SUMMARY:

• 19 years as a consultant, executive manager as a CISO, CSCO, CSO, and advisory experience in enterprise security risk management, security architecture/design, privacy, d Confidential protection, organizational IT Security compliance and analysis, relationship management, vendor negotiation, deployment, cyber security, enterprise IT governance, risk assessment, compliance program development.
• Record of improving security postures, efficiency, productivity, and profitability through automation, process improvement, and advisement.
• Outstanding entrepreneurial, interpersonal, motivational, creative, and presentation skills.
• Logical, innovative, articulate, diligent, and driven.
• Able to assess, determine, and provide advisory to all levels regarding practices for compliance, risk management, identification, audit standards, the impact of “to - be” processes, enterprise transformation using best of breed/class solutions, and managing d Confidential protection/d Confidential leakage risks.

TECHNICAL SKILLS

Audit/Regulations: DOI MAR, SOX, AML, BSA (KYC, CIP), Control Creation, SAS70 (I&II), CoBIT, FD, W, B, Z, Market D Confidential Rules, NERC CIP (v3. V5), FERC, ITIL, Business Continuity Planning, Disaster Recovery, GLBA, Basel I/II, CFATS, 2257 (Adult Industry), Rule 508 (Accessibility), Meaningful Use (Stages 1, 2, 3)

Information Security: NIST Publications ( /53A, 34, 30, 3739, 94,115), Pen Testing, Vulnerability Assessments, Web App Security, D Confidential Classification, Ethical Hacking, Mobile/Portable Devices, D Confidential Retention/Destruction, DOI CyberSec Exams

Enterprise Program Authoring: Compliance, Security Management, SOC Guides

Financial Reporting: IFRS, FAS 123-R, Month End

Risk Assessments: SOX, PCI-DSS, MiFid, Reg NMS, MAR, HIPAA, 21 CFR 11, MiFid FAS 123-R, Patriot Act, OCTAVE

Information Privacy: EU Safe Harbor, Red Flags, EU D Confidential Directive

Architecture/Risk Management Frameworks: TOGAF9, CoBIT (3, 4, 5), NIST CSF

Network Technologies: Cisco, Juniper, CheckPoint, Oracle (SUN), Barracuda, Palo Alto NW

Organizational Effectiveness: Change Management, Business Process Re-Engineering,, And Marketing Internet Advertising, SEO, Media Buying, PPC, Affiliate, Google Adwords, YPN

Technology Expertise:

MS Office and Applications: Access, Excel, Power Point, Word, SharePoint, Visio, Office365

Reporting/Monitoring: Opnet Suite, Lasso Log-Logic, Arcsight, HP Quality Center, SolarWinds

Project Management: MS Project, Infinium, OneWorld, NiKU, Oracle Time, Confluence

ERP/CRM: SAP R3 (4.7), SAP R3 ECC (5, 6), SAP R3 EP (1-6), SAP Modules BW, HR, GRC, PeopleSoft (7.5, 9.x, FO, FIN, HR), Oracle (DB, 8i, 9, 10gi, 11), JDE (8.12, 8.9x), JDA, MFG/PRO, Siebel

Accounting/Finance: Great Plains (1.0, 10.x), Solomon IV, Tress, Hyperion, Pegasus, Exchequer, Sage

Banking/Trading Apps: HSBC, Comerica, Charles River, Equity Edge, InTrade, Sungard, OptionEase

D Confidential base: Oracle (8, 9r, 10gi, 11gR1, R2), Win2000/8 R8, SQL Server 2000, SQL, TSQL, DB2, Lotus Notes (6.0, 6.5, 8)

Storage: EMC, V Block, vaultComm Simpana (10.x)

Security: IDS/IPS, Snort, Metasploit, Core Impact, Nessus, Acunetix, WireShark, SourceFire, FireEye, EnCase, NetWitness, Gigamon, ForeScout

Systems: Windows (95/98, 2000, NT, Vista, 7), Mac OS (10.x), Linux (RH), RACF, CISC, UNIX, VMware (2.5.X. 3.5.X, 4, 5.0), MS Hyper-V

