PROFESSIONAL SUMMARY:

• Seasoned professional CRM (Certified Risk Manager) and Project Manager with significant years of project management consulting; analysis and implementation of the Confidential Cybersecurity Framework.; ISO 27001 and 27002; Sarbanes Oxley (SOX) Consulting; and auditing experience focusing in Governance Risk and Compliance utilizing the Lock Path version 2
• Key light Platform GRC tool as well as the RSA Archer Platform GRC tool; Metric Stream GRC Tool; Fiserv Frontier 5.0 tool; Business Intelligence (BI); Project Management, Access Identity Management and Rigorous Program Management. Privileged Access Management; Application Whitelisting; File Integrity Management
• Extensive Senior Project Management in Dual Shore Point experience utilizing Waterfall, Agile, as well as Scrum Software Development methodology.
• Project Management of PCI Versions 3.1; 2.0 and Version 1 implementation; Project Manager of major SAP ERP implementation projects including SAP Financials (FICO); SAP CRM and SAP SRM Solutions including SAP ECC 5.0 to 7.2; HANA; SAP Warehouse Management Systems. SOX Compliance Software tools implementation and evaluation. Oracle R12 Implementation and Analysis
• Extensive experience in scheduling responsibilities and developing and accurately maintaining integrated master/sub - project schedules, ensuring schedule logic is maintained, coordinating work activities with project team members, progressing schedules and assisting in identifying and resolving schedule conflicts as well as performance of User Acceptance Testing. Extensive experience in analysis and implementation of the Confidential Cybersecurity Framework.; Healthcare HIPAA, compliance and development of Standards and Guidelines to adhere to the Confidential, ISO 27001, PCI, ISO 27002, SOX, Dodd Frank Act, HITRUST
• The Volcker Rules; Meaningful Use Act and Sunshine Act requirement and compliance.
• Extensive experience in Compliance to NERC Version 3 and 5.1 thru 5.4; PCI Version(s) 2 and 3 Standards and implementation and performance of Compliance QSA Auditing.

TECHNICAL EXPERIENCE:

Project Manager in PCI version 3.1; PCI version 2;SAP ECC 7.2; 7.0;, SAP HANA; SAP COTS packages SAP ECC 5.0 Business One and SAP ECC 6.0 R/3 Functional Conversion; ISO 27001 and 27002; AWL; FIM; PAM; NERC 3 and 5.1; LockPath Keylight GRC version 2; RSA Archer GRC tool; MetricStream GRC Tool; ControlCase GRC Scan; Qualys Scan; Qualys Guard PCI Scan; PCI ASV Scan; ClearScan; ProCheckUp ASV; Nexus Scan; Nixu Watson Scan Fiserv Frontier 5.0 tool; Oracle R12 Implementation and Analysis; SAP Archiving; ERP; SDLC; Microsoft-Project 2007; IBM Web-Sphere MQ Series; 2003; 2002; and 2000; Access; Oracle R8 thru R12 Financials; SSAE 16 ; SAS 70; Microsoft SharePoint and Microsoft SQL Server; Business Intelligence; Hyperion Financials; JAVA; DIBS G/L; PRIMAVERA 5.0/8.0/9.1; Vitech (V3) Microsoft VISIO; Excel; Word; Power Point; Lotus Notes; Windows; MS-DOS; HP PPM; RUP; Waterfall, Agile, Scrum Software Development methodology; EDSNET; Win stub; Lotus 123; COBOL; FORTRAN; PL1

PROFESSIONAL EXPERIENCE:

Confidential, New York, NY

Senior Global Project Manager/Business Analyst

Responsibilities:

