Project Management
Resume:
STEPHEN A. GIERACH
Tinley Park, Illinois *****
708-***-**** (Cell)
********@*******.***
PROFESSIONAL PROFILE:
Highly trained and experienced in the effective controls, procedures and security auditing, management, and optimization of virtually all aspects of the Information Technology responsibility and has carried out “hands on” technical assignments in many of the same areas. With over 20 years of program/project management and IT management consulting experience, including 18 years of IT audit experience and 12 years of business-wide disaster recovery planning, he managed a comprehensive IT management consult¬ing services firm (which he originally founded) for over twenty-two years, serving “C” level management in Fortune 5000 organizations. Also, he held project management responsibility for a number of large technology rollout projects in the telecommunications industry, involving broadband and narrowband data communications configurations, as well as WANs/LANs. He has significantly supported their operational effectiveness through re-engineering, strategic and logistical planning, physical/logical security, and cost reduction goals, as well as their measured service responsiveness to business entities, as a contribution to the revenue-generating goals and objectives of organizations across the country.
PROFESSIONAL STRENGTHS
• SOX-404 and Internal Audit
• SAS-70 Vendor Audits
• Model Audit Rule compliance
• Basel II compliance
• FDIC IT regulatory compliance audit requirements
• OCC Identity Theft & Red Flags implementation
• PCI & Credit Union Audits
• ISO-17799, 25999, & 27001
• COBIT/COSO
• ITIL
• FISMA
• HIPAA
• NIST 800-53
• Project Management
• Fair Isaac retail, scorecard based credit risk applicant assessment systems
• ERP Application Auditing (JD Edwards, Baan, & Oracle)
• Policies, Standards, & Procedures development
• System Configuration Planning
• System Performance Measurement & Optimization
• PMO Trained
• Securing Intellectual Property
• Company Management
• Technical Management
• Risk Management
• Data Center Performance
• Physical/Logical Security
• Business Continuity Planning
• SDLC; SLAs
• Capacity Forecasting
• Configuration Planning
• Results-Oriented
• Self-motivated/directed
• Client liaison
• IDEA data analysis program
• Unix, Windows, Novell, & IBM mainframe experience
IT Standards, Governance & Risk Management Highlights
* Managed and participated in the auditing of critical project work streams for compliance with corporate standards for project management, on time completion of project milestones and deliverables, risk minimization, and cost control at a major bank in Chicago.
In conjunction with multiple IT data center operational improvement audits and remediations, I have:
• Managed over 40 data center operational improvement audit projects of corporate IT strategic and logistical planning; capacity forecasting and configuration planning; IT PMO prioritization; and standards, procedures, and policies, as well as controls in place.
• Managed and participated in the auditing of critical project work streams for compliance with corporate standards for project management, on time completion of project milestones and deliverables, risk minimization, and cost control at a major bank in Chicago.
• Responsible for managing a $6 million telecommunications technology rollout and upgrade project for a major property/casualty insurance company based in the Midwest. This project had a staff count in excess of 60 company employees, plus project and technical representatives from two major equipment and service providers.
• Managed and trained over 100 technical telecommunications experts in the performance of a nationwide telecommunications equipment audit intended to validate the internal database of equipment inventory, usage, and availability. This project was valued in excess of $8 million.
• Managed the design and development and subsequent upgrade of an automated disaster recovery plan product, known as Corporate Recovery. This product was subsequently sold to Fortune 5000 companies nationwide and offered substantial competitive advantage to the customers over other leading products.
• Managed the development of several standards and procedures manuals for large mainframe shops and minicomputer environments, including a structured manual for computer operations and SDLC standards and procedures for systems and programming.
• Manage the design and development of an automated cost reduction analysis product specifically designed to reduce IT operational costs.
• Managed and participated in almost 20 IT compliance readiness audit projects, including testing, documentation, and remediation for those organizations seeking Sarbanes-Oxley, independent audit certification
• Trained corporate project managers at more than 25 companies in the use and application of automated project management technology, in addition to use of add-on products, which ensure for segregation of duties between project managers and project members.
• Adapted the use of automated PM technology for use in coordinating, driving and monitoring of activated disaster recovery plans.
