Summary

SME with over 30 years of experience in Information Technology, IT Audit and Security, GRC Governance, Risk, Compliance involving various projects for Fortune 100 companies.

Skills:

• Risk Assessment Methodologies COBIT, PCI DSS Model Audit, SOX, ITIL v3, C A .
• Risk and Control Self-Assessment RCSA
• Data Analytics SQL, ACL, Perl, UNIX .
• Multiple-platform technology expertise MVS, Unix Series, Linux, Windows, Cisco, VoIP .
• Multiple Interfacing systems HL7, eGate, EMPI
• SOX regulations.

Experience

Confidential

Governance, Compliance and Security Assessor

• As SME, Co-developed an enterprise-level Third Party Risk Management TPRM assessment framework with supporting evidence.
• Developed and maintained an inventory of assessed third party reviews.
• Developed TPRM roles and responsibilities, templates, guidelines and swinlane diagrams/flowcharts.
• Validated third party request against compliance to security and regulatory requirements and enterprise procedures.
• Co-developed requirements, questionnaires and assessment processes for Archer GRC toolkit.
• Co-developed content and document management framework.
• Co-developed POA M, CAP, Risk Register, and risk assessment scoring matrix, templates and guidelines.
• Worked in collaboration with a Big 4 to validate and certify third party risk evaluation framework.
• Developed a Standard Operating Procedure SOP detailing normal procedures for the enterprise TPRM process.

Technical Requirements: CoBIT, COSO, CSA 3.0, NIST 800-53, SOX, Governance, Compliance, Risk Management, Network Architecture, Cloud Computing, SAP, Archer GRC toolkit, Vendor Management.

Confidential

Governance, Compliance and Security Advisor

• Governance, Compliance and Security Advisor Supporting and coordinating good governance practices carried out by the Global Division of Human Resources Information Systems HRIS department.
• Forging relationships with stakeholders across different departments and lead others through various projects.
• Supporting compliance with challenging and changing regulations, IT audits, internal IT processes, and executing monthly and quarterly IT Governance reports.
• Collaborating as a Systems Architect to support integrations of interfaces and applications connected to the cloud MQFTE, SFTP, PGP keys, Hosting, Web Service .

Technical Requirements: SOX, Governance, Compliance, Risk Management, Network Architecture, Cloud Computing, SAP.

Confidential

Technology Internal Control Expert

• SME of the Technology Risk Management team working with Technology, Risk, and Lines of Business LOBs to evaluate risks and controls.
• Responsible for the education, implementation, and consultation of technology risk management practices with key stakeholder groups across the enterprise.
• Support technology in the evaluation of risks and controls, particularly when evaluating the risk and control self-assessment RCSA results for high risk applications across the enterprise.
• Provide education and advisory services to the application system managers.
• Complete the RCSA's document, including the following information: control profile and objectives, control design, evaluation of control operational effectiveness.
• Review risk and control self-assessment results, and communicate with the application systems manager's key concerns and questions review self-identified issues for consistency with control deficiencies.
• Maintain and update documentation, prioritize workload, participate in weekly meetings, and act as a resource to less experienced staff on routine to moderately complex issues.

Technical Requirements: SOX, PCAOB, Internal Audit, Risk Assessment, Project Management

Confidential

IT SOX Senior Auditor / Tester

• Examine whether users, owners, custodians, systems and networks are in compliance with internal security procedures and external laws and SOX regulations.
• Perform testing over ITGC and Business Process to the management on the appropriateness and of the security controls in place.
• Use GRC tool to evaluate configuration and policy compliance, database logs, and file access.
• Determine whether information systems are designed, configured, implemented, operated and managed according with business objectives and IT strategies.
• Discuss risk assessments to establish testing over control objectives associated with financial statements on integrated audits across multi-lingual environments.
• Perform testing procedures on financial trading systems to determine SoD meets industry standards and security procedures.

Technical Requirements: SOX 404, CoBit, Oracle GRC, Windows, UNIX, Murex, InTrade, SoD, Remedy BMC.