• Designed, implemented and documented Global information security systems and controls (e.g., file serverencryption, PCI, endpoint security, vulnerability and compliance management solution, securityinformation and event management).
• Lead Global information security projects as laid down in client’s information security strategy and deliveredthem within time, cost and scope.
• Defined, optimized and executed the vulnerability and patch management process. Developed reports from vulnerability assessment scanners, patch management tools, and emergingthreat information, advised on the risk remediation and monitored the mitigation of identifiedsecurity issues.
• Supported security monitoring and security incident responses with a focus on the implementation ofeffective preventive system security controls as well as containment, eradication and recovery ofinformation systems.
• Assessed system and application security requirements, threats, vulnerabilities and security risks incomplex, heterogeneous systems and throughout their life cycle.
• Developed, delivered and maintained comprehensive and consistent security solutions to mitigateidentified risks to an acceptable level.
• Specified, implemented and documented information system security concepts and information securitycontrols for new systems and operational systems in close collaboration with system owners andengineering groups.
• Delivered information security support services to architects and system/application engineers byproviding clear, concise and constructive recommendations regarding information system andapplication security.
• Assisted architects, system/application engineers in the identification and implementation of PCI and other appropriate information security controls and hardening of systems to ensure effectivesafeguarding of Clients information assets. Defined policies, processes, procedures, configurationbaselines and guidelines to ensure appropriate security risk management throughout the systemlife cycle.
• Defined system and application security baselines based on industry best practices, whichefficiently and effectively mitigated risks, while respecting functionality and operational constraints.Monitored compliance with hardening baselines and manage exceptions
• Performed technical security assessments of information systems and applications to identifyvulnerabilities and non-compliance with established security standards and recommend effectivemitigation strategies. Supported engineering groups with security engineering expertise in thedifferent security domains, such as identification and access management, authentication andauthorization, secure design, system hardening, risk management, vulnerability assessment andmanagement, security testing, secure software development. Supported the development andpromotion of information security policies, standards, processes and procedures and monitoringcompliance to the information security policy framework with a focus on information systemsecurity.
• Supported the development of a risk management framework for information system related securityrisks and manage information system related security risks accordingly
• Evaluated emerging risks and information security technologies to ensure an up-to-date informationsecurity risk register and defined and implement effective, state-of-the-art security concepts.
• Supported the development and maintenance of Client’s information security awareness program andtraining program with content dedicated for system engineers to ensure consistent managementof information system security risks.

Confidential, Fort Lauderdale, FL

Senior Project Manager/Business Analyst

Responsibilities:

• Senior Project Manager/Business Analyst with functional responsibilities in Implementation, testing and verification of the PCI Version 3.1 DSS Requirements and Mitigating Controls.
• Project Management, Implementation and Compliance oversite for 8 Major Mitigating Controls and testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, securing virtual and cloud environments, and access and identity management.
• Application Whitelisting
• Firewall Integrity Management
• Two Factor Authentication (2FA)
• Optimize Firewall Rule
• Enhanced Vulnerability Mitigation Deployment
• Advanced Persistent Threat Defense (APT)
• Data Loss Prevention (DLT)
• Privileged Account Management (PAM)

Confidential, New York, NY

Risk Management Officer

Responsibilities:

