Manager Security
Resume:
Gerard J. Hughes
Columbia, CT 06237
Home 860-***-****
Cell 860-***-****
*****.******@*****.***
[pic]
SUMMARY
Dynamic senior risk leader (CISA, PCI-QSA, PM and COBIT certified) with
expertise in information technology auditing, risk management, regulatory
compliance, and assurance. Over twenty-five years of information systems
and IT audit and security experience. Extremely successful in building and
managing technical teams in a fast-paced production environment. Clear,
influential communication skills. Highly motivated, dedicated and goal-
oriented. Excellent communicator, able to define complex technical issues
to senior management for resolution. Creative problem-solver with unique
combination of facilitation and presentation skills. Education and work
experience coupled with strong technical and project management skills
contribute to consistently successful results.
KNOWLEDGE & EXPERIENCE
. Strong experience and detailed understanding of regulatory compliance
standards
. Extensive Information Security knowledge and experience
. Ability to apply regulatory compliance standards to various
technologies and processes
. Strong experience with successfully facilitating audit and compliance
activities in:
o Sarbanes Oxley;
o Payment Card Industry (PCI) Data Security Standard (DSS);
o State Privacy Laws;
o Federal Financial Institutions Examination Council (FFIEC);
o HIPAA/HITECH;
o GLBA, FERPA, FERC and other regulations
. Strong experience with the use and implementation of the following
frameworks:
o COBIT;
o ISO;
o COSO;
o NIST;
o ITIL;
o PMBOK
. Expertise in control testing, determining effectiveness of controls,
deficiencies remediation, monitoring control compliance, and working
with internal and external auditors, business process owners, and
parent company internal management
. Experience with assisting, developing, and consolidating audit
findings and recommendations that will be used for presentations to
senior management
. Proven ability to track status of identified compliance issues; report
on remediation status, and escalate items as needed
PROFESSIONAL EXPERIENCE
Lighthouse Computer Services, Inc., Lincoln, RI 2005 -
Present
Information Technology Audit & Compliance Practice Leader
Recruited to start an IT Compliance & Audit Practice. Over the past six
years developed Lighthouse into one of the Northeast's premier consulting
firms in the area of IT Governance, Audit, and Regulatory Compliance
services.
. Team Leader/Mentor to audit team
. Hires and reviews all team members
. Manages Practice's P&L
. Researches potential business opportunities
. Leads audits of all sizes in a wide variety of industries
. Facilitates Request for Proposals (RFP) and Statements of Work (SOW)
. Project Manages projects of all size and complexity
. Presents deliverables to Senior Management and Board Members
. Performs Privacy and Security Training
. Speaks across the country on a variety of relevant IT Audit and
Security topics
. Develops IT and Security Policies
. Technical Writing/ Documentation
Jerry Hughes Page 2
Hughes Professional Services, LLC, Columbia, CT 2003 - 2005
President/Sr. Information Technology Auditor
. Provides full range of audit, IT audit, regulatory compliance,
assurance and consulting services
. Team Leader/Mentors audit team
. Hires and reviews all team members
. Manages Business's P&L
. Researches potential business opportunities
FISERV/NCR Corporation, Glastonbury, CT 1997 - 2003
Chief Information Officer/Operations Manager
. Project Managed "live" Data Center move from Boston to Glastonbury
with 45 live banks
. Developed a team of over 30 Technical associates to manage client base
of well over 50 banks.
. Researched new technologies and threats
. Prepared mitigation strategies for threats/risks
. Support and process financial banking software applications.
. Responsible for all facets of Information Security
. Manage team to support requests from internal customers including:
implementation, development and sales teams in support of the
company's strategic plan.
. Manage annual disaster recovery testing with consistently superior
results in compliance with regulatory requirements.
. Coordinate all audits including corporate, SAS70, private audit
(client), state and federal with outstanding results.
. Drive the development and implementation of data control procedures,
training manuals, policies and procedures manuals for all facets of
operations to improve overall efficiencies.
. Responsible for all budgeting and profit and loss. Manage a budget in
excess of $5M.
. Managed all aspects of operational transitions from NCR to FISERV to
ensure a seamless migration.
. Managed all facets of the Operations and Technical Teams
The People's Credit Union, Middletown, RI 1983 - 1997
Chief Information Officer/Operations Manager (1989-1997)
. Managed IT staff
. Managed in-house core processing system and related sub-systems
. Developed and implemented major hardware projects including Mainframe and
Network peripherals.
. Researched and engineered software acquisitions and installations
including Starcom, BMS, CIS and Conversant.
. Documented and developed data control procedures, training manuals,
disaster recovery testing and participated in the annual strategic
planning process.
. Responsible for all facets of Information Security
. Prepared and participated in all IT Audits/Exams.
. Coordinated the institution's Internet website project..
Programmer/Systems Analyst (1983-1989)
. Responsible for major programming projects.
. Assisted in daily operations.
. Participated in all system hardware and software installations.
EDUCATION
. Payment Card Industry Qualified Security Assessor (PCI-QSA), PCI Security
Standards Council, 2007
. Control Objectives for Information and related Technology (COBIT),
ITPrenuers, 2005
. Certified Information Systems Auditor (CISA), ISACA, 2004
. Master Certificate in Project Management, George Washington University
School of Business, 2001
. BS Applied Mathematics for Engineers, (Minor in Computer Science),
University of Rhode Island, Kingston, RI, 1990
AFFILIATIONS
. Member of Information Systems Audit and Control Association (ISACA)
. Member of The Institute of Internal Auditors (IIA)
. Member of a number of banking & professional organizations
References will be furnished upon request.
Contact this candidate