Coordinated standardized cybersecurity awareness program across North American
• In partnership with HR, rolled out mandatory information security training for employees
• Manage application portfolio lifecycle process for 180+ applications from inception to decommissioning including marshalling new business requests and cases through the management approval process
• Manage, research, and investigate security incidents, and provide status reports to upper management
• Manage and coordinate security and compliance initiatives and projects across cross- functional teams ensuring availability of resources to execute the work
• Successfully led ISO 27001 implementation project with responsibilities in working with application teams through risk assessment, documentation and mitigation phases
• Manage the Information Security Management System (ISMS) processes and schedule to maintain ISO 27001 certification
• Work with application and project teams to assess and implement security and compliance requirements
• Coordinate and facilitate meetings and interactions with internal and external audit
• Act as subject matter expert for IT Security and Compliance related topics
- IT Compliance Manager at NESTLE WATERS NORTH AMERICA
- Senior IS/IT Auditor - Team Lead at NESTLE WATERS NORTH AMERICA
- Consultant at DELOITTE & TOUCHE LLP
- IS Administrator at ARISTA HOMES LIMITED
4 years, 2 months at this Job
- Master of Business Administration - Business Administration
- B.Sc. (Honours) in Computer Science - Psychology
• Implemented Zen GRC to support ISO27001, FedRAMP, and GDPR programs, risk management processes, and continuous monitoring requirements
• Worked with IT process owners (Security, Development, etc) to develop IT policies which meet ISO compliance framework requirements and/or align with risk appetite of the organization
• Presented compliance criteria to process owners to ensure awareness and align business decisions and self-identify compliance gaps for issue tracking
- IT Compliance Manager at Lookout
- IT Compliance Manager at Veracode
- IT Audit Manager at Vertex Pharmaceuticals
- IT Compliance Manager at Circor International
1 year, 3 months at this Job
- Bachelor of Science - Computer Information Systems
Provide information technology talent including information security talent and resources to help our Large Electrical Utility Client attain their strategic business objectives. Manage 5 teams with 45 staff members- Antivirus Management, Security Information and Event Management (SIEM) and SOC, Identity and Access Management (I &AM), Network Security, IT Audit and IT Compliance (SoX, FERC and NERC/CIP). Work as lead coordinator for Security Incidents Response team. Ensure all teams are aware of their responsibilities and contact list is updated. Develop procedure documents for different security scenarios. Work with Business Unit teams and provide technical support and get buy-in for new procedures to meet new regulations. Update Security policy and procedure documents as regulation and s business process are updated. Implemented higher Patching and Antivirus standards for Mission Critical systems-98% compliance. Implemented monitoring for systems in the Core network segment- Using Splunk, HP ArcSight, McAfee EPO, SolarWinds and SourceFire IDS/IPS Work with Client Cyber Security team and provide technical support as needed. Provide information security support for 1200 server systems in production environment. Provide monthly and quarterly reports for Executive management on overall Security metrics on Performance and Risk in the overall environment. Provide monthly budget updates and process improvements status to senior executives. Facilitate meetings to gather business unit support for IT integration and security requirements. Work with change management to integrate the new business unit systems into the environment. Responsible for hiring and firing, evaluations, bi-annual reviews, disciplinary actions and yearly budget planning for all 5 teams.
- IT Security Operations/ IT Compliance Manager at Tata Consultancy Services (TCS)
- Information Security Manager at OneWest Bank, N.A.
4 years, 9 months at this Job
- BS - Computer Information System
New Projects Security: - Full Life Cycle Implementation
Managed multiple JCI projects/implementation simultaneously using ASAP security implementation methodologies- Durango, Monterrey, Manisa, BW/BI KPI, SAC, SARA etc. Lead the team with new projects design, analysis, strategy, blueprint, development, testing, Cutover & timeline. Lead technical design activities & ensured first time acceptance & signoff of all design documents are completed. Lead development & testing activities with project/offshore team. Day to Day Operation & SAP Security:
Supported day to day SAP security support. Worked & managed offshore team to continue resolved open issues & trained new members with JCI process. Completed any SLA as per project norm - Reported problems with Incident & document the same. Identified & resolved the issues on timely manner. Lead the support for a module/technology /process area. Audit & Compliance Support:
Coordinated Audit, self assessments to ensure that risks are properly identified, evaluated & communicated. Reviewed security compliance policies, procedures, standards & guidelines in alignment with business objectives & corporate policy and updated wherever required across all levels and regions of the business units. Process Compliance:
Adherence to process and quality norms. Attended client's trainings as required to fulfill their quality & process norms & ensured that projects will be delivered as per timelines. Team Management:
Managed & Mentored team members/offshore. Performed other related duties and tasks as assigned.
• Worked with business to gathered & understood business requirements & converted them into technical security requirements.
• Designed, developed, tested, cutover, implemented & supported BPSS (KPI & Procurement BI/BOBJ/HANA), Durango, Monterrey, Manisa (Turkey), SAC, SARA projects security authorizations. I ensured that application security SOX compliances are well meet during new security developments.
