Quality Security
Resume:
Compliance & Security Specialist
Process Analyst/Risk Assessment Expert
Summary of qualifications
. Leading ISO certification project (ISO 27001/17799, ISO 9001, ISO 13485,
ISO 31000 and OHSAS18001)
. Conducting and leading multiple Risk & Security Compliance projects (SAS
70, OWASP, HIPPA, FDA, 21CFR210, SOX, OSHA, NIST, HITECH, PCI,
ISO20000/ITIL, COBIT, DLP program)
. Leading projects with emphasis on a continuous improvement of business
process, Information security, Quality auditing, Business data analysis,
Gap analysis, Risk assessment, Problem solving, Analytical tools (RCA,
FMEA, Six Sigma DMAIC, balanced score carding
. Developing and implementing integrated management systems (Quality and
Information Security).
Professional EXPERIENCE
. Chief Compliance Officer, Quantros, Inc., Milpitas, leading provider of
software solutions to the healthcare industry (From August 2010- Present)
. Monitored the implementation of wide-company compliance program as
defined by ISO27001/27002 and HIPPA privacy and security standards.
. Conducted security compliance assessments using (COBIT, ISO, HIPAA)
security standards.
. Developed a corporate compliance audit plan based on the strategic
objectives established in the Information security committee.
. Reviewed all system-related information security plans throughout
Quantros's network to ensure alignment between security and privacy
practices.
. Participated in the development, implementation, and compliance auditing
of all business associate agreements.
. Created tools to perform privacy and security risk assessment (CIA),
incident response, business continuity impact and disaster recovery.
. Worked closely with engineering department to identify opportunities for
improvement and to mitigate privacy and security risks (secure coding
framework, OWASP, SDLC)
. Chaired a cross-functional Information Security Committee.
. Conducted Privacy and Security education and training sessions to all
Quantros locations and employees related to Quantros's security best
practices, regulations, and legislation that impact operations.
. Quality & Security Specialist: EVEO, e-digital healthcare agency, San
Francisco (February-July 2010)
. Assisted in building a dual Quality and Information Security Management
System (QMS/ISMS) based upon ISO9001/ISO13485/ISO27001.
. Performed gap analysis of business processes and opportunities to
improve performance, and address customer issues.
. Assisted in application development and support groups at Eveo improve
their client delivery services through the implementation of Lean process
principles and tools.
. Led the analysis of business and customer data to identify customer
concerns, and gaps in business processes.
. Documented Gap Assessment analysis for all business processes.
. Performed investigations into non-conformances and product deviations.
. Coordinated and performed audits of both internal and external
operations.
. Identified compliance risks and reported findings to management with
recommendations for resolution.
. Implemented a Security Measurements Program and metrics plan using Data
Loss Prevention (DLP) technologies.
. Security and Quality Manager: INTERXION, Major European
telecommunications service provider, Schiphol-Rijk, Netherlands (May 2008-
December2009)
. Obtained national ISO 27001 certification for Information Security
Management System (ISMS) for the headquarter operations and its six data
centers.
. Member of the European quality and security committee and local
management team.
. Participated with the managing director in setting up the company's local
strategy in line with corporate goals.
. Managed and coached the local Quality and Security committee.
. Developed and implemented business process guidelines and a workflow
models to support process.
. Generated multiple operation reports and metrics (e.g. SLA reports and
customer monthly reports).
. Ensured quality and security of technical operations and standard
operating procedures (SOPs) for auditing.
. Responded to all tenders; coordinated internal audits and customer-
required external audits.
. Coordinated and monitored crisis resolution plans for critical operations
(Call-Center, Power/cooling system).
. Monitored Risk analysis; implemented the corrective/preventive action
plan and business continuity plans; developed continuous improvement
programs in using Kaizen and Six Sigma concept.
. Ensured compliance with Interxion group policy and legal requirements for
six facilities.
. Business Process and Compliance Specialist: RICOH, World leader
manufacturer of electronic and electrical office equipment, Paris, France
(February 2006-April 2008).
