PROFESSIONAL SUMMARY

• Seasoned professional CRM Certified Risk Manager and Project Manager with significant years of project management consulting Sarbanes Oxley SOX Consulting and auditing experience focusing in Governance Risk and Compliance utilizing the LockPath version 2 Keylight Platform GRC tool as well as the RSA Archer Platform GRC tool MetricStream GRC Tool Fiserv Frontier 5.0 tool Business Intelligence BI Project Management, Access Identity Management and Rigorous Program Management. Extensive Senior Project Management in Dual Shore Point experience utilizing Waterfall, Agile, as well as Scrum Software Development methodology.
• Project Management of major SAP ERP implementation projects WITH BUDGET IN EXCESS OF 25 MILLION DOLLARS including SAP Financials FICO SAP CRM and SAP SRM Solutions including SAP ECC 5.0 to 7.2 HANA SAP Warehouse Management Systems. SOX Compliance Software tools implementation and evaluation. Oracle R12 Implementation and Analysis
• Extensive experience in scheduling responsibilities and developing and accurately maintaining integrated master/sub-project schedules, ensuring schedule logic is maintained, coordinating work activities with project team members, progressing schedules and assisting in identifying and resolving schedule conflicts as well as performance of User Acceptance Testing. Extensive experience in Healthcare HIPAA, compliance and development of Standards and Guidelines to adhere to the NIST -800-53, ISO 27001, ISO 27002, SOX, Dodd Frank Act, HITRUST The Volcker Rules Meaningful Use Act and Sunshine Act requirement and compliance. Extensive experience in Compliance to NERC Version 3 and 5.1 thru 5.4 PCI Version s 2 and 3 Standards and implementation and performance of Compliance QSA Auditing.

TECHNICAL EXPERIENCE

Project Manager in SAP ECC 7.2 7.0 , SAP HANA SAP COTS packages SAP ECC 5.0 Business One and SAP ECC 6.0 R/3 Functional Conversion ISO 27001 and 27002 NERC 3 and 5.1 LockPath Keylight GRC version 2 RSA Archer GRC tool MetricStream GRC Tool ControlCase GRC Scan Qualys Scan Qualys Guard PCI Scan PCI ASV Scan ClearScan ProCheckUp ASV Nexus Scan Nixu Watson Scan Fiserv Frontier 5.0 tool Oracle R12 Implementation and Analysis SAP Archiving ERP SDLC Microsoft-Project 2007 IBM Web-Sphere MQ Series 2003 2002 and 2000 Access Oracle R8 thru R12 Financials SSAE 16 SAS 70 Microsoft SharePoint and Microsoft SQL Server Business Intelligence Hyperion Financials JAVA DIBS G/L PRIMAVERA 5.0/8.0/9.1 Vitech V3 Microsoft VISIO Excel Word Power Point Lotus Notes Windows MS-DOS HP PPM RUP Waterfall, Agile, Scrum Software Development methodology EDSNET Win stub Lotus 123 COBOL FORTRAN PL1

