Information Technology Management

ADAM M. SAROTE

*** ******* ***** *******, ** **506 914-***-**** aczb2e@r.postjobfree.com

PROFESSIONAL EXPERIENCE:

Coalfire Systems, Inc., New York, NY April 2014 – Present

Technology Advisory and Assessment Services, Managing Director (October 2014 – Present)

Overall Profit and Loss (P&L) responsibility and decision making for business development, practice development, and delivery.

Accountable for customer deliverables across the region, including an annual managed revenue target of $4.6 million.

Monitor, measure, and report on weekly Key Performance Indicators (KPIs) for revenue, gross margin, client and billable utilization, etc.

Participate in internal/client strategic meetings and report on the status of significant issues and risks.

Collaborate with National Practice Directors for the integration of process improvements.

Provide day-to-day direction of a team of Directors who are responsible for developing profitable Healthcare, IT Audit, and Payment Card Industry (PCI) engagements.

Management of full-time employees, contractors, and day-to-day operations.

Assist with the development of Sales and Marketing plans.

Contribute to engagement scoping calls and perform reviews of RFP responses and engagement proposals.

Oversight of IT audit, advisory, and assessment (Healthcare, Payment Card Industry or other) services performed on behalf of an entity which stores, processes, or transmits either cardholder data or electronic Protected Health Information (ePHI) or their third-party service provider.

Regional Quality Assurance of customer facing projects.

Technology Advisory and Assessment Services, Director (April 2014 – September 2014)

Management of Advisory and Assessment business vertical which services included HIPAA gap, risk, and compliance assessments performed on behalf of covered entities (hospitals, doctors’ offices, health insurance providers) and third-party service providers (cloud service providers, claims processors, etc.).

Provided companies with guidance for understanding the impact of regulations on an organization, determining where significant data resides and how it is protected, and prioritization of cybersecurity risk management and mitigation measures.

Assisted with vendor risk management assessments which included evaluations of a service provider’s cybersecurity, IT, data security, and business resiliency controls.

Collaborated with delivery verticals and Project Managers in support of Consolidated Audit Programs.

Performed business development, practice development, and delivery support services primarily in the Northeast region.

Along with a dedicated sales-resource, secured revenue within the region by a blend of direct prospect engagements and account development.

Strengthened existing practice areas and development of new opportunities.

Reported to and supported the Managing Director of the Northeast.

Risk & Regulatory Consulting, LLC (RSM), New York, NY 2006 – 2014

Information Technology (IT) Senior Risk Manager

Management of insurance (e.g., life, health, mutual, property and casualty, risk retention group) companies’ regulatory IT risk-focused examinations which are performed in support of financial examinations conducted by a state’s Department of Insurance.

Responsible for all facets of IT examinations, including client relations, scope, budget development and monitoring, day-to-day staff supervision, work papers, conclusion memos, and final reports.

Perform IT general control (ITGC) and application control testing, Model Audit Rule (MAR), Sarbanes-Oxley 404 (SOX) and Payment Card Industry compliance reviews for domestic and international clients.

Assess the quality of audit work performed by others (e.g., Internal Audit (IA), external auditors, and service auditors).

Creator of risk-based toolkits and methodologies related to the execution of IT examinations.

National practice representative/presenter at client sponsored seminars such as the National Association of Insurance Commissioners (NAIC) IT Examination Working Group (ITEWG).

Conduct interviews of potential candidates and assist with intern training.

Ongoing development of new business opportunities and expansion of services provided to existing clients.

Ernst & Young, LLP, New York, NY 2000 – 2006

Technology and Security Risk Services

Information Technology Audit Manager (2005 – 2006)

Metro New York Technology and Security Risk Services (TSRS) IT Audit Manager.

Provide management oversight for multiple on-going audits. Responsibilities include budget development/tracking, resource management, maintaining existing client relationships, and identifying new opportunities/additional services for domestic and international clientele.

Perform overall assessment of walkthroughs and testing based on a review of work performed, evaluate the effectiveness/ineffectiveness of controls, and communicate results/recommendations to all related parties, including the Chief Information Officer (CIO), Chief Financial Officer (CFO), IA, Financial Audit team members and engagement Partner.

Internal and external audit experience, including SOX compliance reviews, System Development Life Cycle (SDLC), and system pre-implementation reviews.

More than 5 years of external and IA experience in Retail, Consumer Products, Technology, Media Industries, and Real Estate.

Developer of internal learning programs and assisted with campus recruiting.

Formal resource to new hires at all levels to assist with their acclimation to the E&Y environment (introduction to the group's culture, standards, and team environment).

