Aravindan Ganesan CISA PMP (CRISC)

pzti9v@r.postjobfree.com 978-***-****

Summary

• More than 20 years of IT Audit, SOX-404 Audit, IT Security, PCI DSS Compliance, Enterprise Risk Management, IT Governance, Compliance, SAS/70 , HIPAA audit and Project Management, experience galvanizing teams in core initiatives while serving as a change agent for efficiency improvements with expertise in Platforms and Interface Management.

• Interfaced with Senior VPs and Directors to determine business strategy and to allocate budget and resources.

• Proven track record of delivering technology solutions using multi-sites and cross-cultural teams.

• Managed audit teams delivering successful SOX-404 IT Audits, IT security, PCI DSS, CISP and HIPAA Compliance, SAS 70 and ISO 27001 for more than seven fortune 500 companies.

• Demonstrated ability to identify gaps relating to key IT processes and implemented best IT practices.

• Wide industry experience including Banking, Financial, Insurance, HealthCare, Retail, Telecommunications, Manufacturing and Logistics.

• Effective at motivating and leading IT auditors, IT security and compliance professionals. Excellent presentation, communication and negotiation skills.

Significant Achievements

• Managed the large audit and compliance initiatives of SOX-404 IT,SAS/70, PCI DSS and HIPAA/HITECH, Privacy Acts including security policies, procedures and controls.

• Developed audit universe and audit programs

• Managed the operational audits of ERP (SAP and PeopleSoft) and IBM/z OS/AS/400/UNIX systems.

• Prepared the final audit reports for numerous audit programs and presented to audit committee.

• Managed the implementation of IS Security programs and IS Security Risk Assessment in large enterprises.

• Developed Enterprise Risk Management framework /IT Governance and strategies and conducted enterprise-wide risk assessments.

• Managed implementation of security policies, guidelines, standards, controls and processes based on ISO 27001 / COBIT/ COSO/ OWASP / ITIL / NIST -800 / 21 CFR part 11 frameworks/methodologies.

• Established Security Committee and Change Control Committees.

• Program management, Project Prioritization and Team Selection; Resource Planning and Allocation.

• Conducted and reviewed security risk assessments, threat management,vulnerability, penetration and application security test using Fortify, Appscan, Nessus, Rapid7.

• Trained and mentored IT audit professionals for CISA ,CISSP and PCI DSS Certifications

• Audited BCP and DRP plans and implementations; Recommended best practices.

• Interfaced with external auditors (E&Y,KPMG, PWC and Deloitte) for audit concerns and certifications.

• Managed complex IT projects with budgets ranging from $500K to $7M & resources from 5 to 25 people

Education / Certifications

• MBA - Technology Management (expected : 2011)

• B.E, Anna University, Madras, India

• CISA-Certified Information System Auditor ISACA

• CISM – Certified Information Security Manager (Awaiting Results)

• CRISC – Certified in Risk and Information System Control –ISACA ( Awaiting Certification)

• PMP- Project Management Professional Training Courses

• CISSP Certification Course - ISC2

Professional Experience

EMC (Manufacturing Company),SouthBoro, MA April 2011 to till date

Lead/Senior IT Risk Consultant

IT Governance and Enterprise Risk Management (ERM): Manage and develop IT Governance and Enterprise Risk Management Framework for the company. Manage and track the enterprise risk assessments and enterprise risk, threat and vulnerability security issues using Archer GRC tool. Create ranking and scoring methodology and prepare high level assessment questionnaire and conduct enterprise wide IT and security risk assessments.

Wells Fargo /Wachovia Banking, Financial and Insurance Services Nov 2010 to Jan 2011

Consulting Manager (Security and Compliance)

SOX 404, PCI DSS and HIPAA Compliance

Managed the team of audit and security professionals to identify and remediate the security and audit risks relating to SOX-404, PCI DSS and HIPAA compliance.

Web Application Security Audit: Manage the team of compliance professionals to review the security risks (Fortify scan) of web applications relating to PCI DSS, HIPAA, GLBA and Privacy acts.

Egrove Systems Oct 2007 to Oct 2010

Director – Audit, Security and Compliance

Direction and Leadership for the IT Audit, Security and Compliance practice of the company. Developed audit universe and audit programs, and recommended best practices to clients. Developed policy frameworks and methodology for service delivery. Managed and delivered IT operational audits, security and compliance initiatives – IT Audit, SOX Audit, Enterprise Risk Management (IT Governance), PCI DSS Compliance, SAS/70 HIPAA/HITECH, and ISO 27001 using COSO/COBIT frameworks for several fortune 500 companies including:

Siemens HealthCare Systems

PCI DSS Compliance

Managed teams to identify the gaps relating to PCI-DSS and SOX-404 IT Compliance. Acted as PCI DSS advisor, identified credit card processing solutions recommended the reporting procedures to comply with PCI-DSS.