PROFESSIONAL EXPERIENCE

Confidential

Certified Risk Management Officer

Senior IT Compliance Manager, and Systems Security Subject Matter Expert

• Established the Controls Excellence Program for end-to-end business process as the Business Process Cycle.
• Led, participated as part of the core Controls Excellence management team focused on managing leading strategic initiatives for Controls Excellence which increase value to the company and partner with leadership to influence and contribute to a strong optimal controls environment which addressed IT Compliance in SOX, PCI, HIPAA, HITECH reporting requirements, regulatory requirements and standalone reporting requirements.
• Supported leadership in preparing reviewing deliverables, reports presentations to Senior Leadership, including the Audit Committee
• Partnered with Controls Excellence Director and provided support in achieving overall goals and metrics of Controls Excellence, including supporting regular dashboard and Steering Committee requirements
• Participated in setting and achieving Access and Identity Management performance metrics
• Led, coached and developed resources to achieve the function's objectives, including their longer-term career aspirations
• Led, motivated and developed the Controls Excellence Team to prioritize and allocate work in order to complete the review, documentation, and testing of key IT and financial business processes to support the Company's senior management's SOX, PCI, HIPAA, HITECH attestation responsibilities and meet other key Controls Excellence strategic objectives.
• Identified, managed and reported on all internal control deficiencies real-time and work with business Process Owners to facilitate the creation of action plans and remediation timetables to correct the deficiencies noted.
• Promoted the philosophy of collaborative team working environment, team development across all activities, and focused on the design of new and improved processes in order to achieve business objectives and continuously improve performance within the Controls Excellence Team.
• Partnered with business units and management to foster an environment whereby Controls Excellence was a strategic controls advisor to the organization and helped management effectively manage key IT, financial regulatory reporting risks
• Worked effectively with key stakeholders, including external auditors and senior management, to promote alignment across understanding of Key Controls and managing expectations.
• Provided the technical and operational expertise and support to all levels of management for compliance with the Sarbanes-Oxley Act, PCI, HIPAA, HITECH and pronouncements of the Public Company Accounting Oversight Board PCAOB and the SEC.

Project Manager, Senior Business Analyst, RSA Archer and PCI Compliance and Systems

Confidential

• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.4 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
• Primary areas of focus was
• Platform point of consolidation for governance,risk and compliance information of all types
• Access and Identity Management enhancement seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.
• The above functions were performed in all of the below RSA Modules:
• RSA Archer e-GRC Platform v5.4.4
• Modules
• Policy Management
• Risk Management
• Compliance Management
• Enterprise Management
• Business Continuity Management
• Vulnerability Risk Management
• Security Operations Management
• Incident Management
• Threat Management
• Vendor Management
• Audit Management
• Federal Assessment Authorization
• Federal Continuous Monitoring
• GRC Platform

Confidential

Senior Business Analyst where functional responsibility was to assist in the development of Statement of work and/or RFQ to coordinate and test IT corporate policies and procedures to meet Federally Regulated NIST Standards and mandated Systems Security Standards for compliance in NIST -800-53, SOX, SAP PCI RSA Archer 5.0 MetricStream GRC Tool Meaningful Use and Sarbanes Oxley. Required enhance Risk Management Certification by obtaining 24 continuing education units CEU's to implement policies and procedures to meet the SOX Compliance Identity Management SAP Project Management PCI HITRUST Meaningful Use Stage 1 and 2 Sunshine Act Dodd Frank Sarbanes Oxley NIST -800-53 ISO 27002, ISO 27001 SSAE 16 Compliance

Project Manager, Senior Business Analyst, RSA Archer Systems Security Implementation

Confidential

• Senior Business Analyst where functional responsibility was to develop, coordinate and test IT corporate policies and procedures to meet Federally Regulated NIST Standards and mandated Systems Security Standards for compliance in SAP 7.0 to 7.2 HANA environment. Helped to implement policies and procedures to meet the Sarbanes Oxley NIST -800-53 ISO 27002, ISO 27001 SSAE 16 Compliance
• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.2 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
• Primary areas of focus was
• Platform point of consolidation for governance,risk and compliance information of all types seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Access and Identity Management enhancement
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.
• The above functions were performed in all of the below RSA Modules:
• RSA Archer e-GRC Platform v5.2.4
• Modules
• Policy Management
• Risk Management
• Compliance Management
• Enterprise Management
• Business Continuity Management
• Vulnerability Risk Management
• Security Operations Management
• Incident Management
• Threat Management
• Vendor Management
• Audit Management
• Federal Assessment Authorization
• Federal Continuous Monitoring
• GRC Platform

Confidential

Project Manager, Senior Business Analyst, RSA Archer and PCI Security Standards Implementation

