Sign in

Information Security Technology

Park Ridge, Illinois, United States
August 30, 2017

Contact this candidate

Brian Jennings, CISA, CISSP, MBA

*** * ******* ******, **** Ridge, IL 60068 * Cell 917-***-**** *


IT Audit professional with extensive technology audit, Big 4 Risk consulting, and internal audit experience within financial services environments, combined with extensive project management experience. Solid understanding of information security technologies, standards, and control frameworks including NIST, ISO, and COBIT. Experience leading SOX, application control, and project reviews.


RSM LLP, New York, NY and Chicago, IL (after May 2015) 10/2012 – 03/2017

Manager, Risk Advisory Services (RAS)

For the RAS Service Organization Assurance (SOA) group in New York and the Internal Audit group in Chicago plan and manage IT Internal Audit, SOX compliance, Information Technology Risk, and Service Organization Control (SOC) reviews. Financial services clients included banks, broker dealers, investment management, and insurance. Additional industry experience with manufacturing, pharmaceutical, and healthcare clients.

Team and Project Management - Manage the execution of audit plans with cross functional teams ranging from two to eight professionals. Provide guidance to staff regarding internal and external audit methodology or technology risks. In 2016, managed the timely completion of engagements for a portfolio of 37 clients.

Client Relationships and Communication – Develop and foster relationships with client technology and finance executives to ensure that their needs are being met. Present findings to executive level management.

Representative Projects & Accomplishments

•Global Privacy Audit – Developed a privacy audit program based on Generally Accepted Privacy Principles (GAPP) and led a privacy audit of an international foreign exchange client that highlighted gaps in global compliance with privacy regulations.

•Information Technology Risk Assessment –Led an enterprise-wide information technology risk assessment for a regional bank with more than $23 billion in assets that fully addressed banking regulator requirements.

•Hyperion Financial Management (HFM) Audit Program – As part of a system implementation review for a global manufacturer with more than 70 global reporting entities, developed and managed the completion of an HFM audit program covering application, interface, and IT general controls.

•Service Organization Assurance - Led and managed the growth of the New York SOA practice from 1 to 11 clients in 2 years.

•FI Audit Programs - Led financial, application, and operational audits of financial service firms utilizing tailored audit programs designed to address FFIEC and COBIT control standards.

Relevant Technologies Audited & Tools Utilized: Oracle EBS, JD Edwards (JDE), AS400, Hyperion Financial Management (HFM), PeopleSoft, Unix, Windows, SQL Server, IDEA Data Analysis, Caseware, MetricStream, Visio, MS Access, MS Project

KPMG LLP, New York, NY 6/2005 – 10/2012

Manager, IT Risk Consulting Services

Working within the Financial Services practice based out of New York, managed IT General Controls, SOX compliance, FDICIA, and SSAE 16 reviews for money center banks, broker dealers, credit card processors, insurance, investment management, real estate management, and a ratings agency.

Representative Projects & Accomplishments

•Global IT Infrastructure Audit – Managed all IT infrastructure testing for Deutsche Bank (DB) Americas including Security Administration, Database Administration, Problem Management, Network Monitoring, User Access Recertification, Data Backups and General IT Controls for several hundred applications. Created an automated tool using IDEA to compare and verify DB’s security records with the Deposit Trust Company (DTC).

•Led agreed upon procedures engagements of an international credit card processor using the Financial Institution Shared Assessment Program (FISAP), a vendor control assessment designed for financial institutions and based ISO 27001 framework.

•SAP Project Risk Review for International Ratings Firm – Developed a detailed project risk register for a ratings agency implementation of SAP used to help management identify and address risks.

•Loan Staff to Credit Card Processor As Temporary IT Audit Director – Assisted the chief auditor with the completion of the audit universe risk assessment by providing guidance related to potential questions or risk impact for technology issues and initiatives.

Relevant Technologies Audited & Tools Utilized: SAP, Unix, Powerbroker, AS 400, JD Edwards, Windows, Oracle, Archer eGRC, TeamTrack, Teammate, Visio, MS Project, Nessus, AppScan, AppDetective, IDEA

Citigroup, New York, NY 6/1992 - 6/2005

VP, Systems Specialist, CitiDirect Project Team (12/2000 - 6/2005)

CitiDirect is Citigroup's global web-based corporate banking application used by more than 35,000 corporate clients and financial institutions to process a wide range of payment and trade transactions in 90 countries and in 19 languages.

•Managed 160 CitiDirect business requests in 2004, 89 of which were approved for inclusion in a total development budget of over $40 million. Prioritized development based on strategic goals of decommissioning legacy systems and revenue generation.

•Led discussion of requirements between product/business managers and technology organization to ensure the system matched the business needs.

•Designed and implemented the request approval process flow within TeamTrack which was used to effectively manage the prioritization of development for thousands of CitiDirect system change requests and hundreds of millions in technology spend.

Information Security Officer, Citicorp Global Technology Infrastructure (12/1996- 12/2000)

Information security officer for a newly formed centralized Information Security group which included Security Administration, Dynamic Password Tokens, Hardware and Software Encryption, Anti-Virus Protection, Cyberguard and Cisco Firewalls, Entrust PKI, and Intrusion Detection Monitoring.

•Established and managed the Information Security internal compliance function.

•Managed information security operational areas responsible for the provisioning and support for dial-up services, VPN software, dynamic password tokens, and encryption software.

•Led Six Sigma performance improvement projects that reduced the time to provision employee internet access requests by 90%, and streamlined the process for delivering dynamic password tokens to clients and employees.

AVP, Senior Auditor, Citicorp Corporate Audit (6/1992- 12/1996)

Led operational, regulatory, and technical reviews of Citigroup’s Global Transaction Services Departments including; Funds Transfer Network, Cash Management Applications, Trade and Securities Processing, Information Security, and other special projects.

•Within a month of finalizing an application review for a cash management system that was found to have significant control deficiencies the system was compromised and funds were fraudulently directed out of corporate client accounts. This breach led to an urgent implementation of what was then cutting edge technology of dynamic password tokens. My leadership in this audit and participation in the remediation of the findings resulted in me being offered the BISO position within Citigroup’s newly formed Information Security group.

Education & Certifications

MBA, Fordham University Graduate School of Business New York, NY

Concentration: Information & Communication Systems, July 1999

BS, Finance, Northern Illinois University, Dekalb, IL, December 1987

CISSP, October, 2008 to present

CISA, June, 2005 to present

Technical Skills

OS: UNIX (Aix, Linux, Sun Solaris), Windows (XP, NT, 7), AS 400, Windows VMS,

Databases: SQL Server, Oracle, MS Access

ERP Systems: JD Edwards, Oracle EBS, Hyperion Financial Management (HFM), SAP, PeopleSoft, Navision

Tools: IDEA Data Analysis Software, SharePoint, MetricStream, Archer eGRC, Caseware, TeamTrack, Service Now, Remedy, MS Project, MS Excel, Nessus, Visio Flowcharting, AppScan, AppDetective

Contact this candidate