Management Six Sigma
Resume:
Phillip Edward Sprague
MBA, CIA, CISA, CISSP, CQA (Certified Quality Auditor), Lean Six Sigma
Black Belt, Lean Six Sigma Green Belt, CHA (HIPAA), SCADA Security, COBIT,
IS09001, COMPTIA+ Security, CRISC
PROFESSIONAL SUMMARY
. NERC CIP audit experience with Sempra Energy - San Diego, CA, 2010 -
wrote test scripts for all NERC-CIP test team and tested NERC CIP 005.
. Completed NERC CIP certification - Oct. 2012.
. SCADA system audit experience
. Performed assessments for HIPAA/ePHI compliance - change management,
activity monitoring of databases, datawarehouses, and applications.
. Performed Vulnerability Assessment
. Performed Audit of Personally Identifiable Information (ePHI)
. Performed Sox (Sarbanes-Oxley - Section 404) and J-Sox (Japanese Sox)
testing of IT General Controls (ITGC), including IT Security, Change
Management, and Operations.
. Testing of security included Access Controls, Management of Sensitive
Data, Incident Management, Patch Management, Perimeter and Firewall
Security Management.
. Performed walkthroughs and wrote narratives for ITGC.
. Wrote IT Procedures for IT Security, SDLC, Batch Processing, Release
to Production.
. Performed presentations to IT Staff: SDLC and SAPTMS sub-module.
. Updated IT Environment document for use by external auditors
. Wrote Tests of Design and Test of Effectiveness using common Toyota-
wide templates and performed Test of Design for external auditors.
. Modified Sharepoint document storage for use by IT and Internal Audit
for documentation storage.
. Designed and scheduled Quarterly Technical Review meetings for
National IT Manager.
. Made changes and additions to Risk-Control Matrix based on COBIT
. Modified and added to test scripts to bring them in alignment with
controls wording
. Performed QA review of completed testing, documented findings,
conclusions and recommendations for IT general controls required for
JSox.
. Met with Business Owners and IT Staff to perform walkthroughs
. Development and writing of narratives for Sox
. Modified Test scripts where necessary
. Performed testing for IT Dependent Manual controls
. Six years of experience with manufacturing processes
TECHNICAL SUMMARY:
. Languages: COBOL, RPG400
. Databases: Oracle, MS Access
. ERP: Oracle, SAP, MAS200, JDEdwards, MAPICS
. Project Management: MSProject
. Operating Systems: IBM mainframe environments, UNIX, Windows, OS/400
. Tools: MS Office Suite
. Auditing Tools: Teammate, Policy IQ, ACES, Audit Leverage
. Query Tools: SQL, Query400, COGNOS
. Methodologies: System Development Life Cycle, Six Sigma, Statistics
(Minitab), SCADA
. Security Tools: RACF, Tivoli IM
. Help Desk/Problem/Change Management: Remedy, Peregrine (HP Service
Management)
EDUCATION:
. MBA, IT and Finance, West Coast University, Los Angeles, CA
(Graduated)
. BA, Business Administration, Accounting and IT California State
University, Fullerton, CA (Graduated)
. Villanova University, Lean Six Sigma Green Belt, Lean Six Sigma
Black Belt
. Villanova University, Mastering IS Security
. Villanova University, Project Management
CERTIFICATIONS
. Certified Network Administrator (Novell) (ACTIVE)
. Certified Internal Auditor (CIA)#22728 (ACTIVE)
. Certified Information Systems Auditor (CISA) # 9819205 (ACTIVE)
. Certified Information Systems Security Professional (CISSP) #29642
(ACTIVE)
. Lean Six Sigma Black Belt (LSSBB)#VIL122525 (ACTIVE)
. Lean Six Sigma Green Belt (ACTIVE)
. Certified Quality Auditor (CQA) #42430 (ACTIVE)
. CHA (HIPAA)# h10101-000497 (ACTIVE)
. COBIT (ACTIVE)
. IS09001:2208 #14978 (ACTIVE)
. SCADA Security Architect (ACTIVE)
. COMPTIA+ Security #COMP001020477832 (ACTIVE)
. SAC Critical Infrastructures Protection (NERC-CIP) #260270 (ACTIVE)
. CRISC #1316809 (ACTIVE)
TRAINING
. ITIL
. Mobile Device Security (Stanford University)
