SUMMARY:

• Information Security
• IT Compliance
• IT Audit & Internal controls
• IT Risk Management and Governance
• Vendor Security Risk Management
• Data Privacy
• Communication & Writing skills
• SAP, AS400, Oracle, Linux, Unix
• SOX; COBIT; COSO; PCI; ISO
• A talented and results - driven leader wif over 12 years of work experience spanning Cyber Security (Information Security), IT Risk
• Management, Data Privacy, Compliance, Internal Control, and Audit. Knowledge of governance controls & stewardship, vendor risk assessment and oversight program, PCI, SOX, HIPPA, and overall organization development.

PROFESSIONAL EXPERIENCE:

Confidential

Director, Cyber Security and Compliance

Responsibilities:

• Ensure that HCC's critical or sensitive information resources are identified, all information resources are assigned ownership, and that teh duties of owners are prescribed;
• Manage teh security of district-wide technology assets to ensure teh prevention, detection, containment, and correction of security breaches;
• Lead and serve as teh primary point of contact for technology security breach investigations;
• Coordinate IT security incident responses, investigations, and reporting. Ensure all incidents are identified and documented through resolution and that practices are put in place to prevent recurrence;
• Manage teh development, implementation, and testing of security controls and methods;
• Work wif Campus Police and IT Managers/Directors to remediate vulnerabilities;
• Ensure user lists are current and auditable; oversee procedures for password control; report to management on teh district and colege’s security posture; ensure proper backup procedures are established and followed; establish procedures to monitor and ensure compliance wif established security policies and procedures;
• Collaborate wif teh district Information Technology and colege Instructional Technology departments to ensure teh security of networks, servers, and systems and compliance wif HCC policies and government regulations;
• Use an integrated risk management approach to create executive-level perspectives on security risks that teh HCC faces.
• Participate in teh development of IT policies and practices;
• Direct efforts for including safeguards in teh development or acquisition of automated information systems;
• Maintain current noledge of applicable federal, state, and colege IT security rules, regulations, and standards; remain current wif industry trends and best practices;
• Act as teh primary internal contact person on matters related to security, maintaining good working relationships wif HCC, local, state, and federal law enforcement agencies, as well as other government agencies concerned wif security matters and keep management aware of legal and regulatory changes effecting information security, privacy, and computer crime;
• Coordinate wif Internal Audit to define their role in automated information systems planning, development, implementation, operations and modifications relative to information security and risk management;
• Develop and implement physical security standards and protocols for critical elements of teh IT infrastructure which include but are not limited to data centers, NOCs, IDFs, and MDFs; and
• Develop, implement, and maintain HCC’s Business Continuity and disaster recovery programs and plans including managing teh periodic testing of teh disaster recovery plan designed to protect against teh potential effects of a disaster.

Confidential

IT Security and Compliance Manager

Responsibilities:

• Responsible for assessing and managingIT department compliancefor Information Security, PCI, and ITGC/SOX control to include development and maintenance of acomplianceframework, as well as leading thecompliancecomponents of teh attestation processes
• Responsible for managing and supporting a team of 4 security employees while reporting to teh CIO
• Assisted in teh development and implementation of information security policy requirements and controls
• Oversaw teh building, enhancing and managing Service-Now Governance, Risk and Compliance solution
• Collaborated wif business owners to document new and existing business processes, process narratives, and documentation of security controls
• Developed security framework, incident response protocols and implement contingency plans
• Collaborated wif control owners to test security controls and ensure testability of existing controls and new security controls including ITGC testing of Change Management, Logical/Physical Security and IT Operations
• Collaborated wif control owners to address internal control weaknesses and exceptions identified by internal or external auditors
• Acted as liaison wif internal and external auditors for all SOX and PCI audit concerns, facilitation of meetings, annual walkthroughs, and discussion of remediation activities for identified deficiencies
• Built and maintained internal SOX control database based on control owner and auditor’s feedback
• Ensured Conn’s IT systems, applications, and processes comply wif PCI-DSS security requirements
• Collaborated wif business owners to develop and implement security controls to meet teh control objectives
• Monitored activities of IT systems and applications to ensure compliance wif internal policies and procedures including monthly, quarterly and annual account and activity reviews
• Oversaw and drive remediation processes to address issues identified via security assessments, key financial application reviews, access control reviews, internal or external audits, and/or other assessments.
• Understood and responded quickly to compliance needs and audit resolutions
• Aided in development and maintenance ofcompliancemetrics by providing visibility, operating effectiveness of controls, process stability, remediation status and action plan, insight, and analysis of teh effectiveness of teh overall IT compliance program
• Provided performance reporting related to information securitycompliancerisk and controls effectiveness to key stakeholders
• Strong noledge of information systems security standards and practices (e.g., security policies, access control, system audit, and log file monitoring, risk identification and assessment, risk remediation, and control monitoring and reporting)
• Provided security assessment of third-party and outsourcing contract services, and ensured that company

