Fernando Alem, MBA, CGEIT, CRISC, CISM, CISA
[*************@*********.***] [301-***-**** / 301-***-****]
**** ****** **, ***** *****, MD 20815
Profile
Senior Executive with more than 20 years of international experience in all areas of Information Technology, business transformation and operations. Visionary, truly global leader focused on business results with a strong background in several industries.
Led IT transformations and enabled enterprise-wide business initiatives through people, processes, and technology. Elevated IT to be a strategic asset and sales enabler for customer success in centralized/decentralized multinational corporations ($30B+).
Key areas of expertise: ERP (SAP/ORACLE/Netsuite), IT Security frameworks and tools, IT Audit Programs, Social Media, SOX ITGC/App/SOD/SAT Controls, ITIL, SDLC, QA-testing, Web Assessments/PenTests, Infrastructure, DRP\BCP, Risk-Assessments, IT Governance, and Project Management.
Work Experience
DISCOVERY COMMUNICATIONS
Vice President, Global Corporate Systems & Compliance [Jul 2014 - Present]
Responsible for executive leadership and financial accountability of Discovery’s entire portfolio of internally developed and 3rd party business applications, including financial, logistics, HR, content management, business intelligence, and collaboration systems. Strong team builder and mentor; focusing on empowering staff to maximize their potential though effective internal and external collaboration.
Key contributions:
Build effective working relationships with senior management, IT teams, internal/external auditors, business units, joint venture partners, and other customers to ensure consistency in the execution of IT projects.
Guide business analysis for all software projects throughout Discovery’s operations, globally.
Oversight of a global team that provides software product strategy, establishes roadmaps, and executes according to top business priorities.
Vice President, Information Security, Compliance & HR Systems [Jul 2010 - June 2014 ]
Responsible for leading internal IT Security & Compliance teams for IT Security Operations, Projects, Sarbanes-Oxley/Safe-Harbor compliance efforts with a broad understanding of COBIT/ISO 2700x frameworks, best-practices, and Infrastructure/Applications processes. Oversight external auditors’ activities to reduce redundancies/costs, build cohesive assessments, and minimize disruption of IT operations.
Key contributions:
Lead IT teams in all IT Security & Compliance related programs and projects, internal/external assessments, risk management activities, and SOX ITGC activities (planning, control-self testing, deficiency analysis, reporting, follow-up) working with IT professionals, business representatives and internal/external auditors.
Oversight IT Security Operations and Governance including assessments on high-risks areas, setting KPIs and roles & responsibilities, monitoring remediation actions on controls deficiencies, participating on the SDLC, generating awareness, monitoring threats evolution, and recommending areas for improvement.
Directed all aspects of IT Compliance Review Process in accordance with best-practices.
Director, IT Audit [Jul 2007 - Jun 2010]
Directed internal\external IT Audit teams for IT Audit projects and Sarbanes-Oxley testing efforts with a broad understanding of COBIT/COSO frameworks, IT best-practices, and Business processes. Coordinate external auditors’ activities to reduce redundancies/costs, build cohesive projects, and arrange resources.
Key contributions:
Lead IT Audit teams in all IT Internal Audit projects, SAS70 reviews, and SOX activities (planning, update documentation, testing, deficiency analysis, reporting) working with internal/external audit professionals.
Guided many stages of Sarbanes-Oxley ITGC workstream including documenting key processes, identifying risks and controls, performing walkthroughs, performing control gap analysis, developing test plans, performing test work, identifying and recommending areas for improvement, providing support to the external auditor, and evaluating compliance management software solutions.
Directed all aspects of an audit process in accordance with the Standards for Professional Practice of IA.
MEDIMMUNE-ASTRAZENECA
Manager, IT Audit [Aug 2005 - Jun 2007]
Managed IT Audit teams for projects and Sarbanes-Oxley testing efforts with a broad understanding of COBIT/COSO frameworks, IT best practices, and business processes. Supervise and coordinate external auditors’ activities to reduce redundancies/costs, build cohesive projects, and arrange resources.
Key contributions:
Lead IT Audit teams in all IT Internal Audit projects, SAS70 reviews, and SOX activities (planning, update documentation, testing, deficiency analysis, reporting) working with internal/external audit professionals.
Evaluated the adequacy and effectiveness of IT ELC, ITGC, annual company-wide risk assessment, and Access/Application Controls identifying areas for improvement, and assessing the sufficiency implementation of Management’s corrective actions.
Managed all aspects of an audit process (planning engagements, risk assessments, developing audit programs, performing audit procedures, documenting audit work performed, drafting audit reports, and communicating with management) in accordance with the Standards for Professional Practice of IA.
PHILIP MORRIS INTERNATIONAL
Manager, SAP Security & QA [Jul 2003 - Jul 2005]
Managed IT Security/QA teams (with 21 people in charge) in Latin America countries, with a broad understanding of SAP security & best practices, QA testing, and business processes. Supervised the IT Security\QA teams before\after implementing SAP in each country. Responsible for planning and building IT Security solutions (Firewalls, IDS) that reap the rewards of ERPs while protecting assets.
