A RAVINDAN “ A RVIND” G ANESAN, C ISA, PMP
*********.*******@*****.***
Cell: 978-***-****
*********@*****.***
To
I am writing to express interest in offering my experience and expertise in Sarbanes Oxley (SOX) audit, IT
Audit, Payment Card Industry (PCI) DSS assessment, Personal Identifiable Information (PII) Audit,
Information Security audit, project management, and risk management to your company.
I have been working in IT management roles for more than 15 years. I am a Certified Information Systems
Auditor (CISA) and certified Project Manager (PMP). I took the exam of CPISM (Certified PCI Security
Manager) last week and expecting the certification within two weeks. I am also a Cisco Certified Design
Associate (CCDA) and Cisco certified Network Associate(CCNA). As a highly proficient and experienced
professional with a passion for technology, I am skilled in many areas, which will be of use to your company. The
following is a summary of these skills:
IT and SOX Audit
Payment Card Industry (PCI) DSS Assessment
Project Management
Federal Trade Commission (FTC) or Personal Identifiable Information (PII) Audit
Privacy and GLBA Act
IT Security Audit
BS7799 / ISO 27001 IT Security Implementation and Audit
Business Continuity Plan and Disaster Recovery Plan (BCP/DRP) Audit
IBM Mainframe Audit
ERP (SAP and PeopleSoft) Audits
HIPAA Compliance Audit
Software License Review and Audit (IT Asset Management Audit)
Enterprise Risk Management
Process Improvement Projects (SIX Sigma and ITIL)
Oracle Database Consolidation and Disaster Recovery
System Migration from AS/400 to ERP SAP R/3 and PeopleSoft
I look forward to meeting with you to discuss the opportunities for employment with your company.
(Please note that I am a green card holder or permanent resident and am eligible to work for any employer in
USA)
Thank you for your consideration.
Sincerely,
Arvind Ganesan
Aravindan (Arvind) Ganesan CISA, PMP
E-mail: *********.*******@*****.***
Phone: 978-***-**** (c)
*********@*****.***
Executive Summary
More than 15 years of IT audit, PCI DSS audit, security, project, technical and risk management
experience galvanizing teams in core initiatives including SOX-404 IT Audit, PCI Audit, Information
Security, Technology Risk Management, Project Management, Technical Management, and Corporate
Compliance while serving as a change agent for efficiency improvements with expertise in Platform and
Interface Management.
Significant Achievements
Took the exam of CPISM (Certified PCI Security Manager) last week and expecting the
•
certification in two weeks.
Obtained certifications of CISA (Certified Information Systems Auditor) and PMP (Project
•
management professional.
Obtained certifications of CCDA (Cisco Certified Design Associate) and CCNA (Cisco
•
Certified Network Associate).
Effective manager who motivated and aligned IT auditors through logical achievement oriented
•
thinking and negotiation skills
Managed a team of IT auditors and reviewed the audit work papers of SOX-404 IT Audits and
•
findings matrix.
Reviewed the IT General controls and recommended the best practices adopted in the industry.
•
Developed audit programs every year.
•
Prepared the final audit reports for numerous audit programs.
•
Managed PCI (Payment Card Industry) and FTC (Federal Trade Commission) Privacy audit with
•
five auditors.
Coached the auditors for the latest trends in technology and compliance
•
Audited and tested controls for SAP, PeopleSoft, JD Edwards, Oracle, DB2, MS SQL, IBM /390,
•
IBM Z/OS, AS/400, AIX6000, UNIX, Network, IT security, firewall, systems, and web
applications
Established Security Committee offering ISO 27001-certification guidance, while working with
•
external auditors and directing IT security audit procedural policies.
Conducted integrated, operational, and business process audits and recommended the business
•
process and IT system related controls
Audited the implementation of BCP and DRP plans and recommended the best practices in the
•
industry
Designed large IT networks, configured and administered CISCO and PIX firewalls, Routers and
•
Switches.
