SUMMARY

• Information Security professional with experience in Corporate wide Information Security (CIS), IS)27001& 2, Payment Card Industry (PCI), SOX, Privacy (PIPEDA), IT Audit, Strategic Planning and Business Continuity Planning (BCP) & Incident Reporting for stakeholders of telecommunications, finance, banking, manufacturing, publishing and Insurance industries.
• Possess a strong technical background with in - depth understanding of IT risk and internal control frameworks SOX (COBIT) and PCI DSS 1.1 &1.2.
• Broad range of experience in implementation of solutions to support business requirements using planning, analysis, design, development, and testing

TECHNICAL SKILLS

ERP: Oracle Applications (GL, AR, AP, CM, HRMS, PA, Inventory, Purchasing)

Databases: Oracle, MS Access

MS Office Tools: Microsoft Office (Word, Excel, Power point, Visio, Project)

Other Skill Sets: Business Requirements gathering, functional gap analysis, application design, configuration, module setup, writing training guides, training end users, production support, SDLC

Project Management: Industry StandardsPCI DSS (1.1, 1.2, 3.2), CoBIT, ITIL, ISO27001, ISO27002, ISACA IT Audit standards & Guidelines, BASEL, AML

PROFESSIONAL EXPERIENCE

Confidential

Cyber Security Specialist

Responsibilities:

• Audit Review and Mitigation: Recommended mitigation of identified security exposures from IT Audit report and coordinate remediation activities with Internal Audit and other external third parties
• Lead PCI Compliance Assessments to ensure the organization achieves PCI Attestation on Compliance on an annual basis in order to do continued business with Suppliers and Acquirers
• Supporting management in developing, implementing and managing the Cybersecurity Framework based on the roadmap
• Identify gaps in performance, recommend corrective actions and partner with ITS and business to implement process improvements for Governance, Risk Management and Compliance
• Research latest industry trends, contributing to the development of standards and practices for the client's businesses and in areas of domain expertise
• Liaise with Internal Audit, Corporate Compliance, and Risk Management to remediate new and outstanding issues and track security-related issues through to remediation
• Schedule annually and follow through to completion all required updates to Corporate policies, standards, guidelines and procedural documentation
• Promote and monitor corporate wide Cyber Security awareness program
• Conduct Vendor Risk Assessments for vendor selection process and contract management to ensure applicable compliance requirements are adhered to (PCI, HIPAA, SOC2, GDPR, ISO27001, etc.)
• Analyze security requirements for various project implementations and integration and perform initial Security Impact Assessment to identify applicable security controls

Confidential

SR. ANALYST - IT Compliance

Responsibilities:

• Maintain the Integrated Control Set (ICS) to ensure controls effectively satisfy the applicable compliance requirements (e.g. SOC1, SOC2, PCI, HIPAA, ISO 27001, SOX) spanning multiple business units and scopes.
• Execute Continuous Compliance Program of ICS controls through proactive planning, communication, and coordination
• Coordinate with accountable IT stakeholders and organizational business partners (e.g. HR, Legal, Finance, Product Management) to obtain their ongoing support of the ICS and Continuous Compliance Program
• Represent GIS Team in audits with auditors, while driving, tracking, and resolving all aspects of compliance readiness
• Coordinate with auditors and control owners to ensure clear understanding of expectations, applicable processes, evidence artifacts, and audit observations/findings
• Co-ordinate delivery of audit milestones to ensures audit timelines stay on target by escalating and identifying roadblocks
• Facilitate and track management responses and remediation/corrective action plans for audit findings
• Provide project/program management for process improvement initiatives to support the ITC/GIS organization
• Develop and manage tools for compliance use in monitoring and reporting of status, metrics, etc.
• Respond to Information Security and Compliance questionnaires from current and prospective customers

Confidential

IT Risk Consultant

Responsibilities:

• Conduct project level assessments/audits for Vendors to ensure they are compliant with Confidential CIP and have incorporated Confidential Security requirements
• Remediation activities for Audit gaps identified for IT general controls leveraging COBIT, ISO 27001, and PCI/SOX regulations and best practices - Audit assessments conducted by E&Y
• Responsible within BUSSC Group for assisting Confidential to achieve Confidential /CIP Compliance with reviews and submittals to Confidential and Regional Organizations ensuring data is comprehensive, complete and submitted on schedule to meet critical turnaround times and Confidential regulatory requirements.
• Assemble professional level documentation packages for submittal as compliance evidence for self-certifications with support from applicable SMEs; maintaining documentation for Confidential submissions filed on behalf of LOBs
• Aid functional work groups in formulating and implementing programs and practices which support compliance with Confidential and Reliability Standards. Track the development of new/revised standards and any action plans Confidential develops to ensure compliance with the standards prior to the mandatory enforcement date
• Assist in collecting and maintaining the storage of documentation and evidence required to demonstrate compliance and ensure that the retention of all documentation meets regulatory requirements.
• Assist with the development and implementation of compliance strategy, potential areas of regulatory compliance concern, and new government/regulatory developments.
• Aid in the development and administration of compliance related internal controls and corrective actions program.
• Responsible for the compilation and maintenance of Confidential /CIP compliance documents, performing assessments and analyses, and follow-up with LOB subject matter experts (SME).
• Accountable for working with the SMEs to create the necessary plans for audit preparation and Confidential /CIP mitigation activities. Assists with internal audits on other departmental initiatives and programs as needed.

Confidential

IT Risk Consultant

Responsibilities:

• Assisting technology partners in the interpretation of policy, risk, compliance, fraud prevention and operating procedures
• Conducting pRCSA (process Risk and Control Assessments) by creating high level Process mapping to ensure that effective risk controls are in place and adhered to support the business in meeting Operational Risk management requirements to identify Inherent risk and Control and assessment within the process; facilitate completion and follow up of Process risk and control assessments; gather control evidence collection for identified risks; follow up on remediation activities for deficient risks and controls
• Conducting pre-audit reviews to identify areas where further controls is required to effectively prepare the business and technology for audits
• Work with application teams to develop risk controls and respond to audit findings to ensure risks will be mitigated
• Project Managing on-going PCI assessment, timelines, issues, project updates to Stakeholder and internal departments, Providing PCI Subject Matter Expertise (SME) to ensure compliance with PCI regulatory requirements for on-going remediation activities
• Liaising assessment activities between Business, IT and QSA to complete interviews, observations and documentation review
• Acting as a single point for issues and recommended solutions interfacing with business and technology leads to ensure consolidation of audit and PCI gaps
• Other engagements - Assisting with Business Continuity Management (BCM) for DCTS LOB, Tracking of Disaster Recovery (DRP) status and completion of plan and test results, tracking of remediation of vulnerabilities with regards to Vulnerability Assessments (VM), defining and facilitating Vulnerability Governance Process.

Confidential

Enterprise Security Compliance Specialist

Responsibilities:

• Working with Procurement to identify existence of Security Clauses in existing IT Contractual agreements. In the absence of any identified security clauses, recommend corrective action to ensure amendments are in place with the current vendors.
• Working with Procurement and Legal to create a Vendor Security Governance Framework to ensure any new contracts and RFP’s include Information Security Clauses
• Responsible for the definition, design, development and implementation of Information Security Compliance framework.
• Participating in the establishment and implementation of processes and practices that effectively and efficiently ensure the adherence of business processes and technology practices across the enterprise to the enterprise Information Security policy as well as regulatory/legislative requirements and industry best practices.
• Collaborating with audit, privacy, and compliance functions as well as individual business units including IT to ensure that all IT security and compliance audits are conducted, non-compliances are tracked, measured, and reported, and inadequacies are remediated
• Ensuring the organization has PCI compliance for the applicable organization within the Confidential group of Companies
• Providing input for Steering Committee Meetings, Risk Management, Security Awareness, and review existing Policies and Procedures for Compliance Requirements

Confidential

Technology Risk Consultant

Responsibilities:

• Support Business Technology Risk Managers (BTRM’s) and Technology Service Support groups an overview of the Control Verification and Testing process for evidence collection and timelines,
• Create control testing grid with the BTRM to understand the scope of the application entity, Control Design, contacts for testing/evidence and evidence gathering activities for Application security controls
• Review and analyze evidence control documentation and sample evidence in a central repository for future Business and Audit reference
• Create and review draft Control Testing report and findings with the assigned BTRM and/or Steering Committee
• Support TRMIS accountabilities and initiatives and provide input into the Risk Management Framework
• Ensuring vendors adhere to security policies and standards and are in line with TD standards