Management Security
Resume:
Mobile: 856-***-****
Matthew Kasurkin C CISO CISA, CRISC
Email: acumal@r.postjobfree.com
Secret Security Clearance
Managing IT Compliance Professional
● Medical Services ● Federal Government ● Insurance ● Financial Services
IT Strategist and implementer with focus on leveraging technology resources to support business priorities
and achieve extraordinary goals that impact bottom line success.
Natural leader with expertise in selling and managing IT Audit, Compliance and Information Security services for large and complex enterprises. Recognized for cutting overhead, improving business processes and tightening security. Known for exceptional strengths in the below areas:
Versatility: Wear many hats. Repeatedly tasked to orchestrate large scale IT initiatives that encompass integrated security reviews, audits and risk focused reviews related to Regulatory Compliance standards. Specifically in IT/technical specifications of IT Governance, Vulnerability Analysis, Penetration Testing, Program Management, Forensic Services, Risk Focused IT and Financial Examination consulting on behalf of state insurance and commerce departments.
Leadership: Steadily promoted through the IT ranks by USA’s top consulting companies. Acquired hands-on leadership skills and training as a road warrior consultant.
Initiative: Expert at taking a vague idea and transforming it into a functioning new business process.
TECHNICAL SKILLS
Operating Systems: Windows 7, Active Directory, UNIX, AS400 and OSX
ERP Systems: SAP, PeopleSoft, Oracle, J.D. Edwards, Solomon, MS Dynamics
CAAT: IDEA, ACL, Active Data, TopCAATS, ProSystem fx Engagement, CCH TeamMate, Align GRC,
Programming Languages: SQL, JavaScript, ASP, VBscript
Security Tools: BackTrack / Kali, GoldDisk, Nessus, Nmap, Qualys
PROFESSIONAL EXPERIENCE
Regional IT Compliance Manager Americas Region, International SOS, Inc., TREVOSE, PA 2014 – Current
Leading Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Program to ensure assessment, maintenance and successful receipt of Report of Compliance “ROC” for PCI DSS. 3.1 Level 1 certification:
oBy advising and collaborating with IT and Business leaders to provide support and guidance on PCI 3.1 eligibility, scope, regulations and guidance on appropriate Self-Assessment Questionnaires (SAQs) requirements.
oPerforming on-going risk assessments to identify gaps and apply compensatory controls where applicable.
Built automated tools that capture information about Medical Assistance. Information & Tracking and their associated IT computing environment through maintaining a master index of audit questions to create an operational reference library in a systematic, repeatable and efficient way.
Instrumental in coordinating compliance remediation efforts by effectively raising compliant third party audit capability levels from approximately 25% compliant to over 85% compliance in just 12 months for over 8 systems.
oGather risk data, compliance information, and evidential matter from employees, partners, vendors, and other subject matter experts to perform internal assessments
oEnforced IT Risk Third Party Vendor Management reviews to perform onsite examinations over Information Security and management of information systems, physical security, Incident-Reporting and Management Programs and business resilience review.
Review data protection agreements to provide constructive, workable solutions that comply with data protection laws and contractual commitments while supporting business strategy.
Manager, DSSP Consulting Inc. LLC, MITCHELLVILLE, MD 2012 – 2014
Developed pursuit strategies for new business opportunities within Army, Air Force, Navy, Marine Corps, and Coast Guard for IT Compliance, Certification & Accreditation Services.
Lead Business Development processes and effectively communicate with senior internal and external customers.
Provided analysis on competitive environment assessment, technology applicability, market dynamics, price to win analyses and probability of winning
Developed and executed capture plans for specific business opportunities within the Request For Proposal (RFP) lifecycle.
Served as an advisor and collaborator to Internal Audit and Information Technology Services (ITS) group of a Water Treatment and Water Supply Distribution Company in performing a risk assessment along with an Information Security controls review, which was based on NIST SP 800-53/53A Control Classes.
Managed the review of AP invoices using CAAT’s to verify invoices were coded correctly, accurately, accounted for and followed Company’s policy and procedures.
Collaborated with third party vendor to develop a threat model for performance of an SAP Vulnerability Assessment and Penetration Test using the Onapsis X1 security and monitoring and compliance tool which consisted of the following:
oLandscape Discovery & Mapping: The use of intelligent network scanning techniques that depict at fist glance how the SAP landscape topology is deployed.
oBlackBox Security Assessment: Assessment of SAP Network services in blind mode, trying to detect as many vulnerabilities as possible in a non intrusive way.
oAttack Vector Probes: Mapping of vector attacks that could take place by abusing the discovered vulnerabilities that could imply severe economic impact to the business.
oWhiteBox Security Assessment: Attempt to exploit vulnerabilities to perform successful attacks to achieve privileged access to the targeted systems.
Manager, EisnerAmper LLC, JENKINTOWN, PA 2010 – 2012
Drove continuous improvements in organizational capacity and efficiency in IT Consulting Group during a period of accelerated growth (2X revenue increase).
Succeeded in multi-project environment to deliver strategic and tactical leadership for the SSAE-16 practice for over 12 clients.
Managed a team of six IT seniors and staff on IT Attestation, Compliance and Standards ensuring that all engagements were completed on-time and budget (on average 15% under budget). Engagements included SOx Attestation, PCI-Compliance Reviews, HIPAA Reviews, Model Audit Rule Reviews, Meaningful Use Reviews, ISO 27001/2 Reviews, Penetration Testing, Vulnerability Assessment and Forensic Services,
Managed and lead IT staff from coaching to semi-annual performance management reviews.
