Manager Security

Location:

SF, CA

Posted:

October 17, 2012

Contact this candidate

Resume:

Email address

abozgi@r.postjobfree.com

First Name Middle Last Name Suffix Maiden Name

John Farrell

N/A

Work Phone & Ext Toll Free Phone Fax Phone Home Phone

415-***-****

Cell Phone Pager Personal Web Site Address

415-***-****

Secondary E-mail

abozgi@r.postjobfree.com

Address City, State

Zip

1665 Peridot Dr. Livermore CA 94550

Month/Year Hired Month/Year Left Total Years with Company

Jan 1996Mar 2000 5

Office Division Title

Silicon Valley Consulting ManagerCountry Other Employment Details

(Previous positions, duties, or fun info)

United States

Company Name Position

PG&E Senior Information Security Specialist

Company Web Site

http://www.pge.com

Company Size (employees) Est. Company Revenue Industry

251+ > $25,000,000 Manufacturing

Do you hold any professional certifications?

(Separate with commas)

CISSP, CISA, CEH

Other Current Employment Details

(Description of Position)

As Senior Information Security Specialist I provide a framework and the evaluation skills

for PG&E to assess and manage information risk so that Lines of Business and other groups

implement IT solutions within the PG&E s acceptable level of risk. I ensure that the

confidentiality, integrity and availability of PG&E information is assured. In this role I

am responsible for ensuring the highest level pf protection for PG&E s information assets,

including responsibility for security architecture and implementation. PG&E recently

received the coveted INFOSEC Assurance Capability Maturity Model (IA-CMM) certification.

Birthday Marital Status Spouse's Name Anniversary

Apr 7 Married Phyllis Feb. 10

Children's Names & Ages

Jason 25

John Farrell - Security_Consultant, IS_Manager, IT Auditor.doc

OVERVIEW

Executive Level Staff Management building, motivating and managing multi-level, multi-

discipline teams to optimize quality and productivity.

Thorough experience in technological innovation, complex regulation and increased

accountability.

Proven leadership of projects that embrace innovative applications of technology and

radically improve the way business is done, streamlining operations to increase sales and

lower costs.

Project Management of complex assignments, implementing technology solutions for

strategic enterprise-wide business problems, consistently meeting time and budget targets.

Cross-functional collaboration and relationship building with key members of other

departments, executive management, clients and vendors.

In-depth proficiency managing the full spectrum of departmental functions application

development, infrastructure management and end user support. Comprehensive technical

direction in multiple operating systems, multiple environments (complex client server with

a vast array of interfaces) and widely varied applications.

Technical expertise in revenue enhancing sales tools, and document management systems.

Comprehensive experience in both large and small firm consulting, assurance, IT security,

IT risk control and business engineering. In-depth practice in IT security and audit,

application development, business process controls, information technology controls design

& implementation, project management and assessments of policies and procedures.

Unique combination of talent including information security, auditing and strong

negotiation, facilitation, communication and program management skills.

SKILLS

Management Technical Detailed business analysis

IT control methodology

Sarbanes-Oxley & PCI compliance Operating Systems (Linux, Solaris, Windows 2000 Server,

Windows 2003 Server, Windows XP) Business & Technical Strategies Application Development

IT Security Document & Workflow Management Financial Tracking Financial Transaction &

Process Flows IT risk control 24/7 Support Management Personnel Management Hardware

Management Budget Forecasting IT Security including Payment Card Industry Data Security

Standard (PCI DSS)

PROFESSIONAL EXPERIENCE

PG&E, San Francisco, ca 2007 to PresentSenior Information Security Specialist

Few areas have been as affected by change as information technology (IT). Each of the

major changes has created major risks. As Senior Information Security Specialist I provide

a framework and the evaluation skills for PG&E to assess and manage information risk so

that Lines of Business and other groups implement IT solutions within the PG&E s

acceptable level of risk. I ensure that the confidentiality, integrity and availability of

PG&E information is assured. In this role I am responsible for ensuring the highest level

pf protection for PG&E s information assets, including responsibility for security

architecture and implementation. PG&E recently received the coveted INFOSEC Assurance

Capability Maturity Model (IA-CMM) certification.

Continuously assesses IT assets and projects and defines information risk to PG&E.

Provides recommendations for remediation/mitigation of findings.

Conducts impact assessment and scoring of the new work related to Information Security,

IT Continuity, IT SOX, IT Compliance and audit and Information Risk.

Verisign, Mountain View, CA 2006 to 2007CONSULTING MANAGER

Manager of technical teams for multiple security engagements at client s location. I

conduct reviews, audits and technical assessments of client security either individually

or through team members. I consult on security architecture, infrastructure, and

implementation of proposed solutions. I create and mold multiple computer security

policies to client s particular requirements (information security, email retention, patch

management, etc.). I conduct vulnerability assessments, firewall and security device

review and make technical recommendations for improvement. Specialist in Payment Card

Industry Data (PCI) security consulting, reviews and examinations. Experience in Gramm-

Leach-Bliley Act (GLBA) and REAL-ID compliance.

