Risk Management It Security

DANIEL JARDO

Mobile: 778-***-****

E-mail: ******@*****.***

1

SUMMARY

Seasoned IT Professional with over 20 years of experience in IT Audit, IT Security and IT Risk. Extensive cross-disciplinary expertise in management risk and control, ensuring the security of information systems and applications in complex IT infrastructure. Experience in financial, gaming, banking, insurance and retail industries.

Solid analytical skills and great attention to detail. Excellent problem-solving skills with the ability to effectively communicate complex technical information to non-technical audiences always with a positive “can do” attitude. TECHNICAL SKILLS

Expertise with security methodologies, standards and best practices such as ISO 27001 and COBIT.

Audit/Security Tools: ACL, Teammate, Nessus, Radium, Qualys, I2. Firewalls: Juniper, Checkpoint

Forensic Tools: Registry, EnCase, Disk Imaging, Carbon Black. PROFESSIONAL EXPERIENCE

Senior IT Auditor

BCI (British Columbia, Canada) Sep 2022 – Present

Assisted long-term audit project planning related to the IT Audit field, with a strong focus on Cybersecurity.

Performed IT Audit Engagements related to the main topics related to Cybersecurity and Technology in general.

Developed planning for IT audit engagements and worked closely with IT team members to articulate engagement objectives, scope and prioritized areas for testing. A/Manager IT Auditor

Canaccord Genuity Group (British Columbia, Canada) Nov 2014 – Sep 2022

Conducted IT audit procedures to assess the Information Technology control environment relating to Change management, user management, computer operations and program development domains in Canada, Europe and US offices. Data analytics was used on the domains with complete data.

Lead the Cybersecurity Audit with an Enterprise Maturity Model approach.

Participated in IT security projects, i.e. security policy and procedures, Data Centre moving, SIEM project, encryption tools, Cybersecurity security controls (NIST), Security on cloud service provider, forensic tools

(carbon black), antivirus reporting, Admin Accounts (ERPM), BYOD mobile, data migration/conversion, computer operation and IT audits operating systems as AD, Linux/Unix, Mac and databases MS SQL and Oracle. Also, active participant as a risk advisor in Cybersecurity Committee, Infrastructure Tactical and Operation Security meetings.

IT Auditor / Risk Consultant

PRA Group (British Columbia, Canada) Apr 2014 – Oct 2014

Performed audit procedures to assess the Information Technology control environment relating to network infrastructure, information security, systems development and implementation, application security, database management, disaster recovery/business continuity, telecommunications, risk management and other areas as assigned.

IT Auditor / Risk Consultant

PricewaterhouseCoopers LLP, (British Columbia, Canada) Oct 2013 – Jan 2014

Prepared walkthrough narratives, flowcharts, risk and control matrices and research necessary to gain an understanding of the underlying processes and/or technology being audited and key control activities to be evaluated.

DANIEL JARDO

Mobile: 778-***-****

E-mail: ******@*****.***

2

Managed and performed audit procedures to assess the Information Technology control environment relating to network infrastructure, information security, systems development and implementation, application security, database management, disaster recovery/business continuity, telecommunications, risk management and other areas as assigned.

Communicated and validated audit results with clients and prepared written reports and oral presentations for Management and the Board of Directors.

Information Technology District Consultant

Government of City of Buenos Aires, Ministry of Economic Development Apr 2011 – Jan 2013

Provided assessment of prospective companies focused on Information and Communication Technologies

(ICT) for their application to participate in the Technology District.

Managed the analysis and design of the Technology District system administration. IT Project Manager

Apotex Inc. (Canada) Feb 2012 – Jul 2012

Canadian Pharmaceutical Company

Managed the design and implementation of the new Data Center for the Argentinean branch, including network and electrical layout, IP Telephony (Cisco), operations protocols and enhanced security.

Developed and managed budget project plans and schedules.

Implemented the HP Servers using SCCM scripts from IT enterprise operations, Microsoft Windows Packages, Lync and Ad Hoc company applications (SharePoint app, intranet access, Wi-Fi, etc) in compliance with corporate standards.

Reported to corporate headquarters in Toronto (Global IT Manager) and managed the communication between them and General Manager in Argentina on project progress, issues and solutions.

Produced user documentation and coordinated personnel training. IT Project Manager

Chubb Insurance Company (Argentina) May 2010 – Nov 2010 Insurance Company

Managed the design, relocation, logistics and implementation of Data Center.

Developed and managed the budget ($ 400K), delivering the project planning and testing specification for the applications and technical environment. Coordinated multiple vendors.

Managed the design and implementation of IP Telephony (CISCO 150 users + 20 wireless devices), including pricing, budget, follow-ups, testing and documentation. Optimized security and operation protocols. Supervised headquarters and local IT operations Servers and workstation patching.

Reported to Project Management Officer (PMO), IT Director and the Head Office manager of Data Center Operations.

Head of IT

Financial Information Unit (Fintrac), Ministry of Justice Oct 2008 – Feb 2010 Government Administration

Maintained the operating systems, application systems, communication platforms (LAN / WAN / Telephony and Internet connectivity) and technology infrastructure. Created new applications to improved business processes.

Responsible for security operations (logical and physical), monitoring and reporting of security incidents with the solution plan to the president of the Entity.

Created and implemented security projects i.e reduce the powershell capabilities for normal users, formal review of operating system logs, segregation of duties in operating system and applications, email filtering, secure backup (encryption), workstations and notebook encryption, USB policy and others.

Created the Security Strategy Plan for the company, including the acquisition of security products, as SIEM, DLT form TrendMicro, Firewall Checkpoint and AV Trend.

