SUMMARY:

• Information Systems Security Risk Management IT Controls Audit & Compliance
• A team - oriented IT Security/Audit Professional with strong analytical, problem solving, communications, business development and great interpersonal skills.
• Possess a career history of over ten years of combined experience in Information Systems Security, Audit, Governance, Risk and Controls (GRC), Oracle Application Implementation, Finance and General Management.
• Well endowed with sound knowledge and hands-on experience and project management skills in all stages of systems development efforts including requirements definition, design architecture, testing and support using the best industry standards.

ENGAGEMENTS PERFORMED:

• Oracle/PeopleSoft GRC
• Information Systems Audit
• Change Management
• Governance, Risk & Compliance
• Apps & Gen. Computer Controls
• Risk Assessment/Impact Analysis

TECHNICAL SKILLS HIGHLIGHTS:

Tools: Oracle/PeopleSoft Advanced Controls Suite (OAC)Modules, TCG, CCG & PCG ACL and MS Office (Word, Excel, PowerPoint, Outlook, Visio, Project)

Databases: MS SQL Server, MS Access, Oracle (9i, 10g & 11i)

Operating Systems: UNIX, MS Windows NT (2000 & 2003)

ERP Application: Oracle Rel. 11i & 12.2x PeopleSoft 9.1/9.2

Methodologies: AIM, SDLC, ASAP Methodology.

Regulatory/Standards: ISO 27001, 27002, ITIL, FISMA, NIST, PCI-DSS, HIPPA, SAS 70, SOX, BASEL-II, GLBA

Frameworks: COBIT, COSO

PROFESSIONAL E XPERIENCE:

Confidential, Grand Prairie, Texas

Oracle GRC Lead

Responsibilities:

• Reviewed and improved security and access control procedures for Oracle EBS R12 business applications leveraging Oracle Advanced Controls tools (GRC) to identify security violations within and around business applications.
• Reviewed security configuration and settings against vendor recommendations and industry best practice while recommending changes, providing rationale and implementing approved changes.
• Reviewed current and recommended configuration and rationale with business representatives and obtained alignment.
• Validated performance of configuration monitoring and auditing, and recommended process improvements.
• Re-performed configuration audits as part of validation.
• Defined the Best Practices configuration for Oracle Advanced Controls suite during Client’s R12 implementation including Confidential, TCG, CCG and Confidential
• Defined and developed additional requirements around access and provisioning to meet Client’s requirements for ongoing compliance.
• Managed all phases of the implementation from requirement gathering phase through go live and post production support.
• Prepared all applicable deliverables such as requirement, setup/configuration documents, Test scripts and weekly status reports.
• Prepared and executed test plans for the Oracle Advanced Controls modules such as Confidential, TCG, CCG that were implemented
• Recommended remedial actions for SOD deficiencies identified and implemented advanced mitigating controls using TCG, CCG or Confidential tools
• Involved in all clients’ environments (Development, Test/UAT and Production) and provided best practice for change management and SoD rule promotion in respective instances.
• Tailored SoD policies based on client’s business process.
• Leveraged the UMX/RBAC capabilities within Oracle R12 environment to build custom roles, responsibilities, menu, users, Request Groups and Request Sets during Oracle Security Design Implementation to fulfill clients security requirements.
• Developed solutions surrounding system administrator functions such as evaluating user access, segregation of duties analysis, profile option management, responsibility design, user function and menu design.
• Worked directly with client’s stakeholders to develop and finalize on new functional roles and responsibilities before deployment into the system.
• Created, updated and ensured resolution of Oracle service requests (SRs)
• Created responsibility Design Matrix and reviewed with business users for approval and updated the matrix when needed.

Confidential, Dallas, Texas

Senior Specialist, Security & Controls

Confidential, Cincinnati, Ohio

Responsibilities:

• Reviewed client’s control requirements and optimize manual controls identified with the aid of Confidential using flow and form rules or combination of both where and when applicable.
• Primary responsibilities were centered on SoD rules review, updating rules to reflect audit deficiencies, process improvements and recommending best practices where appropriate.
• Validated SoD policies with key decision makers before loading into Confidential .
• Analyzed conflicts based on SoD policies defined, investigated and excluded identified false positives.
• Recommended ways to remediate and proactively mitigate against identified SoD issues such as Design and Assignment issues.
• Involved in all clients’ environments (Development, Test/UAT and Production) and provided best practice for change management and SoD rule promotion in respective instances.
• Applied advance mitigating control with the aid of Oracle GRCC tools (Form, Flow and Audit rules) within Confidential application where needed.
• Participated in the analysis of security business requirements, solution designs, solutions implementation, testing and migration of security solutions to clients various environments
• Worked with the business to identify and validate functional roles and to be system roles within Oracle R12 before deployment into the system
• Created custom functions, menus, responsibilities, request groups and profile options and performed unit and integrated testing of designs before releasing to users.
• Developed solutions surrounding system administrator functions such as evaluating user access, segregation of duties analysis, profile option management, responsibility design, user function and menu design.
• Worked with the client in the end user responsibility testing to ensure there are no access issues.
• Captured and consolidated all required and approved design changes and configured them in Oracle EBS application.
• Worked with Oracle Support to resolve issues surrounding clients environments by creating, updating and ensuring resolution of Oracle service requests (SRs)