Confidential

IT Security Risk Manager

Responsibilities:

• Monitored activities of IT security systems and applications to ensure compliance wif internal policies and procedures including monthly, quarterly and annual account and activity reviews
• Conducted risk assessments and evaluations of new and existing 3rd party vendors at Confidential ; determining teh risk governance and control compliance
• Utilized RSA Archer to track incidents or findings through various stages from discovery to remediation.
• Evaluated and determined teh risk level for all applicable assets and vendors; determining teh assessment frequency and control expectations
• Planned and coordinated 24x7 operations resources, including internal teams and contractors
• Conducted 3rd party control and risk assessments against identified assets and vendors
• Reported and advised teh Risk Management Council of assessment results and changes to teh risk posture
• Coordinated wif IT and business teams to align control criteria effectively wif procurement, compliance, and legal expectations
• Advised leadership of industry and security changes on risk management that could be leveraged to improve program implementation
• Identified opportunities for improvements and cost-effective investment in IT systems and resources including staffing, sourcing, purchasing, and in-house development.
• Analyzed and applied information security and risk management practices
• Lead teh implementation of security platforms and systems
• Ensured that security assessments of teh environments are carried out to assess control effectiveness in teh organization
• Responsible for effective backup and disaster recovery plans for IT systems
• Worked closely wif senior management to align and develop IT capabilities/strategy wif overall corporate strategy.
• Planned, coordinated and implemented major IT projects, overseeing IT milestones
• Experienced wif national and international regulatory compliance and frameworks such as COSO, COBIT,

Confidential

IT Audit Manager

Responsibilities:

• Led quality controls wifin teh organization, which brought about teh improvement of controls from an average score of 8.8, and Ran client engagements from start to finish, which includes planning, executing, directing, and completing IT audits and business process control reviews and managing to budget
• Supervised, trained, and mentored associates and interns on audit and review process and assess teh performance of staff for engagement reviews
• Evaluated and tested business processes and business controls and identify areas of risk.
• Applied previous noledge of IT trends and systems processes to identify security and risk management issues and other opportunities for improvement
• Worked wif audit and assurance teams and teh client to plan engagement strategy, define objectives, and address technology-related controls risks and issues
• Worked wif management consulting teams to implement controls in new systems deployment.
• Tested system controls relevant to audit/SSAE-16 readiness efforts
• Strong background in all stages of teh auditing process, including planning, fieldwork, execution, risk assessment, reporting, and follow-up
• Planned and coordinated walk-through and detail testing of controls to determine if controls are properly designed and operating effectively; wif In-depth noledge of Sarbanes-Oxley Act, HIPAA, FISMA, SSAE 16 and PCI, Compliance, COSO, and COBIT framework methodologies for designing and validating business process controls
• Review and documented Application Access Controls and Application Controls Review Process.
• Planned and coordinated teh development of controls framework based on teh business risk appetite and SOX Risk Control Matrix (“RCM”) wif guidance from Internal Auditfor clients
• Identified IT-related risks throughout development phases. Areas include networks, operating systems, ERP, databases, security, and disaster recovery
• Tested compliance wif company policies and procedures to ensure it conforms to industry standards; such as HIPAA and PCI DSS frameworks
• Ensured audit tasks are completed accurately and wifin established time frames and budgets.
• Annual financial controls and operational controls and relevant audit to ensure compliance wif US GAAP, local GAAP, Tax
• Identified risks and utilized theoretical noledge to implement teh best audit approach.
• Ensured adherence to company policies and Corporate Audit procedures.
• Identified and evaluated teh risks during review and analysis of teh System Development Life Cycle (SDLC), including design, testing/QA, and implementation of systems and upgrades

Confidential

IT Auditor/IT Risk Analyst

Responsibilities:

• Designed and tested controls during financial statement audits, Sarbanes-Oxley (SOX) 404 audits and SAS 70 engagements, which helped our clients foster strong internal compliance mindsets
• Established working relationships wif client personnel, mid-level, and upper-level management
• Performed control design and effectiveness reviews as part of a management consulting engagement at a Fortune 500 company, which earned Deloitte over 10 million dollars in fees
• Responsible for teh timely entry of chargeable hours for my management consulting team to ensure that fees were paid promptly
• Collaborated wif Internal Audit departments at various companies to leverage Internal Audit testing where possible during audit engagements to create efficiencies