SOX -404 -IT Security Audit (SAP, UNIX and Oracle Database Security Audit)

Managed the SOX remediation process with senior managers of IT and resolved the security control issues of SAP, UNIX and Oracle database systems.

Iron Mountain

PCI DSS, SAS 70 and ISO 27001 Security Readiness Audits

Managed teams and identified gaps relating to PCI DSS, ISO 27001 and SAS/70 controls. Developed and implemented ISMS (Information Security Management Systems) and prepared the company for ISO 27001 and SAS 70 certifications.

Blue Cross Blue Shield (Healthcare Services)

HIPAA and PCI DSS Security Audit: Managed the team of audit/security professionals & reviewed the existing controls of PCI DSS & HIPAA.

Web Application Security Audits: Developed security framework and integrated with SDLC process for web applications. Managed web application security audits for 23 key business applications using Fortity and Appscan.

TJX Group Companies (Retail Industry), Framingham, MA

Payment Card Industry (PCI) Data Security Standard (DSS) Compliance: Managed five auditors and executed audit programs for PCI-DSS and safeguarded the credit card data.

Unified or Comprehensive Compliance Audit Program (SOX,PCI ,FTC and Privacy Act): Created a unified compliance audit programs that made the IT Compliance audit process more efficient and effective, which resulted in a significant cost reduction.

Federal Trade Commission (FTC) and Privacy Act: Managed audit of systems related to storing and processing of customer and associate information. Identified the requirements of FFIEC –Information Security IT Examination Handbook, OCC bulletin 2001-35 and GLBA/Privacy Act to evaluate the effectiveness of controls.

World Bank - Washington DC

SOX-404-ICFR (PeopleSoft and SAP Systems Audit):Conducted IT operational audits for ERP (People Soft and SAP) systems. Identified gaps and deficiencies in applications and systems as per World Bank's security and compliance guidance and standards.

HIPAA Compliance: Conducted HIPAA compliance audit for one of their healthcare divisions and identified the deficiencies.

Principal Bank and Financial Group -Des Moines, IA

IBM Mainframe z OS Security Audit / Compliance: Audited IBM system/390(MVS/RACF) systems and recommended the best practices adopted in the industry

PCI Compliance and GLBA Acts: Conducted system audits to comply with PCI DSS and GLBA acts

Keane Inc., Boston, Massachusetts Aug 2004 to Sep 2007

Senior IT Audit Manager

Developed IT audit universe and managed IT audit programs including SOX-404 with five IT auditors.

SOX 404-IT Compliance: Audited and tested controls for AS/400, SAP, PeopleSoft, JD Edwards, AS/400 Oracle, DB2, Infinium, AIX6000, UNIX (Sun Solaris), Network, IT security, systems, and applications.

ERM /IT Governance: Developed Enterprise Risk Management framework/IT Governance and conducted enterprise wide risk assessment and identified key issues.

SAS/70 Assessment: Coordinated with external auditors and IT team to obtain SAS/70 certifications.

iBasis ( Telecommunication Services), Burlington, Massachusetts April 2001 to Aug 2004

International Project Manager (Audit and Security)

Project managed SOX IT audit and implementation of global data centers in Europe, Asia and Americas.

SOX-404 IT Audit: Evaluated the policies, procedures and controls based on COBIT and COSO framework, identified the gaps and recommended the controls required to comply with SOX-404.

PCI- Cardholder Information Security Program (CISP):Project managed the efforts of identifying the controls and processes required to comply with CISA (PCI DSS) for online prepaid-card system.

Global IT Security Projects: Project managed and audited the security of the systems and networks in remote locations; identified risks and proposed solutions for remediation.

AT&T Wireless, Pittsburgh, Pennsylvania Mar 2000 to April 2001

Project Manager (Network and Security Management)

Managed a group of 10 network consultants and engineers for the design and implementation of a complex layer 3 IP network for AT&T Wireless systems in 91 locations.

AlFuttaim Inc ( Retail and trading), Dubai,UAE Mar 1996 to Mar 2000

Network Controller/Manager

Managed the programmers, network consultants with four AS/400s and SAP R3 systems and designed large networks and security with 120 remote locations.

Philips Ltd ( Manufacturing and Retail Services) April 1995 to Mar 1996

Assistant IT Manager

Immigration Status: US Citizen

Contact this candidate