Cloud Tech: Amazon EC2, Windows Azure

Web/Network: Citrix, LDAP, ASP/.NET, Firewall Logs, Network Activity Reports, Cisco IronPort, McAfee PO Suite

Identity, Access Management, Single Sign On (SSO): CA, PingIdentity, Centrify Express

Risk/Document Management: ePM, e-Risk, Certus, PolicyIQ, Agiliance, RSA Archer eGRC (3.x. 4.3, 5.x, 8.x) Modules (CM/PM/RM/AM/BCM/VM, EM)

Social Media: MySpace, FaceBook, Twitter, FourSquare, Gowalla, Ustream, Google Wave, Omniture, OpenX

Mobile Technologies: iOS (3, 4, 5, 6), Android (GB, ICS, JB), BBOS, API, IoT wearables

PROFESSIONAL EXPERIENCE:

Confidential, U.S.A

Consultant

Responsibilities:

• Author formal SOC Program Guide for GLHEC Security Services
• Plan growth strategies with CSO for incoming loan volume increase with Federal Government
• Document as-as and to-be processes to help with increased workload capacity planning
• Environments: Win2008, Citrix, Confluence, VMware (v4.x), Cisco, Splunk, CheckPoint, Tripwire, Qualys, Remedy

Confidential, US

Consultant

Responsibilities:

• Authored Strategy Roadmap detailing client requirements for BCM and blueprint for Archer tool solution
• Lead strategic discussions and planning for utilization of RSA Archer eGRC platform in FCA US
• Author phased approach diagrams, methodology, and best practices
• Lead executive steering committee workshops to build foundations for enterprise tool governance program
• Served as the primary advisor to business continuity team members during strategic planning phase
• Chaired initial discussions of technical design and configurations in collaboration with technical architect

Environment: s: Win2008, Citrix, Peoplesoft, HTML5, VMware (v4.x), Cisco, ARCHER v8.5 Modules BC, EM, VM

Confidential, San Diego, CA, U.S.A

Consultant

Responsibilities:

• Provided strategic guidance and leadership to EGO NERC Compliance Initiative governing CIP01-CIP09 of NERC CIP v3, v5 requirements for utilities
• Identified critical d Confidential feeds from enterprise monitoring tool solutions to meet NERC CIP requirements
• Assessed process flow and authored draft ODA strategies for Security Awareness, Quarterly Access Reviews, Contacts, and Facilities.
• Provided NERC compliance strategies over design, deployment, and configurations of Cisco IronPort appliances
• Identified and collaborated with executive stakeholders on future phase solutions to further expand and integrate RSA Archer into additional business functions and processes

Environment: s: Win2008, Citrix, Oracle, LINUX (RH), HTML5, VMware (v4.x), iOS, Cisco, JUNOS, RSA ARCHER v8.5, EMC

Confidential

Consultant

Responsibilities:

• Assessed and executed security audit of key enterprise CSA Confidential -NCNU Policy Administration System (PAS)
• Evaluated Enterprise NW Security Architecture for critical PCI infrastructure weaknesses and risks
• Developed and executed audits of GCC and Security controls of critical systems vs. PCI, MAR, ITIL
• Authored final testing workpapers archiving in TeamMate risk management tool
• Developed audit plan and executed security configuration and NW transmission audits using ArcSight
• Authored security intensive audit plans of key infrastructure addressing application security risks
• Executed pen tests on PAS and interfacing network infrastructures vs. risks of OWASP 10, SANS 25, and internal CSA Confidential -NCNU Infrastructure and Application Security Configuration Standards
• Advised on architecture weaknesses in current CSA Confidential -NCNU plans to increase virtual technology, firewall setup/ placement, and executed app security testing (.NET, C platforms)
• Lead enterprise roll-out and acted as SME for control self-assessment tool (SAAMA eCSA)
• Authored process and programs, configured, and piloted enterprise usage of Qualys and AppScan vulnerability tools for CSA Confidential -NCNU governance, security, and Model Audit Rule initiatives
• Authored executive level report dashboards showing true pulse and state of CSA Confidential -NCNU Enterprise Network
• Evaluated enterprise NW Management strategy frameworks application of Cisco UCS against guidelines and business objectives

