Thomas Wickes

**** ***** ********

Fernandina Beach, Florida 32034

ac87o8@r.postjobfree.com Cell: 770-***-****

Program/Project Manager - Security, Audit, Risk & Compliance

CERTIFICATIONS

PMP, CISA, SAS70, CPIM, MBA

SUMMARY

Project/Program and Audit, Experience includes over 10 years of experience in IAM and IT Projects, analyzing data, implementing IT COTS solutions and Auditing.

IT experience includes analyzing and working with data from Active Directory, LDAP, and RACF / ZOS inclusive of request-based and policy-based Automated Account & Access Provisioning (RBAC & ABAC) and manually provisioned entitlement exceptions to Cloud and On-Premise data stores

Applications include Cloud and on-Premise COTS and client developed applications. Scope included SIEM, API’s, Data Integration, analytics, monitoring and reporting.

Professional Certifications/Licenses;

• Certified Information Systems Auditor (CISA)

Project Management Professional (PMP)

• Certified Inventory and Production Manager (CIPM)

I have been been a contract consultant since 1995 – which is demonstrated by the amount and frequency of my engagements.

CAREER SUMMARY

Flowers Foods – Thomasville Georgia 11/2018 – 3/2019

Senior IAM Analyst /Project Manager

Flowers Foods currently uses Sailpoint LCM for access provisioning with SAP / Succesfactorss as the HR system of record. I analyzed the implementation and created a project plan in Microsoft Project to integrate the GRC enterprise roles from SAP/Successfactors into Sailpoint for joiner, mover, leaver and rehire processing – further automating the user access transactions associated with mover, leaver and rehire user access actions.

Electric Reliability Council of Texas (ERCOT) – Client

Senior IT Project Management 4/2018 – 10/2018

The Electric Reliability Council of Texas (ERCOT) manages billing and the flow of electric power to 94 million Texas customers -- representing about 90 percent of the state’s electric load.

Developing and expanding the Ercot’s Program and Project Management execution capabilities and managing significant risk in programs and projects in process. Managing an IAM Privileged Account management project (CyberArk) under the direction of PMO and Governance departments. Following the PMP methodology and NIST, NERC, CIP and FSA guidance, worked with ERCOT Compliance to ensure the ERCOT compliance was followed. Duties include reviewing policies and procedures, interviewing operations personnel and IT, creating and reviewing requirements and collecting evidence. Deliverables include formal project planning and oversight, reporting to EPO management and the business unit management and project sponsors the status and compliance with industry standards, government rules and regulations and Ercot policies and procedures. Project piggybacked the Oracle IAM project. Managed the replacement of PowerBroker with LDAP for server authentication on the RHEL Linux platform (800 servers), RHEL versions 5, 6 and 7.

Pennslyvania Higher Education Assistance Authority, Department of Education, State of Pennslyvania (PHEAA) – Client

Senior IT Project Management-Advisory and IT Audit 9/2016 to 4/2018

Working with PHEAA’s Program Management (EPO) and internal audit department on management and reviews of agency wide projects and leading internal audits of agency wide high risk IAM and related focus areas. Leading advisory audit reviews of high risk projects covering the areas of Governance, Project Management, SDLC and Project Specific controls. Advisory activities include client meetings and walkthroughs, reviewing project deliverables and application controls, documenting processes and adherence to policies, procedures and alignment to end strategy and user goals. Audit activities include audit planning and scoping, budgeting and resource planning, findings remediation and review, workpaper and evidence requests, testing and results documentation and audit report preparation and review. Project activities included overseeing the CMS (Call center) system implementation.

Chicago Merchantile Exchange, Chicago – Client 7/2016 to 9/2016

CyberArk Privileged Account and ID Audit

Working with CME’s internal audit department on a time sensitive Privileged Account and user access audit for the firm’s regulator. Reviewing internal policies and controls, designing workpapers, key controls and test steps for the audit. Defining the evidence request lists and working with the process and account owners to test the CyberArk accounts and the controls, automated and manual. Testing the evidence, documenting the results and creating observation and possible remediation steps for deficiencies going forward.

Bank of Montreal, Toronto, Ontario, Canada – Client 6/2015 to 7/2016

Project Manager - IAM Program – CyberArk – ITIM and Aveska (VIA)

IAM Program & Techinical project manager leading a direct team of 3 engineers and a matrixed team of 12, installing and implementing CyberArk at the infrastructure and database level for non-personal priviledged access. Responsibility including directing the infrastructure build for 3 environments, installation of the CyberArk modules in the environments, integration of Remedy ticketing system and onboarding of the accounts, CyberArk applications infrastructure (Vaults, Safes, OU’s Groups and Accounts), creating build and operating documentation, user guides and FAQ’s under a accelerated timeline.

