PHILIP A. LICATA, CISA

**** ******** ***** ***** ********, Ohio 43026

614-***-**** or 614-***-****

abiyeu@r.postjobfree.com

www.linkedin.com/in/philiplicata

OBJECTIVE

To obtain a position in IT Risk Management. I have a broad background

that includes PCI,, Sarbanes Oxley, HIPAA, GLBA, Risk Assessment, IT

Governance, Business Continuity Management, Application Controls and IT

Security, using the following frameworks (COSO, COBIT, NIST, ITIL, and

ISO).

EXPERIENCE

Independent Consultant 2009 -

Present

Technology Risk Management

Independent consultant providing IT Risk Management services. Projects

include:

. Sold and performed IT Security Assessments (PCI, HIPAA, INFOSEC),

provided IT security advisory services to clients, managed client

relationships for an IT security consulting firm.

. Providing IT general controls consulting services (SOX) for an

International Energy Company.

Jefferson Wells 2007 -

2009

Director, Technology Risk Management

Managed the overall Budget and Administration, for the Columbus,

Cincinnati and Indianapolis Offices of the Technology Risk Management

practice. Responsible for selling, performing and managing firm

services for the Technology Risk Management practice (IT Internal

Audit Services, Data Analysis, Business Continuity Management

Services, Business Controls Consulting, Security Solutions, PCI - DSS,

IT Governance Risk & Compliance (GRC) and SAS70's) in the Columbus,

Cincinnati and Indianapolis markets.

. Increased brand awareness by conducting roundtables in Columbus,

Cincinnati, and Indianapolis covering PCI and IT Governance.

. Managed and performed the overall execution and completion of large

complex IT audit projects on time within budget, providing strategic

direction to clients.

. Effectively addressed unusual and difficult issues.

. Managed and performed Payment Card Industry (PCI) projects including on-

site reviews, self-assessment assistance using Jefferson Wells project

management methodology. Conducted both annual and quarterly network

scans required for PCI compliance. (QSA - Qualified Security Assessor -

PCI DSS)

. Managed Internal/External Vulnerability Assessments, Attack and

Penetration Tests (Critical Watch).

KPMG, LLP

2005 - 2007

Senior Manager, Information Risk Management

Managed the Columbus and Indianapolis Offices Technology Risk Consulting

practice. Responsible for selling, performing, and managing firm services

for the Information Risk Management practice (Internal Audit Services, Data

Analysis, Business Continuity Management Services, Business Controls

Consulting, Security Solutions, Governance Risk Compliance, and SAS70's) in

both the Columbus and Indianapolis markets.

. Managed and performed a Governance Risk Compliance gap analysis and

implementation project.

. Involved in the development of Information Risk Management personnel,

which has resulted in the promotional opportunities for several

personnel.

. Managed and conducted a Health Insurance Portability and Accountability

Act (HIPAA) Privacy and Security regulation readiness assessment and

gap analysis.

. Conducted key peer reviews of other KPMG office projects, providing

timely and constructive feedback.

. Managed and performed large engagements with firm's key strategic

clients.

Cardinal Health, Inc. 2002 - 2005

Director IT

Audits

Managed IT Audit Practice Worldwide. Developed internal audit plan on an

annual basis that aligned with corporate strategic imperatives, high-risk

areas, and concerns of IT management. Involved in various strategic

businesses and IT initiatives. Managed multiple complex and specialized

engagements.

. Increased the number of IT Audit personnel from one to eight.

. Increased IT Audit projects from 10% of the audit plan to over 45% in

the overall Internal Audit plan.

. Developed a trusted, collaborative working relationship with the CIO

and direct IT reports.

. Involved in the development of IT Audit personnel, which has resulted

in the promotional opportunities for several personnel. (3 to Manager,

and 2 to Senior).

. Implemented an integrated audit approach for all financial and

operational audits for Cardinal Health.

. Performed and managed IT audits worldwide.

. IT Lead for the Project Management Office of year one Sarbanes Oxley

for Cardinal Health Worldwide.

. Managed and performed IT Audits.

. Managed and performed large ERP controls implementation (JD Edwards).

. Managed and performed Integrated Audits and Operational Audits.

ANDERSEN, LLP

2000 - 2002

Senior Manager, Technology Risk Consulting

Managed the overall Assurance Practice (Administration, Personnel,

Scheduling, and Billing) for the Columbus Ohio Office Technology Risk

consulting practice. Responsible for selling, performing, and managing

firm services for the Technology Risk Consulting practice (Internal Audit

Services, Data Analysis, Business Continuity Management Services,

Application Controls Consulting, Security Solutions, E-Business Solutions,

and SAS70's), generating over $2M in sales.

. Increased the number of Audit support hours by 40% for the Columbus

Ohio Office Technology Risk Consulting Group by building better

relationships with Audit Partners and producing value added

deliverables.

. Developed, reviewed and implemented Business Continuity Plans for

clients

. Developed the Sales Tools, and Marketing brochures for the Business

Continuity Management Services.

. Involved in the development of Technology Risk Consulting personnel,

which has resulted in the promotional opportunities for several

personnel.

. Managed and performed large engagements with firm's key strategic

clients.

ERNST & YOUNG, LLP

1997 - 2000

Manager, E-Risk Solutions

Managed the Ohio Valley E-Risk Solutions Group, in Columbus, Ohio.

Responsible for selling, performing and managing firm services for the E-

Risk Solutions group (Internal Audit Services, Data Analysis, Information

Technology Effectiveness Services, Application Controls Consulting,

Enterprise Security Solutions, E-Business Solutions, and SAS70's).

. Involved in the development of E-Risk Solutions personnel, which has

resulted in the promotional opportunities for several personnel.

. Performed quality assurance reviews for other offices in E-Risk

Solutions resulting in more effective and efficient processes, and

value added deliverables.

. Managed and performed ERP controls implementations and reviews (Oracle,

PeopleSoft, and SAP).

. Managed a performed IT Audit projects.

. Provided IT Audit support for firm external audits.

EDUCATION/CERTIFICATIONS

Robert Morris University, Pittsburgh, PA

B.S. Business Administration

Major: Computer Information Systems

CISA - Certified Information Systems Auditor

Contact this candidate