CAREER SUMMARY:

• Sr. IT Compliance Manager - IT Audit and Remediation of Information security & Cybersecurity controls
• Remediation expert for OCC, FRB, and IAA examination findings
• Sr. IT Program Manager - IT Compliance, IT Security, SDLC, Engineering projects and operations
• Sr. IT Auditor - PCI, SOX, ICD10 - all audit engagement activities (see last page)
• Sr. IS Risk Management - Policy and Standard Operating Procedure expert
• Sr. IT Project Manager - all Enterprise infrastructure and application projects - remediation and deployment - manage project risks, deliverables, milestones, tasks, budgets, resources, escalations, reports & communications
• IT and Business Process Engineering - control design, process automation and monitoring, and deployment
• IT Tool Designer - process automation, project management, program reporting
• COSO, SDLC, CoBIT, SOX, PCI DSS, SSAE-16, SOC 1,2,3, NIST, FFIEC, ISO27001, FISMA, ITGCs
• IT Department Budget Planner and Staff Manager (capital & expense forecasting and variance reporting)
• Sr. Business Continuity and Disaster Recovery expert - Planning, Implementation, and Management
• Communication and presentation expert for all staff and C-level management

TECHNICAL SUMMARY:

IT Compliance Management

IT Program Management

IT Project Management

IT Change Management (SDLC)

ERP Solutions

IT System & Process Remediation

Business Process Remediation

IT Organizational Development

LAN/WAN/MAN Mgt.

QuickBase App Designer

Telecom Cost Mgt.

Vendor and Contract Management

Business Continuity Management

Sharepoint

IT Budget & Finance Mgt.

Agile, SCRUM, Waterfall, JAD, RAD

EXPERIENCE:

Confidential

GRC Consultant

Responsibilities:

• Enterprise Information Security - Designed and implemented custom tracking tool (MS Project and SP2013).
• Tool tracked all remediation projects and individual tasks for remediate deficiencies discovered by Regulatory bodies and Internal Audit examiners.
• Expert with OCC and FRB examination letters, management responses, and MRA closure process..
• Projectized Mgmt. Commitments that are executed by security engineering and PM staff.
• Report weekly status results to all EIS managers, directors and the CISO.

Confidential

Sr. IT Auditor

Responsibilities:

• Assisted with completion of Q1-Q2 audit of IT system controls
• Executed Change Management tests for SAP and RACF mainframe ERP system
• Transition compliance framework to COSO 2013

Confidential

Sr. IT Compliance Consultant

Responsibilities:

• Provided cursory assessment of IT SOC 2 controls
• Remediated Information Security policies & Standard Operating Procedures

Confidential

Sr. IT Project & Program Manager

Responsibilities:

• Performed HIPAA and PCI compliance Audits (SOC 1&2)
• Performed root cause analysis and remediation of control gaps
• Selected and implemented “OnTime” Enterprise PMO tool
• Managed migration of tools and sites to Sharepoint 2013
• Performed business process re-engineering
• Implemented and managed daily SCRUM meetings for IT Project Teams
• Report project portfolio status and resource requirements to COO and CIO

Confidential

Sr. PCI Project Consultant

Responsibilities:

• Created the PCI Audit and Remediation Program (SOC 1&2)
• Audit of IT network to assess PCI compliance standing
• Deployed ITPM Project Mgt. tool
• Designed control remediation for all PCI gaps identified in the Audit
• Vetted new PCI control requirements with QSA
• Authored IT Security policies to remediate all PCI deficiencies and to build-in sustainability

Confidential

Sr. IT SOX Auditor

Responsibilities:

• Assess and execute existing control test plans (SOC 1&2)
• Revise existing test plans to ensure completeness and accuracy of evidence submitted by control owners
• Conduct interviews with control owners and create process maps for their controls

Confidential

Sr. ICD10 Project Manager

Responsibilities:

• Role based user access control also includes field type and transaction type access control
• Automated workflow of tasks & milestones that includes notices of completion and acceptance
• Automated delivery of status updates for tasks, milestones, projects, and the IT Program
• Integrated inventory - all affected business processes and applications, IT systems, servers, & support details
• Budget management includes capital & expense variance, employee hours, equipment, services, maintenance cost
• Project artifact repository - attaches documents and media files to a project task
• Calculates risk levels and the mitigation efforts for each business process
• Creates a remediation Program schedule with detailed Project plans, with resources, and deliverable due dates
• Defines the engagement process with the roles & responsibilities of IT support staff and the Business Process owners

