H AREN D. PUNATAR
MBA, CISA, ITIL
**** ********* *** *****, ** 45305 937-***-**** abnpwc@r.postjobfree.com
PROFILE
Experienced IT Manager currently managing IT compliance and governance for $6 billion pharmaceutical
company seeks positions in public or private sector. Focused on quality, organized, process oriented, committed
to continual improvement, aggressive and creative problem solver. Competitive entrepreneur attitude with
excellent inter-personal and leadership skills. Understanding of customer centric operations with clear strategic
objectives. Vendor relationship ability to ensure successful alliances with vendors and positive ROI. Key core
qualifications include:
Strategic & Operational Technology Planning Global IT Delivery & Project Management Skills
• •
IT Infrastructure Design & Implementation Compliance of IT Delivery Operations
• •
Technology & Business Linkage Planning Emerging Technologies & Enterprise Architecture
• •
Sensitive Global Voice/Data Telecommunication Capital Planning & Investment Control
• •
IT Skills Gap Analysis & Performance Optimizing Technology Architecture & Integration
• •
PROFESSIONAL EXPERIENCE
OMNICARE, INC., Covington, KY May 2005 - Present
Manager IT SOX Compliance August 2006 - Present
Direct all IT resource planning, budgeting and operational initiatives related to IT SOX404 for the nation’s
leading provider of pharmaceutical care. This $6 billion, 16,000 employer, serves more than 1.4 million
residents of skilled nursing, assisted living, and other healthcare facilities in 47 states and Canada. Hold
autonomous decision-making authority to ensure IT SOX404 for all IT systems. Manage 5 direct reports, 5
external auditors, and 3 indirect professionals with a million dollar IT SOX404 annualized budget. Report to the
Director of IT SOX Compliance, Chief Security/Privacy Officer and Chief Information Officer with frequent
reporting to the VP of Infrastructure, VP of Application Development and Corporate Controller.
In FY08, responsible for managing a million dollar IT SOX404 budget and testing of eight global
•
applications to ensure compliance. FY08 budget was $236,000 less than the FY07 budget. In FY07,
responsible for managing a million dollar IT SOX404 budget. Plan included three waves used to maximize
remediation time and minimize year end deficiencies.
Project Leader for global Integrated Risk Management (IRCM) approach used to manage compliance for
•
the company-wide Full Potential initiative. IRCM designed to consolidate all compliance and regulatory
operational and financial control testing for the entire company into one universal process. Process
designed to minimize onsite visits by auditors and broaden the top-down risk assessment capabilities.
Autonomous responsibility for communicating and coordinating management testing, update-remediation
•
testing and external audit testing of eight IT applications. Testing included ITGC, Key Reports, IT
Application Controls, and risk assessment of six pharmacy ancillary applications. Quarterly status reports
to CIO.
Ensured proper IT SOX compliance for key financial system upgrades (Lawson, Great Plaines, and
•
Microsoft Dynamics). Responsible for ensuring compliance of the development and implementation of six
globally used pharmacy applications. Member of the Product Advisory Board for two applications.
Provided consultation on the consolidation of legacy systems. Responsible for ensuring Accounts
•
Receivable data is properly converted during 28 FY08 conversions.
Project Leader of Axentis Enterprise, an online compliance tool used to manage all compliance initiatives.
•
In FY07, introduced the tiered risk assessment approach to all IT systems used globally. IT testing
•
resulted in 48% decrease in total controls tested and a 70% decrease in total deficiencies found. First year
company had zero significant IT deficiencies.
Led the FY07 PwC SAS70 Pre-Assessment of the company’s online system customer facing application
•
to ensure FY08 SAS70 readiness.
rd
Speaker at the 2008 Marcus Evans – “3 Annual IT Audit & Controls” Conference.
•
Haren D. Punatar Page 2
Senior IT SOX Compliance Leader May 2005 - August 2006
Hold autonomous decision-making authority to ensure IT SOX404 for all IT systems. Manage 7 direct reports,
3 external auditors, and 1 indirect professional. Report to the Director of IT SOX Compliance.
In FY06, responsible for managing a million dollar IT SOX404 budget and testing of eleven global
•
applications to ensure compliance. FY06 budget was $200,000 less than the FY05 budget.
Designed and implemented four step IT SOX Compliance process (Planning, Design, Execution,
•
Evaluation) used to manage all IT SOX Compliance activities. Process requires the updating and retaining
of all SP&Ps, risk control matrices, remediation activities, and leveraging the reliance by external auditors.
FY06 IT testing resulted in 35% decrease in total controls tested a 66% decrease in total deficiencies
•
found. FY05 IT testing resulted in 32% decrease in total controls tested and a 60% decrease in total
deficiencies.
Overhauled the corporate information system Program Development approach and deployed new policy
•
and procedures to be followed. Process allows CIO to view status on all global projects.
Responsible for enterprise wide process improvement projects such as key report enhancements and
•
opportunities to automate manual controls.
Successfully led risk assessments in FY05 on four multimillion dollar acquisitions to ensure IT SOX404.
•
Work included compliance training for personnel, creating policy and procedures, testing and remediating
deficiencies.
Led the third party IT SAS70 audit request for multimillion dollar business unit in Louisville, KY.
