We provide IT Staff Augmentation Services!

Assurance Senior Manager Resume

PROFESSIONAL SUMMARY:

Experienced Global IT Security Leader and IT Operations Change Control Senior Leader experienced with System Development Lifecycle and IT Security implementation processes as well as Quality methodologies. Proven track record in reducing and/or eliminating repeat security vulnerabilities through implementing innovative security controls globally to ensure adherence to regulatory mandates. Skilled Controls and Compliance Senior Manager with over fifteen years of experience in IT Security and Audit. Strong background in forecasting, IT audit and risk analysis. Especially skilled in communicating between cross - functional teams, executive-level committees and Big Four companies.

TECHNICAL SKILLS:

SAP Supply Chain Suite, Financial Planning Tools, IT Project Management, IT Audit, ISO27001 and ISO27002, eDiscovery Compliance, PCI Compliance, SSAE16 Reviews, RSAM GRC, Archer GRC, Risk Control and Tracking System (RCTS), OpenPages FCM (Financial Controls Management), Mercury Interactive Automated Testing Tools for Web Applications, ClearQuest/ClearCase, Documentum (Information Lifecycle Management), PLM, Capability Maturity Model Integrated (CMMI), Microsoft Projects, Visio, Clarity Project Management, NIKU Project Workbench Solution, PRIMAVERA, Magic Call Center Solutions, Remedy Information Technology Service Management, Peregrin and Conturi Call Center Solutions, Lotus Notes, Domino Server, Cloud Computing (Azure), Oracle Financials, Siebel and PeopleSoft CRM Solutions, Kintana - Enterprise Change Management Solution, Windows NT/2000, LAN/WAN and OS/390 Administration, Unix, Linux, Solaris 2.x Novel Netware, Servers, Hubs, Routers, Switches, PCs, JAVA, XML, C++, SQL, TCP/IP, IPX, Sentinel Data Integrator, Percussion Notrix Data Integrator, Microsoft Office

PROFESSIONAL EXPERIENCE:

Assurance Senior Manager

Confidential

Responsibilities:

  • As Senior Manager of Risk Management and Governance for Corporate Information Security, Enablement with oversight for the following enterprise-wide cyber security services:
  • Direct team of 20 Security Engineers in the development of enterprise solutions to enable business strategies
  • Define and implement Enterprise-wide Cyber Security Data Governance, Risk and Compliance (CGRC) Strategy
  • Ownership of Cyber Governance Risk and Compliance Tool Definition and Strategy
  • Install Change Management Process to ensure all changes to GRC application are communicated and authorized
  • Implement advance metrics to provide a “single pane of glass view of Cyber Risk
  • Oversee Security Education and Awareness Enterprise Operations to include International Business Area Data Governance Regulatory Compliance Focus (e.g., U-CTI DFARS, SOX, etc.)Business Resiliency
  • Managed budget authority of approximately ~$5M of Overhead, Capital, and Direct to Business Area/Contract dollars Oversee and drive execution of the mission of establishing enterprise wide cyber security policy and managing identified cyber risks to closure
  • Own and drive an integrated risk approach and the CIS GRC strategy
  • Develop Continual Service Improvement (CIS) practices to ensure application is scalable for future enhancements
  • Identification and articulation of the enterprise cyber security risk posture and the facilitation and articulation of the CIS strategy, including the definition of cyber security indicators/metrics.
  • Oversee management of the on-going corporate business resiliency effort.
  • Collaborate across CIS, Enterprise Business Systems and all Clients, as well as with demonstrated cyber security leadership and management experience leading governance, risk and compliance or enterprise-wide/large-scale cyber security risk management efforts for internal and/or external customer environments.
  • Develop and test Business Continuity, Disaster Recovery and Destructive Resiliency Plans to ensure critical systems are recoverable.
  • Oversee ISO27001 certification of business practices aligning with COSO, COBIT and NIST.
  • Develop security education and awareness media to provide just in time resources to improve computing behaviors based on current cyber threats and incidents.
  • Represent Computer Information Systems (CIS) on IT Asset Management Center of Excellence Board (CoE) to develop data classification strategies to gain enterprise efficiencies and ensure CIA of Information.
  • Demonstrate exceptional communication and expectation setting skills with internal and external executive level personnel, colleagues, and subordinates
  • Recruiting and managing technical professionals
  • Team across organizational and company boundaries to collaborate with and influence others
  • Current Security Clearance - Secret
  • Top Secret (In Progress)

