Security Management
Resume:
JOSE F. NAVA
***** ****** ***** ***** ****: 281-***-****
Houston, TX. 77095 Mobile: 832-***-****
*******@*********.***
I.T. Security Officer / Disaster Recovery Coordinator
Management level Information Technology Officer knowledgeable in internal control, system network security,
access control applications and regulatory compliance. Experience with Sarbanes-Oxley Act, FFIEC and GLBA.
Team oriented individual with project administration and communications skills enabling detailed presentation to
Management. Seeking position with goal oriented corporation, where individual drive and leadership skills are
valued.
ACCOMPLISHMENTS
• Managed Data Security program to satisfactory meet FFIEC, SOX, and GLBA requirements for financial
institution.
• Interfaced with Federal Reserve Bank of Dallas (FRB) Regulators during successful reviews of Company
activities related to Contingency planning, network security monitoring and Security Awareness
• Coordinated Company’s yearly disaster recovery exercise, preparing risk assessment, identifying vendor, end
users and issue tracking requirements. Prepared and presented accomplishments to Management
Committees, and Board of Directors.
• Served as member and Co-Chairman of BSA/AML Suspicious Activity Reporting (SAR) Committee.
• Implemented IT Systems Audit program for Bank’s International Division, providing management with
reports of their internal control status.
• Performed audits on various Information Technology topics with major Oil and Gas Corporation at their Head
Office and Chemical Plants.
EMPLOYMENT HISTORY
Data Security Manager, (BBVA) Bancomer Transfer Services, Inc. 2002 to July 2008
Houston, TX. Responsible for all Data Security related activities, and coordination of Disaster Recovery Plan.
• Created policies and procedures for documentation and administration of network security environment to
comply with auditable standards. Prepared and implemented Security Awareness Training Program.
• Coordinated the Contingency Process for Company, including maintaining Disaster Recovery Plan (DRP)
documentation, interfacing with off-site vendors, preparing end users and, associated teams for annual DRP
testing, as well as reporting to Senior Management, Board of Directors on follow up activities.
• Implemented automated monitoring schedule to show network security events allowing for timely reporting
of sensitive control activities within Windows environment.
• Performed due diligence reviews of associated IT vendors, providing software development activities for
Company. Executed application reviews for over 30 systems utilized within the Corporation, including
corresponding bank, accounting and funds transfer systems.
• Prepared scoping documents for Companies external penetration test, coordinated interviews with external
vendors, reviewed proposals and Statement of Work (SOW). Followed up on remediation activity
recommendations.
• Directed the implementation of Intrusion Detection System reporting on network vulnerability utilized via
Internet Systems Security (ISS).
• Scheduled and maintained minutes for System Change Control Committee and, Business Resumption
Contingency Plan Committee. Prepared minutes on Executive Management MIS Committee, for Board of
Directors. Co-chairman and active member of BSA/AML Suspicious Activity Reporting Committee.
Manager - Security Administration, Banco Nacional de Mexico (BANAMEX) 1996 to 2002
Jose F. Nava Page 2
Houston, TX. Security Administration coordinator: responsible for IT physical security as well as logical
security, within regional processing facility of international bank (including all USA and UK offices).
• Implemented Security policies and procedures for the security administration of the Bank’s Enterprise
Resource Planning (ERP), ensuring appropriate segregation of duties, access control list, monitoring and dual
control of end users. Coordinated the application of physical and environmental controls for the Regional
Data Center.
• Ensured the appropriate application of sensitive wire transfer systems, CHIPS and SWIFT, within the
organization. Tracked project plans, project scope, and associated budgets, utilizing associated MS Software
tools.
• Aligned the review of invoiced activities for administration and vendor services utilized, including off site
storage, payroll and telecommunication services.
Independent IT Auditor, Exxon Corporation USA 1995
Houston, TX. Contract Auditor hired by Internal IT Audit department, to assist with completion of scheduled
audits.
• Performed audit of Tandem O/S supporting marketing point of sale (POS) credit card application.
• Retained to assist in process reviews on a wide variety of security evaluations and complex audits on IBM,
MVS and VM. Participated in IT Audits at Exxon Chemical Corporation and regional plants, addressing
modules related to Systems Modifications, Security Administration and Local Area Networks
• Executed application reviews on UNIX-SCO based systems, independently reporting to IT Management.
Assistant General Auditor, Banco Nacional de Mexico (BANAMEX) 1984 to 1995
New York, NY. Lead Company IT Audit department in responsibilities evaluating security and integrity of data,
as well as effectiveness of internal controls, within data processing department.
• Implemented Information Systems Audit program for Bank’s International Division, scheduling and
completing audits of data processing centers, operating systems, security processes, disaster recovery plans,
and systems development life cycle.
• Value added audits resulted in recovery of funds associated to fraudulent transactions within Systems
division. Enhanced relations with regulatory examiners, improving rating and reducing cost associated to
testing procedures.
Merrill Lynch Capital Markets 1983 to 1984
New York, NY. Senior IT Auditor assisted management with the planning and execution of IT Audits.
• Prepared and complete internal audit programs to review existing applications and applications under
development, utilizing SDLC approach.
• Performed operating systems reviews, and created user manual for Culprit EDP Auditor utilized within
internal audit division.
Citicorp Services, Inc. 1981 to 1984
New York, NY. Staff Auditor assisted in financial, operational and systems reviews of the Companies diverse
operations.
• Performed data center reviews focused on operating system, physical/environmental security and data
retention. Participated in application reviews associated to funds transfer services, cash management and
inventory systems.
• Executed compliance reviews ensuring adequacy and completeness of internal policy and procedures.
Assisted financial audit in review of bank’s subsidiary records, including general ledger, and fixed assets.
Prudential Reinsurance Company 1979 to 1981
Newark, NJ. Assistant Staff Auditor supporting Company with a variety of internal and external control reviews.
Jose F. Nava Page 3
• Assisted senior auditors with financial and operational reviews of various departmental reviews, including
activities associated to; Insurance Premium and Loss activity, claim processing, and internal accounting
policies and procedures. Interfaced with external audit in review of year end financial statements.
• Participated in promotion of company’s system development life cycle methodology utilized to review new
applications.
EDUCATION
• Adelphi University, Long Island, NY, Bachelor’s Degree (Accounting) 1979
• New York City Community College, Brooklyn, NY, Associates Degree 1975
• Reviewing Certification programs to fit Position requirements.
TECHNICAL SKILLS
Computer Systems: IBM Mainframe and Midrange Systems, PCs, Client-Server, Tandem, DEC-
VAX, UNIX-SCO and WEB Architectures
Networks: Windows Networking 2000, 2003, Active Directories, Novell Netware
Operating Systems: IBM MVS, MS Windows, VMware, Tandem (Guardian/Safeguard)
PC Software: MS Office, MS Project, Visio, Word, Excel
Accounting Software: MS-Great Plans, MS-Dynamics
Audit & Reporting Software: Bind view, Internet Security System (ISS)
Personal: Bilingual (Fluent Spanish)
Contact this candidate