Post Job Free
Sign in

Project Manager Management

Location:
1824
Posted:
March 09, 2010

Contact this candidate

Resume:

A RAVINDAN “ A RVIND” G ANESAN, C ISA, PMP

*********.*******@*****.***

Cell: 978-***-****

*********@*****.***

To

I am writing to express interest in offering my experience and expertise in Sarbanes Oxley (SOX) audit, IT

Audit, Payment Card Industry (PCI) DSS assessment, Personal Identifiable Information (PII) Audit,

Information Security audit, project management, and risk management to your company.

I have been working in IT management roles for more than 15 years. I am a Certified Information Systems

Auditor (CISA) and certified Project Manager (PMP). I took the exam of CPISM (Certified PCI Security

Manager) last week and expecting the certification within two weeks. I am also a Cisco Certified Design

Associate (CCDA) and Cisco certified Network Associate(CCNA). As a highly proficient and experienced

professional with a passion for technology, I am skilled in many areas, which will be of use to your company. The

following is a summary of these skills:

IT and SOX Audit

Payment Card Industry (PCI) DSS Assessment

Project Management

Federal Trade Commission (FTC) or Personal Identifiable Information (PII) Audit

Privacy and GLBA Act

IT Security Audit

BS7799 / ISO 27001 IT Security Implementation and Audit

Business Continuity Plan and Disaster Recovery Plan (BCP/DRP) Audit

IBM Mainframe Audit

ERP (SAP and PeopleSoft) Audits

HIPAA Compliance Audit

Software License Review and Audit (IT Asset Management Audit)

Enterprise Risk Management

Process Improvement Projects (SIX Sigma and ITIL)

Oracle Database Consolidation and Disaster Recovery

System Migration from AS/400 to ERP SAP R/3 and PeopleSoft

I look forward to meeting with you to discuss the opportunities for employment with your company.

(Please note that I am a green card holder or permanent resident and am eligible to work for any employer in

USA)

Thank you for your consideration.

Sincerely,

Arvind Ganesan

Aravindan (Arvind) Ganesan CISA, PMP

E-mail: *********.*******@*****.***

Phone: 978-***-**** (c)

*********@*****.***

Executive Summary

More than 15 years of IT audit, PCI DSS audit, security, project, technical and risk management

experience galvanizing teams in core initiatives including SOX-404 IT Audit, PCI Audit, Information

Security, Technology Risk Management, Project Management, Technical Management, and Corporate

Compliance while serving as a change agent for efficiency improvements with expertise in Platform and

Interface Management.

Significant Achievements

Took the exam of CPISM (Certified PCI Security Manager) last week and expecting the

certification in two weeks.

Obtained certifications of CISA (Certified Information Systems Auditor) and PMP (Project

management professional.

Obtained certifications of CCDA (Cisco Certified Design Associate) and CCNA (Cisco

Certified Network Associate).

Effective manager who motivated and aligned IT auditors through logical achievement oriented

thinking and negotiation skills

Managed a team of IT auditors and reviewed the audit work papers of SOX-404 IT Audits and

findings matrix.

Reviewed the IT General controls and recommended the best practices adopted in the industry.

Developed audit programs every year.

Prepared the final audit reports for numerous audit programs.

Managed PCI (Payment Card Industry) and FTC (Federal Trade Commission) Privacy audit with

five auditors.

Coached the auditors for the latest trends in technology and compliance

Audited and tested controls for SAP, PeopleSoft, JD Edwards, Oracle, DB2, MS SQL, IBM /390,

IBM Z/OS, AS/400, AIX6000, UNIX, Network, IT security, firewall, systems, and web

applications

Established Security Committee offering ISO 27001-certification guidance, while working with

external auditors and directing IT security audit procedural policies.

Conducted integrated, operational, and business process audits and recommended the business

process and IT system related controls

Audited the implementation of BCP and DRP plans and recommended the best practices in the

industry

Designed large IT networks, configured and administered CISCO and PIX firewalls, Routers and

Switches.