Confidential

AERS Specialist Sr. Consultant IT

• Evaluate non-standard, multi-tier infrastructures, examining customized architectures and solutions in collaboration with business owners Mainframe, AS/400 and Distributed Systems .
• Examine SOX 404 controls by delivering extensive fieldwork and documentation. Establishing IT and business contact relationships critical to obtaining data IPE .
• Assess business process framework and segregation of duties with integrated GRC tools.
• Perform interviews with minimal follow-up, diligent presentation of issues, suggestions for improvements.
• Work directly with leadership to create and execute strategic, systems-centric IT audit roadmaps, and covering newly installed technical solutions.
• Take on complex SSAE 16 SOC 1 audit requirements assurance reports, risk control testing, and other components .

Technical Requirements: SSAE 16 Type II, SOC 1, PCI DSS, ITIL v3, STARS Audit, AS/2, SOX 404, Oracle, Windows, UNIX, SAP, SAP GRC CUP, Oracle 12R, Oracle GRC, NIST 800-xx, Project 2007 and Project 2010, Mainframes, RCAF, ACF2.

Confidential

Senior IT Auditor

• Acting as IT Auditor, Jr. assisting with financial, technical and operational audits and special projects from Confidential
• Promoted as Sr. IT Auditor Confidential
• Managing SSAE 16 Type 2, COBIT, SOX 404, PCI DSS, C A engagements by overseeing the identification of control objectives, the assessment of risk, planning, supervising, and executing control testing and documentation of IT General, Application, and Process controls.
• Interviewing client IT staff for resolution of previously identified audit violations or weaknesses.
• Designing and performing IT general controls testing for Sarbanes-Oxley 404 compliance.
• Concluding findings and recommendations for risk reduction and policy compliance.
• On site in-charge project manager with staff for SOX 404 and SSAE 16 Type 2 compliance projects.
• Systems Audited: Enterprise Anti-Virus Firewalls, Network IDS/IPS, content Filtering, Virtualization and Web Application Firewalls, Routers and Switches configuration.
• Analyzing security tools that identify and protect the company from potential threats or internal security violations Web-based and host-based tools .
• Identifying potential areas where existing IT Security policies and procedures require change and where new ones need to be developed.
• Uncovering design, implementation and operational flaws that could be used to exploit IT resources using penetration testing and evaluation tools, manual testing methods, documentation review, and personnel interview.
• Evaluating, writing, and grading security and infrastructure recommendations that can strength the client's information assets.
• Rendering recommendations based on best practices and industry trends towards satisfying long-term business objectives.

Technical Requirements: SSAE 16 Level II, PCI DSS, ITIL v3, STARS Audit, SOX, GLBA, Cisco, TACACS , RADIUS, Tipping Point, Windows, UNIX, NIST 800-xx, Confidential

Confidential

Sr. IT Auditor

• Provided independent audit consultation and advocacy to evaluate and recommend HIPPA safety standards.
• Evaluated the design and effectiveness of IT General Controls and Application Controls, both operational and technical.
• Monitored internal compliance against HIPAA 164.306 Security Standards by conducting internal control reviews and risk assessments.
• Prepared audit plans, executive memos, executive summaries, and audit report.
• Reviewed results with senior IT management providing observations, conclusions and recommendations.
• Provided accurate, timely oral and written communications to IT and impacted management to discuss identified deficiencies, best practices and recommendations to improve compliance and mitigate risk.
• Recommend security policy changes and technical enhancements to IT Dept., IT Pharmacy and IT Clinical organizations.
• Systems and processes Audited: Telecommunications, Sunrise Clinical Manager integrated system, Pyxis, Invision, Ancillary systems, eGate interfacing system, Enterprise Master Patient Index EMPI , HL7, LAN/WAN, stored procedures, Replica, medication charge reconciliation, DRP/BCP, change management, access privilege controls, Hardware and Software inventory, Input / Output process and data integrity.

Technical Requirements: HIPAA, SOX, Internal Audit, Audit Plan, Governance, Compliance

Confidential

IT Auditor Consultant

• Acted as an independent IT auditor to perform a technical evaluation over global network assets and supporting components.
• SOX 404, PCI-DSS, C A engagements by overseeing the identification of control objectives, the assessment of risk, planning and supervising and executing control testing and documentation of IT General Control and Application process.
• Interviewed client's IT Staff for resolution of previously identified audit violations or weaknesses.
• Designed, performed and documented IT General Control testing for SOX 404.
• Concluded findings and recommendations for risk reduction and policy compliance.

