- Regional IT Compliance Manager at Laureate International Universities
- IT/IS Audit Manager at Bunge Alimentos
- IT Audit Manager at KPMG Information Risk Management
2 years, 8 months at this Job
- MBA - Information Technology
- Bachelor Degree - Computer Science
- IT Compliance Manager at Novavax, Inc.
- Information Systems Engineer at Novavax, Inc.
- Business Analyst at AstraZeneca - Biologics Supply
- Information Systems Engineer at MedImmune
1 year at this Job
- None - Information Technology
- Bachelor of Arts - Political Science
• Consulting with Arista as IT Compliance Manager and Controls Manager role to provide IT Risk Management, Vendor Management and IT SOX regulatory compliance services
• Perform Vendor Risk Assessments - SOC1/SOC2 assessments for the vendors and Security Assessment Questionnaires (SAQ) in a cloud computing environment
• Implementation of the NIST Cyber-security framework
• Review of the cloud security controls for the organization
• Coordinate Vendor audits including outsourcing clients and agreements
• Perform SOX Compliance and SOX testing activities
• Plan organize and execute IT risk assessments and coordinate the Risk and Control Self-Assessment (RCSA)
• Manage the IT Security exceptions and periodic exceptions reporting
• Responsible for the periodic vendor compliance assessments
- Manager (IT Audit, IT Risk Management, IT SOX, IT Compliance) at IT Compliance
- Manager (IT Audit, IT Risk Management, IT SOX, IT Compliance) at IT Compliance
- Project Manager at IT Audit
- Project/Security Consultant (Technology Risk Management) at Jefferson Wells International
4 years, 3 months at this Job
- Masters in Business Administration - Business Administration
- Diploma in Advanced Computing - Certified Information Systems Auditor
- Bachelors - Commerce
Provide information technology talent including information security talent and resources to help our Large Electrical Utility Client attain their strategic business objectives. Manage 5 teams with 45 staff members- Antivirus Management, Security Information and Event Management (SIEM) and SOC, Identity and Access Management (I &AM), Network Security, IT Audit and IT Compliance (SoX, FERC and NERC/CIP). Work as lead coordinator for Security Incidents Response team. Ensure all teams are aware of their responsibilities and contact list is updated. Develop procedure documents for different security scenarios. Work with Business Unit teams and provide technical support and get buy-in for new procedures to meet new regulations. Update Security policy and procedure documents as regulation and s business process are updated. Implemented higher Patching and Antivirus standards for Mission Critical systems-98% compliance. Implemented monitoring for systems in the Core network segment- Using Splunk, HP ArcSight, McAfee EPO, SolarWinds and SourceFire IDS/IPS Work with Client Cyber Security team and provide technical support as needed. Provide information security support for 1200 server systems in production environment. Provide monthly and quarterly reports for Executive management on overall Security metrics on Performance and Risk in the overall environment. Provide monthly budget updates and process improvements status to senior executives. Facilitate meetings to gather business unit support for IT integration and security requirements. Work with change management to integrate the new business unit systems into the environment. Responsible for hiring and firing, evaluations, bi-annual reviews, disciplinary actions and yearly budget planning for all 5 teams.
- IT Security Operations/ IT Compliance Manager at Tata Consultancy Services (TCS)
- Information Security Manager at OneWest Bank, N.A.
4 years, 6 months at this Job
- BS - Computer Information System
Oversees Operations Compliance Management and ensures that A&F IT Infrastructure provides ongoing business continuity and security controls. * Interprets regulatory guidelines in order to recommend and implement procedures and systems which ensure compliance. * Liaises with auditors to verify compliance. * Coordinates with the Emergency Preparedness and Business Continuity Manager to develop campus-wide process to create, maintain and review departmental continuity action plans. * Provides oversight to A&F IT Server Operations and Desktop Support groups to review, document, and establish procedures and ensure compliance. Select Accomplishments: Challenge: Tasked with coordinating with all data custodians all user shares scanned with PII removal and encryption; document process to enable annual Identity Finder reviews on user file shares. Actions: Worked closely with department data custodians; generated reports for data custodians to review and setup meetings to discuss next steps in the process. Outcome: Successfully completed scanning departmental data; PII/PHI information was moved to an encrypted folder on departmental file share and documented the Identity Finder scan procedure and folder encryption process. Challenge: Notified by Autodesk Inc. of crucial need to conduct a license compliance audit of their software suite in use on the campus. Actions: Worked closely with Autodesk representatives to discuss the scope of the audit and license tracking tool they provided to gather license information from endpoints; identified ports that needed to be opened in the firewall; identified the endpoints that would be targeted for auditing. Outcome: Successfully completed license compliance audit within the required deadline; report verified compliance; negotiated with Autodesk for the right for non-educational departments to continue using the current version of software.
