Post Job Free
Sign in

Information Security Manager

Location:
Houston, TX
Posted:
August 24, 2019

Contact this candidate

Resume:

OVERVIEW

Global IT Compliance, Control and Digital Security Manager with more than 18 years of international experience in IT risk and controls, information security, ethics and compliance, export controls, and regulatory requirements for all BP systems (Upstream, Downstream, Trading, Corporate & Functions); and Deloitte cyber risk consulting and IT audit services.

My focus is to provide influence and directive and revisit practices to be more effective through working with stakeholders, teams and communities to review ideas and analyse / rework solutions to achieve desired results.

COMPENTENSIES

- IT regulation, compliance, security

- IT audit management

- IT risk reviews

- Cyber strategy

- IT policy / standards

- IT Project compliance/security

- Cloud readiness, certification

- SOX implementation, readiness

- Control health monitor and report

- Scrum master and agile working

- Influence stakeholders, manage auditor relationships

- Implement simplification, automation, standardization

- Ethics and Compliance

- IT compliance global enterprise and bespoke systems

- GRC tool implementation

- Controls assessment, remediation. SSAE / SOC

- Establish / maintain IT Control frameworks, DevOps

- ISF, NIST, ISO, ITIL, COBIT, COSO

- GDPR data privacy readiness

- PCI DSS Payment Card security program

- Fraud and Investigations

- Export Controls compliance

- Leadership reporting

- IT Compliance of vendor contract, procurement

PROFESSIONAL EXPERIENCE

BP America January 2016 June 2019

Role has three primary components: Global IT Compliance, Control and Digital Security Manager, Head of global IT Ethics program & IT Ethics and Compliance Liaison, and additional items.

Global IT Compliance, Control, Digital Security Manager overseeing IT regulatory/compliance effectiveness, control risks and deficiencies across all BP businesses plus over 50 bespoke and SAP systems. Responsibilities include:

- Establish roles and responsibilities and rework traditional practices to improve planning, scoping, resourcing.

- Work with service and application owners to overcome compliance challenges and establish appropriate IT

control to enhance security and process. Prepare them for audits and to perform self-assessments. Manage

and develop the compliance program for adoption of 7 Cloud platform migrations, AWS, Azure.

- IT cyber strategy group; defining BP’s approach for information protection, network defense, breach

confinement, incident response and recovery in line with data classification, business criticality needs.

- Re-evaluate IT Control frameworks to stay relevant with industry requirements and manage business risk.

- Manage the successful transition of new auditors, oversee IT information security, change management, IT

controls and embed improvements to sustain annual effective compliance for SOX, PCI DSS and IT audits.

- Build working connections between IT, business, stakeholders and communities to improve understanding,

purpose and how to achieve value and improved outcomes through effective compliance and security.

- Prioritize and monitor control deficiencies by implementing a new process to correctly categorize and assign

ownership for remediation, mitigation, or risk acceptance.

- Manage auditor expectations, clarify deliverables, stay on top of blockers, adapt to unexpected changes.

Head of global IT Ethics program & IT Ethics and Compliance Liaison with focus in maturing IT ethics and work culture in line with BP values, leading to stronger workforce motivation & respect, better safety and reduced operation & security incidents. Responsibilities include:

- Manage and operate the end-to-end US Environmental Protection Agency IT Program for BP’s licence to

operate, reporting to Group CIO. Recognized by BP Americas President for exceptional achievement.

- Establish an Ethics and Compliance IT strategy and plan; work with global communities to encourage speak-

up, increase awareness, improve line manager engagement, and increase use of ethical materials/moments.

- Provide IT leadership reporting on actual case data, ethical theme trends, 3rd party exposure and group

feedback. Landed Respect and Inclusion program across all eight IT groups.

- Single Point of Accountability to oversee risk of IT export controls and work with IT groups to proactively

identify and respond to international export and trade requirements (equipment, technology, & data).

Additional items involve review/improvement of existing practices, identify opportunity for automation, standardize

and simplify ways of working. Deliverables include:

- Facilitate due diligence and guide IT leadership to interpret and respond to audit output/reporting, consider

risk appetite, organisational/business strategy, capability and change and audit expectations.

- Work with IT and business to capture needs, as well as consider risks to provide meaningful input towards

cyber security, password, access management policies and group IT standards / procedures.

- Risk assessment strategy to strengthen and secure process control systems.

- Program lead for the design, development and implementation of an inhouse GRC tools/solution that enables

control automation for self-assessments, health monitoring and prove for external auditor reliance.

