Summary

• Expert at directing, maintaining, and implementing controls and procedures to protect information systems assets from intentional or inadvertent access modification, disclosure or destruction and achieve compliance to regulations, industry practices, internal policies, and contracts. Directs all aspects of security, integrity, and privacy of corporate data resources and leads in the definition, establishment, documentation, implementation and continuous updates of company-wide enterprise security architecture, policies, standards, methods and procedures.
• Continuously analyzes the current IT security and compliance environment to identify weaknesses and collaborates with Executive Management to develop opportunities for improvements including reducing complexity, reducing time and cost, and increasing effectiveness.
• C-Suite Stakeholder Presentations Vulnerability Assessment Mitigation Disaster Recovery/BCP
• IT Compliance, Change Management Information Security Policy Development
• System Analysis/Business Analyst Risk Assessment Management Workforce Planning Continuous Process Improvement Strategic Planning Execution Client Relations
• Audit/Assessment/Prep/Liaison PCI/Sox/COSO/CobiT/HIPAA/GLBA/270001 Project Management
• Requirements Analysis/Vetting RFP/Vendor/Security Tool Selection Client On-boarding
• NOTABLE
• Directed 4 Consultants in the development of policies and procedures for an Internet Payment Provider. Initiatives included PCI DSS 1.2.1 compliance on an extremely tight deadline. Partnered with CISO in creating policies and procedures, many over a weekend. Achieved compliance within 6 months.
• Project Manager and SME for Fortune 200 engagement. Achieved PCI DSS Tier 4 status.
• Disaster Recovery Project Manager for Global Financial Services Company. Implemented DR Testing procedures, planned and conducted tests and led post-mortem analysis. Created Infrastructure DR Plan to support Application DR Plans.
• Trusted Advisor, SME Project Manager for 3 month Privileged Identity Management initiatives to select a Vendor/ Product for a Fortune 80 Pharmaceutical firm to resolve a compliance issue.
• Disaster Recovery Architect and Member of Security and Controls Team for division of ExxonMobil with a 650 employee programming department built and tested 2 DR Plans BIA with RTO and RPO requirements.
• SART Team Lead. Strengthened NASA's International Space Station's ground-segment security. Planned and led bilateral information security summits with the International Partners in Canada and Russia.

PROFESSIONAL EXPERIENCE

Confidential

Harris County is the largest county in Texas, third largest county in the U.S., employing over 16,000.

Audit Manager

Performs and manages IT, Financial, and statutory audits. Critical audit initiatives include Disaster Recovery, Security, General Controls, infrastructure, pre-implementation, and post-implementation. Utilized Auto Audit.

Drives and delivers multiple, concurrent audit projects including:

• Disaster Recovery. Recognized IT Recovery Procedures were interpreted by Audit Services as a DR Plan. Planned for a follow-up audit of DR/BCP to include the framework, policy, requirements BIA , DR Plan, Plan Updates, Test Planning.
• Pre-Implementation Audit. Utilized expertise in risk management to help ensure successful production system Go Live recommended Production Readiness Checklist, and Go Live Plan to ensure coordination between departments in the decision to go live, and a back-out plan.
• Audit Reporting. Uncovered significant error in an audit report that was previously approved to be issued.
• HARVEY NUSZ Missouri City, TX HNusz3 aol.com 832.858.9205 page 2 of 3

Cognizant Technology Solutions

Confidential

Provider of custom information technology, consulting and business process outsourcing services.

Senior Manager, Data Center Compliance

Confidential

• Was Compliance Manager of 4 Data Centers being built out, a DR Pair in the US and a DR Pair in Europe.
• Directed development of 2 Disaster Recovery Plans and a Business Continuity Plan, utilizing resources from India. Ensured requirements were defined and met. On-boarded a client - FISMA Moderate compliance. Prepared for and hosted an audit in one of our data centers. Worked toward SOC 2.

Consultant, Senior Manager, GRC Specialist

Confidential

Added PCI SME consulting responsibilities.

Consultant, Manager, Security COMPLIANCE

Confidential

• Emdeon PCI Compliance. In collaboration with CISO, successfully drafted 20 compliance policies over a weekend and pushed 18 into production ensuring compliance trained SMEs on policies and procedures performed Post Implementation CISO said they would not have achieved compliance without my assistance.
• Dean Foods PCI Compliance. Successfully drove and delivered critical security initiatives ensuring client met deadline imposed by Merchant Banker.
• ING Disaster Recovery. Created Application DR Plan testing procedures, planned tests, conducted tests and led post-mortem analysis. Then created an Infrastructure DR Plan by discovering recovery procedures needed, vetting via facilitation sessions with a virtual team, and segued it to the Incident Management Team.
• Compliance, Security, and Disaster Recovery projects and results included:
• Business-critical initiatives included RFP responses and client meetings.
• I was responsible for building Disaster Recovery Plans and Test Plans, Compliance, and Security consulting.
• Abbot Labs. SME/Project Manager for a 3 month Phase0 Privileged Identity Management Firecall project to select a Vendor/ Product for a Fortune 80 firm. Selected Cyber-Ark.

First Data Corporation, Denver Omaha. Project Manager and Business Analyst in critical migration engagement for Primary and Recovery Data Centers without down-time.

Sears, Disaster Recovery Plan. Created plan within 2 week time limitation. Vetted with Internal Audit.

Confidential

• Start-up entrepreneurial initiative, concentrated on SOX reviews, preparation, audits, Security Reviews, and DR.
• Clients included El Paso Corporation, Stewart Title, BHP Billiton, Internet Providers, Bio-Tech companies, Energy Provider, Aegis Mortgage and Energy Construction Companies.

Disaster Recovery Architect, Security Controls Team

IT Security Engineer, Security Analysis and Response Team Lead

Confidential

Consultant, IT Security/Audit/Accounting

Confidential

IT Audit and Security Sr. Consultant

Confidential

IT Auditor

Confidential

AVP Senior IT Auditor

Confidential

IT Auditor

Confidential