Developed IT training/seminars for various industry hot topics.
Served as direct security and information systems strategist and advisor to the CIOs with focus on achieving:
oEffective and practical application of CobiT, COSO, NIST, ISO 27000 Series, NERC CIP, SDLC for Validation and Governance.
oImplementation of Configuration and Change Management Validation.
oCoordination of cyber security planning, education, initiatives and information exchange
oSecurity and Risk Management Compliance.
Performed multiple pre- and post-implementation reviews of SAP, for fortune 500 Companies.
oScoped IT General / Application controls for the implementation COTS and internally developed applications.
oConsulted on creating an effective user provisioning process for management of role owners and data owners to review active users and user access rights to ensure:
Inappropriate access is removed
Evidence of access changed as a result of the review process is documented and retained
Proper segregation of duties is maintained when users are granted access to multiple user access group or roles.
Senior Associate, RSM McGladrey, GAITHESBURG, MD 2008 – 2010
Planned, conducted and lead IT and financial examination consulting and management in connection with statutory examinations on behalf of state insurance departments, commerce departments and internal audit services of financial services companies.
Prepared reports, exhibits, and other supporting schedules that detailed a company's solvency, condition and compliance with laws and regulations, as well as recommend solutions to questionable IT conditions.
Performed reviews of examination work papers and evaluated insurance companies IT practices.
Senior Consultant, SMART & ASSOCIATES, LLP, DEVON, PA 2006 – 2008
Served as a team leader in performing Type II SAS 70 attestations for executive benefits planning solutions, tax services, technology third party providers, compensation consulting, and wealth creation and preservation sectors.
Served as a team leader in performing SOx 404 attestation for numerous Pharmaceuticals, Insurance, Energy, Financial Institutions and Manufacturing fortune 500 Companies.
Performed a risk assessments for 21 CFR Part 11 by identifying potential threats in the Company’s IT control environment in the areas of information security, data logging, recipe management, audit trails, version control and reporting.
Documented clients IT department Standard Operating Procedures (SOPs) procedures to comply with SOx, 21 CFR, HIPAA and ISO 27000. This included documenting application and network & infrastructure security, data backup, password policies, change management and end user computing.
oAssisted in performing various GMP, GLP and GCP pre-assessment audits.
Managed and mentored staff with performing the following tasks:
oEstablishing and managing a Security Risk Management Program
oDeveloping, updating, reviewing security policies and standard operating procedures
oPerforming Risk Assessments
oReviewing working papers and providing guidance to effectively increase the quality and understanding of IT General and Application Controls.
oAttending daily/weekly meetings with management and providing status reports of the overall progress, obstacles, and deliverables to management.
Served as a liaison for IT management & C-Level executives on Business end for delivering a unified product to the client.
Associate, KPMG LLP, LONDON, UK 2006 – 2006
Assisted in delivering fixed asset models for the merger of Company and Britain’s P&O Authority.
Prepared and analyzed financial and economic data for tax and regulatory compliance through the use of MS Word, Excel, Access and various statistical sampling packages.
Translated and interpreted financial data from Russian into English and acting as a liaison between KPMG Russia and KPMG United Kingdom.
Associate, KPMG LLP, PHILADELPHIA, PA 2004 – 2006
Served as a team leader for a portfolio of client engagements for Financial Services, Manufacturing, Computer Services, and Energy companies including SOx integrated audits, SAS 70 and internal audits.
Delivered advisory services related to IT Governance, IT Risk Management, IT Compliance, Disaster Recovery, Business Continuity and Business Process Re-Engineering.
Managed day-to-day activities of audits, planned and budgeted engagement time, performed risk analysis and developed work programs according to scope.
Provided management with engagement status, and maintained contact and a good standing relationship with Company’s C-Level executives.
Assisted with the development and delivery of local and national training curriculum for numerous firm training such as Database Security, IT Governance, and IT Risks in Healthcare.
Consultant, CIGNA INSURANCE CO., VOORHEES, NJ 2000 – 2004
Implemented improvements and performed maintenance of the online helpdesk system used by approximately 33,000 CIGNA employees nationwide.
Assisted in raising the revenue of Online Help Desk to over $1 million in the 2003 fiscal year.
EDUCATION
Drexel University, Philadelphia, PA B.S. Information Systems, 2004.
CISA certification 2006 (Certified Information Systems Auditor)
C CISO certification 2012 (Certified Chief Information Security Officer)
CRISC certification 2011 (Certified in Risk and Information Systems Controls)
Oracle Database Security, Oracle, 2011
SAP Auditing for SOx Compliance, 2007
SANS: Mobile Device Security and Ethical Hacking, 2013
AWARDS
Recipient of Exceptional Performer award in KPMG LLP for the year of 2005.
Also received seven Encore Awards for exceptional performance at Smart & Associates, RSM McGladrey and EisnerAmper.
PROFESSIONAL ORGANIZATIONS
Information Systems Audit and Control Association - ISACA
International Information Systems Security Certification Consortium, Inc. - (ISC)2
International Association/Society of Industrial Security Professionals – ASIS
EC-Counsil
InfraGard
Contact this candidate