Established and maintain business relationships regarding IT Compliance. Represented IT on Global SOC1 Governance Committee. Established and maintain relationship with internal and external auditors. Consolidated IT controls across business lines to establish IT SOC1 report for Dallas Datacenter in 2016 for efficiency and cost savings. Design and monitor complex IT controls across all regions. Ensure testing by auditors is valid and accurate. ISO 27001/27002 testing and maintenance of controls Established process for document collection and auditor engagement with IT. Presented to Agile teams on controls and the operation of controls. Developed audit strategies to ensure systems were not scoped into audits until ready. Reviewed new systems coming into scope from Agile teams and aquistions. Prepared IT for new audit pronouncements such as SSAE 18. Gap analysis of controls for new requirements such GDPR. Assisted Security Team in implementing controls for completeness and accuracy. Served as Chair of weekly Change Control Committee.
• Reduce EMEA IT Testing by self assessing for IT which covered 7 audits instead of IT being tested for each report.
• Assisted clients with onsite Vendor Security reviews and Datacenter review.
• Ensured accuracy of testing of enternal audit teams.
• Assisted IT Teams in determining root cause of issues.
• Represented IT on Compliance related projects.
- IT Compliance Manager at CBRE, Inc
- Consultant at Mobile Streaming Media/Elizabeth Gray Homes
- Senior Consultant at ROBERT HALF MANAGEMENT RESOURCES
- Contract Consultant for Sarbanes-Oxley at THOMAS EDWARDS GROUP
7 years, 2 months at this Job
- Bachelor of Business Administration in Accounting - Accounting
Provide information technology talent including information security talent and resources to help our Large Electrical Utility Client attain their strategic business objectives. Manage 5 teams with 45 staff members- Antivirus Management, Security Information and Event Management (SIEM) and SOC, Identity and Access Management (I &AM), Network Security, IT Audit and IT Compliance (SoX, FERC and NERC/CIP). Work as lead coordinator for Security Incidents Response team. Ensure all teams are aware of their responsibilities and contact list is updated. Develop procedure documents for different security scenarios. Work with Business Unit teams and provide technical support and get buy-in for new procedures to meet new regulations. Update Security policy and procedure documents as regulation and s business process are updated. Implemented higher Patching and Antivirus standards for Mission Critical systems-98% compliance. Implemented monitoring for systems in the Core network segment- Using Splunk, HP ArcSight, McAfee EPO, SolarWinds and SourceFire IDS/IPS Work with Client Cyber Security team and provide technical support as needed. Provide information security support for 1200 server systems in production environment. Provide monthly and quarterly reports for Executive management on overall Security metrics on Performance and Risk in the overall environment. Provide monthly budget updates and process improvements status to senior executives. Facilitate meetings to gather business unit support for IT integration and security requirements. Work with change management to integrate the new business unit systems into the environment. Responsible for hiring and firing, evaluations, bi-annual reviews, disciplinary actions and yearly budget planning for all 5 teams.
- IT Security Operations/ IT Compliance Manager at Tata Consultancy Services (TCS)
- Information Security Manager at OneWest Bank, N.A.
4 years, 3 months at this Job
- BS - Computer Information System
* Manages all internal and external audits pertaining to Information Security and IT, reporting results to Executive Leadership. * Institute and maintain relevant security policies and procedures. * Work with all portions of the business to establish or modify processes, systems, equipment, training, etc. that may be required to maintain compliance with company, partner(s), and regulatory security requirements. * Facilitates and organizes annual Security Awareness Training and Phishing Training. * Supports the discovery of security violations and inefficiencies by conducting periodic Internal Risk Assessments and Audits as well as at the Data Center and Vendor or Third-Party Facilities. * Cohesively in support of Risk Management, Incident Response, Compliance, Legal Department and similar processes. * Spearheads the alignment of security practices to conform with ISO27001, SOC / SSAE 18, HIPAA, NIST, PII and PHI, EU Privacy Shield and GDPR standards. * Responsible for IT Compliance with respect to Mergers, Acquisitions, and subsequent Integrations. * Contributed to various business partner (or prospective partner) security assessments. * Support relevant portions of RFP responses and other due diligence activities related to information security. * Support of other areas of compliance such as, but not limited to: SSAE 16 & 18, Vendor & Third-Party Management, PCI, PII, PHI, and some HIPAA as they relate to IT Systems. * Facilitated the initial build of all Risk Assessments * Team Lead for GDPR / General Data Protection Regulation * Acts as the Functional Architect and System Admin for the GRC System, Rsam
- IT Compliance Manager at PlanSource
- Cyber Security Assurance Sr. IT Auditor / Analyst at SAIC - Science Applications International Corp
- Compliance Analyst & Fraud / Loss Prevention Analyst at The Walt Disney Company - PFCU
- Sr. Business & Compliance Analyst Contractor at PFCU/ Disney, Sea World, Charles Schwab
2 years, 8 months at this Job
Responsible for ZenGRC implementation, and management of ISO, FedRAMP, and GDPR implementations.