• Active Directory and Bind view implementation and testing to ensure compliance to meet Federally Regulated NIST Standards NIST -800-53 and mandated SOX Systems Security Standards.
• Additional responsibilities were penetration testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.0 Requirements developed towards reaching the following six 6 milestones:
• Removing sensitive authentication data and limit data retention.
• Protecting the perimeter, internal and wireless networks.
• Securing payment card applications.
• Monitoring and controlling access to IT financial systems.
• Protecting stored cardholder data.
• Finalizing remaining compliance efforts and ensure all controls are in place.
• Vulnerability Management
• ISO 27002, ISO 27001 SSAE 16 Compliance
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• Directly responsible for implementation team of 16
• Access and Identity Management
• Oracle R12 functionality and Compliance Analysis
• Change Management Compliance and Process Implementation
• Business Intelligence BI
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Consulting in the research, design and implementation of The Dodd Frank Act and The Volcker Rules requirements.
• Senior Project Manager/Business Analyst functional responsibility was in Implementation, testing and verification of the PCI Version 2.0 DSS and RSA Archer 5.1 Requirements Implementation and Compliance testing of security, risk and compliance management solutions for business acceleration including managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments.
• Primary areas of focus was
• Platform point of consolidation for governance,risk and compliance information of all types
• seamless integration of data systems without the need for additional software
• Automated movement of data into and out of the Platform to support data analysis
• Process management and reporting.
• Data Feed Manager.
• Flexible, code-free tool for consolidating information within the RSA Archer eGRC Platform
• Data Publication Manager which allowed users to automatically extract information from the Platform and load it into external systems for advanced data analysis and modeling
• Web Services API which supported integration with other business systems using the industry standard SOAP protocol.
• User and Group Synchronization which supported Active Directory and lDAP integration of user accounts and groups.
• The above functions were performed in all of the below RSA Modules:
• RSA Archer e-GRC Platform v5.1.4
• Modules
• Policy Management
• Risk Management
• Compliance Management
• Enterprise Management
• Business Continuity Management
• Vulnerability Risk Management
• Security Operations Management
• Incident Management
• Threat Management
• Vendor Management
• Audit Management
• Federal Assessment Authorization
• Federal Continuous Monitoring
• GRC Platform

Confidential

Business Analysis

• where I analyzed documented and published a corporate report on the KMF which focused on issues involving the management of cryptographic keys: their generation, use, and eventual destruction. The final report included related topics, such as algorithm selection and appropriate key size and cryptographic module selection.
• Directly responsible for implementation team of 10
• Oracle R12 Implementation and Analysis
• Compliance to NIST -800-53
• Vulnerability Management
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• ISO 27002, ISO 27001 SSAE 16 Compliance
• Writing and maintaining process procedures and controls
• Compliance to NERC Standards
• Business Intelligence BI
• Monitoring and controlling Identity Management applications access to IT financial systems Change
• Management Compliance and Process Implementation
• SSAE 16 Compliance

Confidential

Project Manager, Security Standards Implementation

• Responsibilities were penetration testing and verification of the PCI Version 1.0 DSS Requirements developed towards reaching the following six 6 milestones:
• Removing sensitive authentication data and limit data retention.
• Protecting the perimeter, internal and wireless networks.
• Securing payment card applications.
• Monitoring and controlling access to IT financial systems.
• Protecting stored cardholder data.
• Finalizing remaining compliance efforts and ensure all controls are in place.
• Vulnerability Management
• Directly responsible for implementation team of 18
• Consulting in the research, design and implementation of SOX and The Dodd Frank Act and The Volcker Rules requirements.
• Change Management Compliance and Process Implementation
• ISO 27002, ISO 27001 SSAE 16 Compliance
• Business Intelligence
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Compliance Monitoring of implementation of the Fiserv Frontier 5.0 tool

Project Manager, IT Corporate SOX Compliance

Confidential

• Dual Shore point responsibility managing the custom built combination of the best local and off-shore talent to bring the client the highest quality
• Project Manager SOX Compliance and Senior SAP Subject Matter Expert responsible for the IT System transition from E-Synergy to the COTS package SAP ECC 6.0 R/3 6 million dollar budget . Responsible for the successful planning and execution of the SAP Archiving, conversion and implementation project including defining project approach and gaining client, client engagement manager and project team member's buy-in for 28 Solutions including SAP Financials FICO SAP CRM and SRM Solutions including SAP HANA environment.
• Change Management Compliance and Process Implementation
• Vulnerability Management
• Writing and maintaining process procedures and controls
• ISO 27002, ISO 27001 SSAE 16 Compliance
• Business Intelligence
• Compliance to NERC Standards
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• Using Rigorous Program Management/RPM led and directed implementation team of 23 contracted consultants and employees, responsible for the successful implementation of the Business Suite Module. Communicated project status, milestones and issues to project owners.