Coordinated the design, development, testing and implementation of new Anti-Terrorist application.

Supervised the real-time update of the Unique Information Registry database, comprised of data provided by multiple government organizations.

DANIEL JARDO

Mobile: 778-***-****

E-mail: ******@*****.***

3

IT Risk and Assurance Manager

Ernst & Young (Buenos Aires, Argentina) Oct 2005 – Aug 2008

Leader of the IT SOX (Sarbanes Oxley 404) Project in Athens, at Ethniki Hellenic General Insurance S.A of the National Bank of Greece, managing 20 people from various E&Y branches around the world.

Evaluated, analyzed and recommended on the Information Security and Strategic IT Plans across different industries by identifying and evaluating business and technology risks, internal controls to mitigate risks, and related opportunities for improvements in internal clients control.

Supervised the Data Analysis team, who used ACL software. Advanced Security Center coordinator. Lead security forensics team for local and international projects.

Directed team for the development and implementation of Business Continuity Planning and Disaster Recovery Planning.

Coordinated the Annual Global Information Security Survey for the E&Y branch.

Managed and followed up of the RAS budget (Business Risk Services and Technology and Security Risk Services), through balanced scorecards and other ad hoc metrics. IT Consultant (SOX)

Chubb Insurance Company (Argentina) Aug 2005 – Oct 2005 Insurance Company

Reviewed the development process, testing process, and implementation of security plans, development of auditable security processes in compliance with Section 404 of Sarbanes-Oxley Act. IT Consultant

Long Regent Group (Argentina-United States) Jul 2001 – Aug 2005 Consultant Company – 20-100 Employees

Provided IT security and risk services to the Argentina National Lottery, focusing on online real-time data processing for lottery games (lotto), monitored the lotto agencies and reviewed the slots process controls. Managed the IT computer operations team, and reviewed and tested yearly the disaster recovery plan.

Designed and implemented the physical security bunker for the biggest casino in Buenos Aires (Cirsa), including CCTV, biometric access, and security guard rounds and created security protocols for documentation. Coordinated an Israeli company for security training for bodyguards. Reviewed the net win reporting and casino operations.

Obtained the Nevada Commission certificate for a new game of Virtual Game’ s company, located in Las Vegas, USA, by managing the technical team that designed the security platform.

Participated in implementation for Sportsbooks (Caliente) and mobile betting projects (Digital Orchid- San Diego - USA).

Attended Expo Global Gaming in Las Vegas – Nevada – USA. Information Security Officer (CISO)

OSDE Group (Argentina) Feb 2000 – Jul 2001

Hospital & Health Care – 1,001-5,000 Employees

Created a new IT Security division and managed budget around $600K including payroll.

Responsible for the Security Strategy Plan including subsidiary companies.

Implemented the SAP R/3 Logical Security and IBM OS/400 system in 30 branches and managed for the Logical Security Legacy System (Ad Hoc).

Conducted security investigations of digital breach attempts and report to the Security Committee. Remedy reporting. Defined a Security program for training end users and IT operations.

Participation in IT Enterprise Infrastructure, Enterprise Development and Production Support projects for security and controls perspective. Reporting the project progress to the Audit and Risk Committee.

Managed the relationship with internal and external auditors and coordinated recommendations letters. DANIEL JARDO

Mobile: 778-***-****

E-mail: ******@*****.***

4

Information Security Officer (CSO)

Consolidar Argentina, part of the BBVA Group Jan 1997 – Jan 2000 Insurance & Health Care – 1,001-5,000 Employees

Created a new IT Security division, including selection process, hiring, development, and management. Managed a budget of $500K including payroll.

Defined and implemented Security policies, norms and procedures for the company in participation of Arthur Andersen LLC. Implemented a Security awareness program for IT people and end users. Security Training.

Implemented logical security for Oracle Financial application and provided security and best practices training to development and quality assurance areas in all IT Division projects.

Managed the Firewalls and IPS setup and control the operating systems (Linux, UNIX, Microsoft Windows, Novell Netware) using ad hoc scripts and tools, Corporate Intranet, Anti-Spam products, and remote safe links (virtual office).

IT Auditor

Ernst & Young (Argentina) Apr 1994 – Jan 1997

Evaluated the effectiveness of IT controls in system applications, such as Oracle Financial and JDE among others. Including logical access (application, database, operating system and network).

Participated in the external Accounting Audits by re-processing financial information using ACL or SQL tools.

Analyzed Security Policies, IT strategic and contingency plans according to best practices.

Audited different operative systems across clients, such as: IBM AS/400, HP-UX, RISC 6000, Windows NT, VAX, RACF, Mainframe, Novell and code checking in: FoxPro, Visual Basic, MS Access, Pascal, Cobol.

Reviewed application controls that support significant process of general ledger, account payables, account receivables, material management, payroll and logistic operations. IT Analyst

Del Sud Bank (Argentina) Feb 1993 – Apr 1994

Banking – 5,000+ Employees

Analyzed the definition of requirements of the back office in the trading area for the new applications. EDUCATION

University of Salvador, (USAL Argentina) and validated in Europe by University of Deusto (Spain) Master of Business Administration, 2000

University Of Salvador, Buenos Aires, Argentina

Bachelor of Information Technology, 1994

OTHER

ISACA Vancouver Chapter volunteers 2014 until 2019. Actively participating in events. IT Audit Teacher at the University of Salvador (USAL Argentina) 1996. Registered IT Security Expert for the Ministry of Justice of the Government of the City of Buenos Aires, since 2008 and conducted several digital investigations.

Contact this candidate