Key contributions:
Lead the regional groups in support of corporate IT Security process, SOX reviews, forensic/fraud investigations, and common security projects with external auditors.
Supervised assurance by monitoring, testing, and auditing (using CAATs tools) the effectiveness and efficiency of IT GCC, Access, and Application controls (using COBIT).
Recommended IT Security/QA improvements for ERP systems (SAP R/3, BW, CRM) to protect proprietary and confidential data and preserve the integrity of ERP. Conducted IT Security training programs.
ACCENTURE
Team Leader, SAP Security & QA [Aug 2002 - Jun 2003]
Supervised an IT Security team of four security officers and two QA analysts. Led the implementation of IT Security activities under the following platforms: SAP R/3, BW, Oracle, Unix, and AS400. Responsible for coordinating worldwide the full project cycle: development, training, testing, production and post-production.
Key contributions:
Conducted QA reviews of the standardization and implementation of existing and new business policies and procedures. Made recommendations to IT Management for improving security and QA structures.
Designed and implemented methods for security policy compliance, as well as recovery and business continuation planning programs. Developed training courses to increase security aspects of IT.
Reviewed SAP R/3 systems with security products to detect and solve security weaknesses.
ROEMMERS PHARMACEUTICALS
Supervisor, Information Security [Jul 1999 - Jul 2002]
Coordinated an internal controls/security team of three security officers. Reviewed DRP\BCP and BIA, Policies & Procedures, Datacenter Ops, DB’s, and financial apps security/change management controls. Implemented the annual security plan for IT/Business areas. Reviewed external audit team work, and performed IT Security Risk Assessment.
Key contributions:
Implemented IT Security plans at all corporate locations, and other companies within the holding providing post implementation audit reports and internal controls assessments.
Established security measures to support disaster recovery efforts. Developed changes to work procedures in order to strengthen security measures. Supervised the implementation of security tools.
Performed IT Security reviews (using COBIT, IDS tools, PT), and developed security indicators for SAP R/3.
SANTANDER BANK
Supervisor, Information Security [Feb 1994 - Jul 1999]
Supervised a security team of nine officers. Implementation of security web tools. Designed norms, procedures, policies and strategies for safe e-commerce. Implemented an IT Security web plan. Implemented Penetration Testings for home banking, Intranet, and Extranet websites. Implemented security reviews on IT DRP for Internet attack.
Key contributions:
Coordinated IT Security plans related to Policies & Procedures, Datacenters operations, and SDLC.
Performed IT Security reviews (related to network, users, resources, and access to critical systems) in accordance with Argentina’s Central Bank regulations.
Implemented security performance indicators for senior management.
Education & Certifications
Master in Business Administration (MBA) [2002 – 2003]
Universidad Centro Estudios Macroeconómicos de Argentina (UCEMA)
Master Degree in Computer Science [2000 – 2001]
Universidad Argentina de la Empresa (UADE)
Bachelor Degree in Computer Science (B.S.) [1994 – 1999]
Universidad Argentina de la Empresa (UADE)
Certified Information Systems Auditor (CISA) [2005]
Information Systems Audit and Control Association (ISACA)
Certified Information Security Manager (CISM) [2007]
Information Systems Audit and Control Association (ISACA)
Certified in the Governance of Enterprise Information Technology (CGEIT) [2008]
Information Systems Audit and Control Association (ISACA)
Certified in Risk and Information Systems Control (CRISC) [2010]
Information Systems Audit and Control Association (ISACA)
Publications
Newsletter: Informática Profesional - CPCI (Argentina). Articles on DRP and BCP. [2003].
Magazine: América Económica (Latin America). Article on Prevention of Fraud and IT Espionage. [1998].
Newspaper: La Razón (Argentina). Article on Prevention of Computer Science Crimes on Internet. [1997].
Magazine: Information Technology (Argentina). Article on Internet & Computer Center IT Security. [1997].
Teaching Experience
ExpoSecurity 2004 (Argentina). Speaker in conference: “Security, Audit and Quality Assurance on ERPs” [2004].
ExpoSecurity 2003 (Argentina). Speaker in conference: “Using COBIT for Security and Quality Assurance” [2003].
Information Security Education Center (Argentina). Speaker in the course: “Specialization on IT QA and Security” [2003].
Universidad Tecnológica Nacional (Argentina). Speaker in the post-graduate course: “Audit and Security Information" [2003].
Universidad Católica de Salta (Argentina). Speaker in conference: “Two Days on IT" [2002].
Institute for International Research (Argentina). Speaker in conferences: “Information & web security on internet" [2001]
“Intelligent storage of information" [2001]. - “Prevention, detection and control of fraud in organizations" [2000]. - “Security and prevention of fraud in financial industry” [1998]. - “Control of security and IT web fraud" [1997].
Asociación Profesionales Tarjetas de Crédito (Argentina). Speaker in conference: “Banking product risks and IT Security” [1998].
Special Mentions
Centro Argentino de Ingenieros (Argentina). Pre-Engineering contest for designing, development, and implementation of:
“Educational-University Student Website for Universidad Argentina de la Empresa” [2001].
Memberships
ISACA - Information Systems Audit & Control Association
ISSA - Information Systems Security Association