L. M. LAND, CISA, CISSP
Experienced IT auditor and information security specialist. Excellent project management experience in ensuring corporate initiatives and projects are completed within required timeframes. Extensive background in data center and application reviews, covering security, input, processing, output, change control, and disaster recovery. Fluent in Spanish and German languages.
Hardware Platforms - Large mainframe, mid-range, and client server platforms
Operating Systems - Windows, Linux/Unix, OS/400, MVS, TSO/ISPF, JCL, Novell NetWare
Applications - Microsoft Word, Access, Excel, and PowerPoint; Visio 4.0, mainframe and client server application systems
Audit Tools - ACL and Easytrieve Plus programming language
Audit Areas - Departments, Application Control, Change Management, Client Server Technology, Data Center, Data Security, LAN Security, Network Security, System Software, System Development Life Cycle, Business Recovery/Contingency Planning, SAP, SAS70, and Sarbanes-Oxley
Security - ACF2, Top Secret, Cobit, BS 7799, ITSEC, Secude, OSI, TCP/IP, FTP, Telnet, HTTPS, SSH, IPSec, SSL, IDS, IPS, VPN, S/MIME, PIX and ASA firewalls
IT Training, Independent Study, and Community Service (2007-Present)
CCNA and CCSP certifications in progress; obtaining knowledge and skills required to install, configure, operate, and troubleshoot networks and secure and manage VPNs, firewalls, and intrusion prevention systems.
Seminars and research on data privacy, SOX, auditing databases, PCI DSS, IT project management, e-commerce/e-business, Open Web Application Security Project (OWASP), code review, XSS, HIPAA, Gramm Leach Bliley, NIST, SANS, ISO 27001
Established community-based language and literacy program; recruited volunteers for training.
Robert Bosch LLC, Broadview, IL
Regional Data Security Officer/Data Security Manager (2000-2007)
Installed the information security (IS) and data privacy (DP) program in more than fifty (50) sites in North America and was responsible for the overall coordination of all IS and DP matters in the region; trained site coordinators in their IS and DP responsibilities.
Finalized the Corporate Computer Usage Policy prior to issuance by senior management.
Performed IS and DP audits in departments, including assessing their security levels and recommending safeguards to management; audited ten (10) data centers.
Conducted quarterly security reviews of seven (7) SAP systems, including partnering with KPMG as SAP Security Officer to keep abreast of the state of security in the systems.
Developed a comprehensive e-mail encryption rollout plan to disseminate ITSEC throughout North America.
Conducted a Security Awareness Campaign to sensitize associates to security and related requirements.
Conducted a workshop in Europe on auditing to associates of the International Data Security Officer Forum.
Chicago Title and Trust Company, Chicago, IL
Information Systems Audit Officer (1999-2000)
Developed and implemented audit objectives, organized and analyzed audit data, reported audit findings, and made recommendations to management; assisted external auditors with the review of the corporation’s multi-million dollar technology initiative to allow customers to order, track, and receive credit, flood, appraisal, title, escrow, and closing products and services through an interconnected network of interfacing systems; developed the firewall, UNIX, application, and change control audit programs for the review.
Bally Total Fitness Corporation, Chicago, IL
EDP Auditor (1998-1999)
Developed and implemented audit objectives, organized and analyzed audit data, reported audit findings, and made recommendations to management; assisted external auditors with year-end general controls review of the AS/400 and analysis of corporate data using ACL software.
AuditForce, Inc., Chicago, IL
Information Technology Auditor (1997-1998)
Developed audit programs and implemented application, security, general controls, and data communications and networking reviews for clients of utilities, banking, insurance, and manufacturing industries.
Loyola University Chicago (Loyola University Medical Center), Maywood, IL
Information Systems Auditor (1990-1997)
Planned, developed, and implemented audit objectives; organized and analyzed audit data; reported audit findings; and made recommendations to management; conducted ACF2 and MVS audits and joint CICS audit with external auditors.
Provided support to the internal auditing department in developing and maintaining computer assisted audit programs for use in general ledger, financial aid, housing, statistical sampling, ad hoc reporting and year-end procedures for external auditors. Programs were written in Easytrieve Plus and Panaudit Plus programming languages. Also developed and maintained the department’s inventory of computer programs.
Natural Gas Pipeline Company of America (MidCon Corp.), Lombard, IL
A Subsidiary of Occidental Petroleum
Senior Auditor/EDP Auditor Specialist (1983 – 1989)
Planned, developed, and implemented audit objectives; organized and analyzed audit data; reported audit findings; and made recommendations to management.
EDUCATION & CERTIFICATIONS
Certified Information Systems Security Professional (CISSP) designation
Certified Information Systems Auditor (CISA) designation
Past board member of the Information Systems Audit and Control Association
M.S., Computer Science, DePaul University, Chicago, Illinois
B.S., Mathematics, University of Illinois, Chicago, Illinois