- IT COMPLIANCE MANAGER at University of Massachusetts
- SYSTEMS ADMINISTRATOR at University of Massachusetts
- SOFTWARE SUPPORT SPECIALIST at University of Massachusetts
7 years at this Job
- Bachelor of Arts - Communications & Political Science
- Associate in Arts - Computer Science
Implement and managed global risk-based management program to document, assess, prioritize, and administer IT risks across all brands and subsidiaries.
• Provide day-to-day management of 21 security professionals, both employees, and contractors responsible for providing; identify and access management, IT Compliance and Governance, Security Architecture, Security Awareness, and Incident Response services throughout the company.
• Develop, enhance, and publish security policies and standards to remain current with technology and regulatory changes.
• A charter member of the Privacy committee responsible for ensuring the company's compliance with regulation such as GDPR and CCPA
• Implemented a Managed Security Service Provider (MSSP) to augment existing security staffing, providing continuous monitoring of security events, and perform level 1 triage of events of interest.
• Manage the operations of the managed service provider to ensure services provided align with the services and SLA's defined within the contract. Assist with the development of use cases to increase the fidelity of the events escalated to NCLH and reduce the number of false positives. This effort has resulted in less than 20% false positive rate per month.
• Designed, implemented, and lead day-to-day information security operations efforts, including analysis, detection, mitigation, prioritization, and escalation of security risks and threats to the organization.
• Successfully implemented strategic projects enhancing the company's security posture. Projects included; a repository for tracking risks and exceptions, privileged access management, network access control, enhanced endpoint protection, and the discovery and management of unstructured information. 1
• Manage the company's Computer Incident Response process through the analysis of past events as well as the periodic training and testing of the process through scheduled tabletop exercise.
• Managed external penetration testing program, social engineering testing, and local site assessment efforts to validate the effectiveness of the company's security awareness program.
• Define and manage the annual security operational and project budgets.
• Published monthly executive security reports providing insight into the company's cybersecurity posture, accomplishments, challenges, and future efforts.
• Worked with various groups to improve working relationships between the teams and eliminate duplicate and competing efforts.
• Managed IT SOX and PCI compliance efforts including remediation efforts to close audit findings
• Ensure proper staffing and knowledge to meet the requirements of their roles and responsibilities, including performance management, mentoring, and development of training programs designed to keep staff knowledgeable in new technologies and techniques.
• Implemented a vulnerability management program to scans and assess all systems within the environment to evaluate compliance with the latest standard.
- Director IT Security & Compliance at Norwegian Cruise Lines
- Information Security Manager at LyondellBasell
- at LyondellBasell
- IT Compliance Manager at LyondellBasell
1 year, 11 months at this Job
- Masters of Science - Cybersecurity
- Bachelor of Science - Mathematics
* Oversaw the management and strategic planning of the entire cybersecurity and IT compliance programs for the Detroit Metro Airport Authority, as the organization's Executive Information Security and IT Compliance Manager. * Responsible for highly successful programs for the privacy, protection. and prevention of malicious activities to critical government information and systems that exists in a heavily regulated environment. * Designed architect, managed the implementation, and maintained hardware, software, applications, and controls for cybersecurity programs. Using a hybrid of cybersecurity frameworks (NIST, COBIT, ISO, CSC20), executed and maintained a maturity model fostering strategic planning and prioritization of security needs. * Served as organization's Technology Compliance Officer by planning, developing, and maintaining systems, controls, and programs that ensured continuous compliance to regulatory requirements. * Achieved and maintained PCI compliance for multi-million-dollar operation by defining and implementing necessary hardware, software, policies, and controls. Program used as a model for other airports working towards PCI compliance. * Certified to perform and performed official PCI assessments and official attestations of compliance to governing banks. * Designed and managed compliance assurance programs, practices, and systems for the technical security requirements of HIPAA and safeguarding of financial information as the organization's HIPAA Security Officer and Financial Technical Compliance Manager. * Established and maintained formal and informal internal audit practices to ensure practices and programs for security and associated governance continuously remained effective, efficient, and compliant to organizational and industry mandates. * Achieved and maintained 100% pass rate on external audits conducted by cybersecurity and compliance industry subject matter experts, validating reliability of security and compliance programs. * Negotiated and managed contracts; conducted contract reviews and made selection decisions for all contracts that included requirements related to cybersecurity, technical compliance, and governance.