. Project Management (Villanova University)
. PMP Preparation (Villanova University)
. Active Directory
. Risk Management
. NERC-CIP
. TCP/IP
. HIPAA
. Teammate
. COBIT
. SQL
. SAP Navigation, SAP Solution Manager, SAP Change Request Management
. Minitab
. Oracle 11i Financials
. UNIX
. ADA Programming
. RPG/400
. Query/400
. ISO 9001
. SCADA
Detailed Experience:
Employer: Vaco Consulting - October 2013
Client: On Assignment - Medical Personnel Outsourcing (Contract)
. SOX Compliance, scope is testing of financial systems
. Logical Access Controls, Change Management testing
Environment: Networks, MS Office
Employer: SNH Holdings, May-June 2013
Client: SNH Holdings, (Contract) San Diego, CA, IT Audit Consultant
. FTC Compliance audit, scope is IT Security
. Logical Access Controls, Change Management testing, physical controls
Environment: Networks, MS Office
Employer: Vaco Consulting, December 2012
Client: Molina Health Care, (Contract) Long Beach, CA, IT Audit Consultant
. SOX Compliance team member, scope is testing of Financial systems
. Logical Access Controls, Change Management testing
Environment: Networks, Oracle, SQL, Altiris, MS Office
Employer: Experis Consulting, October 2012 - Nov 2012
Client: Union Bank, (Contract) Monterey Park, CA, IT Audit Consultant
. SOX Compliance team member, scope is testing of Financial systems
. Logical Access Controls testing
. SSAE 16 Testing
Environment: Mainframe, UNIX, Windows Networks, Oracle, SQL, Peregrine, MS
Office
Employer: Robert Half Management Resources/Protiviti, February2012 -
September 2012
Client: Kaiser Permanente (Contract), Pleasanton, CA, IT Compliance
Consultant
. Information Technology Compliance (ITC) HASP team member. Scope is
testing of databases, datawarehouses, and applications that store/use
ePHI data.
. Assessed databases and data warehouses for Change Management and
Activity Monitoring/Audit Controls
. Assessed both Sox and non-Sox databases and data warehouses.
. Included Oracle, DB2, UDB, SQL Server, Sybase, IDMS, IMS, DW-Oracle,
DW-Sybase, DW-CDFDW
. Assessed applications LATOS, KITS, OPCM, KLIS, DOTS, PCS, PCIS, KPNS
for Change Management and Activity Monitoring/Audit Controls
. Reported to Project Manager, HASP
Environment: HASP(HIPAA Audit Program), Remedy, Actuate, AIMS, Kaiser
Permanente Technical Standards, Kaiser Permanente Policy Library, UNIX,
Windows Networks, Mainframe, MS Office
Employer: Logic Consulting Group, September 2011 - February 2012
Client: Mazda Motors North America and Mazda Canada (Contract), Irvine, CA,
IT Consultant
. J-Sox (Japanese Sox) walkthroughs and testing of Operations and
Security
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
Environment: MS Office, SAP, Remedy, ACES, Z/OS, RACF
Employer: Expiris, March 2011 - May 2011
Client: Portland General Electric (Contract), Portland, OR, IT Consultant
. Vulnerably assessment of applications and networks
. Assessment of Personally Identifiable Information
Environment: MS Office, UNIX, Windows Networks, SCADA, LAN, Tivoli IM,
Internally developed applications
Employer: Logic Consulting Group, September 2010 - January 2011
Client: Mazda Motors North America and Mazda Canada, (Contract), Irvine,
CA, Toronto, Canada, IT Consultant
. J-Sox walkthroughs and testing of Operations and Security controls
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
Environment: MS Office, SAP, Remedy, ACES, Z/OS, RACF
Employer: Tentek, June 2010 - September 2010
Client: SEMPRA Energy (Contract), San Diego, CA, IT Consultant
. Testing of Sox, non-sox change management, NERC-CIP controls
. Back-up and recovery
. User access
. Elevated access
. Access to production environment
. Password controls
Environment: MS Office, Teammate, SCADA, Z/OS
Employer: Logic Consulting Group, September 2009 - December 2010
Client: Mazda Motors North America and Mazda Canada (Contract), Irvine, CA,