• Established the Controls Excellence Program for end-to-end business process as the Business Process Cycle.
• Led, participated as part of the core Controls Excellence management team focused on managing & leading strategic initiatives for Controls Excellence which increase value to the company and partner with leadership to influence and contribute to a strong optimal controls environment which addressed SAP, IT Compliance in SOX, PCI, HIPAA, HITECH reporting requirements, regulatory requirements and standalone reporting requirements.
• Supported leadership in preparing & reviewing deliverables, reports & presentations to Senior Leadership, including the Audit Committee
• Partnered with Controls Excellence Director and provided support in achieving overall goals and metrics of Controls Excellence, including supporting regular dashboard and Steering Committee requirements
• Participated in setting and achieving Access and Identity Management performance metrics
• Led, coached and developed resources to achieve the function’s objectives, including their longer-term career aspirations
• Led, motivated and developed the Controls Excellence Team to prioritize and allocate work in order to complete the review, documentation, and testing of key IT and financial business processes to support the Company’s senior management’s SOX, PCI, HIPAA, HITECH and analysis and implementation of the Confidential Cybersecurity Framework.; attestation responsibilities and meet other key Controls Excellence strategic objectives.
• Identified, managed and reported on all internal control deficiencies real-time and work with business Process Owners to facilitate the creation of action plans and remediation timetables to correct the deficiencies noted.
• Promoted the philosophy of collaborative team working environment, team development across all activities, and focused on the design of new and improved processes in order to achieve business objectives and continuously improve performance within the Controls Excellence Team.
• Partnered with business units and management to foster an environment whereby Controls Excellence was a strategic controls advisor to the organization and helped management effectively manage key IT, financial & regulatory reporting risks
• Worked effectively with key stakeholders, including external auditors and senior management, to promote alignment across understanding of Key Controls and managing expectations.
• Provided the technical and operational expertise and support to all levels of management for compliance with the Sarbanes-Oxley Act, PCI, HIPAA, HITECH and pronouncements of the Public Company Accounting Oversight Board (PCAOB) and the SEC.

Project Manager, Senior Business Analyst

Confidential

Responsibilities:

• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.4 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, securing virtual and cloud environments, and access and identity management.
• Primary areas of focus was
• Platform point of consolidation for governance,
• Analysis and implementation of the Confidential Cybersecurity Framework. risk and compliance information of all types
• Access and Identity Management enhancement seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.
• RSA Archer e-GRC Platform v5.4.4
• Modules
• Policy Management
• Risk Management
• Compliance Management
• Enterprise Management
• Business Continuity Management
• Vulnerability Risk Management
• Security Operations Management
• Incident Management
• Threat Management
• Vendor Management
• Audit Management
• Federal Assessment & Authorization
• Federal Continuous Monitoring
• GRC Platform

Project Manager, Senior Business Analyst

Confidential

Responsibilities:

• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.2 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, securing virtual and cloud environments, and access and identity management.
• Primary areas of focus was
• Platform point of consolidation for governance,
• Analysis and implementation of the Confidential Cybersecurity Framework. risk and compliance information of all types seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Access and Identity Management enhancement
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.
• RSA Archer e-GRC Platform v5.2.4
• Modules
• Policy Management
• Risk Management
• Compliance Management
• Enterprise Management
• Business Continuity Management
• Vulnerability Risk Management
• Security Operations Management
• Incident Management
• Threat Management
• Vendor Management
• Audit Management
• Federal Assessment & Authorization
• Federal Continuous Monitoring
• GRC Platform

Confidential, Mellon

Project Manager, Senior Business Analyst

Responsibilities:

• Removing sensitive authentication data and limit data retention.
• Protecting the perimeter, internal and wireless networks.
• Securing payment card applications.
• Monitoring and controlling access to IT financial systems.
• Protecting stored cardholder data.
• Analysis and implementation of the Confidential Cybersecurity Framework.
• Finalizing remaining compliance efforts and ensure all controls are in place.
• Vulnerability Management
• Oracle R12 functionality and Compliance Analysis
• Access and Identity Management
• Directly responsible for implementation team of 16
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• Change Management Compliance and Process Implementation
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Consulting in the research, design and implementation of The Dodd Frank Act and The Volcker Rules requirements.
• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.1 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
• Primary areas of focus was
• Platform point of consolidation for governance,
• Analysis and implementation of the Confidential Cybersecurity Framework. risk and compliance information of all types seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.
• RSA Archer e-GRC Platform v5.1.4
• Modules
• Policy Management
• Risk Management
• Compliance Management
• Enterprise Management
• Business Continuity Management
• Vulnerability Risk Management
• Security Operations Management
• Incident Management
• Threat Management
• Vendor Management
• Audit Management
• Federal Assessment & Authorization
• Federal Continuous Monitoring
• GRC Platform
• Directly responsible for implementation team of 10
• Oracle R12 Implementation and Analysis
• Compliance to Confidential
• Analysis and implementation of the Confidential Cybersecurity Framework.
• Vulnerability Management
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Access and Identity Management
• Writing and maintaining process procedures and controls
• Compliance to NERC Standards
• Business Intelligence (BI)
• Monitoring and controlling Identity Management applications access to IT financial systems Change
• Management Compliance and Process Implementation
• SSAE 16 Compliance