* Oversaw the management and strategic planning of the entire cybersecurity and IT compliance programs for the Detroit Metro Airport Authority, as the organization's Executive Information Security and IT Compliance Manager.
* Responsible for highly successful programs for the privacy, protection. and prevention of malicious activities to critical government information and systems that exists in a heavily regulated environment.
* Designed architect, managed the implementation, and maintained hardware, software, applications, and controls for cybersecurity programs. Using a hybrid of cybersecurity frameworks (NIST, COBIT, ISO, CSC20), executed and maintained a maturity model fostering strategic planning and prioritization of security needs.
* Served as organization's Technology Compliance Officer by planning, developing, and maintaining systems, controls, and programs that ensured continuous compliance to regulatory requirements.
* Achieved and maintained PCI compliance for multi-million-dollar operation by defining and implementing necessary hardware, software, policies, and controls. Program used as a model for other airports working towards PCI compliance.
* Certified to perform and performed official PCI assessments and official attestations of compliance to governing banks.
* Designed and managed compliance assurance programs, practices, and systems for the technical security requirements of HIPAA and safeguarding of financial information as the organization's HIPAA Security Officer and Financial Technical Compliance Manager.
* Established and maintained formal and informal internal audit practices to ensure practices and programs for security and associated governance continuously remained effective, efficient, and compliant to organizational and industry mandates.
* Achieved and maintained 100% pass rate on external audits conducted by cybersecurity and compliance industry subject matter experts, validating reliability of security and compliance programs.
* Negotiated and managed contracts; conducted contract reviews and made selection decisions for all contracts that included requirements related to cybersecurity, technical compliance, and governance.
- INFORMATION SECURITY & COMPLIANCE MANAGER at Wayne County Airport Authority
- INFORMATION SECURITY & COMPLIANCE CONSULTANT at SELF-EMPLOYED
- DIRECTOR OF INFORMATION SYSTEMS at BARRIS, SOTT, DENN & DRIKER, PLLC
11 years, 9 months at this Job
- MASTER OF SCIENCE - MANAGEMENT INFORMATION SYSTEMS
- BACHELOR OF SCIENCE - E-BUSINESS
Managing IT compliance activities to ensure the proactive management, adherence, identification, and remediation of internal controls or standards that meet or exceed defined compliance, operational, and regulatory requirements. This includes both leading and supporting the technical and operational delivery aspects of the IT controls testing process for Internal Control over Financial Reporting (ICFR or SOX), and non-SOX compliance programs.
• Design and execute compliance tests of operating effectiveness for IT systems and internal controls; assist with required remediation related to SOX and non-SOX IT controls.
• Support the continual compliance monitoring processes for IT delivery services currently in place to identify regulatory and internal variances including log reviews, organization and roles transitions and training, as well as assessment of appropriate metrics for IT delivery processes.
• Continue review of "audit readiness" gap analysis via testing and recommend specific actions to fix gaps in applications, processes and/or process management.
• Design enhancement for internal controls such as segregation of duties, production change management, software/change management, security, incident handling, and data integrity.
• Manage and facilitate the control self-testing process through audit trail management using ServiceNow's ticket management, GRC, and asset management solutions suit as well as other applications as necessary.
• Supports the IT Compliance Manager in compiling, drafting, developing, and delivering input on all aspects relevant to compliance scan results, processes, and associated policy documentation.
• Partner with peers and customers to make IT's culture one that is "audit ready"
• Deliver quarterly compliance and IT ethics educations.
• Seamless interface relationships with both IT Operations and Delivery staff as well both internal and external audit.