SUNTRUST, Atlanta GA – Client 2013 to 6/2015

Project Manager - SailPoint Program Re-Alignment and CyberArk Implementation

Program/Project Manager Identity and Access Management department under the Technology Risk and Compliance group for SunTrust Bank. Activities included working with the team developing the information technology strategy to build out the operationalization of the current GRC and Information security tools, policies and procedures to comply with current risks, regulations and future state goals. Specifically responsible for directing the implementation of CyberArk, a PIM (privileged identity management) solution implemented to control the passwords for the systems admin access for SunTrust Bank’s Key Financial Applications Unix and Windows servers. The department managed all the user access for the Bank’s applications for 25,000 employees and 10,000 contractors. Applications included CyberArk, Sailpoint, Centrify and Courion. Program/Project Director responsibilities included project oversight and leadership for Process ID access remediation, Data Base access remediation, Attestation (SailPoint), Generic and default ID remediation of System Admins at the server level. Additional director level oversight included project plan creation and management, daily status calls, vendor and resource identification, timing, task assignment and review, forecasting and budgeting (Ecosys), status reporting, heatmap (scorecard) reporting including senior management reporting/presentation.

CBIZ, Cleveland, Ohio – Client

Internal IT GRC and Audit - SOX Compliance 2012 to 2013

Internal Audit IT Director responsible for all aspects of IT testing for SOX compliance. Activities included GRC and IT Risk compliance with procedures and controls, interim and roll forward testing, all communications with the business units and KPMG, developing evidence PBC lists for each location, finalizing testing formats and workbooks, updating the KPMG workpaper site, developing and meeting deliverable timelines and due dates. Worked with the VP of Internal Audit after identifying deficiencies to develop remediation plans. Worked with the business units to address and implement process improvements related to remediation. Was responsible for all reporting and communication with client and KPMG on status and results.

Augme Technologies, New York – Client 2011 to 2012

Project Manager - Internal IT Security, GRC and IT Audit and SOX Compliance

Internal Audit IT Director responsible for complete compliance and SOX attestation project. Projects included Entity level through remediation of business and IT processes and controls. Worked with the Board of Directors and senior management to define entity level control environment, enterprise risks and risk assessment, business and IT controls and control environment. Worked with external auditors in the SOX attestation. Helped develop and direct the policies and procedures requirements. Developed internal templates, testing procedures and plans. Worked with management and users to document, test and remediate deficiencies.

AT&T Inc. Consumer IT Operations, Atlanta Ga. - Client 2010 to 2011

CIT Audit and Security Compliance PMO

Senior IT Project Manager and member of the PMO creation team focusing on SOX, ITGC, User Access Management and audit findings resolution. Responsible for template and audit checklist creation, audit planning and user assessment program rollout, action items identification and remediation planning and follow-up for SOX applications, OS and databases in scope. Member of the User Access Management resolution team resolving user ID and password issues including system and mech ID’s in the application, database and operation system layers.

inComm, Atlanta Georgia 2009 – 2010

Project Manager - Internal IT Audit Manager – SOX and SAS70

Senior Project Manager engaged to help plan and launch the Internal Audit Department and inComm’s initial SAS70 Type II audit of IT and operations (also setting the foundation for SOX certification) focusing on transaction processing and settlement for stored value and green card departments. Managed the IT portion of the internal audit activities directing several resources in addition to executing portions of the audit plan and testing. Worked with all levels of management and operations, remediating gaps and reengineering the processes to enhance efficiency while staying in compliance with key IT and operational controls.

RSM McGladrey, Inc. (a division of H&R Block), Minneapolis, MN - Assignment 2007 – 2009

IT Manager – Audit

Senior Manager with IT audit responsibility for the internal and external RSM McGladrey and McGladrey and Pullen audit clients. Provided IT related audit and consulting deliverables in client engagements. Responsible for planning, project management, staffing, client communication, deliverables and reporting to client and firm partners. Coordinated risk assessment and application control identification testing with the audit team on external audit clients. Coordinated and delivered IT consulting and internal auditing for internal audit clients.

Reduced fees year over year on continuing IT engagements by instituting RCSA methods and audit planning with the IT Department and educating the users on evidence and control requirements.

Minimized external IT audit fees for internal audit clients by coordinated planning of IT audit scope and consistent and standardized templates and evidence methodology and execution.

TECHNOLOGIES

SQL, UNIX, Oracle Database and Applications, ACL, IDEA, SharePoint, Microsoft Suite (VISIO, Project, Excel, Access [Advanced], Word, Powerpoint), Sailpoint, Courion, CyberArk, Quest, Centrify.

EDUCATION

MBA, Information Systems & International Marketing, Florida Atlantic University, Boca Raton, FL.

BBA, International Finance, Florida Atlantic University, Boca Raton, FL.

CERTIFICATIONS

CISA – ISACA - Certified Information Systems Auditor – Certified since 2009 – active

PMP – PMI - Project Management Professional – Certified since 2011 – Active

CPIM – APICS – Certified Production and Inventory Manager – Certified 1988

SSAE16/SAS70 – AICPA – Type 1 and Type II – Certified 2009

Contact this candidate