CAREER SUMMARY:

• Results driven and experienced Senior IT professional. Broad knowledge of software development lifecycle, Information and Data Security best practices, IT Controls implementation, and awareness of new approaches and techniques in information security technology .
• Hands - on experience administering Identity and Access Management Systems.
• Ability to build strong working relationships and partnerships across organization with a collaborative and consultative approach .
• Strong analytical, quantitative, and problem solving skills to identify business and process improvement opportunities and risks, implement procedural change, and establish Internal Controls and Adherence Routines .
• Expert knowledge in Regulatory Compliance Standards including Knowledge of regulatory compliance requirements including HIPAA/HITECH, PCI, ISO, SSAE16, Safe Harbor, Data Privacy, Sa rbanes-Oxley (SOX), SSAE-16, COBIT Framework. CISM certified and working on CRISC certification in 2016.

EXPERIENCE:

Confidential

Responsibilities:

• Ensure Information Security Compliance to governmental and industry standards and processes.
• Establish credibility and maintain strong working relationships with senior leaders involved with information security matters (Legal, Business Development, Internal Audit, Fraud, Physical Security, Developer Community, Networking, Systems, etc.).
• Be responsible for building information security as a core competency throughout our relationships with our internal teams/partners/vendor; this includes consulting, and providing education and training to the organization.
• Integrate information security into organizational IT processes and business development.
• Provide support for various time sensitive security projects.
• Establish metrics and regular reporting mechanisms for measuring security risk, compliance and security posture of teams across Comerica.
• Work proactively with business teams to ensure compliance objectives are met.
• Be responsible for continual process improvement and innovation in assessment process.
• Evaluate complex business and technical requirements, and communicate inherent security risks and solutions to technical and non-technical business owners.
• Deliver findings, recommendations and remediation steps for all activities.

Confidential

Program Manager

Responsibilities:

• Responsible for the direct implementation of Security, Audit, and Compliance standards requirements for all Confidential Dealer Systems in Sustain.
• Manage internal controls around data and access, review data access at EDI partners, 3 large banks complete the process on a daily basis.
• Review Access Management for all SOX / PCI classified applications across Dealer Finance on a quarterly basis and yearly for Non SOX / PCI applications. Applications are spread across Web Applications, Mainframe Applications (Mainframe TSO ID’s and Associated Confidential rules, E ID’s and associated usage) and some thick clients.
• Review Privileged Access roles for - UNIX, SAP, Databases - DB2, Oracle and SQL, Endevor, SVN for all Confidential Dealer Systems in Sustain.
• Review SAP user roles setup, Segregation of duties in SAP and DB2 and many other SOX applications.
• Review and Approve SAP firefighter ID’s, DB2 Emergency ID’s and Executive office ID’s for applications.
• Work with all Confidential stakeholders to monitor and remediate any non-compliance issues for SOX controls, User Access or Security Management.
• Work with Confidential Corporate Security group to understand security vulnerabilities arising from Veracode, WhiteHat, Cenzic, Webinspect, Qualys and Penetration testing and work with Application Owners to remediate the same.
• Apply Program Management and ITIL principles and establish a common process across all lines of business to fulfill the requests from Audit, IT Risk and Compliance and IT Security.
• Interface with external and internal audit teams for all auditable items - user access, privileged access, change management, security scanning, configuration management for applications and infrastructure.
• Map and Review SSAE 16 reports for 5 vital / critical vendors and participate in their IT controls assessment to assess risk, impact and remediation requirements.
• Create security exceptions in Archer for any security related residual risks arising from any control weakness - access reviews, Vulnerability scans, Privileged access reviews or as the case may be.

Program Manager

Confidential

Responsibilities:

• Daily over-site, management and planning for the operational actions required to sustain the daily operations of Confidential systems operations and all established interfaces.
• Responsible for all interfaces - internal (SAP, general ledger, IW, CARS, SA and other receiving applications) and external - EDI services provider Confidential and banks.
• Manage an outsourced distributed computing environment - Mainframe and Unix across 3 vendors, 8 vendor resources and 2 employee resources.
• Manage all daily operations, execution of SOX and financial controls, IT Security controls, assist with business process controls, review SSAE 16 reports (IT Controls) for all associated vendors.
• Work and collaborate with delivery teams and internal control staff to define and implement controls with the objective of reducing the cost of compliance, embedding internal controls and creating a sustainable control environment in an outsourced model.
• Participate and support the annual Sox compliance audit, Finance Internal Controls audit and IT internal audit. Also responsible for assuring that the internal control processes and practices are optimized, enabling SmartCash to continue to comply with controls in an efficient and effective manner.
• Comply with all Data Privacy regulations and attest to user access compliance and SOD on a monthly basis and as and when required for the application suite and the infrastructure.
• Work with IT Security, IT Compliance and the Business to remediate areas of identified risk within the infrastructure and application.
• Design, review, and recommend for approval policies, processes, and procedures to improve operation’s efficiency and safeguard corporate information and assets.
• Manage and build the compliance assurance functions to insure that system changes meet the Confidential regulatory requirements.