Senior Risk Management (Consulting)

Confidential, Mount Laurel, NJ

Responsibilities:

  • Performed risk assessments in a variety of sectors and may specialize in a number of areas including (enterprise risk, corporate governance, regulatory and operational risk, business continuity, cyber security, information and security and technology risk) for all Banks in the Midwest Region
  • Managed Regional Centers’ Risk Assessment and Remediation Strategies
  • Developed Threat and Controls Library to assist with mapping Threats to associated Controls based on an Integrated Security Framework inclusive of various risk management methodologies (e.g. COSO, ISO, NIST, etc.)
  • Provided Subject-matter expertise of all applicable regulations and audit standards such as ISO, SOX, SSAE 16.
  • Performed Vendor audits for compliance to regulatory mandates (GLBA, AML, PCI-DSS, GLBA, HIPPA, and SOC 1 and SOC 2)
  • Developed and present Executive Summaries to Risk, Compliance and Privacy Leadership teams on Security Posture
  • Provided Business Requirements and strategy for GRC Tool Implementation
  • Reported on Key Risk Indicators (KRIs) to identify oversight opportunities
  • Provided support, education and training to staff to build risk awareness within the organization

Sr. Manager, IT Security

Confidential, Philadelphia, PA

Responsibilities:

  • As Department Head, chair Policy Council to ensure adequate standards and controls exist within technology implementations to support financial reporting
  • Oversaw the development of long term strategy for global IT change control to streamline, consolidate and retire legacy systems to recover 10% of budget
  • Identified, investigated and remediated all “Critical and High” vulnerabilities in accordance with regulatory mandates
  • Managed Payment Card Industry (PCI) regulatory Quarterly Report on Compliance (ROC)
  • Worked with Security Operations Centers (SOCs) and Network Operations Centers (NOCs) to implement strategies to prevent and resolve vulnerabilities through vulnerability scanning, penetration testing, Security Information and Event Management (SIEM), Policy Management, Log Management/Alerts and other monitoring, prevention and detection strategies
  • Collaborated across multi-disciplinary teams throughout the company as a security expert
  • Developed and manage department budget and annual operating plan (AOP)
  • Managed off-shore and on-shore Governance, Risk and Compliance (GRC) and Service Delivery Security Assurance teams in implementing strategies to ensure compliance to various regulatory guidelines to secure company assets
  • Reviewed and reported on risk assessments to identify threats to security of information, systems, and computing assets throughout the Company
  • Evaluated and integrate ICFR (Internal Controls over Financial Reporting) with ISO 27001/ISO 27002 controls and framework
  • Evaluated systems, networks and processes for compliance with policies and standards, industry requirements, and applicable regulations and laws, and partner with business management to resolve any identified information security and compliance gaps.
  • Developed and evolved the information technology compliance assessment methodology through Process Improvement practices, and manage/conduct compliance reviews (e.g., PCI, SOX, SSAE16)
  • Develop KRI’s and KPI’s to manage Threat Events across the enterprise
  • Directed the development and implementation of security awareness programs and education
  • Member of the Incident Response Task Force providing critical IT Security Compliance Strategies to improve the over IT Security Risk posture of the organization
  • Communicated tactical and strategic plans to the Information Systems teams. Implements policies and procedures related to data security to protect financials.
  • Applies innovative ideas to old or new problems and fosters environment that encourages innovation
  • Prepared written plans and annually reports on contingency planning and data security for each critical system
  • Approved changes to current firewall rule based on business needs
  • Served as an internal auditor to ensure that appropriate precautions over information are granted high visibility and are considered in the design of new and existing systems
  • Consistently exercised independent judgment and discretion in matters of significance
  • Acted as resource and mentor for colleagues with less experience
  • Partnered with team members and business leaders to develop and understand metrics packages

Global IT Security Change Control Sr. Manager /Service Delivery Manager

Confidential, Camden, NJ

Responsibilities:

  • As Department Head reporting to “C” level leadership, oversaw the development of the global IT change control strategy and program with processes to optimize, standardize, centralize and globalize operational and business processes to deliver “best-in class” systems
  • Developed operating strategy and provide metrics for Service Delivery to optimize business resources
  • Oversaw the development of long term strategy for global IT change control to streamline, consolidate and retire legacy systems to recover 20% of budget
  • Developed Service Delivery Platform and create Service Catalog for Self-Service across Business functions
  • Prepared annual operating plan (AOP) for department
  • Provided global governance strategies and create direction for IT change, configuration, release and asset management for application and system installs, upgrades and decommissions
  • Managed global application and operations teams (appraisals, discipline, training, development, etc)
  • Oversaw the development of repeatable scalable solutions and workflows for enterprise applications (SAP, PeopleSoft, PLM, etc)
  • Participated and provided IT security controls oversight for manufacturing audits of the PLC’s and HMI’s enabled plant floor equipment
  • Oversaw the development of training and testing strategies on various business and IT platforms
  • Liaised with Legal and IT on eDiscovery and Document Retention Policies and Procedures
  • Oversaw Annual PCI and Privacy reviews
  • Oversaw SSAE16 Reviews with 3rd Party Vendors
  • Provided metrics and KPI’s on global operations
  • Applied quality methodologies to restructure legacy and outdated procedures
  • Oversaw the Global Change Authorization Board (CAB) for all infrastructure changes
  • Oversaw the Global IT Change Control Review Board (CCR) for all global applications
  • Implemented strategies to integrate business and IT applications based on ITIL Framework, NIST and ISACA guidelines
  • Evaluated and integrated ICFR (Internal Controls over Financial Reporting) with ISO 27001/ISO 27002 controls and framework
  • Evaluated systems, networks and processes for compliance with policies and standards, industry requirements, and applicable regulations and laws, and partner with business management to resolve any identified information security and compliance gaps.
  • Developed and evolve the information technology compliance assessment methodology, and manage/conduct compliance reviews (e.g., PCI, SOX, SSAE16)
  • Developed and oversee Global IT Change Control Website
  • Served on Diversity Committee to ensure inclusion, openness and empowerment at all levels

IT Security Internal Controls & Compliance Sr. Manager

Confidential, Camden, NJ

Responsibilities:

  • As Department Head reporting to “C” level leadership, created strategy and direction to coordinate the evaluation, design, implementation and maintenance of controls to protect the confidentiality, availability and integrity of critical information maintained or transmitted electronically
  • Managed control issues and efficiently close all IT audit issues and receive and “Adequate” rating (the highest rating)
  • Developed and implemented SOX Program for Global IT Shared Services, Business and Finance that reduced work effort and controls by 52%
  • Developed Control Self-Assessment (CSA) program for Audit
  • Closed 95% of all prior years’ audit and control issues and close audit issues at a 98% on-time rate
  • Prepared annual operating plan (AOP) for department
  • Oversee the efficient and cost effective administration of function activities; ensure function operates according to laws, policies, and procedures globally
  • Oversee SAS70 Reviews
  • Developed, created direction and implementation the of overall management audit plans, policies and procedures
  • Interpreted department audit program needs and determines priorities
  • Created direction for the assignments of audits to staff and maintains uniform application of departmental policy, the law and adequate auditing procedures and techniques for IT and financial functions based on ITIL Framework, NIST and ISACA guidelines
  • Prepared and recommended Compliance budget; monitors fiscal activity of the compliance program to assure conformity to fiscal goals and budget constraints; developed short and long range budget plans; reviewed fund expenditures and statistical data related to fund management and responds to information needs from the executive team
  • Liaised with Legal and IT on eDiscovery and Document Retention Policies and Procedures
  • Communicated and coordinated compliance programs and policies
  • Managed staff according to company standards (appraisals, discipline, training, development, etc.).
  • Identified and implemented tools to assist with SOX 404 Compliance, PCI Compliance and Privacy
  • Oversee SAS70 Reviews
  • Provided guidance and training to make SOX part of everyday activities
  • Provided guidance regarding SOX Compliance pertaining to SAP Implementations
  • Interpreted, Communicated and implemented SEC and PCOAB Regulations
  • SME for PMO regarding SOX compliance for IT and Business processes
  • Reported on IT Audit Issues in IT and Financial Controls Council meetings with “C” level Management
  • Served on Diversity Committee to ensure inclusion, openness and empowerment at all levels