Implemented controls and processes based on COBIT/COSO/ISO17799/ITIL methodology
•
Harnessed process, procedural, and control quality using Six Sigma methodology
•
Performed complex IT Risk Assessments, Vulnerability Assessments, Entity Level Controls
•
Assessments, IT Infrastructure Audits, Business Continuity Planning, Technology Risk
Management, SAS70, HIPAA Act
Professional Experience
TJX Group Companies, Framingham, MA June 2008 to till date
Lead IT Auditor /Project Manager-IT Audit (Consultant)
Manage the team of five IT auditors for carrying out the numerous IT audits. Developed, planned,
managed, and executed audit programs for PCI-DSS and FTC Privacy regulations and SOX 404-IT in
TJX corporate offices in USA, Canada and Europe.
Payment Card Industry (PCI) Data Security Standard (DSS) Compliance Audit
Manage the team of five auditors to conducting the PCI DSS audit and safeguarding the
systems that are used to process the credit card Information. Identified and evaluated
encryptionprocesses, key management processes, system configuration standards, anti-virus,
vulnerability scans, patch management, Penetration test etc., relating to PCI and recommended the
controls and processes required to comply with PCI. Audited the systems in Europe, Canada and
USA.
Evaluated the 12 high-level requirements and 245 controls given in the PCI standards and identified
the deficiencies in the system, and coordinated with external auditors (VeriSign) and process owners
to remediate the deficiencies.
Federal Trade Commission (FTC) Privacy and GLBA act:
Manage the audit of the systems that are related to storing and processing of the customer and
associate information. Identify the requirements of FFIEC –Information Security IT Examination
Handbook, OCC bulletin 2001-35 and GLBA Act to evaluate the effectiveness of the controls
implemented in the company.
World Bank -Washington DC Feb 2008 to June 2008
Principal Bank and Financial Group -Des Moines, IA Nov 2007 to Jan 2008
IT Audit Consultant
ERP( PeopleSoft and SAP) Systems and Application (Benefits) Audit:
Conducted the application security and integrated business audit for their ERP (People Soft and SAP)
systems and identified the gaps and deficiencies in the applications and systems as per World Bank's
auditing guidance and standards.
Privacy and GLBA Acts
Conducted system audits to comply with privacy and GLBA acts. Evaluated the security of systems
that hold the personal and customer information. Identified the gaps in the policies and procedures
and recommended the solutions to safeguard the customer and personal information.
SOX 404-ICFR Audits
Project managed the ICFR (SOX-404) audit and identified the risks and gaps in the critical financial
systems.
HIPAA Compliance Audit:
Conducted the HIPAA compliance audit for one of their healthcare division and identified the
deficiencies.
IBM Mainframe Audit
Audited the IBM system/390 (MVS) GDPS/XRC data mirroring, storage systems and other systems
and recommended the best practices adopted in the industry.
IT Security Audit
Conducted the IT security audit including firewall, DMZ and LAN/WAN (Secured Sockets Layer and
Virtual Private Networks(VPN)) and audited the systems per COBIT and COSO
standards.
Keane Inc., Boston, Massachusetts Aug 2004 – Sep 2007
Senior IT Audit Manager
Served as a principal liaison between executive and senior management to finalize company’s IT and
integrated audit programs, reviewed the work papers, test cases and validated critical processes for SOX-
404 IT audit while managing three IT auditors. Identified, evaluated, and ranked the risks related to IT
systems; identified and documented control gaps for each financial application system; and recommended
viable solutions to remedy any significant deficiencies. Recent projects include the following:
Compliance of Sarbanes Oxley 404/302 Internal IT Controls: Audited and tested controls for
•
PeopleSoft, JD Edwards, Oracle,DB2, Infinium, AS/400, AIX6000, UNIX ( Sun Solaris),
Network, IT security, systems, and applications. Spearheaded IT risk management plan, which
included the design of low-risk systems. Audited the systems in USA, UK, Canada, Australia and
India.