- Conduct IT risk workshops to facilitate risk identification and assessment to enhance the consistency, clarity

and quality how risk are understood.

- Facilitate GDPR data privacy working group to assess regulatory impact, determine acceptable risk response.

- Scrum master supporting sprints and reviewing compliance and security deliverables to benefit from an

agile approach and improve team inclusion, participation, better and effective solutions.

- Appointed as the BP representative of information security and cyber, American Petroleum Institute.

BP America

IT Risk, Security and Compliance Manager July 2011 December 2015

- Perform IT risk exposure assessment, vendor / 3rd party risk and plan for IT leadership for ethical and control risks.

- Establish the first BP IT model to manage security and compliance expectations for Cloud adoption.

- Project lead over multiple platform controls integration to significantly improve Joiners Movers Leavers. account

administration and account access management.

- IT Governance, closely engage with IT community to monitor, maintain group wide IT policies and standards.

- Monitor regulatory changes and industry updates to determine IT business impact. Establish a risk-based response

on behalf of IT Leadership.

- Steer IT risk workshop to mature and standardize the process for risk identification, assessment, response and

monitoring. Work with risk champions to embed the process and determine acceptable risk levels.

- Group Lead of IT Ethics and Compliance Liaison network, 11 members, promote ethical foundations

- Conduct IT fraud and misconduct investigations at request of IT leadership, reporting to IT CFO

- Establish the first IT procedure to identify export risks and manage IT export controls in line with International

Trade Regulations. Work with IT Businesses to adopt the procedure and mature export compliance.

- Improve the methods of compliance reporting through more accurate data gathering and trend analysis.

- Work with stakeholders to understand their security and compliance challenges, connect with internal control groups

to analyse feedback and establish solutions to be adopted as working practices.

BP UK

IT Risk, Security and Compliance Manager July 2009 June 2011

- Support IT service owners to understand Sarbanes Oxley expectations and propose solutions to manage deficiencies.

- Uphold IT control frameworks to be risk supportive and meet audit expectations.

- Document database security procedures to meet operational capability and industry requirements.

- Report quarterly audit progress, deficiencies and action plan to IT audit forum.

- Training presenter to educate 20+ control leads in understanding of Internal Control over Financial reporting.

IT Group Control Manager February 2007 June 2009

- Manage compliance reviews of application IT general, security, infrastructure control in support of Sarbanes Oxley.

- Plan, communicate and lead international teams and assignments. Review planning/scoping, SAP and legacy systems.

- Manage assessment of SSAE / SOC vendor self-assurance reviews.

- Manage compliance community relationships - segment Heads of Control, Control Leads, IT service owners.

- Conduct system compliance implementation reviews, project pre go live SAP and legacy.

- Maintain IT compliance methodology - align IT and risk strategies.

- Manage Automated Business Controls reviews for global BP critical transaction and financial systems.

Deloitte UK, South Africa December 2000 January 2007

IT Audit Manager

- Manage small to medium size teams and budgets for Sarbanes Oxley delivery projects.

- Responsible for client review planning, execution and oversee resource placement and delivery.

- Execute information security, business continuity, network infrastructure, systems operating procedures,

applications system reviews, technical configuration, secure software, physical access analysis.

- Lead specialized client reviews on host security configuration, network perimeter and infrastructure defense.

- Conduct business continuity and disaster recovery client reviews.

Information Security Consultant

- Perform information security advisory services to secure network infrastructure, configuration, application,

database security firewall administration, and operating system systems – in government, finance and banking.

- Design client IT technical standards, testing, information security awareness, policies and procedures.

- Conduct internal and external network attack, penetration reviews, SCCM patch management, security analysis,

development and scripting.

- Perform web host vulnerability, remote access assessments develop custom platform security requirements.

- Proficient in MS Office products, Outlook, Word, Excel, Access, PowerPoint, Teams, SharePoint.

PROFESSIONAL ACCREDITATIONS

CSM (Certified Scrum Master) – Scrum.org April 2019 USA - Present

CISM (Certified Information Security Manager) – ISACA November 2017 USA Present

Certified Anti money laundering professional – GK Academy October 2013 USA - Present

CRISC (Certified Risk and Information Systems Controls) – ISACA October 2011 USA Present

ITIL Information Technology Infrastructure Library Foundation) – TA Academy June 2009 UK - Present

CISA Certified Information Systems Auditor – ISACA November 2006, UK Present

BCom Informatics (Computer and Information Technology Science) Bachelors Honours Grade UJ

January 1997 – December 2000



Contact this candidate