PROFESSIONAL EXPERIENCE
Collabera, Inc. – Sr. IT Audit Manager 04/11 – 07/11
As a member of the Business Controls Monitoring & Readiness group, helped monitor projects, facilitate, and oversee regulatory exams (OCC, OTS, FRB, etc), internal audits, SOX and SAS-70 audits, PCI readiness audits, and business partner audits for both computer applications and infrastructure technology for Bank of America for projects performed in the US, Canada, Europe, and Asia.
TEKsystems, Inc. – IT Security Assessor 10/10 – 12/10
Participated in a nation-wide vendor site security assessment project with a Princeton, NJ consulting firm for Bank of New York - Mellon, which included 60 vendors supplying outsourced services to the bank. This project identified appropriate technology controls required to protect sensitive bank data from an operational, regulatory, and legal risk. It also identified existing security controls in place and compared them with required controls and “best practices”.
Executive Compumetrics Inc. – Principal 01/08 – 10/10
Enterprise Risk Management Services – IT Compliance and SAS-70 Auditing, Testing, Documentation, and Remediation; IT Operational Auditing and Process Re-Engineering; Business Impact Analysis; Risk Assessment; Physical/Logical Security Preparedness; and Business Continuity/ Disaster Recovery Planning; and Post-Implementation BCP/DRP Testing
• Performed critical project work stream audits of large development and implementation projects for Harris Bank in Chicago to assure compliance with the approved project management standards.
• Developed Basel II multi-phase implementation plans and proposal for independent consultant use at several international “core bank” operations.
• Participated in the development of a business-wide qualified risk analysis in a Business Impact Analysis (BIA) project for McDonald’s Corporation.
• Developed comprehensive consulting service to help organizations dramatically improve securing their Intellectual Property, involving risk management, legal, IT, and Internal Audit.
• Developed and implemented a consulting service to support implementation of the Model Audit Rule by insurance companies (public and private) through compliance readiness auditing, testing, documentation and remediation.
• Developed models for continuous compliance monitoring and auditing through the implementation of a Unified Complance Framework (UCF) in conjunction with an Enterprise Risk Management (ERM) system performing exception level, as well as summary and detail level reporting.
• Established new marketing and sales program and developed network alliances with other supporting professional CPA, legal, consulting, and training firms.
• Self-trained in use of IDEA audit analysis software for data mining and analysis.
• Published an article, entitled “In Support of the Bottom Line”, in the April, 2010 issue Internal Auditor magazine.
• Gave IIA/ISACA chapters in Springfield, IL a workshop on increasing the value contributions of Internal Audit and on securing Intellectual Property.
Control Solutions International – Senior IT Manager 09/06 – 11/07
Provided IT compliance auditing and remediation assistance for compliance readiness for a variety of mid-size companies and public institutions, re-defining their RCM control activities, developing corporate IT policies and procedures, and documenting key IT walkthroughs along with “spot” testing. Conducted comprehensive IT operational audit of a large data center facility supporting 3,000 users to review internal IT controls, cost controls, and opportunities for improved performance, measurement, delivery and reporting of services provided. Performed extensive IT audit testing of a global manufacturer’s controls effectiveness for the 2007 fiscal year. Also, involved in proposal and project development for Risk Assessment, Business Continuity, Disaster Recovery Planning, and PCI DSS compliance readiness engagements. Addressed security and integrity issues for data interchange between key business application systems and telecom technologies, e.g., FTP and EDI. Security issues audited included segregation of duties, user access provisioning, “super user” access controls and monitoring/reporting, workstation security, anti-virus and anti-spam filtering, VPN configuration, effectiveness of IDS and IPS, and network configurations for security. Evaluated key ERP business application controls for Baan, JD Edwards, Hyperion, and Oracle (including key controls, user screen menus, edit checks, and error messages, user access provisioning, data input integrity, master file maintenance, and reporting). Key accounts served included: The Nielsen Co., Hartmarx Corp., Cooper Standard Automotive, Michigan State University, Northstar Aerospace, and Commerce Energy Group.