Confidential

Position: Project Manager, IT and SOX Systems Compliance and Testing

• Directly responsible for implementation team of 15 responsible for the Business Suite Module.
• Compliance Monitoring of implementation of the LockPath Keylight version 2 Platform GRC tool
• Dual Shore point responsibility managing the custom built combination of the best local and off-shore talent to bring the client the highest quality
• Senior SOX Project Manager, SAP Project Manager and Subject Matter Expert responsible for the ERP transition from MAS 500 to SAP COTS package SAP ECC 5.0 Business One 8 million dollar budget . Direct implementation responsibility for the Business Suite Module. SAP Business Suite provided the company with industry-specific applications. Overall responsibility for the successful planning and execution of the SAP project for 24 Solutions including SAP Financials FICO SAP CRM and SRM Solutions in the SAP HANA environment.
• Change Management Compliance and Process Implementation
• Vulnerability Management
• ISO 27002, ISO 27001 SSAE 16 Compliance
• Oracle R12 Implementation
• Business Intelligence
• Monitoring and controlling Identity Management applications access to IT financial systems
• Writing and maintaining process procedures and controls
• Communicated project status, milestones and issues to project owners.

Confidential

Project Manager, Systems IT Testing and Compliance

• SAP Customer Relationship Management SRM ECC 4.0 specialist with the functional responsibility to develop, coordinate and test IT corporate policies and procedures to meet Federal mandates for Sarbanes-Oxley compliance. Developed a fifteen 15 step audit approach to address the Information systems assessment. Performed User Acceptance Testing for 28 Solutions including SAP Financials FICO SAP CRM and SRM Solutions.
• Writing and maintaining process procedures and controls

Confidential

Project Manager Sarbanes-Oxley Testing and Compliance

• Overall responsibility for the successful planning and execution of the Year 2 SOX testing.
• Overall responsibility for the Year 2 SOX testing and Compliance in Oracle 11i and Hyperion Financials SAP CRM and SRM Module.
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• Directly responsible for implementation team of 10, responsible for the Year 2 SOX testing.
• Communicated project status, milestones and issues to project owners.
• Writing and maintaining process procedures and controls
• Vulnerability Management
• ISO 27002, ISO 27001 SSAE 16 Compliance
• Applied project management methodologies and control techniques to project.
• Change Management Compliance and Process Implementation
• Business Intelligence
• Tracked and reported progress relative to time, budget and demonstrated results.
• Worked independently and with Project Team members to ensure task-level plans were completed and executed on track for the Year 2 testing.

Senior Project Manager, SOX Compliance and Testing

Confidential

• Performed Sarbanes-Oxley testing and documentation based on project plan and to ensure year two testing and SOX compliance was achieved.
• Overall responsibility for the Year 2 SOX testing and Compliance in Oracle R8 and Hyperion Financials SAP CRM and SRM Module.
• Developed and Audited requirement for Type 1 and Type 2 SAS70
• Communicated and interpreted the status for potential schedule impacts and communicate said impacts to control account/program manager and Integrated Product Team Leads as well as issued remediation to the external auditors, members of Senior Management and the Audit Committee.
• Maintained regular dialogue with Board of Directors members through monthly/bi-monthly/weekly meetings.

