Michael J. Floris
**** **** ***** ( NORTH BRUNSWICK NJ 08902
732-***-**** (Home) . 718-***-**** (Mobile) . **********@*****.***
IT COMPLIANCE SPECIALIST - FINANCIAL SERVICES
Information Technology ~ Compliance ~ Information Protection ~ Project
Management
A highly accomplished Information Technology Professional backed by a
proven track record of managing complex projects and exceeding
expectations. Extensive qualifications in all aspects of project life
cycles, from initial feasibility analysis and conceptual design through
documentation, implementation, user training and enhancement. Recognized
project management skills, consistently delivering complex, large-scale
projects in a timely manner. Additional areas of expertise include:
Information Systems Management ( Operational Risk Management
ITIL Practices ( Audits & Regulatory Reviews ( Change Management
Project Management & Tracking ( E-Discovery ( Litigation Support (
Information Security
Compliance Practices ( SDLC ( SOX Testing ( Vendor Management
Professional Experience
Barclays Capital - Jersey City, NJ
Sept 2006 - Present
Associate Director of IT Compliance
Manage, mentor and counsel a staff of 7 full-time employees and project
related contracted employees (Project Managers, Business Analysts &
Developers). Other areas of responsibility include being the Global Change
Management Officer and the Global Business Continuity Manager (BCM) for the
IT Compliance department, as well as an acting member of the IT Compliance
Steering Committee.
Notable Projects & responsibilities Include:
. Risk Management - Drive the planning, implementation & compliance of
major regulatory initiatives (i.e. Sarbanes-Oxley, Basel II), by way
of performing risk & control assessments, incident reporting &
collections, across the Global IT Compliance organization. Coordinate
the departments' Quarterly Information Technology Controls Risk
Assessments as well as the Third-Party Vendor Information Security
Assessments to identify weaknesses, security exposures and privacy
risks. Liaison with Global Compliance, Risk Management, Audit and
Risk Review, Information Security Officers, and all resources
available to optimize IT Control policies & procedures. Also perform
trend analysis, metric reporting & statistical presentations of
operational risk, vulnerability assessments & COB planning.
. Change Management - Manage the global Change Management processes and
procedures for IT Compliance applications and infrastructure
components, using the ITIL/ITSM standards. Produce schedules of
requests for change (RFCs) for managing changes into the production
infrastructure, via Change Management Calendar; identifying and
resolving scheduling and technical issues as they arise (i.e. Code
Freezes & Emergency Access to Production). Ensuring that changes to
production have been fully tested, documented, communicated, approved,
and successfully implemented. Proactively identifying configuration
issues via impact assessments and working with Senior Management to
determine solutions. Drive adherence to the defined Change Management
processes and where appropriate initiate training to rectify non-
compliance.
. Orchestria Email Surveillance (Application Owner) - Spearheaded the
global implementation, deployment and the day-to-day support of an
email compliance platform, used to monitor email, webmail, blogs,
instant messages and the Bloomberg Professional across all channels in
real time. This surveillance solution is used in screening
potentially non-compliant electronic communications for regulatory
purposes (SEC, NASD, NYSE, FinRA, Sarbanes-Oxley, HIPAA, etc).
. Business Continuity Management - Established disaster recovery testing
methodologies within IT Compliance; planned and coordinated the
testing of recovery support and business resumption procedures, in
different functional areas. Declare all recovery procedures are
effective, for the restoration of key corporate resources and for the
resumption of critical business processes. Ensure that all technical
components of the BC plans are successfully tested at least annually.
Co
nti
nue
d
Michael J. Floris
Page Two
PROFESSIONAL EXPERIENCE (CONTINUED)
Citigroup Global Financial Markets - New York, NY
July 2005 - Sept 2006
Department Compliance & Control Officer (DCO)
Responsible for supporting two Directors, nine Vice Presidents and their
entire Shared Services & Security Administrations' Organizations with
regards to Compliance Initiatives, Sarbanes Oxley testing & Special
Projects, in the following manners:
. Risk Assessment - Identified and assessed threats, vulnerabilities and
risks; ensuring that robust monitoring, timely detection, containment
and incident response necessary to mitigate any exposures to the bank
were in place. Coordinated and performed the quarterly Risk and
Control Self Assessment (RCSA), internal audits & external regulatory
reviews. Developed recommendations to enhance internal controls,
based on reported findings. Managed all compliance activities - Audit
Points, Corrective Action Plans, Process Control Manual updates & Gap
Analyses.
. Change Management - Led Change Management & Control activities in
coordination with the department's staff & stakeholders. Responsible
for integrating the configuration management process into the
Incident, Problem, Asset Management, Disaster Recovery and New
Services processes. Developed and promoted Change Management plans
and processes, which included user testing, owner approvals, and
proper promotion to production environments. Defined software quality
compliance processes which further added to the development &
refinement of the Change Management System. Evaluated and managed IT
risks related to change control processes. Reported change management
status and future scheduled changes daily/weekly to staff &
stakeholders. Identified and initiated the problem management process
for recurring P1 tickets and other identifiable issues, resulting from
changes that did not go as planned.
