Post Job Free
Sign in

IT Audit, IT Compliance, Risk Managment

Location:
Columbus, OH, 43026
Salary:
Flexible
Posted:
September 08, 2009

Contact this candidate

Resume:

EXPERIENCE:

Independent Contractor (Jefferson Wells International) 08/2008 - Present

Federal Home Loan Bank (Cincinnati, OH) - IT Security Risk Assessment

• Created risk assessment questionnaire and risk assessment templates/tool based on FFIEC requirement

• Performed IT controls risk assessment and identified high risk areas

• Created a comprehensive report and recommendations for mitigating risks

Cardinal Health (Dublin, Ohio) – Segregation of Duties Analysis – Sarbanes Oxley

• Performed Segregation of duties analysis for (purchasing, sales, inventory, financial close/reporting, and fixed asset) for corporate and regional segments

• ERP applications include SAP, JD Edward, Hyperion, AR2000 and Oracle Financial

• Used GRC tools Approva, SAP GRC (Virsa) and developed Access databases to perform analysis

Greyhound Lines Inc (Dallas, TX), FG America (Cincinnati, OH) - IT Risk Assessment

• Created risk assessment questionnaire and risk assessment templates/tool

• Performed IT controls risk assessment and identified high risk control

• Created a comprehensive report and recommendations for mitigating risks

Limited Brands (Columbus, OH) – Sarbanes Oxley

• Performed SOX IT general control testing for Windows, Oracle and AS400

• Performed Application controls testing and performed SOD analysis using Approva Bizright GRC tool for Hyperion, JD Edwards, and Island Pacific applications

02/2007-07/2008 Brand Technology Services (Columbus, OH) - PCI DSS Compliance Program

Position: Senior Compliance Analyst

• Instrumental in ensuring PCI DSS Level 1 and SOX 404 compliance for four lines of business (DSW Shoes, Filenes Basement, Value City Department Store, DSW.COM)

• Work closely with IT teams and provided leadership for meeting compliance objectives

• Performed gap analysis, and used risk based compliance methodology to achieve compliance

• Initiated work towards Unified Control Framework for compliance

• Started and successfully implemented vulnerability management program

• Developed risk assessment template and testing for plans point of sales systems

• Perform periodic audits, assessment and gap analysis & recommend appropriate actions

• Worked closely with change management and project management teams to assess impact of changes/new projects on compliance, recommend appropriate timely actions to maintain compliance

• Develop short term and long term compliance action items for the management

• Serve as point of contact for all compliance related request, queries and deliverables

• Implemented and administered compliance tools - Tripwire, Qualysguard and Vontu

03/2005 – 02/2007 Jefferson Wells International

Position: Technology Risk Management Professional

Dennys (Spartanburg, SC) - PCI Tier 1 Compliance Audit

• Performed audit and security assessment of franchise stores POS systems

• Prepared Reports for managements for six franchisee in six different states

Dennys (Spartanburg, SC) - PCI DSS Tier 1 Compliance Audit

• Full onsite audit for Visa/Master Card PCI DSS Tier 1 Merchant

• Prepared Report on Compliance (ROC) and helped prepare remediation plans

Belk Store Service (Charlotte, NC) - PCI DSS Tier 1 Compliance Audit

• Full onsite audit for Visa/Master Card PCI DSS Tier 1 Merchant

• Guided client in creation policies and procedures in the areas of information security, encryption, incident Response, firewall change management and data retention

• Prepared Report on Compliance (ROC)

Belk Store Service (Charlotte, NC) - Sarbanse Oxley Audit

• Performed Sarbanes Oxley Audit using COBIT Framework

• Audit areas included Perimeter Security, firewall and IDS/IPS

CIT (Newark, NJ) - Infolease Service Bureau

• Application security audit of 10 instances of InfoLease application

• Audit of application change controls and production support processes

Reynolds & Reynolds (Dayton, OH) - Internal/External attack and penetration testing

• Vulnerability Assessment and Penetration testing of external and internal network

• Penetration testing of Wireless Network using Kismet, NetStumbler, Airdump and AirCrack

• Developed audit program and audited malicious software prevention, firewalls and incident response processes

Abercrombie and Fitch (New Albany, OH) - PCI DSS Level 1 Compliance Audit

• Full onsite audit for Visa/Master Card PCI DSS Level 1 Merchant

• Quarterly network vulnerability assessment as per Visa/Master Card PCI DSS Standard

• Prepared Report on Compliance (ROC) and helped prepare remediation plans

Limited Too Inc (New Albany, OH) - PCI DSS Level 1 Compliance Audit

• Quarterly network vulnerability assessment as per Visa/Master Card PCI DSS Standard

• Help remediate problem areas – This client Level II preparing to become Level 1

• Recommended steps as to remediate the non compliant controls

Ashland Chemical (Dublin, OH) - (Year 2006) Sarbanes Oxley Audit

• Performed Sarbanes Oxley Audit using COBIT Framework

• Audit areas included, Windows Platform, Networks Security, ERM, Malicious Software Prevention and Mainframe Applications

• Recommended steps as to remediate the non compliant controls

Ashland Chemical (Dublin, OH) - (Year 2005) Sarbanes Oxley Audit

• Performed Sarbanes Oxley Audit using COBIT Framework

• Audit areas included, B2B, EDI, ERP, Windows Platform, Networks Security and Mainframe Applications

