Project Manager Information Technology

Location:

Altadena, CA

Posted:

June 18, 2024

Contact this candidate

Resume:

Clifton A. Franklin

**** ******** ***., ********, ** 91001

626-***-**** - Mobile / E-MAIL : **********@*****.***

CAREER SUMMARY

A Program / Project Manager and Cybersecurity, SR. SOX Consultant with over 25 years of continuous expertise providing solutions in the domains of Audit, Security; and Customer Information technology for national and international organizations. With a proven track record in evaluating systems based on security requirements, Assessing vulnerabilities, security controls, and level of residual risk of systems. A seasoned security professional, capable of providing a practical approach to the security of data, information systems, and risk management that meets both the needs and constraints of the organization. Delivers systems on appropriate platforms in compliance with established technology standards, including monitoring testing, executing quality assurance controls, and ensuring information technology acceptance criteria is met prior to implementation. With both local and international expertise in project management institutes process areas of project initiation, planning, execution & control, and closure. Most of my efforts have been in the domains of Project, Contract and Risk Lifecycle Management, Business Analysis; SOX / PCI, and SOC Compliance; with experience in achieving business objectives by improving systems and practices to enhance operational quality while maintaining a security-conscious environment. With proven experience achievements in the implementation of a “defense-in-depth strategy” using multiple layers of security; Physical / Operational Security, Network Perimeter, Application Layer, Storage Layer, Data Layer, End Points, and Cloud to protect the organization’s critical data assets from external cybersecurity abuse and manipulation.

SPECIFIC EXPERIENCE:

Lead continuous improvement projects that deliver measurable gains in quality, efficiency, and alignment. Apply the knowledge, skills, and tools of contract/project management / operational excellence (OE) to ensure the Company is adhering to prudent internal controls and managing its resources efficiently and effectively.

Provides appropriate solutions to complex infrastructure issues with the assistance of the management/business team and contact with internal clients. Manages projects from proposal and requirements definition to project planning and implementation, using broad and extensive input from industry and/or business unit subject matter experts.

Develop or contributes to an integrated risk-based audit program focusing on IT risks, manage the execution of audit test procedures, and develop meaningful recommendations.

Excellent Communication skills dealing with both technical and non-technical teams; users Testing and validating records from ServiceNow for implantation in modified applications.

Network security technologies were implemented to protect the usability and integrity of the company's infrastructure by preventing the entry or proliferation within a network of a wide variety of potential threats. Here are the primary parameters:

I. Confidentiality – protecting assets from unauthorized entities.

II. Integrity – ensuring the modification of assets is handled in a specified and authorized manner.

III. Availability – maintaining a state of the system in which authorized users have continuous access to said assets.

IV. The most common network security threats include malicious software (malware), phishing schemes, Distributed Denial of Service (DDoS).

SOC1,2 + 3 requirements: Security: how well the organization protects its systems against unauthorized intrusion. The Security controls are the only ones that are mandatory for every SOC 2 audit.

Availability: tests how accessible the organization’s information systems are easy to use, monitor, and maintain, but access should be strictly controlled).

Confidentiality: determines how well the organization secures and restricts confidential information.

Processing Integrity: whether the systems maintained by the organization can do their jobs effectively.

Privacy: how well the organization complies with private personal data use & disposal regulations.

Management of many cross-functional projects and teams of medium to high complexity.

Strong background in infrastructure project development and implementation, review, and update of SDLC methodologies, processes, and systems for assessing and managing all related project risks.

Extensive knowledge of the information security industry and regulatory obligations

ISO 27001/27002, SOX, PCI, NIST Framework, NERC CIP, FISMA, FedRAMP, HIPAA, NACHA, SSAE-16, and GDPR.

Hands-on experience developing and implementing Infrastructure Security Policies, processes, procedures, security technical standards, and IT security policies relating to SOX & NIST compliance.

Close the deployment gap between Endpoint Detection & Response EDR agent installation in any product environments.

Ensure consistent high coverage of EDR installation in cloud instances and on-prem hosts.

Develop and deploy a program to monitor the “health” of EDR agents (Correct tags, not running in RFM, etc)

Build out process & procedures for the control and maintenance of the Endpoint Security Program

Excellent knowledge of internal controls and risk-based auditing. With a firm understanding of security principles and Sarbanes Oxley, balanced with an ability to understand key business drivers and issues having successfully implemented those principles in complex environments.