IT Consultant
. J-Sox walkthroughs and testing of Operations and Security controls
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
Environment: MS Office, SAP, Remedy, ACES, Z/OS
Employer: Century Group, July 2009 - September 2009
Client: American States Water (Contract), San Dimas, CA, IT Consultant
. Sox reviews of Operations, Security, Change Management controls
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
. Change Management
Environment: MS Office, Edwards, 1AS/400
Employer: VACO July 2009- July 2009
Client: Rentech (Contract), Los Angeles CA, IT Consultant
. Sox reviews of Operations, Security, Change Management controls
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
. Change Management
Environment: MS Office, Oracle Financial modules
October 2008-July 2009 Did not work.
Employer: Accretive Solutions, July 2008 - September 2008
Client: IMPAC Mortgage Company (Contract), Newport Beach, CA, IT Consultant
. Security and Sox review of Change Management and Operations
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
. Change Management
. Data Protection
Environment: MS Office, Oracle Financials
Employer: Robert Half, April 2008 - June 2008
Client: Toyota Material Handling (Contract), Irvine, CA, IT Consultant
. Performed various tasks to prepare company for Sox compliance testing
. Test of Design for Sox
. Updated Risk Control Matrix
. Wrote IT Security, SDLC, Batch Processing, Release to Production
Policies
. Performed presentations to IT Staff: SDLC and SAPTMS sub-module.
. Wrote Narratives for Sox
Environment: MS Office, Sharepoint, SAP
Employer: Accretive Solutions, January 2008 - April 2008
Client: Mazda Motors North America and Mazda Canada (Contract), Irvine, CA,
IT Consultant
. Performed QA review of completed testing, documented findings,
conclusions and recommendations for the IT general controls required
for JSox.
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
Environment: MS Office, SAP, Remedy, Z/OS, RACF
Employer: Atrilogy, April 2007 - December 2007
Client: Beckman Coulter (Contract), Fullerton, CA, IT Consultant
. Sox testing of Operations, Security, Change Management controls
. Back-up and recovery
. Daily monitoring of batch jobs
. User access
. Elevated access
. Access to production environment
. Password controls
. Change Management
Environment: MSOffice, Oracle Financials, CICS, Z/OS, RACF
Employer: Accretive Solutions, November 2006 - February 2007
Client: Smart & Final (Contract), Commerce, CA, IT Consultant
. Review of Dependent Manual controls for Sox
. Applications tested: Equity Edge, Lawson Financials, Gold Inventory,
GEAC
Environment: Z/OS, LAN
Employer: Resources Global Professionals, August 2006 - November 2006
Client: Pacific Life Insurance (Contract), Newport Beach, CA, IT Consultant
. Preparation for Sox compliance testing
. Performed investigation and walkthroughs for initial Sox testing
. Wrote Sox tests
. Updated narratives to prepare for Sox compliance testing
Environment: Z/OS, Windows O/S, MS Office
Employer: Resources Global Professionals, July 2006 - September 2006
Client: Telecheck (Contract), Houston, TX, IT Consultant
. Sox compliance testing
. Performed testing of Change Management and Security
Environment: Z/OS, Windows O/S
Employer: Resources Global Professionals, July 2006 - September 2006
Client: Sparks Networks (Contract), Los Angeles, CA, IT Consultant
. Sox compliance testing
. Created narratives and test scripts for Sox testing of Great Plains
financial modules
Environment: Windows O/S, Sharepoint
Employer: Resources Global Professionals, April 2006- April 2006
Client: Charlotte Russe (Contract), San Diego, CA, IT Consultant
. Sox compliance testing
. Compliance testing in the area of security and change management
Environment: Windows O/S
Employer: Resources Global Professionals, October 2005 - April 2006