Implemented controls and processes based on COBIT/COSO/ISO17799/ITIL methodology

Harnessed process, procedural, and control quality using Six Sigma methodology

Performed complex IT Risk Assessments, Vulnerability Assessments, Entity Level Controls

Assessments, IT Infrastructure Audits, Business Continuity Planning, Technology Risk

Management, SAS70, HIPAA Act

Professional Experience

TJX Group Companies, Framingham, MA June 2008 to till date

Lead IT Auditor /Project Manager-IT Audit (Consultant)

Manage the team of five IT auditors for carrying out the numerous IT audits. Developed, planned,

managed, and executed audit programs for PCI-DSS and FTC Privacy regulations and SOX 404-IT in

TJX corporate offices in USA, Canada and Europe.

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Audit

Manage the team of five auditors to conducting the PCI DSS audit and safeguarding the

systems that are used to process the credit card Information. Identified and evaluated

encryptionprocesses, key management processes, system configuration standards, anti-virus,

vulnerability scans, patch management, Penetration test etc., relating to PCI and recommended the

controls and processes required to comply with PCI. Audited the systems in Europe, Canada and

USA.

Evaluated the 12 high-level requirements and 245 controls given in the PCI standards and identified

the deficiencies in the system, and coordinated with external auditors (VeriSign) and process owners

to remediate the deficiencies.

Federal Trade Commission (FTC) Privacy and GLBA act:

Manage the audit of the systems that are related to storing and processing of the customer and

associate information. Identify the requirements of FFIEC –Information Security IT Examination

Handbook, OCC bulletin 2001-35 and GLBA Act to evaluate the effectiveness of the controls

implemented in the company.

World Bank -Washington DC Feb 2008 to June 2008

Principal Bank and Financial Group -Des Moines, IA Nov 2007 to Jan 2008

IT Audit Consultant

ERP( PeopleSoft and SAP) Systems and Application (Benefits) Audit:

Conducted the application security and integrated business audit for their ERP (People Soft and SAP)

systems and identified the gaps and deficiencies in the applications and systems as per World Bank's

auditing guidance and standards.

Privacy and GLBA Acts

Conducted system audits to comply with privacy and GLBA acts. Evaluated the security of systems

that hold the personal and customer information. Identified the gaps in the policies and procedures

and recommended the solutions to safeguard the customer and personal information.

SOX 404-ICFR Audits

Project managed the ICFR (SOX-404) audit and identified the risks and gaps in the critical financial

systems.

HIPAA Compliance Audit:

Conducted the HIPAA compliance audit for one of their healthcare division and identified the

deficiencies.

IBM Mainframe Audit

Audited the IBM system/390 (MVS) GDPS/XRC data mirroring, storage systems and other systems

and recommended the best practices adopted in the industry.

IT Security Audit

Conducted the IT security audit including firewall, DMZ and LAN/WAN (Secured Sockets Layer and

Virtual Private Networks(VPN)) and audited the systems per COBIT and COSO

standards.

Keane Inc., Boston, Massachusetts Aug 2004 – Sep 2007

Senior IT Audit Manager

Served as a principal liaison between executive and senior management to finalize company’s IT and

integrated audit programs, reviewed the work papers, test cases and validated critical processes for SOX-

404 IT audit while managing three IT auditors. Identified, evaluated, and ranked the risks related to IT

systems; identified and documented control gaps for each financial application system; and recommended

viable solutions to remedy any significant deficiencies. Recent projects include the following:

Compliance of Sarbanes Oxley 404/302 Internal IT Controls: Audited and tested controls for

PeopleSoft, JD Edwards, Oracle,DB2, Infinium, AS/400, AIX6000, UNIX ( Sun Solaris),

Network, IT security, systems, and applications. Spearheaded IT risk management plan, which

included the design of low-risk systems. Audited the systems in USA, UK, Canada, Australia and

India.