TSRS Technology audit tools liaison for the Metro NY area practice.

Senior Information Technology Auditor (2001 – 2004)

Recipient of Technology and Risk Services July 2003 “R.I.S.K” award for the enrichment of the TSRS practice, knowledge of Network Security and Local Area Networks.

Responsible for managing multiple client engagement teams that assist clients in employing proper information systems, resources, and controls to maximize efficiencies and minimize risk.

Assist client personnel in analysis, evaluation and enhancement of their information systems facilitating the business internal control process, and support clients and other TSRS professionals in performing information technology (IT) control and security engagements, as well as in performing audits of financial statements and other attest services.

Extensive knowledge of Information Technology security and control weaknesses surrounding various platforms, operating systems and databases; including knowledge of Oracle, Unix, AS/400, Windows 2000, and NT.

Information Technology Auditor (2000 – 2001)

Leverage publicly available resources and knowledge bases to identify comprehensive audit procedures.

Assist in the co-development and implementation of highly technical audits including security of data centers, networks, firewalls, credit card data, Private Branch Exchanges (PBX), Virtual Private Networks (VPN) and forensic analysis of hard drives.

Conduct risk assessments, general control reviews, complete project worksteps, review team members’ findings; communicate audit conclusions with senior management and CFO/CIO as necessary.

Implementation of security tools such as Toneloc, DumpAcl, DumpReg, Cybercop, Internet Security Scanner and UNIX scripts.

Ensure completion of audit falls within the scope and estimated budget.

Pharmaceutical Products Development, RTP, NC 1997 – 2000

Technical Support Representative (2000 –2000)

Assist in the setup and maintenance of server hardware and software as assigned.

Monitor system capacity making appropriate recommendations to management on hardware/software upgrades or additions.

Train junior staff and provide guidance and assistance as needed.

Maintain Help Desk by answering or responding to calls, logging calls/resolutions, resolving problems and providing required assistance to callers. Perform follow-up on calls to ensure all problems are fully resolved in a timely manner.

Assist in the purchase of new PC equipment -- assisting users in determining system requirements and completing purchase requisitions. Configure and install new hardware and upgrade or move existing hardware as required. Ensure that all hardware installations meet company standards.

Install or upgrade new software or software upgrades on user equipment. Assist clients in troubleshooting and resolving problems with existing software or software configurations. Ensure all software configurations meet company standards.

Train new users on proper login procedures, electronic mail, remote dial-in and other software as needed.

Maintain and update computer hardware inventory noting location and status of all equipment on a regular basis. Maintain and monitor software licenses.

Assist in troubleshooting of all PC related equipment, including: desktops/laptops, servers, cabling, routers, concentrators/hubs, modems and printers.

Technical Support Analyst (1999 – 2000)

Provide user testing systems validation and maintenance support for telecommunication systems, including Interactive Voice Response (IVR) systems, computer-assisted telephone interview applications (patient recruitment scripts), clinical trial management and tracking systems, fax-based monitoring and collections systems, mass fax applications, and remote data collection systems.

Develop standard operating procedures for software installations and utilization.

Database maintenance and manual backup to telecommunication systems during unexpected unavailability.

Administrator of RightFax.

Development Support Associate (1998 – 1999)

Resolve software discrepancies and grievances.

Implement validation testing of Interactive Voice Response (IVR) Systems.

Software installation and product invoicing.

Learn new software applications as needed to support department projects.

Administrator of RightFax software.

Electronic Document Specialist (1997 – 1998)

Coordinate, track and produce electronic publications in portable document format for external projects.

Supervise and organize workload for temporary employees.

Create electronic multimedia for marketing, training and client presentations.

Familiarity with graphical software programs, utilities and formats.

Proofreading and quality control of electronic documents.

Camary Statewide Services, Albany, New York 1995 - 1997

Behavioral Specialist

Recipient of the “1997 Employee of the Year” award for Quality and Consistency.

Responsible for the editing, proofing, and filing of confidential documentation.

Administer quality assurance for numerous programs and on-going services.

Supervise staff in a fast-paced and diversified environment.

Develop reports based on monitoring, analysis and interpretation of abstract statistical information.

Assist in the interview process of potential candidates for the Psychology Department.

EDUCATION & CERTIFICATIONS:

State University of New York at Albany, Albany, New York

Certified Information Security Auditor (CISA)

Certified in the Governance of Enterprise Information Technology (CGEIT)

Certified in Risk and Information Systems Control (CRISC)

AFFILIATIONS:

Member of Information Systems Audit and Control Association (ISACA)

Member of the Institute of Internal Auditors (IIA)

Contact this candidate