programs
Business Planning and Organizational Skills
Novell
Active Directory
HIPAA
SOX
GLBA
SDLC / SDM

PROFESSIONAL EXPERIENCE

Confidential
July 2010 – Current
(Contract Employee)
Oakwood Health System

Provide day to day leadership for the Access Management team. This includes scheduling, assigning tasks, expanding responsibilities, employee evaluations and project management.

Develop security and control measures with newly developed Security Audit team to improve compliance. This involved defining a matrix containing job families and roles by application. Assist in devloping guidelines for matrix approval and annual attestation.

Additional responsibilities include developing a 2011 roadmap for the team, meeting with business units to define role based access, automated provisioning and auditing user access.

Confidential
July 2009 – July 2010
(Contract Employee)
Ford Motor Company

Security and Controls Analyst: Gathered information from suppliers to execute the processes for Application Controls Review (ACR), System Controls Review Process (SCRP), Infrastructure Controls Review (ICR) in a portfolio of >100 applications. These are structured controls assessment processes that compare implemented controls to control objectives.

Security & Controls Business Managed IT Applications, Ford Motor
Document and evaluate the performance of controls objectives such as: access controls, change management, protection of sensitive data in transit and at rest, separation of duties, accounts management, privileged account use, operations processes, facilities and disaster recovery

Interviewed external suppliers and business owners to collect controls data, application functionality, data flows, and data content information

Responsible for completing SOX questionnaire and control testing requirements for applications

Prepare applications for General Audit review

Provide status on all projects through SharePoint and Etracker

Confidential
February 2000 – April 2009
Manager – Technical Compliance and Data Security

Developed, implemented, and maintained security policies and guidelines

Hands on provision of authentication, authorization, and file access using Novell, Active Directory, and proprietary security Review SAS70 Type II documents for current and future vendors Develop and performed corporate Security Awareness training program in accordance with the Gramm-Leech Bliley Act (GLBA) and Sarbanes-Oxley (SOX

Handle all management aspects of the Security team, scheduling, work assignments, training, SLAs, project management, performance evaluations, liaison with business units
Hands on review of procedures to develop process improvements

Develop user access templates to establish internal controls for compliance to Sarbanes-Oxley (SOX) regulations

Work with the Help Desk Manager to develop scripts to improve quality of information provided to IT teams

Hands on creation of flowchart and written documentation of departmental processes and procedures

Hands on performed analysis to determine areas of process / quality improvements
Monitored changes to laws and regulations and ensured application and infrastructure compliance
Develop and maintain service level agreements with the Customer Service department to ensure timely resolution of customers needs/concerns
Collaborated with the Help Desk and Training managers to facilitate training classes based on trouble tickets received
Evaluated new applications to ensure adherence to security regulations, policies, and guidelines

Prepare for, respond to, and make modifications based on internal audits performed by Plante and Moran

external audits performed by Virchow Krause
regulatory audits performed by the Office of Thrift Supervision (OTS)

Perform audits to monitor changes in Novell and Active Directory access Perform application audits to monitor compliance to defined user access templates

Hands on coordination of Disaster Recovery plan for IT Security
Hands on operated as Project Manager for Application Security / Privacy projects using company’s System Methodology
Developed plan to migrate applications to Identity and Access Management
Hands on Managed Software Licensing

Training

SOX Controls (Flagstar)
GLBA (Flagstar)
Information Security Awareness (SANS)
Network Security (SANS)
Job Related Training

HENRY FORD HEALTH SYSTEM
June, 1995 – February, 2000
Manager – Corporate Information Security

Developed Information Security Department

Developed Corporate Information Security Policies Hands on Authentication, authorization, and file access using IBM mainframe (RACF), Novell, Active Directory, Tandem, CICS, PeopleSoft and other proprietary applications

Helped to develop a security training program for the Help Desk

Chaired the Corporate Security Committee Develop and maintain Security Awareness Program presentations Create flowchart and written documentation of processes and procedures Initiated a 48 hour Service Level Agreement for system access Developed and organized Computer Security day events

MEMBERSHIPS

Information Systems Security Association (ISSA)
Computer Security Institute (CSI)

EDUCATION

Computer Science and Business Administration