H AREN D. PUNATAR

MBA, CISA, ITIL

**** ********* *** *****, ** 45305 937-***-**** abnpwc@r.postjobfree.com

PROFILE

Experienced IT Manager currently managing IT compliance and governance for $6 billion pharmaceutical

company seeks positions in public or private sector. Focused on quality, organized, process oriented, committed

to continual improvement, aggressive and creative problem solver. Competitive entrepreneur attitude with

excellent inter-personal and leadership skills. Understanding of customer centric operations with clear strategic

objectives. Vendor relationship ability to ensure successful alliances with vendors and positive ROI. Key core

qualifications include:

Strategic & Operational Technology Planning Global IT Delivery & Project Management Skills

• •

IT Infrastructure Design & Implementation Compliance of IT Delivery Operations

• •

Technology & Business Linkage Planning Emerging Technologies & Enterprise Architecture

• •

Sensitive Global Voice/Data Telecommunication Capital Planning & Investment Control

• •

IT Skills Gap Analysis & Performance Optimizing Technology Architecture & Integration

• •

PROFESSIONAL EXPERIENCE

OMNICARE, INC., Covington, KY May 2005 - Present

Manager IT SOX Compliance August 2006 - Present

Direct all IT resource planning, budgeting and operational initiatives related to IT SOX404 for the nation’s

leading provider of pharmaceutical care. This $6 billion, 16,000 employer, serves more than 1.4 million

residents of skilled nursing, assisted living, and other healthcare facilities in 47 states and Canada. Hold

autonomous decision-making authority to ensure IT SOX404 for all IT systems. Manage 5 direct reports, 5

external auditors, and 3 indirect professionals with a million dollar IT SOX404 annualized budget. Report to the

Director of IT SOX Compliance, Chief Security/Privacy Officer and Chief Information Officer with frequent

reporting to the VP of Infrastructure, VP of Application Development and Corporate Controller.

In FY08, responsible for managing a million dollar IT SOX404 budget and testing of eight global

•

applications to ensure compliance. FY08 budget was $236,000 less than the FY07 budget. In FY07,

responsible for managing a million dollar IT SOX404 budget. Plan included three waves used to maximize

remediation time and minimize year end deficiencies.

Project Leader for global Integrated Risk Management (IRCM) approach used to manage compliance for

•

the company-wide Full Potential initiative. IRCM designed to consolidate all compliance and regulatory

operational and financial control testing for the entire company into one universal process. Process

designed to minimize onsite visits by auditors and broaden the top-down risk assessment capabilities.

Autonomous responsibility for communicating and coordinating management testing, update-remediation

•

testing and external audit testing of eight IT applications. Testing included ITGC, Key Reports, IT

Application Controls, and risk assessment of six pharmacy ancillary applications. Quarterly status reports

to CIO.

Ensured proper IT SOX compliance for key financial system upgrades (Lawson, Great Plaines, and

•

Microsoft Dynamics). Responsible for ensuring compliance of the development and implementation of six

globally used pharmacy applications. Member of the Product Advisory Board for two applications.

Provided consultation on the consolidation of legacy systems. Responsible for ensuring Accounts

•

Receivable data is properly converted during 28 FY08 conversions.

Project Leader of Axentis Enterprise, an online compliance tool used to manage all compliance initiatives.

•

In FY07, introduced the tiered risk assessment approach to all IT systems used globally. IT testing

•

resulted in 48% decrease in total controls tested and a 70% decrease in total deficiencies found. First year

company had zero significant IT deficiencies.

Led the FY07 PwC SAS70 Pre-Assessment of the company’s online system customer facing application

•

to ensure FY08 SAS70 readiness.

rd

Speaker at the 2008 Marcus Evans – “3 Annual IT Audit & Controls” Conference.

•

Haren D. Punatar Page 2

Senior IT SOX Compliance Leader May 2005 - August 2006

Hold autonomous decision-making authority to ensure IT SOX404 for all IT systems. Manage 7 direct reports,

3 external auditors, and 1 indirect professional. Report to the Director of IT SOX Compliance.

In FY06, responsible for managing a million dollar IT SOX404 budget and testing of eleven global

•

applications to ensure compliance. FY06 budget was $200,000 less than the FY05 budget.

Designed and implemented four step IT SOX Compliance process (Planning, Design, Execution,

•

Evaluation) used to manage all IT SOX Compliance activities. Process requires the updating and retaining

of all SP&Ps, risk control matrices, remediation activities, and leveraging the reliance by external auditors.

FY06 IT testing resulted in 35% decrease in total controls tested a 66% decrease in total deficiencies

•

found. FY05 IT testing resulted in 32% decrease in total controls tested and a 60% decrease in total

deficiencies.

Overhauled the corporate information system Program Development approach and deployed new policy

•

and procedures to be followed. Process allows CIO to view status on all global projects.

Responsible for enterprise wide process improvement projects such as key report enhancements and

•

opportunities to automate manual controls.

Successfully led risk assessments in FY05 on four multimillion dollar acquisitions to ensure IT SOX404.

•

Work included compliance training for personnel, creating policy and procedures, testing and remediating

deficiencies.

Led the third party IT SAS70 audit request for multimillion dollar business unit in Louisville, KY.

