Security Information
Resume:
H. Peet Rapp MBA, CISA, CISM
** ******* ****** ( CONCORD, NH 03301
****.****@*****.*** 603-***-**** / 603-***-****
WWW.VISITMYID.COM/PEETRAPP PLAN TO RELOCATE
Senior Information Compliance, Risk, and Security Advisor
IT compliance auditing and security risk assessment experience from 155
healthcare, finance, hi-tech and manufacturing companies. Work with
ISO2700x, NIST and CobiT control standards. Thought leader in IT security
and compliance for cloud & in-house enterprises. ISACA NE board member.
Daily lap swimmer.
Skill Sets -
Information Security or Compliance Risk Assessment -Using Archer or similar
online information platform, determine information security or compliance
control risks via business impact assessments - security risks quantified
in "likely dollars lost."
Third Party Provider Information Security Assessments - Use of Archer
online information platform with ISO, NIST or CobiT security controls,
assess provider's operational risk strengths and weaknesses.
Develop or Upgrade Written Information Security and Compliance Policies and
Procedures - for information security and/or compliance, using CobiT, NIST,
ITIL or ISO2700x standards. Appropriately detailed and aligned to the size
and nature of company. Easy-to-read. Easy-to-comprehend.
FISMA Compliance - Required for client service contracts with the US
government. Map clients' info security to FISMA requirements; identify then
develop remediation plans for any information security shortcomings; revise
information security policies and procedures as needed, using NIST
standards.
Management of Information Security Operations and Upgrades - Identify
current information security weaknesses via security risk assessment,
institute fundamental information security procedures, ongoing user
security awareness, reduce IT firefights, reduce costs, increase time for
proactive IT projects.
PCI- DSS Compliance
Creation of IT General Control Frameworks - Per CobiT, NIST or ISO2700x
standards, create documented procedural frameworks including access
control, configuration management, data inventorying, incident response,
physical security, SDLC and other information controls, as required.
IT Audit - As an individual contributor or team member - devise an audit
plan; work with IT staff to obtain required evidences; conduct audit;
prepare findings report; per PCAOB AS 5 statement; for both accelerated and
non-accelerated filers.
SAS70 Audit - Types I and II. Now replaced by SSAE No.16 audits.
Disaster Recovery / Business Continuity (DR/BC) - Identify likely incidents
leading to loss of operations; determination of Recovery Point Objective
(RPO) and Recovery Time Objective (RTO). Implement recovery planning and
training for staff. DR/BC properly configured for client's specific needs.
MA Citizens Information Privacy Act (201CMR17) Compliance Audit and
Remediation - Educate clients the requirements of this act. Create
information flow diagrams for all personal identifiable information (PII)
streams, identifying information storage venues, processing and ownership.
Departmental Management - Develop job descriptions, recruit, develop
training programs, manage and terminate, when required, 10-20 department
staff.
Technical Research - primary and secondary research - in the areas of Cloud
security and IS compliance resulting in publications, presentations and
whitepapers with an effective message.
Employers and Contracted Clients
IntraLinks
Charlestown, MA 2011
. Upgrading of Written Information Security and Compliance Policies and
Procedures
. Information Security Risk Assessment
Cambridge Systematics, Inc.
Cambridge, MA 2011
. FISMA Compliance
. Information Compliance Risk Assessment
Granite State Management & Resources
Concord, NH 2010 - 2011
. FISMA Compliance
. Creation of Information Security Training Policies
Fidelity Investments
. Third Party Provider Information Security Assessments
Lowell, MA 2010
Iron Mountain
Boston, MA 2010
. Third Party Provider Information Security Assessments
. Creation of Security Policies
. Management of Information Security Operation
ISACA Lowell, MA
2009 - 2010
. Business Technology Research
MFA Cornerstone Consulting, LLP
Tewksbury, MA 2007- 2009
. MA Citizens Information Privacy Act (201CMR17) Compliance Audit and
Remediation
. SAS70 Audit
. Disaster Recovery / Business Continuity
. IT Internal Audit
. Information Security and Compliance Risk Assessment
C&S Wholesale Groceries
Keene, NH 2006 - 2007
. PCI DSS Compliance
. Creation of IT General Control Frameworks
. Disaster Recovery / Business Continuity
Technology Business Review Hampton,
NH 2006
. Business Technology Research
Solidworks, Inc.
Concord, MA 2006
. Creation of IT General Control Frameworks
. Information Security and Compliance Risk Assessment
. Internal IT Audit
Kennedy Information
Peterborough, NH 2006
. Business Technology Research
Bearing Point
Foxboro, MA 2005
. Creation of IT General Control Frameworks
. Internal IT Audit
. Information Security and Compliance Risk Assessment
SoftLanding Systems Peterborough, NH 2003 - 2005
. Business Technology Research
Info-Tech Research Group London, ON 2001 - 2002
. Business Technology Research
Gartner Dataquest Lowell, MA 2000 - 2001
. Business Technology Research
AcitveMedia Research
Peterborough, NH 1999 - 2000
. Business Technology Research
Accomplishments, Publications, Certifications and Education
Primary co-author ISACA ebook IT Control Objectives for Cloud Computing:
Controls and Assurance in the Cloud
July 2011
Creator/Presenter ISACA Webinar Cloud Computing Security & Audit March
2010
Six Technical ISACA Presentations - Cloud Security and Audit Issues
Nov 2009 - Oct
2010
Co-author ISACA white paper Cloud Computing: Business Benefits With
Security, Governance and Assurance Perspectives
October 2009
Author of MFA Blog Disaster Prevention During Winter in New England! Jan
2009
Creation of a Simplified, Reduced IT General Controls Framework for non-
Accelerated Filers for SOX Compliance - Accepted by clients' external
auditors Grant Thornton, Deloitte and PwC
October 2007
Author of The Public Sector Consulting Marketplace 2006: Key Data, Trends &
Forecasts report for Kennedy Information
June 2006
Author of Fujitsu Global Services Businesses for TBRI
July 2006
Creation of easy-to-read / easy-to-comprehend IT General Controls
Framework, for client companies of all sizes and industries, linked to
their actual business processes.
September 2005
Author of C-level white paper AN IT EXECUTIVE'S OVERVIEW OF THE SARBANES-
OXLEY ACT OF 2002 for Softlanding Systems October 2003
Author of Top 100 E-Commerce Websites for Active Media March 2000
CISA - Certified Information Systems Auditor #0861348 - 1/7/2008
CISM - Certified Information Security Manager #1116556 - 4/20/2011
MBA - University of Pittsburgh, Pittsburgh, PA
BSME Cum Laude - Syracuse University, Syracuse, NY
Contact this candidate