Self - motivated Information Technology Professional seeking an opportunity to work in a challenging and dynamic environment. Extensive background in Information Technology, Audit, Operational Risk, and Information Security. Collaborated with Business Partners to understand key business processes, and identify key risks that could potentially impact the Company, Customers, operations, and Shareholder value.
PROJECT MANAGEMENT SKILLS:
- Provided leadership, direction, and expertise as it pertained to the IT Control environment.
- GLBA Compliance
- Anti-Money Laundering
- Sarbanes Oxley
- General Controls
- Application Controls
- SAS 70 (Type II) Audits
- Security Audits
- Security Technology Implementation Guidelines (STIG)
- Department of Defense IAVIA Compliance
- Federal Information Security Management Act(FISMA)
- Information Assurance Vulnerability Management (IAVM)
- Scheduled and facilitated client meetings, minutes, tasks, and communicated findings to Audit Management
- Ensured execution of Audit plans; timely and within budget
- Articulated best practices for technology processes and controls
- Assessed SAS70 type II reports for third party vendors to ensure control adherence to Company Policy and regulatory requirements
- Ensured vendor due diligence by reviewing contract language, performed vendor assessments, and validated Service Level Agreements met business requirements
- Created business impact analysis, contingency, recovery procedures, and test plans
- Evaluate the risks, controls, and impact affiliated with processes integrated into the present IT control environment
- Provided oversight for services outsourced to third party vendors
- Strong communication with technical and non-technical individuals, translating technology into common terms and concepts
- Microsoft Office Suite
- Lotus Notes Database
- Mainframe O/S
- SRR Scanning Tools
Confidential, Columbia, SC
- Partner with teams responsible for implementing to ensure compliance with NIST 800-53 Standards to enterprise applications, operating systems, and networks
- Revised Systems Security Plan and Risk Assessments as a part of the Certification and Accreditation process with the Centers of Medicaid and Medicare
- Partner with business partners and External Auditors to resolve findings Security Testing and Evaluation (ST&E) Audit findings
Senior Risk Advisory Professional (Contractor)
Confidential, Mclean, Virginia
- Served as a liaison and consultant to the IT Operational Risk Division to ensure the delivery of artifacts from Information Security resolved internal and external audit findings
- Monitored and tracked the progress of management action plans and ensured remediation of initiatives occurred timely to meet agreed upon deadlines
- Interviewed process owners to obtain artifacts required to support resolution of identified deficiencies.
- Reviewed security policies, processes, and controls to ensure compliance by the Line of Business
- Conducted independent testing activities to ensure certification and attestation of security controls were compliant with SOX 404 and COBIT control objectives
Senior Security Risk Analyst (Contractor)
Confidential, Columbia, SC
- Partnered with the Internal Controls Division in managing requests for Government regulated audits such as Tricare, Medicaid, and Medicare
- Provide leadership to assess, develop, and maintain the IT compliance and control environment
- Ensure IT policies, processes and standards reflect IT controls and modify as needed.
- Act as the liaison and single point of contact between Information Systems Technology and the internal / external auditors for Government Regulated Audits
- Work within IT to ensure proper documentation and evidence is maintained
- Lead the development, documentation and management of remediation and gap log action plans
- Partner closely with application management teams to provide guidance in process improvements as it relates to audit and remediation areas
- Perform assessments and risk analysis of all IT policy, process and standards and the IT control environment through interacting with all levels of management and staff
Senior Operations Risk Consultant
- Provided consulting services in the areas of process design for vendor compliance, vendor risk assessments, and other advisory services as needed to the Global Consumer Small Business Banking Group
- Partnered with business partners to work on special engagements such as vendor due diligence, and Supplier Manager Quality Reviews
- Evaluated the adequacy of control programs to mitigate compliance and operational risk
- Ensured issues impacting compliance and operational risk processes were evaluated and communicated to Compliance Operational Risk Management
Senior Information Technology Auditor
- Responsible for project management of assigned IT Audits and ensured the timely execution of the audit program the CIBT and Shared Services Divisions
- Drove the development of audit programs to effectively test key controls identified
- Conducted interviews and performed research to gain an understanding of the Line of Business being audited.
- Identified and evaluated the design and operating effectiveness of internal controls
- Supervised and coached the audit staff assigned to perform audit testing to determine the operating effectiveness of the key controls identified
- Identified and documented audit findings that arose from audit test work and presented findings to senior management
- Prepared audit reports for Senior Management review
- Made recommendations to strengthen internal controls, improving operations, and reducing costs
- Served as the Subject Matter Expert for enhancement of the Global Outsourcing Vendor Risk Management Audit Program
- Assessed end-to-end processes within the Line of Businesses and offered alternative solutions to mitigate risks.
- Served on Information Systems Security Standards Board reviewing Bank’s Policy, Standards and Baselines.
- Audited business units and evaluated processes that were categorized as high risks
- Performed test work and conducted change initiative reviews, identifying gaps and weaknesses.
- Provided oversight for activities related to the design and implementation of Privacy and Information Security related regulatory requirements.
- Served as a consultant in the development of a strategic approach to ensure compliance with GLBA, Privacy, and Sarbanes Oxley Requirements.
Information Security Manager
- Assumed responsibility for the Security Management function in the Capital Markets division, and worked closely with Senior Management to provide recommendations for strategic direction to strengthen access security controls.
- Served on the Security Task Force within Capital Markets and assisted in identifying best security practices.
- Managed 10 Security Administrators responsible for supporting over 200 applications within Capital Markets.
- Provided security recommendations assisting in mitigating risks associated with the theft, destruction, alteration and denial of access to information.
- Partnered with Corporate Information Security to enhance Security Awareness Programs within the Capital Markets Division.
- Partnered with the Business Continuity Team to ensure that the Business Resumption Plans for Information Security were current and addressed disaster recovery risks
Security Training Consultant
- Conducted training analysis needs for Information Security Personnel
- Provided RACF, TSO, and Orientation Training to the RACF Security Administrators and Profiling Teams.
- Developed Training Documentation for RACF and Top Secret Courses.
Information Security Manager
- Managed the daily production workload for Information Security Services Support Team
- Ensured that proper staffing levels were maintained and adequate resources and training were provided to the Security Staff to perform job responsibilities
- Researched and resolved issues that were escalated to Security Senior Management.
- Tested security functionality for new systems that became an integral part of the First Union Network environment