Independent IT Audit Consultant Engagements 08/04 – 07/06
Working through several large professional staff augmentation organizations, Mr. Gierach provided his professional IT auditing services to several major organizations both in the Midwest and elsewhere, including
* Conducted a Type I SAS-70 audit of controls in place for a midsize telecommunications and co-location processing service company, including defining: an RCM containing the control objectives and supporting controls; test plans; performing test results analysis, and remediation recommendations. Developed a draft report of Section 2 of the SAS-70 report.
* Participated at an international bank in assisting KBP organizations to remediate their deviations from a consolidated set of IT audit standards (derived from a combination of SOX, FRB regulations, Basel II accord, etc.) and to remove and centralize the user access provisioning responsibility for each critical application system.
* Utilized the COBIT and COSO frameworks, as well as D&T’s RCTS, to conduct and document an audit assessment of their critical and non-critical IT SOX compliance requirements for 1st and 2nd year reviews, created/revised corporate IT policies, procedures, and standards; performed IT application system testing; audited of key controls in common ERP systems (such as Baan, JD Edwards, and Oracle); and developed Risk Control Matrices (RCM), KBP application narratives, process flow documentation in MS-Visio, and executive summary reports for a mid-size publicly traded organization with 40+ subsidiaries. Developed comprehensive remediation matrices for automated remediation solutions for many client organizations served. Worked with financial audit team members to validate the accuracy and integrity of their work governed by GAAP.
* Performed an IT operational audit for a very large global client in their Florida data center, utilizing the Guide to the Assessment of IT General Controls Scope based on Risk (GAIT) in many IT audit engagements. Subsequently assisted the client in the formalization of IT procedures for change management, backups and restorations, network security practices, and more.
Accounts served during this period include Cimco Communications, ABN AMRO Bank, Interpool Inc., Central Garden & Pet Co., The Tribune Co., and CNA Insurance Co., among others.
EXECUTIVE COMPUMETRICS INC. – Principal 10+ years
IT Data Center Optimization; Project Management; IT Cost-Control; Security and Business Continuity/Disaster Recovery Planning; Office Productivity; Corporate Compliance
Responsible for marketing, selling, managing and participating in IT management consulting projects for the mainframe, minicomputer, and LAN/WAN areas of IT divisions of Fortune 5000 companies.
Client accounts included Arthur Andersen & Co, Chicago Board Options Exchange, AT&T Bell Labs, NYNEX, Commonwealth Edison, Leo Burnett Co., First National Bank of Chicago, Heritage Bank, Standard Bank, American Medical Association, Underwriters Laboratories, Carter Hawley Hale & Co., a dozen Blue Cross & Blue Shield plans, Pillsbury Co., and Northwestern National Life Insurance Co., among others.
KPMG PEAT MARWICK (formerly PEAT, MARWICK & MITCHELL) 2 Years
IT Management Consulting Services – Sr. Management Consultant
Participated in comprehensive IT audit projects for financial institutions, manufacturing companies, and KPMG’s home office data center in NYC. Responsible for measuring and optimizing mainframe computer performance measurement and performing capacity and configuration planning for Fortune 1000 accounts across the nation. Also, responsible for developing user service level agreements and participating in Information Systems security audits for several large financial institutions, including the First National Bank of Rockford, Transamerica Financial Services, General Mills, and others. Finally, participated in formal presentations to client management and proposal development.
ADVANCED EDUCATION
Post-Graduate (Ph.D.) Studies UNIVERSITY OF ILLINOIS (Urbana, IL)
Advanced coursework required in Computer Science
M.S. SOUTHERN ILLINOIS UNIVERSITY (Carbondale, IL)
Solid State Physics
B.A. ST. MARY’S COLLEGE (Winona, MN)
Physics Major; Math Minor
PROFESSIONAL CERTIFICATIONS
CISM; CISA; PMP; MCSE; CCNA
PROFESSIONAL MEMBERSHIPS
Information Systems Audit and Control Association (ISACA)
Institute of Internal Auditors (IIA)
Project Management Institute (PMI)
Information System Security Association
InfraGard
PUBLICATIONS
Internal Auditor magazine (04/2010): “In Support of the Bottom Line”
Contact this candidate