Sr Cyber Security Compliance Specialist

Sione Fonua ********@*******.***

**** * ****** ** ************ MO 64055 816-***-****

**** - ******* **/**/**** Manager Nations Holding Companies Shawnee, KS

Quality Assurance /IT Manager I directly managed 4 groups supporting all of our financial services businesses across the states

oHelp Desk – supports in-house users with any issues with their office equipment, system applications, network, telephony, fax, emails, etc.

oSoftware Test Group – tested 9 in-house applications including desktop applications, web application, mobile applications, client sites, and integrations

oBusiness Analysts – provided product documentation, project coordination, client communication, and led SCRUMs.

oWebsite Development Group – this group did the software applications for the online website stores.

IT Risk/Compliance Manager – the following are my daily priorities, duties, responsibilities, and tasks.

oIT Compliance Coordinator - I managed internal audits, answered external audits from banks, performed third party audits like with our data center, and was the point man for annual audits like SOC and internal/3rd party penetration testing.

oIT Risk Analyst – as part of our corporate governance, risk, and compliance GRC.

I helped with the identification, evaluation, and prioritization of risks potentially affecting our critical business processes, systems, data, assets, personnel, clients, and 3rd parties.

This included minimizing risks through mitigation plans and continued monitoring and review.

I designed, documented, implemented and tested IT corporate policies like backups and access controls, corporate business policies like BCP/DRP, HR policies like onboarding/off-boarding, software development policies like SDLC and database security, and change management for IT systems and applications.

oIT Risk Officer – I reviewed IT logs and reports for issues or problems, performed an investigation of issues, interpreted logs data, analyzed the findings, and then prioritize them for team members.

oIT Regulatory Officer - Familiar with the following regulatory industry standards; NIST, HIPAA, SIG, SOC, COBIT, ISO, PCI DSS, GLBA, EGRC, BSA/AML, and Best Practices. Constantly reviewed our corporate IT and several business policies including HR to the standards of our industry which includes SOC1 Type 2, and GLBA. Provided training for our employees per security awareness, Escrow, BaRT, UDAAP, and AIR.

2003 – 2010 QA Manager Cyberhomes Olathe, Kansas

(FNIS which later became FNF in 2004, FNRES in 2006, then Cyberhomes in 2008)

Directly managed the Application Test Group with peripheral responsibilities with the Application Support Group, Code Deployment Group, and Code Librarians

Provided QA Analysts with direction on day to day test activities i.e. requirement gathering, test design, test development, test execution, and test reporting in a waterfall/agile environment

Provided test schedules based on available resources and scope of project

Provided all related documentation including templates for test plans, test cases, use cases, and metrics

Worked in coordination with Business Analysts, Software Developers, Customer Support groups, End Users, and 3rd party vendors

Supervised projects involving the QA Department including third party software integration, data processing, application enhancements, code migration, code deployments, and server builds

Performed functional, regression, use cases, user acceptance, systemic, negative, stress, load, automation testing using Selenium, and SQL testing

Performed/provided constant process improvements for processes directly associated to the SDLC process including issue tracking, issue reporting, issue resolution, release schedules, testing processes and procedures, general QA methodologies, and risk management

Identified and prioritized application defects for quick resolution and prevention

Provided application support for both the online, desktop, and mobile applications

2002 – 2003 Business/Systems Analyst Keane, Inc. Shawnee Mission, Kansas

Consultant for Fidelity National Information Systems FNIS

Designed and implemented software testing methodology that meets quality standards, business objectives, and customer needs. This includes test case/scenario review, new enhancements and bug fix review, and testing methodology to be used

Performed functional, regression, user, documentation, and installation testing for software releases and enhancements

Gathered and analyzed testing data and assists in identifying and resolving software issues with Development Team, Business units, and Customer Service

Documents testing progress and provide testing metrics that guide future development efforts

Provided application support for both the online and desktop systems

Analyzed business processes and practices for quality improvement

Designed technical and business documentation for each project such as test plans, test strategies, test cases/scenarios, project objectives, etc.

Documented and tracked application issues using proprietary bug tracking software and worked with developers towards their resolution

Created job aids for process improvements and departmental training. Performed administrative tasks during software testing. Created test documentation. Created quality documentation. Provided training

2001- 2002 Business Analyst I Midwest Consultant Group Kansas City MO

Consultant to Sprint at campus in Overland Park

Gathered functional requirements from customers, engineers, technical analysts, and end users with the goal of implementing new systems and software enhancements

Re-engineered email, call/text, postal communications and processes for the call center

As a contractor he worked for Sprint PCS on several IT projects. In each project he gathered functional requirements from customers, engineers, technical analysts, and end users with the goal of implementing new systems, software enhancements, and/or new processes for the call center

Responsible for several ITPF documents for each project i.e. their creation, maintenance, and archival in Documentum

Conducted extensive daily research within Documentum for related and compatible systems, software, and hardware as it applied to the projects being worked on for corroboration and relevancy

Written several test scenarios and submitted Remedy tickets for BT errors and process problems within training/testing environments

2000 – 2001 Methods & Procedures Analyst Birch Telecom Kansas City MO

Wrote training material and documentation for job training in call centers.

Supported re-engineering of quality processes for call centers

Supported the integration of new software systems and processes

Overall process improvement for the call center.

Certifications

Certified Information System Security Professional (CISSP)

References upon request

Contact this candidate