• ERP PeopleSoft and SAP SOX-IT Audit: conducted integrated audits of business functions

supported by application systems, Identified and resolved complex auditing and information

system issues

• Audit of Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP): Audited and

recommended best practices adopted in the industry for BCP and DRP

• ISO 27001 IT Security Implementation and Audit: Recommended and assisted in

implementing the Information Security Management System (ISMS) framework and developed

enterprise-wide security policy

iBasis, Burlington, Massachusetts April 2001- Aug 2004

Project Manager –IT Audit

Developed project management plan from initial design to final implementation, which included

collaborating with Senior VPs and Directors to determine strategy and allocating budget and resources;

implemented controls and processes required for the Sarbanes Oxley (SOX)-404 IT Audit .Managed and

audited the systems in Frankfurt, Amsterdam, Paris, London, Japan, Hong Kong, Singapore, United

States, and India

SOX-404 IT Audit: Evaluated the policies, procedures and controls based on COBIT and COSO

framework, identified the gaps and recommended the controls required to comply with SOX-404.

• Implementation of Change Management Process and Control: Assisted in formulating

policies and procedures for change management control, system security, and backup for

identified deficiencies

• Global IT Security Audit Project: Project managed and audited the security of the systems and

networks in remote locations and identified the gaps and risks in the network and systems

AT&T Wireless, Pittsburgh, Pennsylvania Mar 2000-April 2001

Project Manager

Managed a group of 10 network consultants and engineers for the design and implementation of a

complex network; implemented Lucent’s design of layer 3 IP-based networks for AT&T Wireless systems

in 91 locations

AL Futtaim Trading, Dubai, UAE Mar 1996- Mar 2000

Network Manager/Controller

Managed the IS team with a group of software, system, and network consultant; led team of consultants

for several information systems related projects

• System Migration from IBM AS/400 to ERP SAP R/3 System: Solved the Y2K issues within

one year while managing a 20-member team; implemented controls required for internal audit and

government security regulations

• ERP SAP R/3 Audit: Implemented logical security and change management controls

• Network and Security: Designed the LAN and WAN network and implemented IT security

using PIX firewall and IDS

Philips India Ltd, Madras, India Jan 1995- Apr 1996

Assistant Automation Manager

Education

Master of Business Administration/Technology Management

University of Phoenix, Boston, Massachusetts (expected completion 2009)

Bachelor of Engineering - Major: Computer Science

Anna University, College of Engineering, Madras, India

Certifications

CPISM-Certified PCI Security Manager (Awaiting certification)

CISA-Certified Information System Auditor ISACA 2005

PMP-Project Management Professional 2001

Six-Sigma Green-Belt Course, Keane – (awaiting certification) 2008

ISO 27001 Information Security Management System Lead Auditor (awaiting certification)

Cisco Certified Design Associate (CCDA) 2000

Cisco Certified Network Associate (CCNA) 1999

Training Courses

CISSP - IT Security Course - ISC2 2005

ISO 27001:2005 Information Security Management System Lead Auditor Course 2006

Database Auditing, Security, & Compliance-ISACA Chapter 2007

Risk Management Framework- PMI Chapter 2005

CISA Course-System, Network, Security, BCP and DRP - ISACA Chapter 2004

Project Management - PMI Chapter 2000

ERP SAP R/3 Basis and Security - Dubai 1999

ERP SAP R/3 Sales and Distribution Module - Dubai 1999

ERP SAP R/3 Material Management Module - Dubai 1999

Technology Profile

Audit and Security Assessment Tools

ACL, Visio, Business Objects, CA Top Secret, Crystal Reports, Nessus, and Sara

Frameworks/Change Management Tools

COBIT/COSO/ISO 27001/ITIL, Quest STAT change management tool for PeopleSoft and AS/400 and

SAP Transport Management System (SAP TMS)

Systems and Software

SAP ERP R/3, PeopleSoft, JD Edwards, RS6000, IBM AS/400, DEC VAX 4000, IBM 3090, IBM 390,

HP 9000 UNIX/Linux systems, Windows 2000/NT, MS SQL, Oracle, DB2, PL/SQL, Developer 2000,

RPG/400, ABAP/4, UNIX, and C

System and Network Security

Checkpoint/PIX Firewall, Router, Layer 3 Switches, Active Directory, LDAP, IDS, VPN, IPSec, PKI,

digital signature, SSL, SET, encryption and cryptographic systems

Vulnerability and Event Correlation Tools:

Rapid 7, Symantech Enterprise Security Manager (ESM) and Arcsight.



Contact this candidate