BEATRICE BLOCK, CISA, CISSP, CISM, CIA, CGEIT, CBM 914-***-**** M 914-***-**** H
ablva7@r.postjobfree.com www.linkedin.com/in/beatriceblock / http://www.jobfox.com/people/BeatriceBlock
IT AUDIT & CONTROLS PROFESSIONAL,
Project Manager/Leader, Corporate Officer – Audit, Security, Compliance & Risk
Dynamic communicator who empowers diverse-disparate teams to collaborate and optimize performance.
Astute problem-solver whose troubleshooting skills help eliminate “unsolvable” challenges inherent in conventional methods.
Extensive track record for correcting IT controls issues in world-class financial services environments via focused audits and
recommendations. Highly skilled in corporate security, compliance (COBIT, COSO & SOX 404, GLB, EuroSOX, Basel II, HIPAA,
SEC, OCC, FFEIC, FISMA, US Patriot/Privacy Acts, NIST, ISO17799/2700), governance, infrastructure architecture controls,
business continuity, security awareness, multi-site operations, program/project management, turnarounds and team leadership.
CORE COMPETENCIES
• Quantitative IT Risk Assessment • SDLC, RAD, Application development • System process work flow diagrams /
• Project Management, PMO, and • Web Security – 2.0, Websphere, narratives and controls analysis
Corporate IT governance OWASP, Cloud Computing • Business Continuity Planning/DR
• Strategic & Tactical IT Security/Audit • Identity, Profile & Access management • • PCI/DSS & Email Federal Compliance
planning & budgeting & management Data Security & Sec Stds Definition Regulations
• Security Architecture-all layers: • Security Awareness: IT Technical and • Mentoring and Team building
Networks, O/S and Applications Business views • E-commerce and EDI controls
• Policy and Procedures: assessment, • Control risk/modeling analysis/ • Vulnerability assessments with
development, standards, frameworks: assessments (SOX, SAS70, GLBA, security packages, CAATs, & Pen tests –
COBIT, ISO 27002/17799, FISMA, NIST FFIEC) to Risk Mgt Plan/Framework • viruses, worms, malware
800, ITIL, CMMI/ISO15504 Liaise w/ key stakeholders: Users & IT • Vendor Mgmt & Negotiations
SELECTED ACCOMPLISHMENTS
Directed successful Bank of China compliance projects; gained 100% Fed approval of systems security controls
framework.
Turned around troubled SOX review project for Steve Madden, completing process in days, not weeks.
Led security implementation for IBJ-Mitzuho Bank, building fully-secure distributed system for 5000 users.
Created safer enterprise for Fleet Brokerage with improved IT response to cyber invasions CIRT.
PROFESSIONAL EXPERIENCE
BEATRICE BLOCK ENTERPRISES, INC. 2003 – 2010
Security, Compliance, Risk and Audit projects for SOX, PMO, Security Infrastructure Architecture, Security Awareness, Risk
Assessments, Security Reviews (SAS 70)
Information Technology Audit, Security & Compliance Project Manager
Most Recent: Security Awareness development & rollout for Allianz Global Investors, 2009 - end Jan 2010.
Security Awareness development & rollout for NYC Dept of Education 2007-2008
Performed multiple assignments to world class organizations including banking, real estate, brokerage and manufacturing.
Clients: Instinet (brokerage), Provident Bank, SL Green Real Estate, Westcon Group (global networking), CIT,
JPMorganChase, Citigroup, Roslyn Savings Bank, Israeli Discount Bank, Allianz Global Investors.
Developed and presented plans/schedules for security project execution; monitored progress to ensure completion within
timeline and budget guidelines. Provided regular project status reports to senior leaders and key stakeholders.
Identified and mitigated security risks inherent in new technology, products and external relationships.
Conducted reviews, assessments and quality audits. Assured controls adequately addressed user provisioning, authentication,
authorization, architecture, integration with other applications. Created and rolled out enterprise security policies and
procedures.
Led/performed SOX 404 IT initiatives for Citibank, JPMorgan Chase, AIG, Bank One, Fleet Bank, Provident Bank -
performed IT infrastructure/application Risk/Security/Compliance assessments for financial, insurance, medical,
manufacturing and other institutions per regulatory requirements. Evaluated/reported compliance/control gaps with corrective
recommendations for greater control, reduced risk and improved business performance.
Recruited internally to fix over-budget, delayed systems conversion project for Fortune 50 following leadership
transition - Leveraged Coopers & Lybrand project management experience to refocus teams to tactical objectives;
completed projects usually in 6 weeks.
Decisive Leader partner with senior executives and corporate audit to safeguard against control failures - Utilized in-
depth security expertise to facilitate migration of Bank of Japan’s legacy systems to client-server environment. Instituted
controls and business rules for distinguished companies including UPS, Steve Madden, Instinet, Westcon and Amscan.