•
Designed the System Revenue Map to ensure all quarterly revenue per each business line can be
•
mapped to an IT system.
ERNST & YOUNG LLP, Columbus, OH June 2004-May 2005
IT Auditor
Reed Elsevier - LexisNexis Corporation Engagement: March 2005-June 2005
• Profile: Dayton, OH based subsidiary of London based Reed Elsevier. Indispensable partner to its target
customers: scientists, lawyers, teachers and business professionals, for information-driven services and
solutions.
Lexis.com - Responsible for WebTrust Certification testing. Field work included leading testing of controls
•
related to Security, Availability, Data Processing and Privacy.
Accurint.com & Securint.com - Responsible for WebTrust Pre-Assessments for both Seisint Corporation
•
applications. Field work conducted in Boca Raton, Florida to identify controls related to Security,
Availability, Data Processing and Privacy for both the Securint.com and Accurint.com applications.
Electrolux Corporation – Augusta, GA Engagement: January 2005 – March 2005
• Profile: Spin-off from Swedish company Electrolux Corporation. Headquartered in Augusta, Georgia is the
world’s largest producer of appliances for kitchen, cleaning and outdoor use.
Led and managed 2005 Sarbanes-Oxley (SOX) 404 IT Audit. Documented policies and procedures,
•
completed flowcharts, and identified controls, risks, performed testing, remediation and retesting.
General Cable Corporation, Highland Heights, KY Engagement: June 2004 – January 2005
• Profile: Headquartered in Highland Heights, Kentucky, is a leader in the development, design,
manufacture, marketing and distribution of copper, aluminum and fiber optic wire and cable products for
the energy, specialty, and communications markets.
Successfully led, managed and completed 2004 Sarbanes-Oxley (SOX) 404 IT Audit. Audit included
•
testing IT General and Application Controls. Work included leading and managing client’s 8 external
auditors, flowcharting, performing walkthroughs, documenting controls and risks, testing, remediation
retesting.
Scope of audit included US locations and international travel to Tetla, Tlaxcacla, Mexico.
•
Haren D. Punatar Page 3
NCR CORPORATION, DAYTON, OH April 2001-February 2004
Team Lead & Software Engineer - Product & Engineering Systems
• One of only two team members who supported and provided marketing direction for NCR’s Global Intranet
with over 300 sites and 1500 users, Extranet (www.ncr.com), and proxy solution.
Led team and maintained 100% utilization of three outsourced resources in India and two NCR team
•
members. Migrated global application (STAR) and over 2500 users from expensive MP-RAS architecture
to new SUN architecture which provided significant cost savings. Managed deployments to 2500 global
users.
Trained over 40 global Help Desk Analysts in providing application support for STAR.
•
Completed business continuity plans for global applications.
•
Assumed role as Subject Matter Expert and Software Configuration Manager.
•
Successfully retired expensive global Knowledge Center application used by over 3000 users.
•
Assisted in the design and development of global Knowledge Management Solution.
•
ADDITIONAL EXPERIENCE
WRIGHT-PATT CREDIT UNION INC., DAYTON, OH January, 2009 – January, 2011
Membership Advisory Panel
• Member of a 14 member panel to give senior management and the board of directors direct feedback on
how Wright-Patt Credit Union can best serve their membership. Work required developing new
membership products for all stakeholders of the Credit Union.
EDAPTIVE COMPUTING INC., DAYTON, OH January 2003- April 2003
Team Lead- Go-To-Market Strategy (Capstone experience, University of Dayton, MBA Program)
• Developed a go-to-market strategy for $3M military and NASA supplier for Electronic Parts Obsolescence
(EPO). Demonstrated ability to maximize sales volume and transform market position to #1 in EPO
related systems. Evaluated the client’s needs, developed solutions to exceed their goals and reduced
client’s budgets. Built trust, respect and confidence in the go-to-market strategy.
TECHNICAL SUMMARY
HTML, XML, SQL, ASP, Visual Basic, UNIX, C
Languages
OOP (Object Oriented Programming), OOA (Object Oriented Analysis and
Methodologies
Design), SDLC (Software Development Life Cycle)
MS Access, Oracle, JDE, DB2
Database Systems
W 2K, UNIX SUN, iPlanet, AS400, Wireless Technology
OS/Hardware
Lawson, Hyperion, WDS, Great Plains, Microsoft Dynamics, ADP, MS Excel,
Services & Tools
MS PowerPoint, MS Project, MS FrontPage, Visual SourceSafe, Remedy,
Visual Studio, CorelDraw, CorelPaint, Flash, WebFocus
Axentis Enterprise, Paisley, Lawson Business Intelligence
Compliance Tools
EDUCATION & CERTIFICATIONS
• Master of Business Administration, University of Dayton, Dayton, OH May, 2003
Concentration: Technology Enhanced Business
Bachelor of Science in Business Administration, Wright State University, Dayton, OH May, 2001
•
Concentration: Management Information Systems (MIS)
CERTIFICATIONS
• CISA November, 2007
Certified Information System Auditor (CISA)
ITILv3.0 January, 2008 - Present
•
ITIL v3.0 - Achieving Foundation Certification
ITIL v3.0 - Operational Support and Analysis