Ability to develop strong partnerships in different cultural environments. Task-oriented with excellent team leadership and communication skills. Many network security issues create the additional risk of regulatory non-compliance.

I have knowledge and use of the process & procedures for the control and maintenance of the Endpoint Security applications such as Palo Alto, ServiceNow, SharePoint, Cybersecurity Portfolio, and all related Network Security applications.

EDUCATION

B.S. in Clinical Psych. / MIS, United States International University, San Diego, CA, and London, UK

Project Management Professional Certificate – Villanova University

CERTIFICATIONS

ISO 9000-2001 Certification, OAO Corporation Greenbelt, MD

Trained in ISO 27001 Information Security Management System (ISMS) and NIST Guidelines (800-18,37 etc.)

LANGUAGES

French FSI 4+ =Fluent

PROFESSIONAL EXPERIENCE

March 2023– April 2024, SOX/SOC Project Manager / Cybersecurity; McKesson Pharmaceutical, Chicago, Ill, and Toronto, Canada

As PROJECT MANAGER - SOX/SOC, responsible for the SOX IT Infrastructure, Security, IAM-CIS and Change Management review and SOC 1 and 2 testing endeavor including planning, execution, and monitoring for application controls, significant reports, testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

Developed IT security policies relating to SOX & NIST compliance.

Supported Change Management process and approvals for application renewals, hardware, and software modifications/transition of in-scope vendors' software applications. Accountable for the preparation of associated collateral and ensuring alignment to the business.

Managed Security and segregation of duty utilizing Identity and Access Management applications for more than 17,500 employees and 50 applications as well as the implementation of the “AAA” (Authentication, Authorization, and Accounting) approach.

IT test results for compliance completeness and accuracy as per the specific audit plan. Perform testing, assesses results, and develop meaningful recommendations for management. Draft audit reports with appropriate plans that will assist management in enhancing process alignment and driving strategic discussions.

Provided weekly status update meetings concerning the overall SOX/Internal Control progress for Sr. Audit Management. Worked with internal and external auditors to coordinate needs and minimize the cost of compliance.

Draft quality audit reports with appropriate plans that will assist management. in enhancing process alignment and driving strategic discussions.

Participate in CoBit and Internal Control review and analysis with involvement in the overall IT testing and compliance for Sarbanes-Oxley 404 and 302. Collected IT security and Change Management related audit information, prepare documentation, review audit data, and assess and analyze IT test results for compliance completeness and accuracy as per the specific audit plan.

Performed Internal and External vulnerability assessments using Third-party vendors.

July 2022– Feb. 2023 PROJECT Manager /Infrastructure & Cybersecurity; NielsenIQ, Chicago, Ill And Honeywell, Phoenix, Az

As PROJECT MANAGER/InfoSec Consultant, I was responsible for the SOX IT Infrastructure, Security, IAM, and Management review/testing endeavor including planning, execution, and monitoring for application controls, significant reports, testing & reporting results for Project requirements.

Developed IT security and Infrastructure policies relating to SOX & NIST compliance.

IT test results for compliance completeness and accuracy as per the specific audit plan. Perform testing, assesses results, and develop meaningful SOC 1 and 2 recommendations for management. Draft audit reports with appropriate plans that will assist management in enhancing process alignment and driving strategic discussions.

For SOX, responsible for the SOX IT Infrastructure, Security and Change Management review and testing endeavor including planning, execution, and monitoring for the application controls, significant reports, Security, and segregation of duty; testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

Performed Internal and External assessment of MFA - Multifactor Authentication for companywide deployment using Third-party vendors.

Supported negotiations, renewals, transition, and retirement for in-scope vendors. Accountable for the preparation of associated collateral and ensuring alignment with the business.

Managed Projects in China-Data Privacy, and Kazakhstan-PPI Data Re-Localization based on the respective countries existing Data Security laws and regulations; as well as reviewing purely the historical and archival aspects of the data from the 200+ applications to understand the impact across all the segregation of duties utilizing Identity and Access Management applications for more than 15,500 employees as well as the implementation of the “AAA” (Authentication, Authorization, and Accounting) security classification approach.

MARCH 2021 – JULY 2022 Project Manager /Infrastructure & Cybersecurity; NielsenIQ, Chicago Santa Ana, CA.

