PROFESSIONAL EXPERIENCE

Consulting May 2009 – Present
Confidential,Virginia August 2009 - Present

• Planned, managed and performed application security assessments on business critical applications.
• Planned, managed and performed data gathering, analysis, reconciliation and documentation for full cycle of security re-certification and validation.
• Liaison with Business and IT and assisted with periodic Facilitated Security Audits for compliance.
• Liaison with Deloitte & Touché and IT management on regular basis
• Planned, trained and conducted securities reviews on Mainframe, PeopleSoft, UNIX, windows, db2, UDB, Oracle, Sybase and applications.
• Created, updated and reviewed standard operating procedure for application security assessment team.

Confidential,New York July 2007 – February 2009
Director of Technology Compliance, North America

• Responsible for technology compliance & security program for North America and Mexico for all GroupM’s operating companies including, Mindshare, Mediaedge:cia, Mediacom, Beyond Interaction, Outrider and The Leverage Group.
• Managed and worked on projects for Sarbanes-Oxley, IT security, risk management, DRP, ISO 27001, client conflicts/audit, business continuity/disaster recovery planning and global consolidation of datacenters
• Conducted Operational and Security risks assessments for all critical GroupM’s managed applications and infrastructure and presented risk reports to Technology executives including CIOs and CFOs.
• Permanent member of the infrastructure Security Council, problem management and change management team to review enterprise wide security initiatives, their impacts and root cause analysis for significant incidents and changes.
• Single Point of Contact for CIO and all CFO’s for operational risk assessments in their portfolios
• Identified significant risks and recommended controls to alleviate or mitigate risks to technology
• Oversee all IT policies and procedures, Identified significant risks and recommended controls to alleviate or mitigate risks to technology
• Worked with CIOs and CFOs on global issues, client conflicts, contracts, audits, business applications, and budgets
• Managed self-assessments, audits, self-certifications and remediation after audits
• Worked on business intelligence, applications and infrastructure projects
• Provided training for new CFO and other management on corporate compliance programs
• Prepared status reports for management and lead question/answer sessions
• Monitored and tracked service delivery, customer satisfaction and results against agreed expectations. Implemented actions aimed at continuous improvement
• Evaluated security products including Sophos, Qualys products

Confidential,New Jersey November 2006 – June 2007
IT Audit Manager

• Responsible IT Audit and IT Sox project and including, Oracle financials (11i), automated controls, ITGC, remediation, spreadsheets testing, segregation of duties, integrity of reports and liaison with auditors.
• Participated in Enterprise Change Approval Board (CAB) meetings to review significant changes across Technology Infrastructure and business applications
• Participated in the development and implementation of Information Security Policy
• Regularly reviewed/audited Operational Controls to ensure that internal control activities within IT Operations are consistent with and supportive of Vonage’s Security Policy
• Liaison with external auditors

Confidential,Pennsylvania September 2005 – November 2006
Senior Lead Consultant

• Worked on a worldwide Sarbanes-Oxley and IT security project at Volvo and its subsidiaries, spread across North and South America and Europe, in very active collaboration with Price Waterhouse Coopers as external auditors and Ernest & Young as internal auditors/consultants.
• Coached Volvo team members during External and Internal audits. Gathered Specific List of Records (SLRs) by ITGC key control.
• Worked on identity management, change management and development management tools. Developed Implementation plan and determined timelines.
• SAP logical security, change management and segregation of duties.
• Selected methodology and resources–people, processes and technologies. Scoped for Section 404 by Performing Risk Assessment and using compliance approach for multiple related entities and subsidiaries. Identified significant accounts and processes, ITGC controls as well as applications controls.
• Documented, defined and populated control framework/hierarchy. Standardized documentation for Sox and developed control objectives relevant to Sox.
• Assessed Control Design by comparing difference between tests of Design vs. operating effectiveness and identifying control activities. Remediated controls and performed retesting.
• Interacted with senior management on weekly basis. Provided weekly status report by business processes and by IT applications/systems for local and international offices.
• Conducted assessments, walkthroughs with business and IT and developed matrices to report all observations and recommendations and performed remediation project management.
• Developed Interface Inventory templates to record all systems interfaces for SOX applications, and Developed Segregation of Duties mapping matrices for all business and IT.