Confidential, San Jose, CA

Responsibilities:

• Monitored security & control integration testing status
• Collated, summarized, and status each security & controls defect
• Troubleshoot and managed completion for all security & controls defects both in “Not Run” or “Fail” status
• Worked with project team members to remediate security & control testing defects
• Updated security & controls test scenarios, scripts and mapping wherever needed
• Worked with Client test script owners to answer security & control test scripts questions, clarify testing objectives, and educate wherever needed
• Performed updates to security & controls work products and deliverables as needed
• Kept Security & Control Client leadership apprised of root causes, trends, or analysis found while monitoring test execution­­­­­­­­­­­­­­­­­­­­­­.

Confidential, Dallas, Texas

GRC/Application Security Consultant

Responsibilities:

• Supported client’s effort to assess current state, identified customer requirements, and defined the future state of business solution.
• Had a working session meeting with client to identify in Scope Utilization Review Accreditation Committee ( Confidential ) Standards
• Reviewed and compared client’s Policies to Confidential Standards to ascertain client’s readiness for Confidential accreditation
• Assisted client in Security policy updates & provided Confidential feedback follow-up to client’s project team
• Identified security and compliance enhancements by reviewing security program activities relevant to Confidential CORE Standards and develop written recommendations.
• Generated Roadmap of potential enhancements.

Confidential, San Francisco CA

Responsibilities:

• Defined the Best Practices configuration for Oracle Advanced Controls suite during Client’s upgrade from 11i to R12 including Confidential and CCG.
• Defined and developed additional requirements around access and provisioning to meet Client’s requirements for ongoing compliance.
• Managed all phases of the implementation from requirement gathering phase through go live and post production support.
• Prepared all applicable deliverables such as requirement, setup/configuration documents, Test scripts and weekly status reports.
• Provided workshops and trainings for knowledge transfer and train the trainer exercise.
• Communicated with clients at all levels.

Confidential, St Louis, MO

Responsibilities:

• Designed, developed, integrated, tested and implemented PeopleSoft security for Human Capital Management (HCM) & Financial and Supply Chain Management (FSCM) modules
• Created and implemented Roles, Permission List, and User Profiles for PeopleSoft Human Capital Management HCM) & Financial and Supply Chain Management (FSCM) modules.
• Provided guidance and training on PeopleSoft security to end-users
• Defined the Best Practices configuration for Oracle Advanced Controls (OAC) suite of Application Access Controls Governor ( Confidential ) for PeopleSoft Human Capital Management HCM) & Financial and Supply Chain Management (FSCM) modules.
• Defined and developed additional requirements around access and provisioning to meet Client’s requirements for ongoing compliance.
• Implemented the Oracle Advanced Controls (OAC) Configuration Controls Governor (CCG) 5.5.1 for PeopleSoft 9.1 Human Capital Management HCM) & Financial and Supply Chain Management (FSCM) metadata
• Custom developed 30 PeopleSoft 9.1 objects using Metabuilder tool (recognized by Oracle as a Market Maker for this work with the GRC solution)
• Developed processes for tracking and comparing configuration between multiple environments
• Assisted in facilitating transfer of Oracle Advanced Controls (OAC) application knowledge to the sustainability team
• Maintained issues and risks log and projected to key stakeholders to meet exit criteria

Confidential, Dallas, Texas

IT/Security Auditor

Responsibilities:

• Managed Client’s engagement from start to finish and was responsible for project scoping, kickoff, setting project expectation, and overseeing of multiple audit engagements.
• Communicated effectively with all levels of management to ensure full understanding of IT objectives, risks and controls
• Tracked results of prior audits and facilitated appropriate corrective action.
• Adopted risk based approach to determine audit scope, the impact of control weakness and performed risk management of assets.
• Conducted several Applications controls (Oracle, SAP, PeopleSoft & Custom systems) reviews and ensured business objectives were met.
• Performed risk assessments, including identification, evaluation and documentation of IT business risks and controls.
• Tested Application Controls, including both Logical and Physical Access controls to ensure effectiveness of functionality, good reporting and interfaces.
• Performed security assessment on infrastructures to ensure that PCI-DSS compliance was properly implemented
• Performed review of controls around Sales Order to Cash, Procure to Pay processes, (including 3-way match around AP and AR processes), and advised on best practice entitlements.