• Recommended steps as to remediate the non compliant controls

Pomeroy IT Solution (Hebron, KY) – Sarbanes Oxley Audit

• Developed role based access control framework for financially significant applications

• Reviewed existing accounts and ACL to determine best way to implement RBAC for each application

• Recommended and designed processes and procedure to satisfy Sarbanes Oxley compliance requirements

Pomeroy IT Solution (Hebron, KY) – Network Security Assessment

• Performed Vulnerability Network Vulnerability Assessment using ISS

• Performed validation of results and recommended the remediation

03/2004 – 03/2005 Sarcom Inc

Position: Practice Consultant, Microsoft Solution Practice

Sarbanes Oxley Remediation and Assessment – Glimcher Reality Trust

• Performed Sarbanes Oxley Assessment using COBIT

• Helped establish Security Assessment Program

• Performed Security Assessment and Review of Platform in including Windows and Unix

Secure ISA Server implementation at Loeb Inc

• 500 user network

• Implemented Microsoft ISA Server 2004 uni-homed mode in DMZ interface

• Implemented Web Monitoring, Domain and URL Filtering

Microsoft Operations Managers (MOM 2005) – Samaritan Health Services (Oregon)

• 600 Users

• Configured MOM 2005 to provide real time alert and status of IT Infrastructure

• Configured MOM 2005 to provide reporting using SQL Reporting Services

• Created custom rules to monitor Active Directory and Exchange 2000

MS SQL Lockdown Procedure Review – Corporate One Credit Union

• Evaluated existing lockdown procedures for Data Center SQL Servers

• Documented additional steps needed for hardening as per Microsoft and Industry best practices

Security Assessment – DDB Chicago Inc

• Assessment of Active Directory, Windows 2003 and Windows 2000 Server OS Security

• Carried out vulnerability assessment of internal and external network

• Assessed the firewall rules and site-to-site VPN setting for ISA

Sarbanes-Oxley MOM Implementation – Perrigo (Generic Drug Manufacturer)

• 1400 user network

• Configured Microsoft Operations Manager to provide custom reporting for Sarbanes-Oxley compliance verification.

• Configured infrastructure and created customized rules.

Secure ISA Server implementation at Sarcom

• 1000 user network

• Implemented Microsoft ISA Server to provide secure internal/external access to Windows Sharepoint Services team sites.

Secure ISA Server implementation at Jackson Community College

• Implemented Microsoft ISA Server to provide secure internal/external access

• Implemented Microsoft ISA Server in Tri-homed DMZ configuration

07/2000 – 03/2004 Unicon International Inc

Position: Security Analyst/Software Integration and Test Engineer/System Administrator

Security Assessment of Lucent Technologies Operation and Management Platform

OMP application is Lucent Product for wireless network management

• Performed vulnerability and penetration testing on OMP on Solaris 8.0, Solaris 9.0

• Created minimum required security baseline for running OMP server in intranet and Internet environment at client sites. This enables Lucent Technologies to inform customers of minimum security required to run OMP application

• Carried out various scenarios based attacks on OMP servers to convince project leads to fix the security vulnerabilities in application.

Windows-based Factory Installation and Test System (WFITS)

WFITS is a MS Windows based testing tool used test wireless communication equipment

• Member of WFITS team responsible for design, development, upgrade and maintenance of the WFITS application using Borland C++ and Object Oriented design. I helped upgrade WFITS application and utilities to Borland VCL libraries

• Writing Feature Design Document and Design Unit Test Plans (DUTP). Executing and documenting test cases for the Regression/System/Integration testing.

• Perform builds and packaging using Borland C++ Builder and Install Shield Professional

• Perform release control, Source code management and bug-tracking using PVCS version Manager and PVCS Tracker

• System Admin for PVCS Tracker and PVCS Version Manager software running on windows 2000 server with MSSQL 7.0 Enterprise Edition as database server

• Developing Feature Integration/Load plan for each WFITS release. Writing developer release notes and updating release info on WFITS homepage.

• Developed backup strategies to ensure integrity and recoverability of WFITS source code

• Perform change control and packaging of using Visual source safe and windows installer

06/90 to 06/00 - The Nation Multimedia Group PLC, Bangkok, Thailand

Position: Technical Manager (11/96 – 06/00)

Systems Manager (11/93 – 11/96)

Systems Engineer (06/90 – 11/93)

• Managed a team of IT professional comprising of a System Manager, three System Engineers and six technician.

• Consolidated LANs in various business units into an enterprise wide network. and securely connected Internet by using Firewall-1, Microsoft Proxy 2.0.

• Developed and implemented to DMZ (Perimeter Network) to host mail and web servers.

• Served as Project Manager for selection, evaluation, implementation and going live of Windows NT based editorial/advertising system running MS SQL 7.0 and Prestige editorial system with over 400 clients. This system replaced the mainframe system.

• Project lead for migration of mail and web servers from IBM AIX platform to Windows Platform using IIS 4.0 and Exchange Server 5.5.

PROFESSIONAL CERTIFICATIONS:

CISA (Certified Information System Auditor)

CISSP (Certified Information System Security Professional)

CISM (Certified Information Security Manager)

ITIL (IT Infrastructure Library) – Foundations Course

PROFESSIONAL DEGREES:

Bachelors of Engineering (Computer Systems)

Master of Business Administration (Management)

REFERENCES:

Available upon request



Contact this candidate