- IT Compliance Manager at Lookout
- IT Compliance Manager at Veracode
- IT Audit Manager at Vertex Pharmaceuticals
- IT Compliance Manager at Circor International
9 months at this Job
- Bachelor of Science - Computer Information Systems
• Utilizing a strong compliance and IT background, ensured overall IT compliance and governance with external requirements through proactive planning and communication, ownership and relationships
• Managed and helped facilitate all internal, external, and regulatory audits specific to Corporate IT, managing to corporate compliance standards, including but not limited to regulatory, state, SOX, CFPB, 3rd Party, and internal audits
• Successfully prepped IT managers for audit testing and facilitated the timely resolution of any audit findings
• Led and supported IT in its efforts to identify, measure, monitor, and control IT risks
• Conducted information technology risk self-assessments to identify gaps and make sound recommendations for improvement Information Security Assurance Analyst - Contract Worker On-Site at Toyota Financial Services
• Managed specific aspects of internal, external, regulatory and state audits specific to Information Security
• Served as integral member of the SOX Program Management Team, managing specific aspects of regulatory SOX/IT General Control testing by external auditors: ◦ Liaison between audit and business units ◦ Control Self-Assessments ◦ Quarterly testing of processes ◦ Issue resolution (to name a few)
• Used Key Metrics and KRIs as reporting tools to bring visibility, resolution and accountability to deficient Information Security Program processes
• Enhanced the Information Security Governance, Risk, and Compliance Program (or GRC) by creating an automated process for the handling of Information Security Policy Exceptions, implementing a Vendor Information Protection Program, and establishing an Information Security Risk Register leveraging Microsoft SharePoint capabilities
• Key member providing oversight over the annual information security vulnerability assessment, from vendor selection to issue remediation
- IT Compliance Manager at Toyota Financial Services
- Operations Manager at Velvet Enterprises, Inc
- Assistant Vice President, Information Technology (IT) Compliance at Indymac Bank
- Auditor - Home Loans at Washington Mutual Bank
7 years, 1 month at this Job
- BA - Business Administration
- - Accounting and Financial Statement Analysis
• Develop and oversee control systems to prevent or deal with violations of corporate policies.
• Revise procedures, reports etc. periodically to identify hidden risks or non-conformity issues.
• Collaborate with HR and others to monitor enforcement of standards and regulations.
• Identify and assess possible compliance risks.
• Keep abreast of regulatory developments within or outside of the company as well as evolving best practices in compliance control.
• Prepare reports for senior management and external regulatory bodies as appropriate
- IT Compliance Manager at LASALLE SOLUTIONS
- Manager of Information Technology at LASALLE SOLUTIONS
- Director of IT at SMASHOTELS
- IT Director at DOUBLETREE MAGNIFICENT MILE AND INN OF CHICAGO HOTEL
1 year at this Job
- Bachelor of Science - Computer Science
Malaysia/Singapore/UK/AU/China) 70% travelling Reason for leaving: Seeking for regional role with less travelling or localized role. Key Responsibilities:
• Leading and building IT Compliance and Risk team.
• Formulation and maintenance of IT Test Framework, IT security policies and technology risk management frameworks
• Develop and manage annual schedules for department activities
• Work closely with the different divisions on implementation and enforcement of IT compliance requirements
• Develop, implement and govern IT management processes (ITIL, Cobit 5)
• Work with external auditors to address IT environments audit findings
• Track and review the completion of the follow-up of IT audit issues
• Work and coordinate with internal auditors on IT audit activities
• Performing Operational and Financial audits that include Cash Management, Fraud Investigation, HR and Payroll, Procurement and Banking Operation Processes.
- IT Risk Compliance & Audit Manager/ Operational and Financial Audits (AVP) at HOCK AUN Engineering Construction SDN. BHD
- IT Internal Audit Manager at Hong Leong Asia Pte Ltd
- IT Process & Audit Manager at HOCK AUN Engineering Construction SDN. BHD
- IT Governance and Compliance Manager at Resort World Sentosa Genting Singapore
1 year, 9 months at this Job
- Master - Information Technology
- Bachelor of Applied Science - (Computer Science) (Distinction)
Launched new corporate initiative mid-2018 to reduce vulnerabilities and configuration problems with servers, endpoints, and databases throughout the AIG landscape. Leveraging improved data feeds from Qualys, Imperva, Tanium and cross-referencing source vulnerability data from NIST/MITRE/Flexera, the project used a risk-based approach to prioritize and schedule remediation activities, limited server downtime, and reduced vulnerabilities by 35% in 6 months. Drove business units to complete Risk Control Self Assessments and Application Portfolio Certifications ahead of ERM deadlines. Reduced Global IT risks as an IT Compliance Manager for IT Global Technology Controls enforcing policy and standards within the Archer eGRC platform. Reduced Global Data Loss Risk Exposure by 90% through DLP external device reduction project.
