Summary

• I started in IT in programming and analysis, managed a small shop, moved to IT Audit, and returned to IT in Security and Disaster Recovery, then Sox Auditing and Consulting, then Compliance. This allows me to bring the perspective of an IT Professional to my role as an IT Auditor.
• Auto Audit, Teammate Performed over 250 audits Change Management
• Sox experience, IT and Financial Discovered and Vetted Controls Testing and Remediation
• C-Suite Stakeholder Presentations Vulnerability Assessment Mitigation Disaster Recovery/BCP
• GRC experience, Archer Training Policy and Procedure Development Information Security
• System Analysis/Business Analyst Risk Assessment Management Contract Review Continuous Process Improvement Strategic Planning Execution Audit Liaison
• Audit/Assessment/Prep/Liaison PCI/Sox/COSO/CobiT/HIPAA/GLBA/270001 Project Management
• Requirements Analysis/Vetting RFP/Vendor/Security Tool Selection Client On-boarding
• NOTABLE
• Assisted TEPPCO in Sox Testing, reviewed the key controls in a web application.
• Assisted El Paso Corporation now Kinder Morgan in Sox Testing, then in revising controls to CobiT 4.1, then assisted Internal Audit in auditing the Annual Disaster Recovery Exercise and DR Plan.
• Project Manager and Audit Liaison for McDermott, hosting PwC in Sox Testing.
• Assisted several other firms in their Sox needs, covering the gamut of discovering controls, testing controls, and remediation, over the 2004 2007 time period.
• Project Manager, directed 4 Consultants in the development of policies and procedures for an Internet
• Payment Provider. Initiatives included PCI DSS 1.2.1 compliance on an extremely tight deadline. Partnered with CISO in creating policies and procedures, many over a weekend. Achieved compliance within 6 months. A key member of the Program Management Team and Audit Liaison to the Qualified Security Assessor.
• Disaster Recovery Project Manager for Global Financial Services Company. Implemented DR Testing procedures, planned and conducted tests and led post-mortem analysis. Created Infrastructure DR Plan to support Application DR Plans by leading virtual teams and discovering Recovery Procedures.
• Trusted Advisor, SME Project Manager for 3 month Privileged Identity Management initiatives to select a Vendor/ Product for a Fortune 80 Pharmaceutical firm to resolve a compliance issue.
• Program Manager and Disaster Recovery Coordinator, and Member of Security and Controls Team for a division of ExxonMobil with a 650 employee programming department built and tested 2 DR Plans, working with the Data Center in another division led BIA with RTO and RPO requirements and recovery strategy.

PROFESSIONAL EXPERIENCE

Confidential

Harris County is the largest county in Texas, third largest county in the U.S., with over 16,000 employees.

Audit Manager

Performed and managed IT, financial, and statutory audits. Critical audit initiatives included Disaster Recovery, pre-implementation, and post-implementation. Utilized Auto Audit.

Drove and delivered multiple, concurrent audit projects including:

• Disaster Recovery. Recognized IT Recovery Procedures were interpreted by Audit Services as a DR Plan. Planned for a follow-up audit of DR/BCP to include the framework, policy, requirements BIA , DR Plan, Plan Updates, Test Planning.
• Pre-Implementation Audit. Utilized expertise in risk management to help ensure successful production system Go Live recommended Production Readiness Checklist, and Go Live Plan to ensure coordination between departments in the decision to go live, and a back-out plan.

Confidential

Provider of custom information technology, consulting and business process outsourcing services.

Senior Manager, Data Center Compliance

• Was Compliance Manager of 4 Data Centers being built out, a DR Pair in the US and a DR Pair in Europe.
• Directed development of 2 Disaster Recovery Plans and a Business Continuity Plan, utilizing resources from India. Ensured requirements were defined and met. On-boarded a client - FISMA Moderate compliance. Prepared for and hosted an audit in one of our data centers. Worked toward SOC 2.

Consultant, Senior Manager, GRC Specialist

Added PCI SME consulting Responsibilities

Consultant, Manager, Security COMPLIANCE

• I was responsible for building Disaster Recovery Plans and Test Plans, Compliance, and Security consulting.
• Business-critical initiatives included RFP responses and client meetings.

Compliance, Security, and Disaster Recovery projects and results included:

• ING Disaster Recovery. Created Application DR Plan testing procedures, planned tests, conducted tests and led post-mortem analysis. Then created an Infrastructure DR Plan by discovering recovery procedures needed, vetting via facilitation sessions with a virtual team, and segued it to the Incident Management Team.
• Dean Foods PCI Compliance. Successfully drove and delivered critical security initiatives ensuring client met deadline imposed by Merchant Banker.
• Emdeon PCI Compliance. In collaboration with CISO, successfully drafted 20 compliance policies over a weekend and pushed 18 into production ensuring compliance trained SMEs on policies and procedures performed Post Implementation CISO said they would not have achieved compliance without my assistance.
• Abbot Labs. SME/Project Manager for a 3 month Phase0 Privileged Identity Management Firecall project to select a Vendor/ Product for a Fortune 80 firm. Selected Cyber-Ark.
• First Data Corporation, Denver Omaha. Project Manager and Business Analyst in critical migration engagement for Primary and Recovery Data Centers without down-time.
• Sears, Disaster Recovery Plan. Created plan within 2 week time limitation. Vetted with Internal Audit.

Consultant, 4 IT Security, Governance Compliance

Confidential

• Start-up entrepreneurial initiative, concentrated on SOX reviews, preparation, audits, Security Reviews, and DR.
• Clients included El Paso Corporation, Stewart Title, BHP Billiton, Internet Providers, Bio-Tech companies, Energy Provider, Aegis Mortgage and Energy Construction Companies.

Disaster Recovery Architect, Security Controls Team

Confidential

IT Security Engineer, Security Analysis and Response Team Lead

Confidential

Consultant, IT Security/Audit/Accounting

Confidential

IT Audit and Security Sr. Consultant

Confidential

IT Audito

Confidential

AVP Senior IT Auditor

Confidential

IT Auditor

Confidential