Management Security

Location:

Altadena, CA

Posted:

July 13, 2017

Contact this candidate

Resume:

CLIFTON A. FRANKLIN

**** ******** ***., ********, ** 91001

626-***-**** - Mobile / E-Mail: ac1aks@r.postjobfree.com

Career Summary

As an aspiring PMP candidate with over 25 years of continuous expertise providing technical solutions in the domains of Audit; Security and information technology for national and international organizations. With a proven track record in evaluating systems based on security requirements; Assessing vulnerabilities, security controls and level of residual risk of systems. Maintain and enforce the Client’s system security policies and serve as an advisor on information security matters. A seasoned security professional, capable of providing a practical approach to the security of data, information systems and risk management that meets both the needs and constraints of the organization. With proven achievements, regardless of the technical, non-technical, and political challenges within an organization; I am capable of implementing a “defense-in-depth strategy” using multiple layers of security; Physical / Operational Security, Network Perimeter, Application Layer, Storage Layer, Data Layer, End Points. Major Responsibilities Have Included: Security Policy and Security Classification Guide Development, Data Privacy Protection / Personally Identifiable Information (PII), Conducting Risk Assessments / Mitigation Guidance, Performing Certification / Accreditation of Classified / Unclassified Information Systems. Both local and international expertise in the project management institutes process areas of project initiation, planning, execution & control, and closure. The majority of my work has been in the domains of Project and Risk management; Cyber Security and Info Tech; SOX / PCI and Compliance; with expertise in achieving business objectives by improving systems and practices to enhance quality and operational.

Specific Experience:

Extensive experience in Project management lifecycle initiation, planning, execution & control, and closure with a strong background in project development and implementation,

Monitoring security and compliance with risk exposure related to management policies and provide counsel on the quality of portfolios

Developed IT security procedures and policies relating to SOX & NIST compliancy.

Performed security assessments (C&A) for multiple clients using NIST Guidelines (800-18,37 etc.)

Excellent knowledge of internal controls and risk-based auditing. With a firm understanding of security principles and Sarbanes Oxley, balanced with an ability to understand key business drivers and issues having successfully implemented those principles in complex environments

Planned, designed and implemented leading edge cyber analytic information systems against cyber threats and evaluated capabilities to support the program’s strategic goals

Responsible for developing and managing the Risk Register where all risks are identified, classified, evaluated, and analyzed based on measured metrics and conducted risk assessments on behalf of the enterprise as part of delivery to comply with Risk Management strategies.

Trained in ISO 27001 Information Security Management System (ISMS)

Complete real-time SIEM triage, event analysis, correlation, alerting, and response

Ability to develop strong partnership in different cultural environments. Task oriented with excellent team leadership and communication skills.

Education

Bachelor in Clinical Psych. and MIS, United States International University, San Diego, CA and London, UK (Graduated)

Villanova University – Certificate in Project Management

Certifications

PMP, Aug. 2017 Project Management Institute (In progress)

ISO 9000-2001 Certification, OAO Corporation Greenbelt, MD

Trained in ISO 27001 Information Security Management System (ISMS)

Languages

French FSI 4+

Professional Experience

March 2016 – Present PM / InfoSec Consultant; Ares Mgmt., Century City, CA;

As PM/InfoSec Consultant, I am responsible for the SOX IT Infrastructure, Security, IAM and Change Management review and testing endeavor including planning, execution and monitoring for application controls, significant reports; testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

Developed IT security policies relating to SOX & NIST compliancy.

Performed Internal and External vulnerability assessment using Third party vendors

Managed Security and segregation of duty utilizing Identity and Access Management applications for more than 2500 employees and 50 applications as well as the implementation of the “AAA” (Authentication, Authorization and Accounting) approach.

Research, evaluate and recommend various Computer Network Defense Tools, Data Loss Prevention (DLP) Tools and Security Information Event Management (SIEM) Tools to provide for the identification of malicious network activities or indicators of Insider Threats on DoD classified and unclassified networks. (Verdasys,CyperArk Digital Guardian, Raytheon Sureview, QRadar, Arcsight, Carbon Black, Bit9, ProofPoint Etc.)

Participate in CoBit and Internal Control review and analysis with involvement in the overall IT testing and compliance for Sarbanes-Oxley 404 and 302. Collected IT security and CM related audit information, prepare documentation, review audit data, assess and analyze IT test results for compliance completeness and accuracy as per the specific audit plan.

Monitor Email and Web Security Gateways; McAfee SIEM/Gateway, Websense,

August 2015 – Feb. 2016 Sr. IT SOX Consultant; Edison, Monterey Park, CA; WinCorp Solutions

As Sr. IT SOX Consultant, I am responsible for the SOX IT Infrastructure, Security and Change Management review and testing endeavor including planning, execution and monitoring for the application controls, significant reports, Security and segregation of duty; testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

Responsible for control narratives (legacy and transition to new control environment), testing of significant reports, application controls and all security reports for the company. Provided weekly status update meetings concerning the overall SOX/Internal Control progress for Sr. Audit Management. Worked with internal and external auditors to coordinate needs and minimize cost of compliance.