Minimized exposure/vulnerabilities and significantly reduced likelihood of regulatory investigations.
BEATRICE BLOCK, CISA, CISSP, CISM, CIA, CGEIT, CBM 914-***-**** M 914-***-**** H
BANK OF CHINA, USA INC. - Americas Division 2007
New York branch of 8th largest bank in the world; listed in Fortune Global 500 for 17 years
IT Security Head / Director
Hired as part of OCC mandate to identify/mitigate information security risk to US branches. Vulnerability identification, suspicious
activity monitoring: intrusion prevention/detection, patch management, secure data transfer, service delivery, 2-factor authentication
Managed Information Security Department and advised Internal Audit. Reports to Chief Risk Officer, General Manager.
Instituted risk assessments, unified processes and best practices as well as business continuity/disaster recovery plans.
Identified and addressed security exposures to accidental and intentional information destruction, disclosure, modification or
interruption. Assessed application/technology infrastructure to ensure compliance of branch policies with federal, state and local
regulations as well as industry standards (generally accepted IS controls) and corporate governance; followed FFIEC & NIST
Coordinated security awareness training programs with HR, branch departments, Internal Audit and data center.
Partnered with external auditors, regulators, business units, vendors and clients to address security concerns and compliance issues.
Inherited Global 500 banking IT security environment facing OCC consent order and aggressive regulatory scrutiny.
Eliminated completely OCC Consent Order comment re: IT Security & BCP; developed/tested new BCP/DR for US operations of BOC;
revised BIA system database based on FFIEC & NIST; established 1st ongoing line of communication with OCC.
FLEET BROKERAGE & WEALTH MANAGEMENT – now BANK OF AMERICA 2000 – 2003
Formerly Quick & Reilly with US Clearing Corp
Senior Manager of IT Security & Risk, Global Technology Services
Hired to address risk vulnerabilities for division of New England’s largest bank (9th largest in the US at the time).
Performed security/network gap assessments/analysis & risk assessments: vulnerability scanning and pen-test, application,
infrastructure/ operating systems, general controls, patch management, security risk exposure to IDS, TCP/IP, SSL, Kerberos, PKI and
smart cards.
Contributed security documentation to corporate strategy. Policy development - followed COBIT, ITIL and ISO methodologies.
Maintained risk events for Computer Incident Response Team (CIRT), especially in relation to Web based applications.
INDUSTRIAL BANK OF JAPAN - Americas Division 1998 – 1999
Information Security Officer
Directed implementation of security controls for online financial systems. Reported to CIO / General Manager.
Redeveloped policies and procedures to institute more rigorous controls. Monitored compliance with guidelines.
Protected resources by certifying access of users and vendors. Designed paperless security administration system.
CITIBANK, NA 1992 – 1998
Vice President, Corporate Audit/Technical Security Support & Research
Performed risk assessments and threat analyses for various bank IT environments. Responsible for all aspects of IT audits.
Conducted general controls audits -data center, operating systems/networks, client-server /mainframes, and application audits.
Led audits of security services and architecture including authentication, authorization, access control, end-to-end security, non-
repudiation of services, common layer APIs and public key technology.
Traveled extensively worldwide to troubleshoot audit/security issues and design solutions for multiple environments/platforms.
OTHER RELEVANT EXPERIENCE
Subject Matter Expert highly respected voice of integrity and transparency. Able to quickly build relationships of trust.
Framed a Security Awareness methodologies and delivery mechanisms for diverse organizations including a European global
investment organization and the largest school system in the world (NYC Dept of Ed). Organized IT controls/governance strategy for
several national organizations.
Devised new IT Security Standards/Policies for new IT technologies for several companies and influenced professionals with
presentations on security controls and audit for professional organizations including data warehouse, policy content, cyber terrorism
and security awareness (ISACA, ISSA, IIA, etc.).
Developed graduate curriculum for New York University’s Certificate of Information Systems Auditing and Security.
Authored 2 books and numerous articles on IT auditing & security; published in leading technical journals and industry newsletters.
NYU Wagner Graduate School, Adjunct Professor, EDP Audit
Education: Postgraduate Computer Studies at Baruch College; Bachelors-City College of NY; other-Hunter College
Certifications: CISA, CISSP, CISM, CIA, CBM, CGEIT Candidate: CBCP, PMP, CRISC
Affiliations: ISACA, ISSA, IIA, CSI, APBM, IEEE
TECHNICAL EXPERTISE
IT Methodologies/Best Practices ITIL, COBIT, ISO, COSO, NIST, FISMA, FFIEC
Operating Systems Linux, UNIX (Solaris, SunOS, HP/UX, AIX), IBM (MVS), DEC
(VAX/VMS), Windows 95/NT,
Network Systems Novell NetWare, TCP/IP firewalls, Cisco/Apache routers, LANs, VPNs
Database Oracle, Sybase, data warehousing, PRISM, AS/400
Web-based Systems IPv4, IPv6