•

Designed the System Revenue Map to ensure all quarterly revenue per each business line can be

•

mapped to an IT system.

ERNST & YOUNG LLP, Columbus, OH June 2004-May 2005

IT Auditor

Reed Elsevier - LexisNexis Corporation Engagement: March 2005-June 2005

• Profile: Dayton, OH based subsidiary of London based Reed Elsevier. Indispensable partner to its target

customers: scientists, lawyers, teachers and business professionals, for information-driven services and

solutions.

Lexis.com - Responsible for WebTrust Certification testing. Field work included leading testing of controls

•

related to Security, Availability, Data Processing and Privacy.

Accurint.com & Securint.com - Responsible for WebTrust Pre-Assessments for both Seisint Corporation

•

applications. Field work conducted in Boca Raton, Florida to identify controls related to Security,

Availability, Data Processing and Privacy for both the Securint.com and Accurint.com applications.

Electrolux Corporation – Augusta, GA Engagement: January 2005 – March 2005

• Profile: Spin-off from Swedish company Electrolux Corporation. Headquartered in Augusta, Georgia is the

world’s largest producer of appliances for kitchen, cleaning and outdoor use.

Led and managed 2005 Sarbanes-Oxley (SOX) 404 IT Audit. Documented policies and procedures,

•

completed flowcharts, and identified controls, risks, performed testing, remediation and retesting.

General Cable Corporation, Highland Heights, KY Engagement: June 2004 – January 2005

• Profile: Headquartered in Highland Heights, Kentucky, is a leader in the development, design,

manufacture, marketing and distribution of copper, aluminum and fiber optic wire and cable products for

the energy, specialty, and communications markets.

Successfully led, managed and completed 2004 Sarbanes-Oxley (SOX) 404 IT Audit. Audit included

•

testing IT General and Application Controls. Work included leading and managing client’s 8 external

auditors, flowcharting, performing walkthroughs, documenting controls and risks, testing, remediation

retesting.

Scope of audit included US locations and international travel to Tetla, Tlaxcacla, Mexico.

•

Haren D. Punatar Page 3

NCR CORPORATION, DAYTON, OH April 2001-February 2004

Team Lead & Software Engineer - Product & Engineering Systems

• One of only two team members who supported and provided marketing direction for NCR’s Global Intranet

with over 300 sites and 1500 users, Extranet (www.ncr.com), and proxy solution.

Led team and maintained 100% utilization of three outsourced resources in India and two NCR team

•

members. Migrated global application (STAR) and over 2500 users from expensive MP-RAS architecture

to new SUN architecture which provided significant cost savings. Managed deployments to 2500 global

users.

Trained over 40 global Help Desk Analysts in providing application support for STAR.

•

Completed business continuity plans for global applications.

•

Assumed role as Subject Matter Expert and Software Configuration Manager.

•

Successfully retired expensive global Knowledge Center application used by over 3000 users.

•

Assisted in the design and development of global Knowledge Management Solution.

•

ADDITIONAL EXPERIENCE

WRIGHT-PATT CREDIT UNION INC., DAYTON, OH January, 2009 – January, 2011

Membership Advisory Panel

• Member of a 14 member panel to give senior management and the board of directors direct feedback on

how Wright-Patt Credit Union can best serve their membership. Work required developing new

membership products for all stakeholders of the Credit Union.

EDAPTIVE COMPUTING INC., DAYTON, OH January 2003- April 2003

Team Lead- Go-To-Market Strategy (Capstone experience, University of Dayton, MBA Program)

• Developed a go-to-market strategy for $3M military and NASA supplier for Electronic Parts Obsolescence

(EPO). Demonstrated ability to maximize sales volume and transform market position to #1 in EPO

related systems. Evaluated the client’s needs, developed solutions to exceed their goals and reduced

client’s budgets. Built trust, respect and confidence in the go-to-market strategy.

TECHNICAL SUMMARY

HTML, XML, SQL, ASP, Visual Basic, UNIX, C

Languages

OOP (Object Oriented Programming), OOA (Object Oriented Analysis and

Methodologies

Design), SDLC (Software Development Life Cycle)

MS Access, Oracle, JDE, DB2

Database Systems

W 2K, UNIX SUN, iPlanet, AS400, Wireless Technology

OS/Hardware

Lawson, Hyperion, WDS, Great Plains, Microsoft Dynamics, ADP, MS Excel,

Services & Tools

MS PowerPoint, MS Project, MS FrontPage, Visual SourceSafe, Remedy,

Visual Studio, CorelDraw, CorelPaint, Flash, WebFocus

Axentis Enterprise, Paisley, Lawson Business Intelligence

Compliance Tools

EDUCATION & CERTIFICATIONS

• Master of Business Administration, University of Dayton, Dayton, OH May, 2003

Concentration: Technology Enhanced Business

Bachelor of Science in Business Administration, Wright State University, Dayton, OH May, 2001

•

Concentration: Management Information Systems (MIS)

CERTIFICATIONS

• CISA November, 2007

Certified Information System Auditor (CISA)

ITILv3.0 January, 2008 - Present

•

ITIL v3.0 - Achieving Foundation Certification

ITIL v3.0 - Operational Support and Analysis

Contact this candidate