July 2013 – April 2015 SOX Manager/ CONSULTANT; Mercury Insurance, Brea CA; Experis

As SOX Manager, I was responsible for managing the SOX endeavor including planning, execution and monitoring for the application controls, significant reports, Security and segregation of duty; testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

Prepared project plans; staffing plans and financial budgets to justify SOX effort to senior management, business sponsors, steering committee and audit committee.

Participate and /or lead special projects, including CoBit, COSO and Internal Control with involvement in the overall financial/IT testing and compliance for Sarbanes-Oxley 404 and 302. Collected financial/IT audit information, documentation, review audit data, assess and analyze IT test results for compliance completeness and accuracy as per the specific audit plan.

Assessment and Auditing of legacy Network Authentication, Authorization, and Accounting systems for upgrade to new IAM application.

Responsible for control narratives, testing of significant reports, application controls and all security reports for the company. Provided weekly status update meetings concerning the overall SOX/Internal Control progress. Worked with internal and external auditors to coordinate needs and minimize cost of compliance.

November 2011 – Jan. 2013 SR. IT AUDIT/SOX Consultant Union Bank/ Kaiser PERMANENTE

Pasadena, CA:

Ensure the accurate and timely compliance of SOX controls for the Health Plan portfolio. In collaboration with HP SOX Program Management office (PMO) and Business partners to achieve SOX (Sarbanes Oxley) goals. Key activities:

Provide and ensure that in scope HP applications comply with all SOX controls for Security and Change Management. Perform day to day SOX control reconciliation and identify and resolve issues (early in the process) on a timely and accurate basis.

Create and or maintain all SOX documentation for releases: SR, content document, content SR approvals, system test plan, system test plan summary, UAT test plan, UAT test plan summary, go-live document, approvals, post-live approvals and review meetings.

Track, report and monitor SOX application remediation efforts (managing corrective actions and other actions resulting from findings). Create and provide SOX Metrics and support/participate in all Audits and Audit processes.

Ensure appropriate segregation of duties within IT and consult with business partners on appropriate roles; provide reports that monitor violations.

December 2009 - PRESENT: CEO-FIST Project Manager – Los Angeles, CA; Europe, Africa:

As CEO/Consultant, I was responsible for full scale Scope of Works for IT Project Mgmt., Audit, SOX and Security engagements.

Conducted IT Security assessments and evaluations and prepared reports to management, business sponsors, steering committee and audit committee concerning the overall status of the Internal Control progress.

Worked with internal and external staff to coordinate required mitigation activities and minimize cost of compliance.

Created help desk tickets for security remediation (e.g. removing objects that threatened security postures like malware/rootkit, p2p program, etc.)

Audited Microsoft Server manually and through tools (CIS Benchmark)

Developed IT security policies relating to SOX & NIST compliancy.

Performed Internal and External vulnerability assessment using Third party vendors

Gather reports on targeted threats from all sources, including news articles, research papers, vendor publications, partner agencies, and trusted third parties

Environment: SOX, Cyber Security, Banking and International Organizations, Contract Management and Internal controls

February 2008 - May 2009: Sr. Project SOX Audit/Risk Consultant; Farmers/Zurich Insurance, Los Angeles & Simi Valley, CA:

I managed projects focusing on analyzing current systems environment that captures store and processes credit card information. Solely responsible for directing / managing quality control and implementation of changes that enabled the centralization of management and security of credit card information in compliance with PCI - DSS (Payment Card Industry - Data Security Standard). Lead teams in the delivering of enhancements to the enterprise payment token solution. Coordinated and drove 80% offshore delivery, reducing cost and offloading constrained onshore resources by delivering client strategy through lifecycle including design, build, test and deployment with offshore (India) team of 10 resources. Achieved 70% decrease in production deployment execution outage activities time by redesigning project’s impact to align to executive leadership for reduced and mitigated risk. Assessed Information Security risks of new projects and non-standard IT requests using risk assessment methodologies based on provided architecture. Utilized advanced security protocols and standards, and practices such as scalable technologies (hard and soft). Leveraged management skills to estimate and administer 5,000 work hours with onshore and offshore resources across 15 diverse application teams including retail-POS, ecommerce, middleware, tender authorization, vendor management, and field services.

June 2004 - AUG. 2007: Sr. IT Audit/ Risk Consultant – Aramark/ SLGG / OSI - Systems, Los Angeles, CA; Deluxe-NEBS, Boston, MA:

As Project Manager, I was responsible for delivering engagements testing & reporting results for Sarbanes Oxley 404 and 302 requirements. Prepared reports to management, business sponsors, steering committee and audit committee concerning the overall status of the SOX/Internal Control progress. Worked with internal and external auditors to coordinate needs and minimize cost of compliance. I directed and guided AUCA staff in the testing of SOX compliance at their respective locations and conducting quarterly recertification of controls. Assisted management in the recommendations and implementing of enhancements to departmental processes and procedures. Participated and /or lead special projects when required, including Corporate Audit & Control Services involvement in compliance with Sarbanes-Oxley 404 and the overall IT compliance for AUCA. Reported results of audits and reviews, including recommendations for improvements, to the appropriate levels of management, effectively communicated to emphasize the value of the audit findings that resulted from the work performed. Monitored compliance with risk exposure for management policies and provided advice on the quality IT audit programs to access adequacy of internal controls from a risk based perspective. Summarized audit findings: prepared a summary of the scope of the audits conducted on a fiscal year basis in terms of the number of audits, the key findings.