Deloitte Touche Tohmatsu, San Francisco, CA 2005 to 2006Manager of consultants specializing in Assurance and Risk Management

I helped my clients leverage their Sarbanes-Oxley corporate governance efforts to include

a hard look at business processes and systems. As a manager of professional services, I

was responsible for engagement planning, budgeting, organizing, executing work plans,

managing daily aspects of client engagements and documenting, coordinating and presenting

client deliverables.

Manager for two major Sarbanes-Oxley review and implementation projects for a large

financial institution and a key telecommunications manufacturer. Processed were reviewed,

updated and improved. Recommended controls were implemented by the client to improve the

client s compliance while meeting the business requirements of the company. I used my

technical management experience to quickly drill down to the real issues.

Team lead for a review of all anti-money laundering and Bank Secrecy Act (BSA)

applications within a major bank.

Institutions approach to regulatory compliance.

Review of application architecture.

Investigated application development process.

Made recommendations for improvement to overall business function.

WELLS FARGO SERVICES COMPANY, San Francisco, CA 2000 to 2005Manager, Retail Product Information Technology Infrastructure

Led the detailed technical direction for a team of development and systems technicians in

building multiple Technology Infrastructure applications to improve back and front office

productivity.

Transformed manual processes into an electronically enabled process, i.e. getting the

right data to the right people at the right time so they can make the best decision or

take the correct action. Saved over $1 million dollars in the first year of operation.

Improved the security of sensitive customer data and ensured that the data could not be

inadvertently revealed even assuming an employee error.

Web (IIS, XML and .net) and data interfaces to front offices, middle tier and mainframe.

Heavy use of workflow technology to ensure delivery. Multiple data center replication to

ensure immediate fail over and availability. Database interface with back office for

research and assurance.

Managed an infrastructure consisting of over 125 servers, three operating systems

(Windows server, Linux and Solaris), six separate applications and their associated test

environments. Created an effective and safe fail over system so that no customer

transactions could be disrupted or lost. Used technologies such as clustering to ensure

that no single failure would disrupt an operation. Dealt effectively with network problems

impacting the applications. All servers were supported in a full datacenter environment.

Trained technicians to work successfully in multiple environments.

Drove multiple discipline teams to create production ready systems that maximize

availability and minimize security and operations risk. Created and implemented processes

that ensure successful development, installation and ease of upgrade for these systems.

Oversaw operations and development budgets of $1.6 million and $2 million respectively.

End-to-end project management of entire application process from gathering user

requirements, budgeting, developing, testing and infrastructure support till end of life.

Managed installation of enterprise-wide retail banking applications that boosted sales

and increased customer satisfaction.

Directed a team of technical professionals in developing an innovative sales tool as well

as customer tracking and front office applications to maintain and update account

information. Sales tool experienced a 500% annual growth in usage. Each transaction

completed is a revenue enhancing action.

Fully automated application installation processes to ensure correct set up. Never

experienced an installation failure or need for back out.

No down time on installed applications.

Executed installation of an Operations Center workflow engine, replacing an entirely

manual system in a far shorter time frame than normally possible.

Improved back office operations saving nearly $1.8 million in first year of operation.

SHARED VISION GROUP, San Francisco CA 2000 (hired by client after eight months)

Project Manager, Wells Fargo Bank

Managed information technology architecture engagement for the largest and most

significant client of this e-commerce boutique-consulting firm.

Worked as prime mover and trouble shooter for the bank s IT architect. Involved in

defining the standards for a number of projects including workflow and client server

applications. Managed the turn around of distressed application projects restoring

schedule and budget discipline. Created useful tools for the bankers out of formerly

failed projects.

Led implementation of the bank s application to determine correct rates for loans, CDs,

etc., across the nation. Data is then automatically fed into a broad spectrum of

applications. Created the transaction counting application that manages user billing for

Wells Fargo controlled desktop.

Ensured that effective risk management and security controls were realized while

producing a significant leap forward in speed and usability.

ARTHUR ANDERSEN, San Francisco, CA 1996 to 2000

Manager of computer consultants specializing in Computer Risk Management

Directed Security Management, Business Applications Management and Network Technologies

practices.

Leader of Bay Area information technology security practice.

Conducted security policy planning, writing & implementation

Managed client relationships, determined requirements, presented proposals, and closed

contracts in the western region; managed vendor compliance, methodology, communications,

and work plans.

Managed Y2K efforts for the practice. Numerous clients and engagements at all levels of

complexity. No client suffered even a single failure.

Performed HIPAA enforcement engagements for Fortune 500 clients.

Provided internal audit support and directly interacted with the audit teams providing

computer expertise.

Executed assignments involving re-engineering, systems development, quality assurance and

testing, as well as information security assessment, design, and program implementation.

Evaluated existing systems and developed in-depth Internet and network security

strategies for high tech clients.

Developed firm wide best practices and control standards.

Implemented change control procedures.

Generated over $2 million in revenue for the practice in one year.

EDUCATION

MS, Accounting and Information Systems, Arizona State University, Tempe, AZ

BA, Psychology, University of South Florida, Tampa, FL

Honors, Member, Beta Gamma Sigma, the highest recognition for students in an AACSB

accredited business school program.JOHN D. FARRELL

Certified Ethical Hacker (CEH)

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

ITIL Certified

1665 Peridot Drive 925-***-****

Livermore, CA 94550 page of abozgi@r.postjobfree.com