As Project Security Consultant – Medical Devices, responsible for the documentation, assessment, and identification of known and unknown vulnerabilities for all Johnson & Johnson Vision division medical devices. Working in conjunction with the manufacturers and Cybersecurity specialists to ascertain and identify known exploitable vulnerabilities and to take the necessary preventative actions to protect all individuals who may be users of the medical devices in question. Once the medical devices’ issues are verified the risk management team will conduct gap assessments and identify the appropriate remediation or mitigation actions required to render the devices compliant and safe for continued public use. The medical device Infrastructure and Cybersecurity team, reviews and tests the approved remediation or mitigation actions including planning, execution, and monitoring for compliance with FDA, WHO, IMDRF, and UMDRF usage requirements.

Developed IT cybersecurity policies relating to FDA & WHO medical device compliance.

Support processes for software/hardware application modifications from in-scope vendors for the remediation and/or mitigation of all known vulnerabilities of specific medical devices. The manufacturers and vendors are accountable for the preparation of associated corrective actions to ensure alignment with the Risk Boards' approved actions.

Provided weekly status update meetings concerning the overall activities to ensure that all medical devices are free of exploitable vulnerabilities and safe for use by consumers and work with internal and external auditors to coordinate needs and minimize the cost of compliance.

Performed Internal and External vulnerability assessments using Third-party vendors.

APRIL 2020 – MARCH 2021 SOX Project Manager / Security Consultant-; SC Edison., Rosemead, CA.

As PROJECT MANAGER/InfoSec Consultant, responsible for the SOX IT Infrastructure, Security, IAM and Change Management review and SOC 1 and 2 testing endeavor including planning, execution, and monitoring for NERC CIP Audits, application controls, significant reports, testing & reporting results for Sarbanes Oxley 404, 302 and NERC requirements.

Developed IT security policies relating to SOX & NIST compliance.

Managed Security and segregation of duty utilizing Identity and Access Management applications for more than 2500 employees and 50 applications as well as the implementation of the “AAA” (Authentication, Authorization, and Accounting) approach.

Responsible for all Contract Lifecycle Management for project changes and process improvements as well as enforcement of contractual guidelines including the teams’ performance in meeting the project-required Service Level Agreements (SLA), within the respective departments. Worked in collaboration with senior leaders and other managers as it pertains to contract deliverables and project management.

Adhered to the NERC CIP audit schedule. Certain RE types are audited at least once every three (3) years, and others are assessed based on a timetable related to risk and the NERC Compliance Oversight Plan (COP) process.

Conducted Cybersecurity and related audit information collection, prepare documentation, review audit data, and assess and analyze medical device test results for compliance completeness and accuracy as per the specific remediation and/or mitigation plan.

North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America

Draft quality audit reports with appropriate plans that will assist management. in enhancing process alignment and driving strategic discussions.

Performed Internal and External vulnerability assessments using Third-party vendors.

MAY 2018 – AUG. 2019 Program MGR. / Sr. SOX Consultant; Gilead Sciences, Foster City, CA: Eteam INC.

As Sr. Consultant/BA, I was responsible for the SOX IT Infrastructure, Information Security, and Change Management portfolio of projects. I create initial business requirements reviews and create all related project documentation for each phase (assess, plan, requirements, design, build, test, execution, and monitoring and support). This encompasses application controls, significant reports, Security and segregation of duty, testing & reporting results for Sarbanes Oxley, and FDA requirements.

Participate in Internal Control review and analysis with involvement in the overall IT testing and compliance for Sarbanes-Oxley and FDA. Collect IT security and CM-related audit information, prepare documentation, review audit data, and assess and analyze IT test results for compliance completeness and accuracy as per the specific audit plan.

Draft quality audit reports with appropriate plans that will assist management in enhancing process alignment and driving strategic discussions.

Responsible for all project-related documentation, including policies and procedures (legacy and transition to a new environment), testing of significant reports, application controls, and all security reports for the company. Provided weekly status update meetings concerning the overall SOX/FDA progress for Sr. Audit Management.

Applied effective approaches for selecting the most applicable course of action for developing appropriate infrastructure solutions; recommend and implement actions that are consistent with available facts, and constraints.