Environment: s: WinNT, UNIX, Cisco, Juniper, CheckPoint, Citrix, Oracle (11gR2), Agiliance, SQL, VMware (ESX 4.1 U2, 3), RHEL (v5), ServiceNow, SolarWinds (v8), Centrify Express, Office365, KeyLight

Confidential

Consultant

Responsibilities:

• Assessed Vendor Assessments Questionnaires for weaknesses, accuracy, and answer strength
• Audited internal and externally hosted Vendor Applications which interfaced with E*Trade Systems
• Compiled security and risk analysis reports on levels of risk from vendor security control failures, reviewed Qualys/Nessus scan reports on vendor infrastructure (NW infrastructure) for compliance and security risks
• Converted d Confidential for porting to upgraded version of Agiliance Risk Management tool
• Audited Vendor submitted SAS70/SSAE16 Business Continuity Plans, Vulnerability Assessments, and Penetration Tests for accuracy and acceptable levels of risk
• Reviewed Vendor interfacing apps for technical, functional flaws, and OWASP top ten web app risks
• Audited Vendor, E*Trade Privacy Policies, and Awareness Programs for compliance with state, federal, and international D Confidential Privacy directives
• Assembled mitigating controls for failed vendor controls as well as remediation guidance for known failures

Environment: s: WinNT, Citrix (Xen), Oracle (10g, 11iR1), Agiliance, VMware (v4.x), SQL, Cisco, CheckPoint, EMC, RSA, .NET, C

Confidential

Consultant

Responsibilities:

• Created standards, policy, & guidelines: LAMP, Social Media, AUP, Cookies/Privacy, QA, Mobil, Project Management, Documentation, Platform Ops
• Authored standards: DBs, Hosting, Flash, Code Markup, Deployment, Front/Back-End Development, SEO/ SEM, Video/Audio
• Created FDA control standards for: Med/Prescribing Information Submission, Validation Procedures, Lab Software

Environment: s: Win2000, Citrix (Xen), Oracle (10g), HTML5, Flash, LINUX (RH), PostGRE

Confidential

Consultant

Responsibilities:

• Authored documents with key SOX processes for both IT and Finance (US and UK)
• Lead client through strong internal control creation for Exchequer ERP application and AS/400 environment
• Drafted business process narratives for US, UK/Canada subsidiaries
• Designed end-user computing controls for key spreadsheets and d Confidential bases
• Scoped/assessed key applications and Cisco ASA policies (US, UK, Canada) identifying SOX risks
• Remediated work for all noted test issues and executed follow up tests (“to-be” process creation)
• Reviewed revenue recognition for warranty & service costs for compliance (S1 Filing Requirement)
• Assessed current IP asset protection risks and drafted processes to protect against loss to key asset (code)
• Conducted network vulnerability scans and pen tests on servers with key financial d Confidential in US and UK
• Assessed code change processes and controls for risk and compliance with Perforce tool

Environment: LINUX (RH), Exchequer ERP, Win2000, WinNT, D Confidential Centers, Cisco, Juniper, VMware (v3.5x)

Confidential

Consultant

Responsibilities:

• Assessed effectiveness of business process controls for MFG/Pro ERP and code mgmt (Perforce)
• Reviewed test plans, processes, and identified risks for SOX 404 IT General Controls
• Created and tested controls in accordance with CoBIT, COSO, and ISO27001 Standards
• Validated application d Confidential security at Mexico location to accounting governing board “Hacienda” tax
• Performed SOX audits and operational walkthroughs at Mexico locations (Tijuana, B.C.)
• Performed policy and security configuration audit of WebTrend proxy filter tool
• Provided drafts process upgrades to allow better AS5 alignment for Asia and Mexico sites
• Advised client to use more effective vulnerability/network scanner (Acunetix) to meet compliance
• Advised clients on efficient risk management operations, stronger user access, and IT Security (logical/ physical) controls for MFG/Pro and Tress ERP package (Latin America)
• Reviewed McAfee AV, SpyWare and Enterprise Server protection adequacy for overlooked security issues
• Assessed biometric hand scanning appliances, security, d Confidential management, monitoring, and regulatory concerns at Mexico, Malaysia, and US sites