. Formulated company-wide view of business-system processes and their
decomposition
. Designed extensive process structure to satisfy ISO9001 requirements
. Reviewed and propose solutions to the existing SLA and KPI's and
component targets and performance currently being achieved (including the
reporting/scrutiny arrangements)
. Led the planning, scoping and execution of SOX audits, part of planning /
scoping and execution of internal, risk-based and operational audits,
identification of control gaps, quality reviews.
. Performed the following for all RICOH regions: compliance reviews, SOX
self-assessment coordination and the development of standard operating
procedures for Pricing and customer Payments.
. Implemented inventory management processes and supply chain planning
. Quality, Security & Environmental Manager: REX ROTARY, Division of Ricoh,
Sarcelles, France (May 2003-January 2006).
. Obtained the national combined (ISO 9001/ISO14001/OHSAS18001)
certifications for 45 branches.
. Participated in strategic planning; led implementation of quality,
health, safety and environmental policies.
. Ensured adherence to quality/environment standards; identified gaps and
created corrective actions database.
. Audited operating processes and suppliers; reviewed improving process
efficiency.
. Ensured execution of corrective actions and compliance with customer
specifications.
. Analyzed changes and conducted environmental and health-risk assessment:
Root Cause analysis (RCA) and Failure Mode and Effect Analysis (FMEA).
. Environmental Manager: REX ROTARY, Sarcelles, France (May 2002-April
2003).
. Obtained the national combined (ISO 14001/ OHSAS 18001) certification for
45 branches in France.
. Developed an Environmental and Safety Management System; led a team of 50
environmental representatives.
. Conducted 30 internal audits to ensure operations were executed within
environmental regulations.
. Executed a waste-recycling program for hazardous materials and cartridges
to optimize utilization of resources.
. Identified environmental impacts of all operations and helped departments
to develop improvement goals.
. Organized training sessions for all staff and produced a teaching kit on
environmental issues.
. Quality Assurance Engineer: MAQUET, Manufacture of
medical devices, Orleans, France (June 2001-April 2002)
. Obtained quality management system certification in compliance with the
ISO 9001 and ISO 13485 standards.
. Upgraded existing GMP system to new Quality System Regulations.
. Coordinated the consolidation of data for the Annual Product Review.
. Coordinated the validation program: proposed and executed protocols for
Analytical Methods Validation,
. Conducted company-wide employee training on quality and compliance
topics.
. Assisted manufacturing units on regulations, review of
corrective/preventive actions and recall activities.
. Introduced SPC methods as part of the company's continuous quality
improvement program.
. Consultant: INTERVENANCE, Consulting company, Paris, France (2000 -
2001).
. Advised companies on environmental issues: resources usage aspects,
pollution reduction, waste management and environment-risk assessment.
. Engineer: INRS, National Institute of Research and Safety, Nancy, France
(1999-2000).
. Developed decision-making software for chemical-risk assessment in small-
and-medium-sized enterprises (SMEs) regarding health, safety and
environmental regulations.
EDUCATION
. M.B.A. Master of Business Administration in Project Management, CNAM-IIM
(Conservatoire National des Arts et Metiers-International Institute of
Management), Paris-France, dual degree in cooperation with the University
of California in San Bernardino, Graduated: 2007.
. M.S. Quality & Environmental Engineering, INPL-ENSAIA (National
Polytechnic Institute of Lorraine), Nancy, France, 2000.
. B.S. Biochemistry, Tours University, Tours, France, 1999.
CERTIFICATIONS/QUALIFICATIONS
. Trained in CISSP (Certified Information Systems Security Professional),
San Jose, CA, June 2011.
. Trained in CSSBB (Certified Six Sigma Black Belt), ASQ Silicon Valley,
San Jose,CA, Oct. 2010.
. Trained in CQA Certification (Quality Auditor), American Society for
Quality, ASQ, April 2010.
. Certificate in ISO27001 Lead Auditor (ISMS Auditor), HSC, Certified:
November 2008
. Trained in Health and Safety management (OHSAS 18001), AFAQ/AFNOR, Paris
France, March 2006.
. Certificate program in Quality Auditor (ISO 9001), XL Consultants S.A,
Paris, France September 2005.
Various
Computer skills: MS Office, Visio, SharePoint, Power Point, Excel, Minitab,
SAS.
Bilingual: English/French.
Contact this candidate