Confidential

Manager, Identity Access Provisioning and Compliance program

Responsibilities:

• Work with IT Security, IT Compliance and the Business to remediate areas of identified risk within the IT Organization.
• Coordinate the approval of the corporate roles and Identity Map; Data mapping is critical for the program’s success due to HIPPA requirements.
• Design, review, and recommend for approval policies, processes, and procedures to improve operation’s efficiency and safeguard corporate information and assets.

Confidential, Warren, Michigan

Program Manager Identity and Access Management

Responsibilities:

• Consolidated and Commonize the Identity Creation and Management Infrastructure, deployed data synchronization across corporate and operation directories.
• Worked with the technology vendors and Confidential Architecture group to create a Proof of Concept to facilitate a new standard selection.
• Ensured that new applications and initiatives are developed and maintained within the established Corporate IT enterprise security and access standards. Managed the integration and remediation of 130 global applications into a common Infrastructure to reduce costs & gain efficiencies.
• Managed the development and deployment of the Confidential Corporate Single Sign-On Solution for Windows - AD, LDAP, NIS, AIX and UNIX users.
• Responsible for developing, maintaining and enforcing corporate information security standards and guidelines encompassing data and intellectual property security via integrating applications via this infrastructure.
• Coordinate Global IT teams to procure and deploy the approved solution in the Data Centers in Europe, Asia and North America for performance, fail over and redundancy.
• Manage and ensure the ability to maintain IT business continuity for Infrastructure and Application by ensuring an up to date, well tested the build from scratch disaster recovery plan for the infrastructure suite, applications and the integrated applications.
• Coordinated the effort to bring Siemens TeamCenter application into the common security and access provisioning infrastructure.
• Worked with Siemens Architects and Confidential Engineering business groups to understand the use of TeamCenter at Confidential Engineering.
• Managed the definition of a common database model to combine 150 or so TeamCenter databases across Confidential .
• Worked with the Siemens Architects to establish a common process for Authentication and Authorization for TeamCenter databases.

Confidential, Troy, Michigan

Platform Manager

Responsibilities:

• Program Manager - Confidential Advisor Application and Vehicle Communication System.
• Successfully migrated Confidential Advisor Application to the CRM based solution. Migration included enrollment. .
• Services and Billing Modules - This effort was spread across 3 call centers and involved 2500 advisor seats.
• Delivered and ensured system availability of 99.99% for the Advisor Application suite. Awarded the Confidential CIO award for the effort.
• Led the development, deployment, configuration and change control, maintenance and support of Confidential digital Vehicle Communication System.

Confidential, Detroit, Michigan

Project Manager

Responsibilities:

• Delivered Global Dealer Accounting System - System deployed at 4 international sites and helped Confidential manage inventory of vehicles being shipped into the US from across the globe. System saved Confidential about $50M annually.
• Awarded the Confidential CIO award for cost reduction and efficiency improvements.
• Identified opportunities for business process improvement and innovation by eliminating 4 steps associated with the old system and provided 3M in cost reduction opportunities.

Confidential, Detroit, Michigan

Project Manager

Responsibilities:

• Led the team providing Process Integration Services to Support and map As-Is business process and system interfaces.
• Helped users and management realize Process Improvement Methods through IT enabled Business Process Transformation.
• Analyzed As-Is System Processes for two major manufacturing companies.
• Conduct Gap Analysis between As-Is and To-Be.
• Suggested custom development approaches to bridge the Gap.

Confidential, Dearborn, Michigan

Team Lead

Responsibilities:

• Lead the Analysis, Integration, Design and Implementation of a Global Regulatory Database.
• Developed a Client Server scheduler system as part of a data acquisition system for Confidential Wind Tunnel.
• Developed system to consolidate user test data and established a uniform reporting system for 7 test sites across North America.