. Compliance - Established IT regulatory compliance measures and tracked
remediation plans through implementation. Led complex risk management
reviews, investigations and risk assessment evaluations (including
identification of Internal Control deficiencies). Collaborated with
affected IT units and auditors to validate and verify audit findings
and/or deficiencies, as well as on-going oversight.
BLOOMBERG LP - New York, NY June 1998
- June 2005
IT Compliance & Discovery Manager
Regional Manager of the Message Compliance & Discovery Department tasked
with providing Discovery as well as Litigation Technology Support for the
Organization's Compliance Staff, Lawyers, Paralegals, as well as support
for Bloomberg clientele.
. Oversaw the retention & discovery of all Bloomberg correspondence
(emails, IMs, chats, VOIP transmissions and trades) via SANs,
Centera's CAS solutions, and/or tape back-ups.
. Developed practical relationships with Legal Staff in utilizing
litigation support technology for improved efficiency, effectiveness
and competitive advantages.
. Provided historical email retrievals for clients relating to legal
and/or compliance subpoenas and regulatory inquiries, which hit
Corporate & Investment Banks.
. Responsible for managing the procurement, acquisition and integration
of complex software applications and systems including preparation of
Statement of Works (SOWs).
. Developed and presented Legal staff training on new features &
enhancements to message compliance & discovery monitoring tools. (i.e.
Orchestria Active Policy Management).
. Facilitated Change Management procedures and controls for all
production changes to Compliance & Legal Applications, in accordance
with compliance polices & procedures.
. Defined not only the appropriate change/release initiatives to manage
the impact of future-state changes to production but also the change
risk mitigation options for Compliance & Legal applications.
. Responsible for understanding the business impact of changes and
negotiating modifications to change requests between internal and
external teams to meet the needs of the business.
. Worked closely with the Assistant Director of Legal Operations to
ensure that our records retention standards and measures were
compliant with laws, policies and procedures.
Continued
Michael J. Floris
Page Three
Professional Experience (Continued)
Special Projects & Achievements:
. Recipient of Bloomberg Transactional Products Award for Unparalleled
Performance & Dedication x2.
. Managed deployment of Transactional Products/practices to London (six
week trip), thus reducing company workload, stateside.
. Trained 100+ sales staff on Message Compliance & Discovery
applications, to aide in Bloomberg Terminal sales.
. Developed and conducted Technical Compliance Assessments, which aided
in the implementation of new policies & procedures thus improving
Message Compliance & Discovery efficiency by 41%.
IDT/NET2PHONE - Hackensack, NJ May
1997 - June 1998
IT Customer Service & Technical Support Supervisor
Coached, counseled & trained a staff of 10 - 20 reps. Challenged to
maintain and operate voice services via IP networks for corporate clients
for hardware, software, telephone, and broadband devices. A member of the
technical operations team, tasked with providing tier III support, and
first level escalation for call center tickets. Resolved non-routine,
vendor, and N2P platforms issues. Entered account information, orders,
implemented recovery procedures, and documented problems. Earned solid
reputation for resolving complex issues and providing exceptional customer
service.
Technology Overview
Platforms: Windows XP Professional, Windows2000, Windows NT 4.0, Windows
95/98 & MS DOS.
Hardware: Installation of Hard drives, Motherboards, Sound cards, Video
cards, NIC cards, Modems & Memory
Upgrades. Also, familiar with handhelds &
wireless technologies (Palm, Pocket PC & Blackberry).
Software: Checkpoint VPN-1/Firewall -1 NG, Microsoft Exchange 2003,
Microsoft Office 2000 Suite, Microsoft Visio, Microsoft Project
2003, Microsoft SQL Server 2005 Management Studio 9, SAP,
VMWare,
Blackberry Enterprise Server, CA Orchestria, Open
Bloomberg, Bloomberg API/DDE Server, Citrix &
Radia Packaging Application, Assentor Compliance
Discovery, Symantec Enterprise Vault, Discovery
Accelerator, IDEAL, CT Summation, Clearwell E-Discovery
Platform, EnCase E-Discovery & Legal
Hold v 3.1, AccessData FTK Imager, Clear Case 6 and Ultra Edit,
HP Service Center.
Education & Credentials
Bachelor of Science in Computer Information Systems - 2000
JOHN JAY COLLEGE, New York, NY
Military
United States Army, Fort Benning, GA
Sergeant . Airborne Ranger . Honorable Discharge
(1991 thru 1995)
Licenses & Certifications
Certified Orchestria Systems Professional (COSP) - 2007
Memberships & Affiliations
An acting member of the Compliance and Ethics Leadership Council (CELC) as
well as the Society of Corporate Compliance & Ethics (SCCE)