Results-driven, customer-focused information technology professional offering expertise in architecting and integrating business operations into IT process audit, compliance, and remediation for logical access control, business continuity management, general risk assessment, security risk assessment, project management, and data analysis. Efficiently collaborates with all corporate enterprise groups and remote locations. Works well in multicultural environments and builds effective work relations with clients and colleagues.

CERTIFICATIONS

Information Systems Audit and Control Association (ISACA)

Certified Information Systems Auditor (CISA)

TECHNICAL SKILLS

Compliance: IT SOX 404 302 SAS 70 SSAE 16 Service Organizations Control (SOC),

PCI-DSS, FFIEC BCP, HIPAA, ARRA HITECH

Infrastructure: DB2, Oracle, MS-SQL, MySQL, Microsoft SharePoint, Apache, IIS, Cisco, Firewalls, Active Directory, Novell

Operating Systems: Windows servers, Linux–Mandrake/Red Hat, Solaris, AIX, z/OS (OS/390), OS/2

PROFESSIONAL EXPERIENCE

XEROX (“Conduent on Jan 01, 2017) 2013/04-present

Information Security Principal

Managed PCI-DSS & SSAE16 I.T. security and compliance for $80B/year transaction flow

Project managed remediation actions as needed

Wrote and Implemented policies, standards, processes and procedures as needed

Performed identity access management 100% audits across multiple types of systems and applications

Starting January 01, 2017, tracked 80+ PCI-DSS enclaves, managed 4 staff, provided PCI-DSS subject matter expert consulting to 20+ PCI-DSS enclaves.

BRIDGE360 2012/07-2013/03

Information Security Principal, at client Xerox, Austin, Texas

Determined PCI-DSS & SSAE16 compliance gaps

Responded to client requests and client security surveys

Project managed remediation of security and compliance gaps

THE OPERARI GROUP 2011/02-2012/07

Senior Consultant, at client IBC Bank, San Antonio, Texas

Wrote Business Impact Analysis report (166 pages), Risk Assessment (70 pages, including an overall assessment to industry standards best practices) and FFIEC Gap Analysis (20 pages), after interviewing nearly 100 people across nearly 50 business functions in 5 cities, toward updating Business Continuity Plan and IT Disaster Recovery Plan.

Developed and documented (including 130 site photos) Business Continuity Local Physical Risk & Security analysis for 4 locations (180 pages total).

Researched and reviewed 50 business continuity management software solutions, presented 7 to senior management with a strong recommendation for one, and conducted an acceptance trial of the software to the client’s staff and management satisfaction.

Implemented and deployed business continuity management software product, customizing to FFIEC compliance with SharePoint 2010 Designer and SQL Server Reporting Services.

SECURANCE CONSULTING 2010/10-2011/02

Senior Consultant, at client WellMed, San Antonio, Texas

Interviews and documentation for Business Impact Analysis reports with 70 business functions toward creating an IT Disaster Recovery Plan and then a Business Continuity Plan.

SCOTT & WHITE MEMORIAL HOSPITAL 2009/04-2010/05

Information Services Security Administration and Audit Manager, Temple, Texas

Managed 7 security administrators

Addressed security change exceptions needed for business operations by managing process changes, integration with IT technical SMEs, vendor discussions, implementation of security controls and reviews.

Wrote security access control policies, processes and procedures. Edited social media policies, hardware inventory policies, network security policies, and IT procedures.

Worked on HIPAA/HITECH Breach Law compliance (access control and audit trail) and incident investigations. Monitored HITRUST Common Security Framework development.

Performed SOX compliance across multiple systems and applications

In-depth audit involving 10,000 security access rights involving 450 managers with 5,000 employees, and over 1,400 compliance evidence emails.

Initial PCI-DSS compliance design of network security and business processes.

HOOVERS, INC (part of Dun&Bradstreet) (contract by Technology Navigators) 2008/09–2009/03

Compliance Project Manager, Austin, Texas

Managing first time PCI-DSS compliance: scope, audit and remediation.

SOX Business owners’ application security account ownership and privilege verification for all users of about 100 assets.

SOX Technical owners’ configuration documentation and securing for about 100 assets.

RAINMAKER SYSTEMS (by contract via Robert Half) 2007/08–2008/08

IT SOX Auditor, Austin, Texas

Sole inside IT auditor supporting Rainmaker’s first SOX certification (2007). Extensive business owner involvement for user account ownership and privilege verification. Software, server and infrastructure hardening.

Brought new acquisitions (in California, Montreal, and Manila) into SOX compliance.

Sole inside IT auditor supporting PCI-DSS compliance and ISO27k evaluation

Resolved physical security issues including physical access controls and video procedures.

DELL (by contract via Spherion) 2007/04–2007/05

Program Manager, Austin, Texas

Audited disaster recovery compliance information for nearly 300 applications.

ADVANCED MICRO DEVICES 2005/04–2007/01

Senior Project Manager, Austin, Texas

TEMPLE-INLAND, INC. (by contract via Corestaff Services) 2004/04–2004/12

Program Manager, Austin, Texas

SMARTER SOLUTIONS, INC. 2004/01–2004/04

Applications & Systems Programmer, Austin, Texas

IBM CORPORATION 1980/06–2003/12

Web Operations Team Leader, Austin, Texas, 1998–2003

Application Programmer Perl, Austin, Texas, 1996–1998

Customer Technical Support, Roanoke, Texas, 1990–1996

Systems Support Programmer for MVS and VM, Dayton, New Jersey, 1982–1990

Applications Programmer, Montvale, New Jersey, 1980–1982

EDUCATION

Bachelor of Management Science, University of Connecticut, Storrs, Connecticut

PROFESSIONAL DEVELOPMENT

See recommendations @ http://www.linkedin.com/in/johnkulas

ISACA CISA certification# 0867674

Other industry events relating to IT auditing and IT security

Contact this candidate