• ERP PeopleSoft and SAP SOX-IT Audit: conducted integrated audits of business functions
supported by application systems, Identified and resolved complex auditing and information
system issues
• Audit of Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP): Audited and
recommended best practices adopted in the industry for BCP and DRP
• ISO 27001 IT Security Implementation and Audit: Recommended and assisted in
implementing the Information Security Management System (ISMS) framework and developed
enterprise-wide security policy
iBasis, Burlington, Massachusetts April 2001- Aug 2004
Project Manager –IT Audit
Developed project management plan from initial design to final implementation, which included
collaborating with Senior VPs and Directors to determine strategy and allocating budget and resources;
implemented controls and processes required for the Sarbanes Oxley (SOX)-404 IT Audit .Managed and
audited the systems in Frankfurt, Amsterdam, Paris, London, Japan, Hong Kong, Singapore, United
States, and India
SOX-404 IT Audit: Evaluated the policies, procedures and controls based on COBIT and COSO
•
framework, identified the gaps and recommended the controls required to comply with SOX-404.
• Implementation of Change Management Process and Control: Assisted in formulating
policies and procedures for change management control, system security, and backup for
identified deficiencies
• Global IT Security Audit Project: Project managed and audited the security of the systems and
networks in remote locations and identified the gaps and risks in the network and systems
AT&T Wireless, Pittsburgh, Pennsylvania Mar 2000-April 2001
Project Manager
Managed a group of 10 network consultants and engineers for the design and implementation of a
complex network; implemented Lucent’s design of layer 3 IP-based networks for AT&T Wireless systems
in 91 locations
AL Futtaim Trading, Dubai, UAE Mar 1996- Mar 2000
Network Manager/Controller
Managed the IS team with a group of software, system, and network consultant; led team of consultants
for several information systems related projects
• System Migration from IBM AS/400 to ERP SAP R/3 System: Solved the Y2K issues within
one year while managing a 20-member team; implemented controls required for internal audit and
government security regulations
• ERP SAP R/3 Audit: Implemented logical security and change management controls
• Network and Security: Designed the LAN and WAN network and implemented IT security
using PIX firewall and IDS
Philips India Ltd, Madras, India Jan 1995- Apr 1996
Assistant Automation Manager
Education
Master of Business Administration/Technology Management
University of Phoenix, Boston, Massachusetts (expected completion 2009)
Bachelor of Engineering - Major: Computer Science
Anna University, College of Engineering, Madras, India
Certifications
CPISM-Certified PCI Security Manager (Awaiting certification)
CISA-Certified Information System Auditor ISACA 2005
PMP-Project Management Professional 2001
Six-Sigma Green-Belt Course, Keane – (awaiting certification) 2008
ISO 27001 Information Security Management System Lead Auditor (awaiting certification)
Cisco Certified Design Associate (CCDA) 2000
Cisco Certified Network Associate (CCNA) 1999
Training Courses
CISSP - IT Security Course - ISC2 2005
ISO 27001:2005 Information Security Management System Lead Auditor Course 2006
Database Auditing, Security, & Compliance-ISACA Chapter 2007
Risk Management Framework- PMI Chapter 2005
CISA Course-System, Network, Security, BCP and DRP - ISACA Chapter 2004
Project Management - PMI Chapter 2000
ERP SAP R/3 Basis and Security - Dubai 1999
ERP SAP R/3 Sales and Distribution Module - Dubai 1999
ERP SAP R/3 Material Management Module - Dubai 1999
Technology Profile
Audit and Security Assessment Tools
ACL, Visio, Business Objects, CA Top Secret, Crystal Reports, Nessus, and Sara
Frameworks/Change Management Tools
COBIT/COSO/ISO 27001/ITIL, Quest STAT change management tool for PeopleSoft and AS/400 and
SAP Transport Management System (SAP TMS)
Systems and Software
SAP ERP R/3, PeopleSoft, JD Edwards, RS6000, IBM AS/400, DEC VAX 4000, IBM 3090, IBM 390,
HP 9000 UNIX/Linux systems, Windows 2000/NT, MS SQL, Oracle, DB2, PL/SQL, Developer 2000,
RPG/400, ABAP/4, UNIX, and C
System and Network Security
Checkpoint/PIX Firewall, Router, Layer 3 Switches, Active Directory, LDAP, IDS, VPN, IPSec, PKI,
digital signature, SSL, SET, encryption and cryptographic systems
Vulnerability and Event Correlation Tools:
Rapid 7, Symantech Enterprise Security Manager (ESM) and Arcsight.