IT Project Manager

Confidential, West Point, PA

Responsibilities:

  • Developed and implemented SOX Program for Global IT Shared Services that reduced work effort and controls
  • Development of Control Self-Assessment (CSA) program for Audit
  • Identified and implemented tools to assist with SOX 404 Compliance, PCI Compliance and Privacy
  • Provided guidance and training to make SOX part of everyday activities
  • Provided guidance regarding SOX Compliance pertaining to SAP Implementations
  • Interpret, Communication and implement SEC and PCOAB Regulations
  • SME for PMO regarding SOX compliance for IT and Business processes including CFR Part 11
  • Managed 5 application team in the preparation of Standard Operation Procedures (SOP)
  • Produced and audited Control Activity Assessments for Financial applications in compliance with Confidential
  • Managed Testing Cycle between external IT Auditors and project leads to ensure best practice
  • Managed remediation process of all deficient applications and processes
  • Created and uploaded completed test plans and work papers into IT Auditing Tool and Risk Control Tracking System (RCTS)
  • Followed up and remediated action items
  • Audited Business Continuity Planning (BCP) and Disaster Recovery Procedure (DRP) for best practice
  • Reported on IT Audit Issues in Controls Council Meetings for Executive Leadership Team

IT Manager, IT Security Quality Assurance

Confidential, Philadelphia, PA

Responsibilities:

  • Designed, created direction and managed 25-member cross-functional team for automated change management process and application requiring significant customization in the development of an enterprise wide Quality Assurance Division
  • Developed, managed and implemented automated change management application reducing software and processing costs by 40%
  • Developed IT strategic planning for HR and ADP for new HR processes and assist with implementation for Confidential (SOX) regulations compliance through coordination with Audit, IT and Finance
  • Prepare annual operating plan (AOP) for department
  • Designed, managed, documented and implemented IT-related policies, procedures, and version control with emphasis on BRP and DRP
  • Audited IT systems (IT Security, Microsoft Exchange Email, Internet and Mainframe, EDI) for risk and best practice
  • Acquired and managed implementation of Mercury Interactive Automated Testing Tools (TestDirector, WinRunner and LoadRunner)
  • Trained user on Automated Testing Tools and Best Practices for Testing
  • Produced and managed test cases, scripts and scenarios for all IT Projects

IT Project Manager, Quality Assurance-Marketing

Confidential, Atlanta, GA

Responsibilities:

  • Developed and implemented quality assurance standards and processes for warehouse management systems and inventory visibility applications
  • Audited IT financial systems and processes for best practice
  • Provided in-depth final review and analysis of operating results for P&L statement and performed month-end close
  • Processed monthly accruals
  • Reconciled financial statement, records and vendor contracts
  • Gathered business requirements and provided QA testing for supply change management (SCM) applications globally for pharmaceuticals adhering to FDA regulations and guidelines
  • Streamlined sales prospects database into one universal application by managing IT roles in marketing for Customer Relationship Management (CRM) project
  • Evaluated vendors and software based on Dunn & Bradstreet credit scores and made recommendations regarding implementation for global deployment
  • Managed implementation of Mercury Interactive Automated Testing Tools (TestDirector, WinRunner and LoadRunner) with Microsoft Projects
  • Trained users on Automated Testing Tools and Best Practices for Testing
  • Produced and managed Test cases, scripts and scenarios for all IT projects
  • Developed cost models to estimate cost-to-serve logistical solutions and pricing for Confidential operations to assist customers with “go/no go” decisions for pre-sales teams
  • Audited and managed financial applications and servers
  • Trained over 300 end-users and trainers as well as provided documentation on various business applications
  • Designed, tested and deployed applications as well as administered servers for over 500 end-users for global operations
  • Audited and managed financial applications and servers
  • Maintained departmental budgets totaling over $1 million
  • Approved and processed all invoices check authorizations, employee expenses and advances
  • Performed month-end close and rolled up into general ledger
  • Provided in-depth final review and analysis of operating results for P&L statements

Hire Now