eGRC Compliance and Risk Manager
Resume:
Larry A. Bowman
Sterling Heights, MI, 48313
Cell # 586-***-****
E-mail: advmo4@r.postjobfree.com
BACKGROUND SUMMARY
More than 21 years in the following Information Technology fields; Information Security Risk Management within Banking environments, Information Security Architecture and Information Assurance across a wide variety of network-based infrastructures and platforms relied upon across Department of Defense (DoD) Integrated Project Teams.
I have maintained a successful track record of Zero Data Loss within my areas of responsibility, nor have I allowed any security incident to occur that might adversely affect or reduce the operational efficiency of proprietary or personnel data items relative to Information Assurance data elements such as confidentiality, Integrity or availability with any of the above classified and unclassified operational platforms.
I possess in depth knowledge of various Information Assurance, as well as Risk and Audit guidelines specific to the following: ISO 27001, DoD, NIST, OMB, SOX, FFIEC, FISMA, HIPAA, and GLBA as they pertain to the COSO / COBIT framework. These documents / requirements are generally the driving policies required to access, develop, integrate, deploy and securely maintain protected and auditable data elements across various IT infrastructures and environments.
Direct experience with conducting internal audits and reviews to identify risks as well as documenting established regulatory controls necessary to mitigate IT vulnerabilities and risk. (possess SAP Toolset knowledge)
I possess skills in developing, maintaining and providing a wide array of personnel training curriculum pertaining to IA best practices, processes and procedures.
Lastly, I am able to create and foster collaborative communication pathways across the business environment as well as across supporting organizations that best reflects the goals and objectives of my customer and / or my assigned business area’s needs.
PROFESSIONAL EXPERIENCE
Comerica Bank. July 2013- Present
Title: Vice President, Information Security Risk and Third-Party Reviews, Auburn Hills Operations Center, Auburn Hills Mi.
Work with Architectural and Engineering business units to evaluate and assign project operational risk levels and work to mitigation and remediation Security deficiencies that have been found.
Development of corporate security policies, procedures and standards. Also maintain Risk Program’s Information Security requirements for ASP’s, Purchased Products, Internally developed Applications based on ISO, NIST and FIPS Security standards.
Experience with the following IDS / IPS and event logging solutions: ArcSight SEIM, DLP Symantec.
Identifying new vendor security requirements of existing vendors and facilitate relationship with these individuals to ensure Risk based questionnaires are thoroughly filled out.
Performing and reviewing on-site vendor assessments, examining risks and controls associated with all aspects of the vendor compliance with respect to federal compliance rules.
In-depth knowledge and use eGRC (Enterprise Governance, Risk and Compliance) Tool- Archer.
Draft and present Third-Party Review findings as well as SOX Compliance reports to other business units for follow up and communicates the results of assessments in a clear and concise manner to all levels of management.
Participate at all levels of the Project maturation process and raise awareness of the inherent and residual Risk at meetings with stakeholders and management.
Evaluating and/or reviewing vendor responses and at times their plan of action and milestones relative to addressing lapses in their security posture as needed.
Perform root cause analysis and communicate this information for Risk process development.
When required, produce and post operational risk metrics and reports to corporate dashboards.
Responsible for providing corporate training teams with current security threats.
Responsible for risk review of applications, systems, tools, and infrastructures that are assigned. Includes risk identification, assessment, evaluation, control monitoring and testing Identifying new vendor security requirements of existing vendors and facilitate relationship with these individuals to ensure Risk based questionnaires are thoroughly filled out.
Able to weigh business needs against security concerns and articulate issues to Risk Team.
Identify and risk rate exceptions to company policy and standards. I also advise project Teams on current risk posture as these conditions change.
Conducted accurate evaluations of the level of security required for Projects I’ve been assigned to.
Provided information and assistance in support of Federal Regulatory Exams.
SAIC- Science Applications International Corporation. July 2006- July 20013
Title: Information Assurance Manager / IT Security Architect III. MRAP Joint Logistics Integrator (JLI), Camp Arifjan, Kuwait.
Communicate issues and audit results across all tiers of leadership responsible for the IT infrastructure and management tiers as required to ensure clear and concise Audit results.
Assess Information Assurance threats, risks, and vulnerabilities from emerging security issues.
Perform and create procedures for system security audits and vulnerability assessments.
Recommended preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy.
Assisted in the development of network access controls as well as Database access-controls, their logical separation of duties and roles.
Worked with developers as well as infrastructure SME’s to provide risk reviews and evaluations of security weaknesses within these systems and to provide the required guidance and lessons learned to better remediate future IA based weaknesses.
Directly responsible for the initiation and review of internal and external IA policy and standards to ensure that changes to the existing security posture can, or should be allowed base on vulnerability assessments.
When required, perform as Team Lead / Member in support of Federal Exams and Audits.