June 2002 – Dec. 2003; Chief Technology Officer, UnwiredPlus, Inc., Altadena, CA:

Provided leadership in project management, customer relations development and coordinating strong project teams of trained technical, engineering and administrative personnel throughout the life cycle of the wireless infrastructure deployment and implementation. Oversaw and negotiated all major business development deals. Responsible for negotiating comprehensive wireless technology solutions aligned with clients’ strategic business objectives. This included responsibility for all application architecture and development functions, all data centers, production support functions, help desks, quality assurance functions, communication networks (voice and data), and computer systems operations.

Nov, 1998 - March 2002; Project Manager OAO Corp. – JPL/NASA, Altadena, CA

Directed large-scale database information systems projects within the JPL/NASA, provided Contract Management oversight of the maintenance, upgrade, and enterprise wide information technology implementation projects.

Directed 350+ technical employees and project team managers (SDLC, EIS, Network and Flight Operation, Security, UNIX System Administration, Procurement) providing 24-x-7 support for all JPL manned and un-manned space flight missions.

Identified and resolved enterprise information systems issues and presented status on enterprise activities to executive committees and program managers. Compiled information and prepare reports based on both manual and automated sources, and align to applicable security strategies and established processes for NASA Managers.

Responsible for maintaining Security Instructions-Polices-Procedures, SANS Consensus Audit Guidelines, Health Insurance Portability & Accountability Act (HIPAA), PCI Data Security Standards, FEDRamp Cloud Security, ISO, SOX, GLB, CobiT, ITIL

Oct. 1990 – Sept. 1998; Sr. Project HMIS Consultant; USAID/JSI, Mali; Togo; Boston, MA:

Managed and organized the assessments, evaluation, design and recommendations of multiple Health MIS data collection projects in West and Central Africa (Ghana, Cote D’Ivoire, Benin, Burkina Faso, Mali, Togo, Niger, Nigeria, Cameroon, RDC, Congo, Zimbabwe, Uganda, Kenya, Senegal, and Mauritania) Provided Contract Management of the consulting teams engaged in the maintenance, upgrade, and large-scale information technology systems implementation projects of the WHO HIS. Planned, designed and developed a management information system enabling project monitoring and reports; assisted countries to transition from associations to national level Ministry of Health based programs. Developed and implemented a national level HMIS, for the Ministry of Health (MOH) increasing health statistic reporting by 80%. Trained and supervised 200 employees and managers in the assessment and evaluation of the data collection tools and reporting procedures improving the HMIS data collection processes by 75 %.

Oct. 1982 - Sep 1989; Project Manager; USAID, Cote D’Ivoire; Haiti; Wash., DC;

I accomplished in five months, the conversion, deployment and implementation of MACS, a State Department Accounting database application from a manual system (60 million annually). I established the Financial Management Center (FMC), consolidating all accounts payable and accounts receivable for American Embassy missions in West and Central Africa (Ghana, Cote D’Ivoire, Benin, Burkina Faso, Mali, Togo, Niger, Nigeria, Cameroon, RDC, Congo, Zimbabwe, Uganda, Kenya, Senegal, and Mauritania).

Managed and implemented the planning, integration, and network connectivity of the MIS user support center. Oversaw and managed the timely and cost-effective design, planning, acquisition, configuration, and implementation of the computer center supervising 10 cross-functional project teams. Managed and trained over 500+ management and staff personnel in the use of IAM, financial management, inventory, counselor and property management software applications.

Security incident triage and escalation support for security devices monitored by [company name].

Perform daily health checks in line with Standard Operating Procedures (SOPs), Policies, and Work Instructions (WIs)

Managed and organized the assessments, evaluation, design and recommendations of multiple Health MIS data collection projects in Africa. Provided contract management oversight of the maintenance, upgrade, and large-scale information technology systems implementation projects of the WHO HIS.

Developed and implemented a national level HMIS, for the Ministry of Health (MOH) increasing health statistic reporting by 80%. Planned, designed and developed a management information system enabling project monitoring and reports; assisted countries to transition from associations to national level Ministry of Health based programs

Evaluate systems based on security requirements

Assess vulnerabilities, security controls and level of residual risk of systems

Ensure compliance with all mandated State Dept. C&A criteria

Trained and supervised 200 employees and managers in the assessment and evaluation of the data collection tools and reporting procedures improving the HMIS data collection processes by 75 %.

Environment: US Government International Health Management Assistance; Application Development, Project Execution and Control, Security, Contract Management and Risk Management

Contact this candidate