Confidential

Senior LAN Administrator

• Installed, configured and activated Windows 2003/2008 on servers for the A-Life Hospital project. Used Windows Deployment Services to deploy images of Windows Server OS and other Operating Systems.
• Configured Server Storage. Manage Disks, Volumes and Partitions on Windows Server 2003.
• Installed and configured User Profile for Terminal Services. Enabled Remote Desktop and managed client sessions.
• Published applications using TS RemoteApp Manager.
• Installed and configured web applications, managed web server security and configured FTP and SMTP services.
• Managed User Accounts and Groups Active Directory using rights and permissions as part of the security systems control access to network objects and machine-specific resources.
• Used Group Policy Active Directory to managed and change control over workstations, servers and services.
• Administered VMware ESX 3.5 virtual infrastructure, Windows 2003/2008 servers, Citrix XenApp farm, Packeteer Packet shapers for WAN.
• Used monitoring tools to analyze host connectivity, systems and security management of heterogeneous applications and platforms Apps, DB, and Web servers, Q A environment .
• Used SharePoint and TFS to update training material, policies, procedures and incidents related with multiple business processes and projects.
• Led project development plans related to the network infrastructure IIS 6.0, VMware, Windows Server 2003/2008, Active Directory .
• Coordinated deployment of application components WFC Queue Service, Resolver, IIS for Web Services, copy of application CRD, App Server and UI
• Coordinated and managed Remote Access capabilities using Citrix and Cisco based VPN technology.

Technical Requirements: MS Windows Server 2003 Enterprise, MS Exchange Server 2003, SQL Server 2005, IIS 6.0, DB visualizer, Crystal 8.5 and XI, VMware 3.x, Citrix XenDesktop/XenServer, NetIQ, Project 2007, MKS, MARS, eRecords, CERNER, Quantum Imaging, 3M, Salesforce CRM, WebEx, Firewall, SCOM/MOM 2005, SharePoint and TFS 2005, Virtual PC 7.

Confidential

Information Assurance Engineer

• Designed and conducted regular audits of computer systems to determine that they are operating securely and that data is protected from both internal and external attack.
• Assessed assigned system to determine system security status and ensured adherence to FEMA security policy, procedures and requirements. Designed and recommended security policies and procedures.
• Evaluate information feeds and use reporting tools OWASP to maintain IT risk evaluation and compliance dashboard.
• Provided recommendations of product for upgrades, patches and other general security measures in order to better secure systems for various Federal entities.
• Supported and ensured Certification and Accreditation C A requirements based on NIST standards.
• Developed C A documents, such as System Security Plans, Privileged Users Guides, Customer Assessment Report, Customer Management Plan, Standard Operating Procedures, etc.
• Functioned as a technical liaison to any auditing group or government security entity.
• Provided expert technical advice and guidance to management and other technical specialists on critical IT security issues and supported the Information System Security Officer in evaluating the robustness of information assurance controls.

Technical Requirements: FEMA, FISMA, NIST 800-xxx, FIPS 199 and 200, OWASP GRC, Project 2007.

Confidential

Product Support Analyst

• Member of a Primary Tier 2 and 3 level support for all Web-based related issues supporting 60,000 locations Confidential
• Configured WWW, FTP, NNTP, and troubleshot new and existing web-based issues for Discovery java-based tool Linux, MAC, and Windows 2003 IIS 6.0 .
• Administered newsgroup, properties, expiration policies, and unman unneeded ISAPI application extension, allowed web service extensions for a specific application.
• Assisted on installing web-servers IIS 6.0 , synchronizing connection, indexing network-based libraries, ensure security and perform back-end proper application settings.
• Adding/modifying/deleting user accounts, resetting user's passwords, adding and sharing permissions on network resources.
• Supported file transfers using SSH and SFTP for password-less FTP logins, and NDM on SNA/IP environments.
• Supported Citrix Delivery Center methodology with specific attention to the following technologies:
• Presentation Server 4.5 and Citrix XenApp 5.0,XenDesktop 3.0,Access Gateway Advanced edition, XenServer, Provisioning Server, Web Interface 5x and enterprise XenApp client/plug-in management, Edge Sight, HDX Technology.