Worked on several infrastructure and application upgrades technology projects (including experience with ServiceNow and on and offshore System upgrades. I have also taken part in several Cloud migrations, as well as business projects in support of Technology Infrastructure Operations.

Assist the manufacturer in establishing, documenting, and maintaining throughout the infrastructure lifecycle, as an ongoing process for identifying hazards and issues associated with the cybersecurity status of the organization’s overall infrastructure security and evaluation of the associated risks, controlling these risks, and monitoring the effectiveness of the associated controls. This process includes risk analysis, risk evaluation, risk control, and incorporation of production and post-production information.

JANUARY 2018 – MAY 2018 SOX Project Manager, WWO Monitoring & Audit Support; Herbalife, Torrance, CA; OBJECT-WIN Technology

Project Manager, WWO Monitoring, and Audit Support oversee the WWO Audit Support team comprised of 8 resources (2 in Torrance, CA; 2 in Guadalajara, Mexico, and 4 in India). This role is responsible for managing the Task Tracking Spreadsheet to ensure that the assigned tasks are completed within the defined completion dates.

Manage task timelines according to the Task Tracking Spreadsheet. Effectively communicate task and/or project expectations to team members to ensure understanding of assigned tasks and due dates.

Proactively manage changes in task/project scope, identify potential challenges, and devise contingency plans. Facilitate communication between team members located in Corporate and Regional Service Centers. Maintain constant communication with WWO Monitoring and Audit Support management as well as a working relationship with the WWO Audit Support team.

Provide periodic status reports to WWO Monitoring and Audit Support management. For SOX I am responsible for the SOX IT Infrastructure, Security and Change Management review and testing endeavor including planning, execution, and monitoring for the application controls, significant reports, Security, and segregation of duty; testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

MARCH 2016 – MAY 2017 PROG. MGR. – INFO. Security– SOX Consultant; ARES MGMT., CENTURY CITY, CA.

As PROGRAM MANAGER/InfoSec Consultant, I was responsible for the SOX IT Infrastructure, Security, IAM and Change Management review and testing endeavor including planning, execution, and monitoring for application controls, significant reports; testing & reporting results for Sarbanes Oxley 404, and 302 requirements.

Developed IT security policies relating to SOX & NIST compliance.

Performed Internal and External vulnerability assessments using Third-party vendors.

Supported Contract Lifecycle negotiations, renewals, transition, and retirement for in-scope vendors. Accountable for the preparation of associated collateral and ensuring alignment with the business.

Assist in Vendor change management and process improvements for contractual SLAs and enforcement of vendor performance of those SLAs, within the respective departments. Worked in collaboration with other managers and senior leaders as it pertains to vendor management.

Perform testing, assesses results, and develop meaningful SOC 1 and 2 recommendations for management.

Draft quality audit reports with appropriate plans that will assist management. in enhancing process alignment and driving strategic discussions.

Participate in CoBit and Internal Control review and analysis with involvement in the overall IT testing and compliance for Sarbanes-Oxley 404 and 302. Collected IT security and CM-related audit information, prepare documentation, review audit data, and assess and analyze IT test results for compliance completeness and accuracy as per the specific audit plan.

Monitor Email and Web Security Gateways; McAfee SIEM/Gateway, Websense,

AUGUST 2015 – FEB. 2016 SR. IA SOX / ANALYST; Edison, Monterey Park, CA; Wincorp SOLUTIONS

As Sr. IA/SOX Consultant, I am responsible for the SOX IT Infrastructure, Security and Change Management review and testing endeavor including planning, execution, and monitoring for the application controls, significant reports, Security, and segregation of duty; testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

Participate in CoBit and Internal Control review and analysis with involvement in the overall IT testing and compliance for Sarbanes-Oxley 404 and 302. Collected IT security and CM-related audit information, prepare documentation, review audit data, and assess and analyze IT test results for compliance completeness and accuracy as per the specific audit plan.

Perform testing, assesses results, and develop meaningful recommendations for management.

Draft quality audit reports with appropriate plans that will assist management in enhancing process alignment and driving strategic discussions.

Responsible for control narratives (legacy and transition to new control environment), testing of significant reports, application controls, and all security reports for the company. Provided weekly status update meetings concerning the overall SOX/Internal Control progress for Sr. Audit Management. Worked with internal and external auditors to coordinate needs and minimize the cost of compliance.