Confidential, September 2001 – August 2005
Senior Lead Consultant (September 2003 – August 2005)

• Worked in information technology systems audit to ensure Sarbanes-Oxley compliance. Including documentation of existing business processes, flowcharts, narratives, identifying control gaps, testing and remediation.
• Strengths include comprehensive knowledge of Sarbanes-Oxley Act, COSO integrated framework, risks, controls, key controls, financial statements assertions; ITGC, change management, platforms, Identity management and the COBIT framework.

Senior Consultant (September 2001 – September 2003)

• Worked on consulting proposals for clients outlining, timelines and deliverables for project oriented companies. Worked on documentation, planning, execution, flowcharts, risks, issue Log and status reports while completed projects within budget and time constraints.
• Worked as a functional consultant for complete projects life cycles, from the first sales call to business blueprint, business process improvements, issues identification and resolution, interfaces, prototyping, testing, change management, post project reviews and support.
• As a project manager information systems department, worked on multiple projects simultaneously, including ISO certification, network planning, deployment and offshore development.
• Responsibilities, as Manager Information Systems, included desktop and network systems solutions, installation, configuration and maintenance. Projects (completed on time and within budgets) included ISO 9000 certification, wireless network, user training, helpdesk setup, improving job descriptions and procedures.

Confidential,New York December 1999 – August 2001
System Analyst

• Responsibilities included hardware and software rollout support, installation and maintenance of networks, project planning and execution. Worked with VP of compliance for all the NASD, SEC compliance issues regarding IT. In addition to hands-on work, lead a team involved in the following projects:
• Technical and business lead in-house fix trading system.
• Software Development Life Cycle (SDLC), Disaster recovery plan and remote site testing
• IT Security projects for entire company
• Disaster recovery plan and remote site testing
• Change management, Hardware Management and Security
• Data and Systems backup and Recovery
• Automated institutional trading platform based on Financial Information eXchange (FIX) Protocol
• Anti-Money Laundry compliance software implementations

Confidential,University - Pakistan
Master of Business Administration, Information Technology – May 1999
Bachelor of Commerce – May 1997

Audit Tools: ACL, Excel, SQL,
ERP: PeopleSoft, SAP R/3 (SD, IMG, Segregation of Duties), Oracle financials (11i) (HR audit)
Disaster Recovery: Living Disaster Recovery Planning System (LDRPS 9/10), Paragon
Brokerage Data Feed: Bloomberg, ADP, Reuters, PowerPartners
Trading Systems: TradeBook (Bloomberg), Act (NASD), In-House trading systems using FIX protocol
GRC Portals: Management of Internal Control (MIC), Protiviti Portal & Paisley Portal
Business Intelligence: Business Objects
Platforms: Window all versions (Servers/Desktops), Unix, Mainframe (Top Secret Security, Customer Information Control System, DB2 & OMVS)
Databases: Oracle, mySQL, MS SQL, UDB, DB2, Sybase & Access
Presentation and Project Management: PowerPoint, Visio, Project, excel and Snagit
Document Management: SharePoint
Incident Management and Inventory: Remedy, Track IT
Others: Tivoli Access Management, Active Directory, firewalls, backup exec, antivirus, Clearcase (source code revision for windows/unix), Endeavor (change management), Turnover (change management), tripwire (configuration control), tipping point (intrusion prevention system), Qualys (vulnerability management and policy compliance system)

ISACA.org & ISC2.org
MIC (Governance, Risk & Compliance tool) and Faros: For management of internal controls and Faros for identity management (These tools developed by Microsoft for Volvo for the worldwide Sarbanes-Oxley compliance project). Other tools included; Clear case (Windows/Unix), Endeavor (mainframe), Turnover (AS 400) and TeamPlace (based on Microsoft Sharepoint)
IT systems audit and testing
ASAP (Accelerated Implementation methodology for SAP) & Implementation Guide (IMG)