Management Security

PROFILE

Experienced operational and information systems audit professional

with fourteen (14) years in planning and performing information

systems risk management in both internal and external auditing

environments.

Performed traditional and non-traditional audits and have been

involved in large scale IT projects as well as global outsourcing

initiatives and business process re-engineering efforts.

RELEVANT EXPERIENCE and QUALIFICATIONS

Bank of America - Risk and Stability Manager Oct 2007 - May 2009 Risk and

Stability partner for the LaSalle transition providing enterprise end-to-

end approach to evaluate and manage risks in partnership with change

managers, Compliance, Operational Risk, and Corporate Audit. Also

responsible for providing ongoing risk expertise throughout the project's

planning & execution phases, leveraging the bank's best practices, Six

Sigma risk analysis methodologies and prior lessons learned.

. Successfully evaluated the risks of major system and operational changes,

ensuring that risks for key change events are well understood and

appropriately managed to achieve corporate control goals.

. Partnered with the bank's transition teams, Quality & Productivity team,

and Change teams, ensuring that risk analysis and mitigation processes

are embedded in appropriate change projects.

. Provided resolution and real-time escalation of significant risks and

issues impacting customers and bank applications through risk reporting

and discussions with team leads, execution leads and change managers

minimizing risks.

. Key member of staff providing Risk & Stability management support to

various operational and IT transition projects as a result of bank

mergers.

ABN AMRO/LaSalle Bank - IT Audit Vice President Apr 2000 - Sep 2007

Planned, supervised/conducted and reported technical audits,

application systems reviews and other audits such as Gramm-Leach-

Bliley (GLB) and Sarbanes-Oxley (SOX). Areas covered include operating

systems (Unix/Linux/Etrust, Windows/Active Directory), database,

remote access, change management/configuration management, data center

operations, and technical recovery.

Part of a global audit team responsible for the identification and

escalation of risks to executive management in the global outsourcing

of the Bank's information technology services. Participation extended

to the transition and transformation phases of this outsourcing

initiative.

Responsible for the identification of risk areas, monitoring of

progress in risk mitigation, and ensuring that appropriate security,

management and controls are in place prior to implementation of IT

projects. Projects include systems upgrade, eCommerce implementation

and development efforts. Projects also require the performance of due

diligence reviews of vendors for outsourcing initiatives.

Assisted the financial audit group, business unit management (banking

and mortgage) and IT management to appropriately assess risks, define

broad-based solutions/mitigating controls and validate that solutions

are working effectively to close audit issues.

Coordinated audit activities with external auditors to ensure adequate

audit coverage while minimizing duplication of efforts.

Systems Resource Solutions - IT Audit Consultant Aug 1999 - Apr 2000

. Planned and conducted IT security reviews for LaSalle Bank. Reviews

conducted include Data Center Operations, Windows NT Security and Unix OS

Security.

. Participated and monitored various project implementations of the bank.

Deloitte & Touche Consulting Group/ ICS - Senior Consultant Mar 1998 -

Aug 1999

. Trained and certified to implement the Financial/Controlling module of

SAP R/3, which includes GL, AR, AP, Cost Center Accounting, Cost Element

Accounting and Asset Management.

. Handled client engagement sourcing and discussion, performed high-level

scoping of client requirements, developed proposals and presented to

clients.

. Gathered detailed information requirements and mapped new business

processes while ensuring that basic controls are in place.

Price Waterhouse - Supervising Consultant (last position held) Nov

1993 - Mar 1998

. Planned and supervised the review of financial and non-financial

application systems and the related business process, security, policies

and procedures of various companies. Applications reviewed include

standard financial systems (AR, AP and GL), purchasing, sales, inventory

management and production applications and specialized systems that cover

import/export, securities, foreign exchange, borrowings, loans and money

market. Software packages reviewed included CODA, MACPAC, PRISM, JD

EDWARDS, BPCS, ERIC, and ACCPAC. General security reviewed included ACF2,

OS/400, UNIX, Windows NT and Novell Netware security facilities.

. Evaluated the adequacy of controls/security surrounding the computerized

environment, which includes organization & management, control over

program changes, physical security and logical security implemented in

the network operating system.

. Reviewed the work of junior auditors, finalized audit findings,

formulated conclusion and discussed the report with client management.

. Conducted training on Price Waterhouse (PW) software tools and

Information Technology update to PW audience that included junior

auditors, senior auditors, managers and partners.

Other Relevant Projects and Work Experience

. Member of an international multi-disciplinary team of Price Waterhouse

consultants from the US, New Zealand, Australia, Malaysia and Philippines

that reviewed and re-engineered the accounting related business processes

of a multi-lateral bank. The team also developed the conceptual

framework for a fully integrated financial management system and re-

engineered accounting processes. Potential areas for improvement and

automation were identified and incorporated in the detailed design of the

re-engineered processes.

. Facilitated the formulation of an Information Systems Strategy Plan for a

multi-lateral bank. The team identified, classified, and analyzed bank-

wide information needs in line with the Bank's mission/vision and

strategic direction. The team developed alternatives to facilitate the

Bank's selection of an Information Systems strategy that will be adopted

and pursued for the next five years.

. Gathered and categorized management information used in defining detailed

requirements, development of Request for Proposal (RFP) and vendor

selection process for a computerization project. Vendor responses were

evaluated, analyzed and presented to management.

CERTIFICATIONS

Certified Information Systems Auditor (CISA)

Certified Risk Professional (CRP)

EDUCATION

Masters of Science in Business Information Technology

Bachelor of Commerce, Major in Accounting

Bachelor of Liberal Arts, Major in Political Science

Contact this candidate