• Supported day to day SAP security support for ECC, BI/BOBJ/HANA, SCM/APO, CRM, IDM, GRC, SOLMAN security etc. before GO LIVE at Durango, Monterrey & later integrated with GRC CUP,RAR modules.
• Created new roles for ECC, BI/BOBJ/HANA, SCM/APO, CRM, IDM, GRC, SOLMAN wherever needed. Created special planning roles( planning areas, planning folders, planning books, planning profiles etc for SCM/APO(DP & SNC) and integrated with BI.
• Used portal SSO & LDAP for end user authentications for SAP IDM & logon for KPI BI/BOBJ/HANA applications.
• Evaluated business risk with the help of GRC tool within security design & implemented appropriate controls.
• Worked with SAP COE & Global IT compliance manager on design, developed & implemented SOD, User provisioning, GRC 10.0 process & access controls. Also implemented process control framework for AE.
• Managed onsite/offshore security model, resources & their work plans.
• Supported during GO LIVE, Hypercare & Post GO LIVE.
• Experienced with IDM, GRC 10.0 implementation & support.
• Completed any SLA as per project/support norms. Identified & resolved the issues on timely manner.
• Participated in quarterly, yearly SOX compliance Audit & completed on time. Environnant: SAP ECC6.0,BI/BOBJ/HANA, CRM 7.1, SCM/APO, XI/PI, Solman, EP, GTS, IDM 7.2, GRC 5.3/10.0, Audit etc
- Lead - SAP Security, Audit & Compliance at Johnson Controls
- Lead-SAP Security & Audit at Mylan Pharmaceutical
- Security Consultant (SAP, BW, APO, SEM) at Schering-Plough Pharmaceuticals
- SAP/BW Security Architect/Team Lead at CHEP USA/CHEP International, Orlando
2 years, 1 month at this Job
◦ Manage annual AWS cloud spend and forecast of approx., $7M * Assist application owners to identify optimization across cloud resources. This includes, the purchase of RIS and identification of underutilized cloud resources using native cloud tools and third-party tools, e.g., Cloud health ◦ Member of Cloud Center of Excellence (CCOE) responsibilities include, but not limited to, budget, procuring of new cloud resources, cloud DR, and compliance and governance. ◦ Led engagement with big four accounting firm to define and implement cloud governance ◦ Manage a team of SAP security consultants that manage all SAP security (using the GRC suite of tools) across multiple SAP landscapes ◦ Manage a team of consultants to work with application mangers to ensure all critical apps are tested and all technical recovery documents (TRPs) are periodically reviewed and approved to ensure business recovery objectives (RTOs & RPOs) are achievable ◦ Develop and coordinate annual IT BC exercises ◦ Process owner and tester for GCS (Change Mangament, Logical Security, and DR. ◦ Coordinate and test information technology general controls (ITGCs) on a routine basis meeting all defined deadlines ◦ Coordinate control deficiencies to ensure mitigation ◦ Process owner for the IT Risk Authority Guidelines (RAG) process
• AWS Cloud Finance Manager
• SAP Security
• Business Continuity (BC) and Disaster Recovery (DR)
• IT SOX Testing
◦ Manage annual AWS cloud spend and forecast of approx., $7M
* Assist application owners to identify optimization across cloud resources. This includes, the purchase of RIS and identification of underutilized cloud resources using native cloud tools and third-party tools, e.g., Cloud health
◦ Member of Cloud Center of Excellence (CCOE) responsibilities include, but not limited to, budget, procuring of new cloud resources, cloud DR, and compliance and governance.
◦ Led engagement with big four accounting firm to define and implement cloud governance
◦ Manage a team of SAP security consultants that manage all SAP security (using the GRC suite of tools) across multiple SAP landscapes
◦ Manage a team of consultants to work with application mangers to ensure all critical apps are tested and all technical recovery documents (TRPs) are periodically reviewed and approved to ensure business recovery objectives (RTOs & RPOs) are achievable
◦ Develop and coordinate annual IT BC exercises
◦ Process owner and tester for GCS (Change Mangament, Logical Security, and DR.
◦ Coordinate and test information technology general controls (ITGCs) on a routine basis meeting all defined deadlines
◦ Coordinate control deficiencies to ensure mitigation
◦ Process owner for the IT Risk Authority Guidelines (RAG) process
- Information Technology (IT) Manager at Reynolds American Inc
- IT Compliance Manager at Reynolds American Inc
- Finance Manager at Reynolds American Inc
- Finance Manager at Reynolds American Inc
2 years, 8 months at this Job
- Bachelor of Science - Business
- Associates - Industrial Electronics
Implemented and managed global risk-based management program to document, assess, prioritize, and mitigate IT risks across all brands and subsidiaries.
• Managed staff of 21 security professionals, employees, and contractors, responsible for providing; identity and access management, IT Compliance and Governance, Security Architecture, Security Awareness, and Incident Response services throughout the company.