Environment: Win2000, MfgPRO (AS/400), UNIX, SQL, Tress, RiskIQ, FM-200 (US & Mex D Confidential Centers)

Confidential, USA

Consultant

Responsibilities:

• Evaluated relevancy and effectiveness of IT process controls with CoBiT, ITIL, GLBA, and AS5 standards.
• Reviewed and updated TMS test plans for SOX IT 2007 testing on UNIX, Oracle, RACF, IT Security, DR/BCP
• Created remediation plans for SOD violations within Mainframe (RACF), SAP, and DB2.
• Authored draft user roles to meet internal compliance initiatives, recommended provisioning strategies based on job responsibilities, and guidance on how to effectively transition the current user base to the new design while not impacting normal business operations
• Performed Validation audits before handing off to IA and external (KPMG)
• Reviewed audit reports and usage of NMAP, Acunetix, and Nessus scanners
• Assessed wireless security tool (AirDefense) logs for anomalies and operating correctness (encrypt, pw)
• Created control remediation and sustainment plans for both IT and business process controls
• Assembled d Confidential for usage within ClearCase and ClearQuest document management tools
• Consulted client on server, network firewall settings, network appliance configurations (Cisco, Juniper, CheckPoint, SUN) and dormant account cleanup process changes

Environment: Win2000, UNIX, DB2, Cisco, Juniper, RACF, SAP R3 (v4.7), Lotus Notes (v6.5), Certus, UNIX, WinNT, Barracuda

Confidential,CA, U.S.A.

Consultant

Responsibilities:

• Evaluated relevancy, applicability, and effectiveness of key controls with JD Edwards One World ERP
• Reviewed test plans for SOX IT 2006 Testing using risk-based approach
• Tested user access/segregation of duty controls and configuration settings for JD Edwards One World ERP
• Tested controls against CoBIT and assisted in SAS70 Type II audits before external auditor (KPMG) review
• Assessed PCI risks and documented both “as-is” and “to-be” process flows to allow for compliance
• Drafted suggestions for remediation around access control, change control (Perforce), and virus scanning
• Consulted client and internal teams on more efficient controls compliance efforts

Environment: WinXP, JDE WM (v8.12), Cisco, Juniper, CheckPoint, AS/400, JDE (v8.12), SunGard

Confidential

Consultant

Responsibilities:

• Reviewed/formatted compliance documents for acceptance by automated compliance management tool
• Formulated strategy for document maintenance and executive alerts for compliance (SOX 302)
• Coordinated with Business Control Owners to review access control and application control design and effectiveness to avoid duplication of testing efforts
• Advised senior management advisor on SOX 404 best practices to meet external (D&T) guidelines.
• Tested ITGC, PCI, and key ERP application controls in Security, Change Management, D Confidential Operations/Management, Entity level, and End-User Computing.
• Assessed usage and configurations of McAfee Enterprise (servers, networks) as well as NIPS/HIPS
• Created remediation plans for SOD discrepancies and executed new tests for client

Environment: Win2000, UNIX, Oracle (9i), ePM, SQL, Defense-in-depth Security, Cisco, Juniper, eFax

Confidential

Consultant

Responsibilities:

• Reviewed current application changes and checked for accuracy in JD Edwards ERP
• Evaluated and revised Dole’s existing General Computing and Application Controls to better address SOX
• Directed SOX audit documentation activities and liaison to external auditors (D&T).
• Tested ITGC and application controls (GL, AR, AP, PR, TX, FA, EX, HR, IN, FR modules)
• Drafted and executed test plans for AS/400, JDE interfacing, and Hyperion (Essbase)
• Remediated/developed policy for Latin America, Europe, Asia, Security Logs, Access Management, and HR
• Reviewed HP Web Inspect policy, configuration, and reports for vulnerabilities and security violations
• Assessed risk on key JDE financial modules and user access control processes
• Evaluated process narratives for completeness/accuracy and drafted baselines for ERP upgrade (JD ONE).

