SUMMARY

• Effective communicator working with all levels of an organization (i.e. CIO, CFO, CEO and board of directors).
• Experienced “Big 4” Senior Project Manager.
• Confidential - in-charge IT Security Audits for Federal and State agencies. Developed security audit programs based on NIST800-53 standards. Conducted IT security audits of mission-critical applications, conduct and evaluate penetration testing assessments, reviewed SAS70 and SSAE-16 audit results to determine the impact on an agency and providing recommendations to resolve control deficiencies.
• Project Manager, Security and Audit Consultant to EDS, consultant to FEMA. Developed EDS System Security Plan based on the NIST800 requirement, managed and coordinated DIACAP compliance scanning, planned and managed efforts to migrate their email system to the HP managed facility.
• Senior project manager that successfully converted over 1 Million Visa debit/ATM cards to MasterCard debit/ATM cards, retired the Visa reward program, converted EFT network and managed budgets to complete efforts with over $1M budget surplus.
• Quality Assurance lead to review project deliverables based on PMBOK, NIST800, IEEE standards, performed code assessments using the Cast Tool and recommended corrective actions that produced cost savings exceeding $2.3 Million
• Mitigated organizational risk as an IT security architect and Confidential -in-charge of compliance audits and Attestation assessments for IT. Led development of IT security program, authored an IT Security Guide, defined and implemented IT compliance audit program, managed and trained staff to conduct IT risk audits, managed and conducted security compliance audits, and established IT governance function.
• Lead security consultant for the Federal Reserve Information Technologies (FRIT) to design, implement and configure (hands-on) access security to servers, applications and databases across platforms
• IV&V lead and SME that improved IT projects assuring that Federal, State and organizational standards were followed.
• Manager and Director in charge of IT departments and budgets.
• IT Compliance Confidential and Security Architect - Confidential -in charge of IT compliance audits. Conducted Control Assessment Audits that evaluated the system controls for access and penetration, business processes, data interfaces, data migration, and general IT processing controls providing recommendations to improve deficiencies. Mitigated organizational risk using Risk Radar defined and managed IT compliance. Led the development of an IT security program by authoring a security program manual, defining IT compliance audit programs based NIST800 requirements, and by managing and training staff to conduct IT risk assessment audits.
• IT Governance - Manage quality assurance and governance processes, manage defects using predictive analysis, define business models with roles & responsibilities, implement ITIL-V2 &3 standards and procedures, define and document SLA agreements, implement change management procedures, organize and chair IT steering committees, conduct IT compliance audits and risk assessments, conduct code quality assessments using CAST.
• Project Manager, Security and Audit Consultant to EDS, consultant to FEMA. Developed EDS System Security Plan based on the NIST800 requirement, managed and coordinated DIACAP compliance scanning, planned and managed efforts to migrate their email system to the HP managed facility.
• Quality Assurance lead to review project deliverables based on PMBOK, NIST800, IEEE standards, performed code assessments using the Cast Tool and recommended corrective actions that produced cost savings exceeding $2.3 Million
• Mitigated organizational risk as a QA Manager. Led development of IT security program, authored an IT Security Guide, defined and implemented IT compliance audit program, managed and trained staff to conduct IT risk assessments, managed and conducted security compliance audits, and established IT governance function.
• Lead security consultant for the Federal Reserve Information Technologies (FRIT) to design, implement and configure (hands-on) access security to servers, applications and databases across platforms
• IV&V lead that improved IT projects assuring that Federal, State and organizational standards were followed.

TECHNICAL SKILLS

• MS Project
• MS Office suite
• EDI X.12
• Commonwealth Technology Portfolio tool (CTP) ProSight
• CAST
• MS-Visio process flows work-flows document flows swim-lanes
• RACI diagrams
• Rayleigh Curve
• Capers Jones
• CA-Clarity Portfolio Manager
• Planview Enterprise
• SSO tools
• SAP
• PeopleSoft
• HP-Quality Center (ALM)
• Jira
• Teammate and Pentana audit tool
• MS SharePoint
• Risk-Watch
• ETL
• ERP
• MITA
• SOA
• Oracle
• DB2
• MS SQL
• UDB
• IMS
• B-Tree
• VSAM
• C++
• .net
• VB
• Java
• COBOL
• PL1
• Assembler
• JCL