Confidential, Princeton, NJ

Project Manager

Responsibilities:

• Removing sensitive authentication data and limit data retention.
• Protecting the perimeter, internal and wireless networks.
• Securing payment card applications.
• Monitoring and controlling access to IT financial systems.
• Protecting stored cardholder data.
• Finalizing remaining compliance efforts and ensure all controls are in place.
• Vulnerability Management
• Directly responsible for implementation team of 18
• Consulting in the research, design and implementation of SOX and The Dodd Frank Act and The Volcker Rules requirements.
• Change Management Compliance and Process Implementation
• Analysis and implementation of the Confidential Cybersecurity Framework.
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Business Intelligence
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Compliance Monitoring of implementation of the Fiserv Frontier 5.0 tool

Project Manager, IT Corporate SOX Compliance

Confidential, Robbinsville, NJ

Responsibilities:

• Responsible for the successful planning and execution of the SAP Archiving, conversion and implementation project including defining project approach and gaining client, client engagement manager and project team member’s buy-in for 28 Solutions including SAP Financials (FICO) SAP CRM and SRM Solutions including SAP HANA environment.
• Dual Shore point responsibility managing the custom built combination of the best local and off-shore talent to bring the client the highest quality
• Change Management Compliance and Process Implementation
• Analysis and implementation of the Confidential Cybersecurity Framework.
• Vulnerability Management
• Writing and maintaining process procedures and controls
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Business Intelligence
• Compliance to NERC Standards
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• Using Rigorous Program Management/RPM led and directed implementation team of 23 contracted consultants and employees, responsible for the successful implementation of the Business Suite Module. Communicated project status, milestones and issues to project owners.

Confidential, Miami, FL

Project Manager, IT and SOX Systems Compliance and Testing

Responsibilities:

• Senior SOX Project Manager, SAP Project Manager and Subject Matter Expert responsible for the ERP transition from MAS 500 to SAP COTS package SAP ECC 5.0 Business One
• Direct implementation responsibility for the Business Suite Module. SAP Business Suite provided the company with industry-specific applications.
• Overall responsibility for the successful planning and execution of the SAP project for 24 Solutions including SAP Financials (FICO) SAP CRM and SRM Solutions in the SAP HANA environment.
• Dual Shore point responsibility managing the custom built combination of the best local and off-shore talent to bring the client the highest quality
• Compliance Monitoring of implementation of the LockPath Keylight version 2 Platform GRC tool
• Directly responsible for implementation team of 15 responsible for the Business Suite Module.
• Change Management Compliance and Process Implementation
• Vulnerability Management
• Analysis and implementation of the Confidential Cybersecurity Framework.
• ISO 27002, ISO 27001; SSAE 16 Compliance
• Oracle R12 Implementation
• Business Intelligence
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Communicated project status, milestones and issues to project owners.

Confidential, Madison Heights, MI

Project Manager, Systems IT Testing and Compliance

Responsibilities:

• SAP Customer Relationship Management (SRM) ECC 4.0 specialist with the functional responsibility to develop, coordinate and test IT corporate policies and procedures to meet Federal mandates for Sarbanes-Oxley compliance.
• Developed a fifteen (15) step audit approach to address the Information systems assessment.
• Performed User Acceptance Testing for 28 Solutions including SAP Financials (FICO) SAP CRM and SRM Solutions.
• Writing and maintaining process procedures and controls