• Managed annual security operational and project budgets. Successfully implementing strategic projects enhancing the company's security posture, including; a repository for tracking risks and exceptions, privileged access management, network access control, enhanced endpoint protection, and the discovery and management of unstructured information.
• Implemented a Managed Security Service Provider (MSSP) to augment existing security staffing, providing continuous monitoring of security events, and perform level 1 triage of events of interest. Managed execution of the MSSP; ensuring services align with the contract and the company's expectations.
• Managed information security operations efforts, including analysis, detection, mitigation, prioritization, and escalation of security risks and threats to the organization including; external penetration testing program, social engineering testing, and local site assessment efforts to validate effectiveness of the company's security awareness and compliance programs.
• Developed, enhanced, and published security policies and standards to remain current with technology and regulatory changes. A charter member of the Privacy committee responsible for ensuring the company's compliance with regulation such as GDPR and CCPA. Additionally, manage the company's IT SOX and PCI compliance efforts including remediation efforts to close audit findings
• Published monthly executive reports providing insight into the company's cybersecurity posture, accomplishments, challenges, and future efforts. 1
- Director IT Security & Compliance at Norwegian Cruise Lines
- Information Security Manager at LyondellBasell
- IT Compliance Manager at LyondellBasell
- Director IT Security & Compliance at Hasbro
1 year, 11 months at this Job
- Masters of Science - Cybersecurity
- Bachelor of Science - Mathematics
Managing Validation & Qualification of computerized system according to GAMP 5 methodology
- IT Compliance Manager at GM Pharmaceuticals LTD
- IT Specialist at Ministry of Justice of Georgia
- Market research and support of managing web pages at Ministry of Economy and Sustainable Development of Georgia
2 years, 8 months at this Job
- Master's - Informatics
- Bachelor's - Informatics
- Master of Informational - Informational
- Bachelor of Informational - Informational
• Lead transformation projects across IT; both large 16-week transformation projects in addition to 1-2-day kaizen events. Executed process improvement events for Cybersecurity (Third Party Connections and Third-Party Vendor Assessments), Finance (Asset Accounting) and HR (HR and NERC CIP offboarding process).
• Advised leadership on organizational design approaches to support value stream based product teams to enable Agile Transformation.
• Coach leaders on lean analysis and concepts to identify improvement opportunities within their processes.
• Facilitate value stream mapping sessions and future state design workshops.
• Manage IT Business Partner relations, IT Planning and Application sustainability efforts for the Legal, Ethics and Compliance organizations.
- Lead IT Business Analyst at Duke Energy
- IT Manager at Duke Energy
- Lead IT Compliance Analyst at Duke Energy
- Advisory Manager at Ernst & Young, LLP
6 years, 8 months at this Job
- Bachelor of Business Administration - Management Information Systems
- IT Risk and Compliance Manger at Resource Global Professionals
- Regional IT Compliance Manager at Laureate International Universities
- IT/IS Audit Manager at Bunge Alimentos
- IT Audit Manager at KPMG Information Risk Management
2 months at this Job
- MBA - Information Technology
- Bachelor Degree - Computer Science
Provide technical support for customer Role implementation and /or Role redesign by assisting customers in defining Roles and remediating potential Segregation of Duty (SOD) conflicts Provide technical support for customer implementation of SAP-based technology like Centralized User Administration, Identity Management (IDM), Single Sign-On, and SAP GRC.
• Project implementation of HANA/S4 (ver. 1809) for modules Master Data, Finance, and SD.
• Provide data provisioning for smart data access.
• Partner with business process owners to align SAP roles with business requirements
• Work closely with SAP Security team members, peer IT groups and the business community to operate and maintain a responsive and reliable SAP application security service
• Provide production support for existing security roles and functions. Triage issues with end-users for role authorizations and associated T-codes and work with end users to identify authorization errors in order to provide consultative support and solutions to the business that meet their functional requirements while adhering to the principle of least privilege
• Perform SAP GRC configuration and use SAP GRC to analyze access and provide emergency access to authorized individuals
• Perform Segregation of Duties (SOD) analysis in GRC on roles during development projects
• Comply with industry best practices around change management, user provisioning, and privileged access. Uphold corporate security guidelines including SOD and Sarbanes-Oxley (SOX) requirements during role design and modification activities
• Work with internal audit and SOX IT Compliance Manager to evaluate Segregation of Duties conflicts and consult with business units in reducing the SOD conflicts
• Participate in SAP audit discussions and help resolve the SOD/SOX issues. Contribute to developing remediation strategies for SAP security-related audit exceptions and SOD issues
• Collaborate with team members on authoring processes, standards, and policies related to the implementation and use of SAP
• Perform data collection and request fulfillment to support internal and external audit activates
- SAP Security Analyst at Houghton Mifflin Hardcourt
- SAP Security Analyst at
- SAP Security Analyst at Mead Johnson Nutrition
- SAP Security Analyst at PSEG
2 years, 2 months at this Job
- Bachelor's Degree - Business Management
- Associates Degree - Electronics