Technical Requirements: MS Windows Server 2003 Enterprise, Citrix, SQL Server 2005, DB visualizer, WebEx, IIS 6.0, Firewall, SAN. MAC computers.

Confidential

Level 2 Support Technician

• Supported and solved LAN/WAN technical problems including but not limited to servers, routers, gateways, hubs and switches Nortel, Bay Network, and CISCO .
• Verified monitoring system integrity and review network audit and event logs Open View, Cisco Works 2000 .
• Interacted with users and provided network user training to internal users.
• Administered and managed Windows NT/2K Active Directory Domain, Microsoft Exchange server, Windows 98, NT, XP Professional and various desktop applications including MS Office, and third-party application AIX, Lotus, GroupWise, Spam filter, Backup Exec, asset inventory software, Symantec Ghost and Diskeeper , and PDA Blackberry devices. .
• Logged all support incidents into helpdesk ticket tracking system in addition to monitoring the local office's queue and providing assistance to fellow IT support specialists when needed.
• Maintained all office PC systems including hardware, software, configuration, updates, patches, and more to minimize or potentially eliminate actual and potential down time experienced by the user community.
• Administered the UPS/Generator Power backup systems, capacity planning, cooling, server maintenance windows and SAN installation, maintenance and configuration.
• Configured Citrix products including Netscaler, Wanscalers, and Access Gateway solutions

Technical Requirements: MS Windows Server 2003 Enterprise, MS Exchange Server 2003, SQL Server 2005, MS BackOffice, WebEx, IIS 6.0, Citrix, Cisco EMC DMX1000, Firewalls, Remedy, SharePoint 2005, Remedy, MICROS, HP servers and computer, Symantec Ghost.

Confidential

Senior Support Analyst

• Provided technical support over the phone and e-mail, to end users of Fortune 500 companies.
• Documented steps taken to resolve problems using help desk ticketing system and responded to the ticket per the SLA requirement.
• Configured and troubleshot as needed a variety of user application, desktop, laptop and other peripheral devices.
• Contacted customer via phone to diagnose or follow up computer problems.
• Participated on meetings to update customer experience.
• Provided training to team members on new systems and policies.

Technical Requirements: Dell Inspiron, Dimension, Dell Power Vault, Dell PowerEdge Mseries

Confidential

E-Commerce Manager

• Led efforts for development of business requirements, business process redesign, measures of project success, change management, communications, project reviews and user-acceptance testing.
• Developed internal partner relationships and manage expectations throughout overall project life cycle to demonstrate effectiveness and value of Product Development team for future business needs.
• Aligned internal Internet initiatives in conjunction with Corporate Information Resources team.
• Translated the client's business requirements into systems design.
• Promoted online services and products in Central and South America.

Technical Requirements: MS Windows Server 2000, MS Exchange Server 2000, SQL Server 2000, Project 2000, FDA Bioterrorism UI.

Confidential

IT Director

• Directed systems and procedures and evaluated new systems and enhancements to existing systems.
• Recommended software/hardware changes to affect improvements, reduce costs and increase efficiency on a firm wide basis Citrix, RSA, and Windows 2000 Server .
• Managed core corporate and branch routing/switching using Cisco Catalyst 3500 switch stacks, Cisco routers, and several private WAN links MPLS/EPL maintain multiple site-to-site VPN links D.C., Chicago, Virginia .
• Ensured the operation of existing IT applications, systems and servers to guarantee smooth operations and that there is little to No server downtime.
• Evaluated new business requirements against technical requirements and recommended solutions.
• Responsible for Tadiram phone system maintenance, support and configuration.
• Responsible for IT/IS inventory management quarterly and annual .
• Responsible for the development and implementation of IT/IS security procedures and solutions
• Planned, designed, installed/set-up and ran one the company's first wireless networking environments for business using Standard 802.11 xs.
• Resolved a broad range of hardware/software issues: Active Directory, Wireless connectivity, software functionality, application server setup, data analysis, backup, operating system installation/configuration/troubleshooting , performance tuning, installation, migration, and upgrades to Client products Windows from 98, NT, 2000 to XP Pro SP1 .

Technical Requirements: MS Windows Server 2000, MS Exchange Server 2000, SQL Server 2000, Project 2000, Citrix 1.8, RSA, Intel Wireless, TCP/IP, Active Directory, DNS.