- IT Security and Vulnerability Remediation Team Leader at American International Group
- Insurance Software Business Analyst/Test Lead at Accenture
- AVP Manager Operational Risk at HSBC Insurance
- Processing Manager at American International Group
5 years, 5 months at this Job
- Bachelor of Science - Biology
3rd Party Risk - IT Compliance Specialist
• Completed 86 3rd party IT Risk Questionnaires covering the following management standards: information security, data protection, asset configuration management, human resource security, physical and environmental, operations (mobile device, change management, Wi-Fi, antivirus, data retention archiving and destruction, firewall, vulnerability, system access, incident response, encryption, business continuity and disaster recovery.
• Prepare the compliance dashboard to show effort vs. workload and follow-up tasks/ pending items on customer compliance on monthly basis and support the IT Compliance Manager to present in security forums such as security steering committee, data protection committee, information security management committee.
• Worked closely with sales teams in negotiating Data Processing Agreements to align client expectations against the internal control environment.
- IT & Operations Audit/Technology Consultant at SOS Inc
- IT Auditor at Campbell Soup Company
- Business Continuity Consultant at Line Systems Inc
- IT Operations Auditor - Equity Services at Wells Fargo
10 months at this Job
- B.S. - Information Science & Technology
• Develop, implement and maintain an effective, strategic IT and Cybersecurity Compliance Program that promotes a strong, proactive culture of compliance and is commensurate with the risks posed by IT services and activities
• Define and drive strategy for maintaining IT Compliance monitoring and testing to determine compliance with various Laws, Rules and Regulations
• Develop and implement a comprehensive Compliance monitoring plan for all Laws, Rules and Regulations covered in Compliance Risk Assessment for the Enterprise
• Define strategy for IT Compliance efforts with various emerging risks
• Ensure IT Policies and Standards align with various laws, rules and regulations, frameworks, etc (FFIEC, NYDFS Cybersecurity Regulation, NIST, GLBA, etc.)
• Oversee and ensure compliance with emerging risks such as the New York Department of Financial Services Cybersecurity Regulation, Payment Card Industry (PCI) Compliance and various Federal Security requirements
• Oversee the monitoring and testing of the Disaster Recovery and Business Continuity plans
• Facilitate the planning and execution of the IT Monitoring plans
• Conduct the annual reviews of the IT and Information Security Policies and Standards
• Facilitate monitoring on our Vulnerability Management Program to ensure vulnerabilities are continuous remediated timely and in compliance with our standards
• Ensure Security Requirements are established and regularly reviewed for Vendors
• Enhance our Control Effectiveness Review process to address key Cybersecurity components for our Vendors to ensure due diligence and compliance
• Develop and maintain the internal review and reporting process of material Cybersecurity events
• Enhance our Incident Response processes to support increased due diligence to support response, documentation, follow-up to remediation and the reporting of material Cybersecurity events
• Conduct current state compliance analysis to identify areas of opportunity to ensure compliance with new laws, rules and regulations
• Develop and periodically review for enhancements the content for ongoing Security Awareness Training, including Anti-phishing and Email Security
• Provide ongoing partnerships with internal teams
• Manage and oversee compliance risks, which includes the risk of legal or regulatory sanctions, financial loss, or reputational damage resulting from failure to comply with laws, regulations, rules, other regulatory requirements, policies and other standards of self-regulated organizations
• Provide ongoing support with identification of newly identified IT risks and issues, periodic reporting, tracking, and validation of controls effectiveness with a heavy oversight of Information Security, infrastructure and Cyber resiliency
• Oversee remediation of deficiencies identified in monitoring reviews, and/or self-assessments, to ensure that appropriate remediation measures have been taken
• Determine regulatory risk and effectively communicate these risks both vertically and laterally to ensure all levels of management understand the risks posed by regulatory requirements
• Promote and build strong, collaborative relationships with business and legal partners to identify risks/issues and provide recommendations with mitigation strategies and implementation plans
• Provide continuous reporting on compliance issues and gaps to senior leadership
• Perform risk assessments to support the development and implementation of controls to mitigate identified risks
• Ensures day-to-day operations are conducted in compliance with regulatory and Cybersecurity requirements as well as the organization's IT and Information Security policies/standards
• Maintain documentation, provides requested information to regulatory agencies, and keeps management informed of issues
• Maintain knowledge of IT and Information Security best practices, applicable federal and state compliance regulations, frameworks, regulatory guidance and Payment Card Industry (PCI)
- Director, IT and Cybersecurity Compliance at Ally Financial
- IT Compliance Manager at Ally Financial
- Sr. Information Security and Compliance Analyst, Team Lead at Lowe’s Home Improvement
- Sr. IT Security and Compliance Analyst, Team Lead at Ford Motor Company
1 year at this Job
- Master of Science in Technology - Information Security
- Bachelor of Science - Communications