JULY 2013 – APRIL 2015 Program Manager / Sox Analyst; Mercury Insurance, BREA CA; EXPERIS

As Program Manager, I was responsible for managing the SOX endeavor including planning, execution, and monitoring for the application controls, significant reports, Security, and segregation of duty; testing & reporting results for Sarbanes Oxley 404 and 302 requirements.

Responsible for control narratives, testing of significant reports, application controls, and all security reports for the company. Provided weekly status update meetings concerning the overall SOX/Internal Control progress. Worked with internal and external auditors to coordinate needs and minimize the cost of compliance.

Prepared project plans: staffing plans and financial budgets to justify SOX efforts to senior management, business sponsors, steering committee, and audit committee.

Participate and /or lead special projects, including CoBit, COSO, and Internal Control with involvement in the overall financial/IT testing and compliance for Sarbanes-Oxley 404 and 302. Collected financial/IT audit information, and documentation, review audit data and assess and analyze IT test results for compliance completeness and accuracy as per the specific audit plan.

Assessment and Auditing of legacy Network Authentication, Authorization, and Accounting systems for the upgrade to the new IAM application.

NOVEMBER 2011 – JAN. 2013 SR. IT SOX Consultant/ Project Manager; Union Bank/ Kaiser Pasadena, CA:

Ensure the accurate and timely compliance of SOX controls for the Health Plan portfolio. In collaboration with HP SOX Program Management Office (PMO) and Business partners to achieve SOX (Sarbanes Oxley) goals. Key activities:

Provide and ensure that in-scope HP applications comply with all SOX controls for Security and Change Management. Perform day-to-day SOX control reconciliation and identify and resolve issues (early in the process) on a timely and accurate basis.

Create and or maintain all SOX documentation for releases: SR, content document, content SR approvals, system test plan, system test plan summary, UAT test plan, UAT test plan summary, go-live document, approvals, post-live approvals, and review meetings.

Track, report, and monitor SOX application remediation efforts (managing corrective actions and other actions resulting from findings). Create and provide SOX Metrics and support/participate in all Audits and Audit processes.

Ensure appropriate segregation of duties within IT and consult with business partners on appropriate roles; provide reports that monitor violations.

DECEMBER 2009 - PRESENT: CEO-FIST Program Manager – Los Angeles, CA; Europe, Africa:

As CEO/Consultant, I was responsible for full-scale Scope of Works for IT Project Mgmt., Audit, SOX, and Security engagements.

Conducted IT Security assessments and evaluations and prepared reports to management, business sponsors, steering committee, and audit committee concerning the overall status of the Internal Control progress.

Worked with internal and external staff to coordinate required mitigation activities and minimize the cost of compliance.

Schedule and lead meetings with appropriate stakeholders, assisting with integration within other areas of the business. Accountable for all Contract/Project Lifecycle Management changes and process improvements as well as enforcement of contractual guidelines including the teams’ performance in meeting the project-required Service Level Agreements (SLA). Worked in collaboration with senior leaders and other managers as it pertains to contract deliverables and project management. Manage multiple work streams and technical implementations across all areas of the project.

Direct, coordinate, execute and control multiple concurrent InfoSec-aligned projects.

Created help desk tickets for security remediation (e.g., removing objects that threatened security postures like malware/rootkit, p2p program, etc.)

Developed IT security policies relating to SOX & NIST compliance. Performed Internal and External vulnerability assessments using Third-party vendors.

Gather reports on targeted threats from all sources, including news articles, research papers, vendor publications, partner agencies, and trusted third parties.

FEBRUARY 2008 - MAY 2009: Program Manager / SR. SOX Audit/Farmers/Zurich, Los Angeles & SIMI VALLEY, CA:

I managed projects focusing on analyzing the current systems environment that captures stores and processes credit card information. Solely responsible for directing/managing quality control and implementation of changes that enabled the centralization of management and security of credit card information in compliance with PCI - DSS (Payment Card Industry - Data Security Standard). Led teams in the delivery of enhancements to the enterprise payment token solution. Coordinated and drove 80% offshore delivery, reducing cost and offloading constrained onshore resources by delivering client strategy through lifecycle including design, build, test, and deployment with offshore (India) team of 10 resources. Achieved a 70% decrease in production deployment execution outage activities time by redesigning the project’s impact to align with

Contact this candidate