Environment: WinNT, JDE (v8.11), Hyperion, e-Risk, Lotus Notes (v6.5), AS/400, Latin America D Confidential centers, Cisco, Juniper, EMC, VMware (v2.5.1, 2.5.2x), WebTrends

Confidential, CA, U.S.A

Consultant

Responsibilities:

• Managed enterprise compliance effort to comply with SOX, GLBA, Privacy Act, and customer d Confidential protection
• Provided GRC and security support to asset management, procurement, and Information Security groups
• Authored and executed audit programs on Cisco IronPort devices (configs, policies) for SOX compliance
• Authored project plans, WBS, Gantt charts, as part of PM practice and control document creation work
• Delivered and managed key IT process documents (SharePoint) for SOX, ITIL, Reg W, PCI, GLBA, SAS70 II
• Assessed overall IT risk and compiled both GRC and Security Thread Model documents for executive usage
• Authored PeopleSoft ERP process narratives and test plans for design/operational effectiveness audits
• Lead audits on policy/setup, configuration of McAfee RM Tools (Policy Advisor, AV, Rogue System, net sec, MOVE, NIPS/HIPS,
• Reviewed and made changes to policies on WebTrend proxy filter for compliance and security needs
• Executed internal/external vulnerability scans using NMAP, Acunetix, and BurpSuite to assess NW security
• Advised executive management on GRC and Security best-practices to improve internal control and security posture for SOX, GLBA, CAN-SPAM, and applicable banking regulations (AML, CIP)

Environment: Win2000, PeopleSoft (v7.5), MS Exchange, SQL, UNIX, LINUX (RH), IronPort, Cisco, Juniper, CheckPoint, McAfee RM, WebTrends, NMAP, BurpSuite, Acunetix, Lotus Notes (v6.5), Distributed D Confidential centers, VMware (v2.5, 2.5.0)

Confidential, San Jose, CA, U.S.A

Consultant

Responsibilities:

• Managed large project portfolio, including SDLC process management, and internal audits.
• Designed, authored, and presented executive level cost/benefit analysis reports for project governance.
• Provided IT audit services supporting enterprise control weaknesses, procedures/processes.
• Led IT audits of key information systems, applications.
• Authored risk control matrices and process narratives for enterprise GRC and Security requirements.
• Drafted business process re-engineering models and flows for projects involving process design tasks.
• Authored audit project charters, methodologies, guidelines, with integrated PMI control practices.
• Drafted executive reports on change, configuration, and incident tracking tools supporting Confidential GRC.
• Fulfilled security admin role for Lotus Notes, PeopleSoft, SAP, Bugzilla, and Perforce tool.

Environment: Lotus Notes (v6), WinNT, PeopleSoft (v7.5), Tivoli, Oracle (9), SAP R3 (4.7), RACF, DB2, UNIX, Bugzilla, Perforce, EMC, VMware (v1.0-1.5x), LINUX (RH)

Confidential, San Jose, CA, U.S.A

Consultant

Responsibilities:

• Internal Testing group liaison for web-based apps/projects
• Coordinated user acceptance testing related to web-based projects
• Compiled/maintained test libraries of scripts for a variety of projects as required
• Queried (SQL) Oracle d Confidential bases to extract required date for reporting purposes
• Developed and implemented departmental Win2000 upgrade
• Created operational reports and presented new tool research to management
• Developed areas of QA Team website and managed group network activities
• Wrote business requirements for subscriptions-based revenue generation B2C site with Rational Rose tools
• Coordinated team source code and project documentation into Starbase repository

Environment: Win2000, PeopleSoft (v7.5), UNIX, SQL, Cisco