Confidential

Sr. IT SOX Consultant

Responsibilities:

• Designed a unified SAP SDLC Change Management process
• Developed the SAP Application Level Control matrix
• Developed the SAP GCC Matrix

Confidential

Sr. IT Security Project Manager

Responsibilities:

• Design a custom project management application and methodology using QuickBase
• Developed the IT Program/Project Mgt. tool to automate status reporting, & escalation of all IT project task activities
• Incorporated staff accountability and financial tracking into the project mgt. tool’s methodology
• Assigned IT resources to project tasks
• Remediated and escalated all internal and external risks to task and milestone deadlines
• Rolled out the PMO tool and methodology to the IT Networking and Operations groups

Confidential

Sr. IT PCI Assessor

Responsibilities:

• Created and executed successful 6 month project plan to gain PCI certification (SOC 1,2,3)
• Identified all PCI control gaps
• Designed control remediation’s for PCI gaps
• Vetted PCI control requirements with Trustwave’s QSA
• Authored IT Security policies to remediate PCI deficiencies
• Developed a QuickBase application to track and communicate gap remediation’s and project status details

Confidential

IT Auditor - SOX/PCI

Responsibilities:

• Assess & document PCI & SOX controls for their online ticket system, inventory mgt. system, & their GL system
• Author & modify IT Security policies to establish LN’s compliance requirements
• Write new IT Policies to establish PCI & SOX requirements

Confidential

Sr. IT Risk Consultant

Responsibilities:

• Analyze client's IT/IS systems and revenue processes
• Assess and doc IT Financial systems: platforms, operating systems, apps, versions, and SSAE-16 requirements
• Apply process re-engineering expertise to improve control effectiveness and organizational efficiency
• Develop and execute test plans that measure the effectiveness of all general and application level IT controls

Confidential

Senior IT Consultant

Responsibilities:

• Develop IT organization, hire and train IT staff
• Design and implement automated e-commerce processes for ordering, fulfillment, and product activation.
• Design and implement the business continuity program for mission critical services and back-office operations
• Develop the Customer Service Help Desk for all IT services, document all processes and procedures for new staff

Confidential

Sr. IT SOX Audit Consultant (SAP)

Responsibilities:

• Develop, implement, and maintain the 2005/2006/2007 SAP SOX Compliance Plan for Disney IT Senior Mgt.
• Created SSAE-16 SOC 1 issued by IBM for Disney’s SAP certification
• Develop the SAP Key Control Activity matrix and test plans for Change Mgt., Security, and Operations
• Vet and negotiate Key Controls with PwC (Price Waterhouse Coopers, external auditor)
• Identify and update IT Security and Change Management policies
• CoBIT 4 subject matter expert - developed controls to conform to CoBIT 4 framework standards
• Develop project plan to implement Virsa GRC tool set for key control replacement and automation

Confidential

Sr. IT SOX Consultant

Responsibilities:

• Assess risk and document all IT mortgage lending systems and their GCC controls. (SOC 1,2)
• Negotiate revision of SSAE-16 SOC 1 controls controls and their test steps
• Develop and execute tests to evaluate the effectiveness of general controls - including SSAE-16 SOC 1 controls
• Represent New Century on SOX issues involving PwC (internal auditor) and KPMG (external auditor).

Confidential

Sr. IT SOX Audit Consultant

Responsibilities:

• IT's Key Control Identification, Documentation, and testing (SOC 1,2)
• Analyze client's IT/IS systems and revenue processes
• Assess and document all IT Financial systems: platforms, operating systems, applications, versions, vendors, service level agreements, and vendors
• Develop and execute test plans that measure the effectiveness of all general and application level IT controls
• Coordinate audit requirements and project status with senior mgt and internal audit mgt.

Confidential

IT Vendor Mgt. Consultant

Responsibilities:

• Develop a methodology and total cost of ownership tool used to evaluate IT Vendors for IT Procurement

Confidential

Sr. IT SOX Consultant

Responsibilities:

• Develop/execute tests to evaluate and remediate IT controls for a retail and wholesale client
• Identify and remediate system control deficiencies: AP, GL, HR, Order to Cash, inventory mgt
• Document internal processes, test plans, and results: coordinate with PricewaterhouseCoopers
• Re-test client’s general computer controls and remediate deficiencies before year-end close

Confidential

Sr. IT SOX Consultant

Responsibilities:

• Document IT processes, evaluate design effectiveness
• Test controls and document deficiencies and remediation recommendations
• Build Sustainability: Provide assistance with internal evaluations, prep for external evaluation