- IT COMPLIANCE ANALYST at TRUEBLUE INC
- PCI COMPLIANCE ANALYST at CITY OF SEATTLE
- PROGRAM MANAGER at Cloud and Enterprise Security
- PROGRAM MANAGER II at T-MOBILE
1 year, 9 months at this Job
- ASSOCIATE OF APPLIED SCIENCE - Computer Science
New Projects Security: - Full Life Cycle Implementation
Managed multiple JCI projects/implementation simultaneously using ASAP security implementation methodologies- Durango, Monterrey, Manisa, BW/BI KPI, SAC, SARA etc. Lead the team with new projects design, analysis, strategy, blueprint, development, testing, Cutover & timeline. Lead technical design activities & ensured first time acceptance & signoff of all design documents are completed. Lead development & testing activities with project/offshore team. Day to Day Operation & SAP Security:
Supported day to day SAP security support. Worked & managed offshore team to continue resolved open issues & trained new members with JCI process. Completed any SLA as per project norm - Reported problems with Incident & document the same. Identified & resolved the issues on timely manner. Lead the support for a module/technology /process area. Audit & Compliance Support:
Coordinated Audit, self assessments to ensure that risks are properly identified, evaluated & communicated. Reviewed security compliance policies, procedures, standards & guidelines in alignment with business objectives & corporate policy and updated wherever required across all levels and regions of the business units. Process Compliance:
Adherence to process and quality norms. Attended client's trainings as required to fulfill their quality & process norms & ensured that projects will be delivered as per timelines. Team Management:
Managed & Mentored team members/offshore. Performed other related duties and tasks as assigned.
• Worked with business to gathered & understood business requirements & converted them into technical security requirements.
• Designed, developed, tested, cutover, implemented & supported BPSS (KPI & Procurement BI/BOBJ/HANA), Durango, Monterrey, Manisa (Turkey), SAC, SARA projects security authorizations. I ensured that application security SOX compliances are well meet during new security developments.
• Supported day to day SAP security support for ECC, BI/BOBJ/HANA, SCM/APO, CRM, IDM, GRC, SOLMAN security etc. before GO LIVE at Durango, Monterrey & later integrated with GRC CUP,RAR modules.
• Created new roles for ECC, BI/BOBJ/HANA, SCM/APO, CRM, IDM, GRC, SOLMAN wherever needed. Created special planning roles( planning areas, planning folders, planning books, planning profiles etc for SCM/APO(DP & SNC) and integrated with BI.
• Used portal SSO & LDAP for end user authentications for SAP IDM & logon for KPI BI/BOBJ/HANA applications.
• Evaluated business risk with the help of GRC tool within security design & implemented appropriate controls.
• Worked with SAP COE & Global IT compliance manager on design, developed & implemented SOD, User provisioning, GRC 10.0 process & access controls. Also implemented process control framework for AE.
• Managed onsite/offshore security model, resources & their work plans.
• Supported during GO LIVE, Hypercare & Post GO LIVE.
• Experienced with IDM, GRC 10.0 implementation & support.
• Completed any SLA as per project/support norms. Identified & resolved the issues on timely manner.
• Participated in quarterly, yearly SOX compliance Audit & completed on time. Environnant: SAP ECC6.0,BI/BOBJ/HANA, CRM 7.1, SCM/APO, XI/PI, Solman, EP, GTS, IDM 7.2, GRC 5.3/10.0, Audit etc
- Lead - SAP Security, Audit & Compliance at Johnson Controls
- Lead-SAP Security & Audit at Mylan Pharmaceutical
- Security Consultant (SAP, BW, APO, SEM) at Schering-Plough Pharmaceuticals
- SAP/BW Security Architect/Team Lead at CHEP USA/CHEP International, Orlando
1 year, 10 months at this Job
Assisting the Chief Information Security Office (CISO) under the direction of the Project Manager, Security Portfolio Program Manager, IT Compliance Manager, IT Governance and Risk Management Manager. Maintaining the enterprise-wide Information Security and the global IT Sarbanes-Oxley (SOX) programs.
• Performed vulnerability examinations utilizing commercial scanners of company's agencies.
• Managed PKI throughout the development of the system infrastructure.
• Assisted agency management to develop remediation plans for audit reports.
• Conducted examinations of attack & pen test, SSAE16/ SOC 1 Type II, and successfully uploaded issues from 6+ audit reports in IPG's GRC tool.
• Successfully analyzed and coordinated 8+ exceptions a week to ensure compliance and security.
• Identified IP ownership and assets by open-units to support attack & pen test efforts.
• Investigated consistency of processes in Active Directory to prevent from fraudulent account activities.
- Information Security and Compliance Intern at Interpublic Group
- Help Desk Technician at TaskRabbit
- at TaskRabbit
4 months at this Job
- High school or equivalent