Summary of Experience

Over 30 years experience in the areas of IT programming, operations, Project Management , Compliance, Risk Assessment, Audit, and Program management. Have created and implemented strategic plans and frameworks necessary to create the compliance programs, audit programs and security programs for multi billion dollar international companies that included data compliance, SDLC, networking, applications, Operating Systems, databases, responsibility assignments, testing methodologies, access management and roles definitions, segregation of duties, SLAs between organizations, departments and outside vendors. Provided guidance and attestation services to companies in the area of SOX, FFIEC, GLBA, PCI, HIPAA, OTS, OCC, SAS70, NIST, ITIL, ISO and IT compliance. Have managed audits and IT security reviews in over 20 countries.

Employment Experience

Confidential

• Chief Information Security Officer
• Responsible for the security of Palmetto infrastructure, applications and services both internally and those attached to Palmetto from external sources.
• Responsible for the strategic plan for the IT Division for Security, Change Management and Compliance
• Conduct a review is prior of any new systems, application, devices etc prior to being put into production to ensure that all security and compliance requirements are meet
• Disaster Recovery and Business Continuity plans to ensure that Palmetto can meet its contractual obligations
• Serve as Palmetto represented to the BCBS Security Council
• Responsible for ensuring that all audit and regulatory requirements FISMA, NIST 800-53, etc are meet and effective
• Work with internal and external auditors to review controls

Confidential

• Partner
• Provide guidance and attestation services to companies in the area of SOX, FFIEC, PCI, HIPAA, OTS, OCC, SAS70 and IT compliance.
• Identity Access Management Programs.
• Roles based accesses.
• Perform security reviews of architecture to include settings, policies, procedures and effectiveness of the architecture.
• Work with companies to ensure that their ERP systems Oracle, SAP are secure and that they will pass regular and compliance audits.
• Conduct reviews of process improvements such as ITIL, ISO, COBIT/COSO to ensure that the correct control set is in place.
• Create automated solutions to reduce cost, error rate and time it takes to complete an audit/compliance control.
• Review privacy polices to ensure that the company limits it legal exposure.
• Manage audit staffs for multi-national corporations to ensure timely completing of risk based audits.
• Perform audits in Europe, Asia as well as North America for clients requiring knowledge of privacy laws and different audit frameworks world wide.

Confidential

• Vice President and CISO, Risk Reliability Division
• Created and managed the Risk and Reliability Division. Departments within this division included, audit and regulatory relationships, IT and corporate security, release management, IT policies and procedures and business continuity planning business resumption, disaster recovery and emergency response .
• Oversaw an annual personnel budget of 4 million and staffing of 45.
• In conjunction with this role I was responsible for determining new data center requirements, finding a new data center location, developing the new infrastructure for the data center to include redundancy, high availability and new tape backup systems and getting senior management approval and funding for this 11.5 million project.

Confidential

Audit Consultant

• Responsible for writing new audit plans and documenting audit work for both internal and external audit review to include federal regulatory agencies.
• Review of all controls, both procedural and automatic for new applications and technology to ensure that they were appropriate and comprehensive.
• Wrote and conducted audits on projects involving Secure Electronic Transaction SET , Firewalls, PKI, Proxy Servers, Smart Cards, SSL3, Encryption and E-commerce.
• Monitored and evaluated all Disaster Recovery plans and test. Responsible for reviewing and testing IBM MVS security and disaster recovery plans.

Confidential

Manager IT Audit

• Responsible for managing, auditing, consulting and project leadership of a variety IS projects for Sun-Maid Raisins, Sunsweet Prunes, Diamond Walnuts, Valley Figs, and Oregon Hazelnuts.
• Developed and implemented all audit programs for a variety of computer systems and applications, including UNIX, Sybase, Novell 3.x 4.x, Windows applications, UNISYS mainframe, VMS and Client/Server applications.
• All audit documentation had to meet Internal Audit Association standards. Project manager for the installation of the companies first LAN using Novell NDS.

Confidential

Vice President

Managed all IT functions for the Risk Asset Review Division. Responsible for all data processing needs for the Division, including LAN, mainframe, PC and statistical programming for exams. Developed a monitoring system to provide early warning of potential problems with all banking systems and applications.

Confidential

Automation Manager

• Managing a MicroVAX/VMS computer center and Microsoft NT LAN. Installed and maintained a mobile IBM mainframe.
• Responsible for designing, procuring, and installing all data processing equipment for the 91st Division. Past assignments have included fielding of mobile IBM mainframes and PC LAN systems and creating disaster recovery plans for all army data centers in the Pacific. Obtained the rank of Lieutenant Colonel.
• Professional Accomplishments
• Certified Information System Auditor CISA
• Certified Information System Security Professional CISSP
• Certified in the Governance of Enterprise IT CGEIT
• U.S. Army, Command and General Staff College
• Platforms: UNIX, AIX, IBM Mainframe, VMS, NT
• Networking: Secure Electronic Transaction SET , Firewalls, PKI, Proxy Servers, Smart Cards, SSL3, Encryption and E-commerce, Novell, Active Directory
• ERP: Oracle, SAP, Lawson, MAS 500, Hyperion, Timberline
• Databases: IMS, Oracle, Sybase, MS SQL, Access, IDMS, VSAM
• Standards: SOX, ISO, HIPPA, SAS70, PCI
• Frameworks: COBIT/COSO, ITIL, EU Privacy, Safe Harbor Act, California Privacy laws
• Programming: COBOL, databases, ERP development, Software development