Client: Obagi Medical Products (Contract), Long Beach, CA, IT Consultant
. Sox compliance testing
. Compliance testing of MAS200 financial and manufacturing
control/inventory modules
Environment: Windows O/S, MAS200
Employer: Resources Global Professionals, July 2005 - October 2005
Client: New Century Loans (Contract), Irvine, CA, IT Consultant
. Sox compliance testing
. Sox Compliance testing of loan software
Environment: Windows O/S, Internally developed loan software
Employer: Resources Global Professionals, March July 2005 - July 2005
Client: Aladdin Hotel and Casino (Contract), Las Vegas, NV, IT Consultant
. Sox Compliance testing for operations and change management
Environment: Windows O/S, AS/400
Employer: Resources Global Professionals, February 2005 - March 2005
Client: Peregrine Pharmaceuticals (Contract), Irvine, CA, IT Consultant
. Testing for Sox compliance; compliance testing for Operations and
Security
Environment: Windows O/S, LAN
Employer: Resources Global Professionals, November 2004 - February 2005
Client: Beckman Coulter (Contract), Fullerton, CA, IT Consultant
. Testing for Sox compliance
. Retested compliance for applications based on feedback from external
auditors
Environment: MSOffice, Oracle Financials, CICS, Z/OS, RACF
Employer: Metropolitan Water District (FTE), May 2002 - November 2004
Los Angeles, CA, Senior IT Auditor
. Audited systems in development (SDLC), and application reviews,
application upgrades, and IT physical security audits, utilizing
COBIT as framework
. Audited District SCADA systems for 1.5 years
. Supported the financial auditors when needed
. Audited implementation of Oracle upgrade to v11.2 for over an eight month
period
. Audited PeopleSoft HR upgrade and additional modules implementation
. Audited District demand forecasting programs
Environment: MSOffice, LAN, Oracle Financials, PeopleSoft HR, SCADA
Employer: Mattel, Inc., (FTE), January 1999-February 2002
El Segundo, CA, IT Audit Lead
. Audited systems and applications, such as Inventory, HR, and Payroll.
. Tested inventory system for accuracy of inventory totals.
. Worked with Financial Auditors to test Inventory periodic counts.
. Assisted in management's objectives in improving systems and
applications to support corporate goals.
. Led project to test vulnerability of key systems to internal and
external (hacker) threats, and application of remedial action to those
vulnerabilities, resulting in system insurance coverage.
. Reviewed 100% of Mattel's application systems, and key vendor systems,
assuring Y2K compliance.
. Spearheaded effort to become ISO27000 compliant, in order to obtain IT
insurance coverage.
. Aided Mattel legal staff by leading effort to extract data to assist
company in successful defense in civil lawsuit.
. Led audit effort in first time review of systems, applications, and
physical sites based on external auditors' risk assessment, assuring
compliance to corporate standards.
. Reduced computer purchase costs 12% by reviewing PC purchasing cycle
and recommending strengthened procedures in purchasing authorization.
. Analyzed and recommended replacing legacy logistics, retail,
licensing, and royalty systems to accommodate projected 20% increase
in business, leading to implementation of new systems.
. Researched private files and e-mail of employees in fraud
investigation effort involving illegal political contributions and
theft of company property.
Environment: MSOffice, LAN, PeopleSoft HR, CICS, Z/OS
Employer: various Fortune 500 companies from November 1995 to December
2008, including Transamerica, General Motors, Parker-Hannifin, Mattel as a
contract IT Auditor.
CONTACT INFORMATION
E-mail: *********@***.***
Phone: 949-***-****
Phone (cell): 714-***-****
Address: 24426 Biltmore, Laguna Niguel, CA 92677
Contact this candidate