Adept at risk mitigation for discovered or potential IA vulnerabilities either in a consulting role as an on-going member of the application/infrastructure/software project team.
Responsible for creating, updating and maintain data privacy policies as well as global information security policies.
Conducted technical risk evaluation of hardware, software, and installed systems and networks. Assisted with testing of installed systems to ensure protection strategies are properly implemented and working as intended.
Extremely competent in reviewing and maintaining IA Security documentation as a requirement for audit verification.
Communicated with personnel about potential threats to the work environment.
Possess knowledge of DoD IT Security Certification and Accreditation Processes (DITSCAP /DIACAP).
SharePoint 2007 / 2010 Administration experience and workflow experience.
Hands on experience with the following Security Technologies: Retina Network Security Scanner; as well as Anti- Virus Tools (Norton, Symantec).
Assists in the coordination and completion of information security operations documentation.
Worked with DoD leadership to develop strategies and plans to enforce security requirements and address identified risks.
Report to DoD leadership concerning residual risk, vulnerabilities and other security exposures, including misuse of information assets and noncompliance.
Played an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned by conducting 3rd Party Reviews.
Collaborated on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
Works with IT department and members of the information security team to identify, select and implement technical controls.
Developed strategic security processes and procedures that directly supported service-level agreements (SLAs) to ensure that security controls are managed and maintained correctly.
ACE Systems Specialist OCIO (Office Chief Information Officer), 11/15/2005- 07/15/2006.
SAIC, Sterling Heights, Mi.
Job responsibilities within the FCS ACE as a Mentor / Trainer were as follows: To ensure that the software end users within my IPT responsibility are well versed and competent utilizing FCS ACE software (PTC based products such as Windchill and Projectlink) as well as their associated functionalities. I work directly with clients such as U.S. Army TACOM, Boeing, General Dynamics, BAE, iRobot, Raytheon and other organizations supporting FCS Program objectives in the
Telecorp Products Inc. May 1994-Nov 2005
Operations Manager, 7/97 – 11/2005. Walled Lake, MI
Telecorp Products Inc, is a premier manufacturer of Call Accounting Software, as well as Quality Monitoring Solutions for any business that requires in-bound / out-bound call statistics. I manage multiple teams totaling 42 Technicians that install, train, and maintain these products globally. It is a 24-7 support operation, and I am directly responsible for the installation and maintenance revenue, with respect to the company's P&L.
Managed and maintain staff productivity over a 3000+ customer base totaling more than 43,000 installed applications.
Responsible for all shipping requirements, and maintaining company stock and delivery commitments to customers and OEM suppliers.
Reduced company shipping expenditures 15% by implementing the tracking of sales / distribution funnels.
Maintained maintenance revenues exceeding 3 Million per year for 3 years straight, by improving the data entry at the help desk level, which shortened the repair cycle and thus improved customer satisfaction.
Increased departmental productivity by 15% with the Implementation of customer service training programs, as well as improved technical training, which allowed solution sets to be provided to vendors more quickly.
Responsible for Installation revenues between 80K and 400K monthly. These revenues also cover the Central / South American accounts.
Technical Support Specialist, 5/94- 7/97, Walled Lake, Mi.
Fluent with Automatic Call Distribution Theory and Implementation within the call center environment. (Nortel, Avaya, Siemens)
Responsible for all Software installations in Mexico, Central and South America as well as North America.
Implemented training course for new Technicians that decreased ramp-up time.
Publicly recognized numerous times for Excellent Customer Service based on emails and / or letters provided to Telecorp.
Guardian Industries Jan. 1992-March 1994
Security Manager, 1/92 - 3/94, Auburn Hills, Mi.
Managed 24-7 Security Team
Created and implemented emergency evacuation procedures for entire building.
Instituted quality checks that decreased theft and increased productivity.
United States Air Force (U.S.A.F.E) Oct. 1987-Oct. 1991
Electronic and Physical Security Specialist, 10/87 - 10/91, Belgium.
Completed 4 year tour with Honorable Discharge with Rank of Sgt.
Managed 4 Armories in support of Operation Desert Storm. (20 Servicemen in total).
Promoted to Armory Chief during my last Active Duty year.
Meritorious Service, Good Conduct Medal Commendations.
Improved procedures for Emergency Weapons deployment into Weapon Storage Areas (Nuclear Components).
EDUCATION & FORMAL TRAINING
Baker College- Graduated Oct, 2011 / GPA 3.5
Earned Bachelor of Business Administration with a Minor in Project Management.
ISC - Certified Information Systems Security Professional (CISSP)
Advanced Telecommunication Services-Charleston SC
Certified on the maintenance of the Avaya Definity G3 PBX.
Certified on the maintenance of Nortel’s Option 11-81 PBX.
Certified on Symposium / Symposium Express PBX.
Oakland Community College-1991-1993
Earned Associates Degree (dual major in Science and Psychology)
Minor in Project Management
Contact this candidate