PROFESSIONAL EXPERIENCE

Confidential, Richmond, VA

Director and Manager

Responsibilities:

• PMO Program Manager for Confidential bank.
• Hired to organize and provide structure for managing the businesses PMO in the standardized approach for Basel III compliance efforts, also manage their data storage migration to SharePoint, as well as managing the business oversight for moving their Teradata data warehouse to the AWS cloud Redshift data warehouse.
• Reviewed objectives, project deliverables and recommend corrective actions to simplify project tracking and remove possible control vulnerabilities.
• Managed the PMO governance efforts to provide recommendations for improvements that required less staff efforts saving cost.

Sr. Business Analyst and Lead

Confidential, Richmond, VA

Responsibilities:

• Consultant to Virginia Department of Taxation as a subject matter expert (SME) for issuing and evaluating vendor RFIs & RFPs.
• BA that led efforts to review and collect business process requirements and issue an RFI to possible suppliers to replace software for Audit Case Management (ACM), random sampling, customer relations management (CRM) and audit case selection.
• Define and assisted procurement manager to write and publish a software request for proposal (RFP) for COTS or Custom solution replacement of current IT software.
• Defined evaluation process to lead business teams in their assessment of the vendors’ ability to meet the requirements, the quality of their implementation strategy and their qualifications as a supplier and prepare and presented the results to the Executive committee.

IT Lead

Confidential, Robert Half, VA

Responsibilities:

• Conducted compliance and IT audits of Ferguson’s web based systems, eCommerce systems, Disaster Recovery processes and their alignment with their SDLC corporate policies and best practices.
• Also reviewed were the Network and its security compliance, results of penetration tests and the use of QualysGuard vulnerability assessment tool, audit findings were documented in their Pentana audit tool and audit findings reports were written and presented to senior managers, directors and Divisional Vice Presidents.

IT Management Process Consultant

Confidential, Denver, CO

Responsibilities:

• Governance lead consultant to Kaiser Permanente Health Insurance organization.
• Reviewed Kiser IT policies and standards to assess Federal regulation compliance with COBIT v5 framework.
• Conducted detailed analysis IT SDLC governance requirements to evaluate their alignment with best practices including ITIL, COBIT, HIPAA, NIST800, SOX, HiTrustv6, PCIv3, and ISO 27k.
• Provided updated development improvement recommendations to improve to development processes, and improved controls at project initiation and during the entire SDLC process.
• Document results as recommendations to management to revise and implement improved IT procedures.

Confidential, Alexandria, VA

Responsibilities:

• IT audit consultant and ERP consultant to Kearney and Associates through Confidential .
• Conduct FAIR audit readiness assessments of the cross-program security integration.
• The results included the identification of significant control points and the risk associated with each key control and security related to penetration test results.
• A requirements traceability document was delivered to ensure the delivered solution fulfills all processing controls and risks requirements.
• A report was provided with recommendations for future-state Enterprise-wide ERP process needs for improvements and audit ready compliance.
• The possible use of a (GRC) system and other processing tools was recommended to implement an Army-wide ERP solution.

IV&V Practice Lead,

Confidential, Richmond, VA

Responsibilities:

• Managed and conducted IV&V projects to assess and recommend corrective actions for the Commonwealth of Virginia’s IT projects.
• IT projects including the Affordable Care Act (ACA) for Medicaid Management System (MMIS), Electronic Health Records implementation, Meaningful use capabilities, use of Rhapsody for the transmission of HL7 medical records, development of an Unclaimed Properties system for the VA Treasury, Employment Commission’s Unemployment Insurance replacement system and others.
• Reports were delivered to agency and VITA management and used as expert recommendations for process improvements.

Technical Project Manager

Confidential

Responsibilities:

• As a Business Analyst and Lead for the DOD Defense Logistics Agency review and revised the systems and processes for the agile team’s development efforts.
• Established standards for review and verification of the Infrastructure design, and solution’s audit preparedness reviews of the project to verify compliance, access security including results of penetration tests and provided recommendations to management process improvements for compliance with government policies and regulations (e.g. FISCAM, FISMA, NIST, etc.) leading practices and alignment with COBITv5 framework.