Confidential

Senior Executive Consultant/Subject Matter Expert

• Project Manager with oversight responsibility for the performance of Sarbanes-Oxley testing and documentation based on project plan and to ensure year two 2 testing and SOX compliance was achieved.
• Developed and Audited requirement for Type 1 and Type 2 SAS70
• Overall responsibility for the Year 2 SOX testing and Compliance in Oracle 11i and Hyperion Financials SAP CRM and SRM Module.
• Compliance Monitoring of implementation of RSA Archer Platform GRC tool
• Communicated and interpreted the status for potential schedule impacts and communicate said impacts to control account/program manager and Integrated Product Team Leads as well as issued remediation to the external auditors, members of Senior Management and the Audit Committee.
• Maintained regular dialogue with Board of Directors members through monthly/bi-monthly/weekly meetings.

Senior Executive Sarbanes-Oxley Consultant

Confidential

• Performed Sarbanes-Oxley testing and documentation based on project plan and to ensure year two 2 testing and SOX compliance was achieved.
• Overall responsibility for the Year 2 SOX testing and Compliance in Oracle 8 and Hyperion Financials SAP CRM and SRM Module.
• Developed and Audited requirement for Type 1 and Type 2 SAS70
• Communicated and interpreted the status for potential schedule impacts and communicate said impacts to control account/program manager and Integrated Product Team Leads as well as issued remediation to the external auditors, members of Senior Management and the Audit Committee.
• Maintained regular dialogue with Board of Directors members through monthly/bi-monthly/weekly meetings.

Confidential

Senior Documentation and Testing Consultant

• Performed Sarbanes-Oxley testing and documentation based on project plan and to ensure year two 2 testing and SOX compliance was achieved.
• Developed and Audited requirement for Type 1 and Type 2 SAS70 and Oracle and Hyperion Financials
• Communicated and interpreted the status for potential schedule impacts and communicate said impacts to control account/program manager and Integrated Product Team Leads as well as issued remediation to the external auditors, members of Senior Management and the Audit Committee.
• Maintained regular dialogue with Board of Directors members through monthly/bi-monthly/weekly meetings.

Senior Documentation and Testing Consultant

Confidential

• Performed Sarbanes-Oxley testing and documentation based on project plan and to ensure year one testing and SOX compliance was achieved.
• Developed and Audited requirement for Type 1 and Type 2 SAS70 and Oracle and Hyperion Financials
• Communicate the status of testing and issued remediation to the external auditors, members of Senior Management and the Audit Committee.
• Maintained regular dialogue with Board of Directors members through monthly/bi-monthly/weekly meetings.

Confidential

Senior Consultant SOX

• Performed Sarbanes-Oxley testing and documentation based on project plan and to ensure year one testing and SOX compliance was achieved.
• Developed and Audited requirement for Type 1 and Type 2 SAS70 and Oracle and Hyperion Financials
• Communicate the status of testing and issued remediation to the external auditors, members of Senior Management and the Audit Committee.

Confidential

Senior Consultant, Senior Sarbanes-Oxley Consultant

• HIPAA, ICD 9, HIPAA 5010 and 4010 Implementation and testing
• Meaningful Use and Sunshine Act Development and Compliance

Project Manager, Consultant, HIPAA Implementation/Testing

Confidential

• HIPAA, ICD 9, HIPAA 5010 and 4010 Implementation and testing
• Meaningful Use and Sunshine Act Development and Compliance

Confidential

Senior Business Analyst/HIPAA Implementation/Testing

• HIPAA, ICD 9, HIPAA 5010 and 4010 Implementation and testing
• Meaningful Use and Sunshine Act Development and Compliance

Confidential

Project Manager, Lead Business Analyst/HIPAA Implementation

• HIPAA, ICD 9, HIPAA 5010 and 4010 Implementation and testing
• Meaningful Use and Sunshine Act Development and Compliance

Confidential

Project Manager, HIPAA Compliance Coordinator, HIPAA Implementation/Testing

• HIPAA, ICD 9, HIPAA 5010 and 4010 Implementation and testing
• Meaningful Use and Sunshine Act Development and Compliance

Confidential

Senior Consultant/ Senior Auditor

• HIPAA, ICD 9, HIPAA 5010 and 4010 Implementation and testing.
• Meaningful Use and Sunshine Act Development and Compliance