Larry Marks, MBA, CISA, CFE, PMP, ITIL, CISSP, CGEIT, CSTE, CRISC
** ******** *****, **********, ** 08854
Home Phone: 732-***-**** Mobile: 732-***-****
E-mail: ********@*********.***
SUMMARY____________________________________________________________
Experienced Program Manager with experience in program/project management and ITIL, service delivery, Governance, Risk, Regulatory Compliance, Audit, Information Security and business development with day-to-day monitoring and support associated with responsibilities.
• Directed full project lifecycle for multiple, simultaneous enterprise-wide programs and projects and mentored other project managers regarding application development, security software (e.g., ERP), systems integration, process re-engineering, application implementations, SOX, ITIL Change Management, operational risk (e.g., data leakage, SBL), regulatory compliance, from initiation thru implementation for application, infrastructure, architecture and the common services arenas including management budgets, human resources, vendors, technical issues.
• Managed project for design and build of ADP’s Credentialing and Physical Security Incident Management as part of new Global Identity Access and Management System (IDAMS) for user account provisioning and deprovisioning. Managed interfaces for RSA Software with Archer’s compliance activities with ADP’s new Messaging & Collaboration platform. The platforms was Microsoft products: Exchange, Lync, Outlook, Windows 2008 R2, Active Directory and Forefront Identity Manager.
• Developed Strategy roadmaps and evaluated, helped design and implement IT Strategies for IT Organizations.
• Worked as a member in structured and unstructured PMOs.
• Published articles by ISACA and PMI concerning Healthcare and Security, Leading and Planning IT Risk Assessments, and Top Governance Issues for 2011.
• Contributed to ISACA’s Oracle Database Security Design, Control and Audit Guide.
• Multi-industry experience – Insurance, Banking, Brokerage and Telecommunications.
• Helped develop and operationalize GRC Frameworks, processes, and Technology at CIT and ADP.
• Helped setup PMOs, formalized QA/QC and Change Management at Arch and QA Departments at AIG and Merrill Lynch, using Agile and ITIL and helped establish SOX Framework (control and risk identification, reporting and metrics), process documentation at EmblemHealth.
• Managed IT audit/SOX groups and QA Teams in Financial Services and HealthCare with staffs ranging from 3 to 13.
• Performed assessments of vendor contractual compliance for financial services and health care.
• Helped CIT identify, respond to and ensure regulatory (FFIEC, GLBA, ITIL and similar) and ISO compliance.
• Liaised with C level Executives (Steering Committee, CRO, CPO, CIO, CTO) and outside regulators.
• Leveraged PPM Software to manage project dependencies, resources and schedules at CIT and Metlife.
• Managed development, QA and teams in software and service delivery.
• Managed business requirements for more than 73 different process areas and domestic and global stakeholders.
• Managed Sharepoint Server for document repository and controlled access permissions.
• Managed project for design and build of ADP’s Credentialing and Physical Security Incident Management as part of new Global Identity Management system enabling consistent and sustainable global standards for user account provisioning and deprovisioning.
Solid business leader blending strategic thinking with clear management process to deliver bottom line results.
• Built a reputation as an individual that is a positive team leader who collaborates across lines of business, maintains senior-level stakeholder and IT Steering Committee relationships, and instills passion and direction to their organizational and project teams for success. Manage responsibilities at a more strategic and enterprise level while being firmly grounded in execution.
• Ability to present complex technical information to both technical and non-technical audiences and drive results with limited direction.
• Proven track record effectively leading teams and driving results in a matrix organization.
Managed a successful consulting business and achieved sales growth of $1MM.
• Used practice resources to identify cross-selling opportunities and address complex interrelated (e.g. business and IT) issues, re-establishing client relationships, and leveraging business processes and technology to provide a competitive business advantage
• Member of ISACA Government Risk Advisory Board Member; ISO Security, Fraud and Program Management Tag Member.
INDUSTRIES OF EXPERTISE_______________________________________________
• Health Care • Financial Services (Banking, Brokerage & Insurance) • Telecommunications
• Consulting • Brokerage
CERTIFICATIONS_______________________________________________________
2010 Certification in Risk and Information Systems Control (CRISC)
2009 Certified in ITIL V3 Foundation (ITIL)
2008 Certified in the Governance of Enterprise IT (CGEIT)
2007 Certified Fraud Examiner (CFE)
2006 Certified Sarbanes-Oxley Examiner (Bronze, Silver, Gold and Platinum)
2002 Certified PMI Project Manager (PMP)
1997 Certified Systems Testing Engineer (CSTE)
Certified Information Systems Security Professional (CSSP)
Certified Information Systems Auditor (CISA)
EDUCATION___________________________________________________________
1978 NYU, MBA in Accounting, Graduate School of Business Administration
1976 NYU, BA in History and Economics, Washington Square University College
2006 SOX Platinum/Gold/Silver Certifications, Resources Global Professionals.
2005 Seminar on Building and Using a Data Warehouse (Informatica)
SEI – CMM Lead Assessor Certification Training
2001 George Washington University, MS Certificate in Project Management
1987 NYU, Certificate in CICS Programming, School of Continuing Education
1984 NYU, Diploma in Information Systems Auditing, School of Continuing Education
1983 NYU, Certificate in Computer Programming, School of Continuing Education
EXPERIENCE___________________________________________________________
Matlen Silver, Bridgewater, NJ (Consulting Firm) 11/10 – 04/11
Senior Program Manager, Security Program Management Office
ADP
• Managed project for design and build of ADP’s Credentialing and Physical Security Incident Management as part of new Global Identity Access and Management System (IDAMS) for user account provisioning and deprovisioning. Managed interfaces for RSA Software with Archer’s compliance activities with ADP’s new Messaging & Collaboration platform.
• Responsible and accountable for end to end IT project/program delivery for enterprise-wide Information Security and Operations Risk portfolio (GRC roadmap strategy and Archer System implementation, enterprise-wide IT Risk Framework and taxonomy, Archer eGRC System, DLP/UDP, data classification and data flow and Identity Access Management compliance with state, federal or international data privacy laws and regulations, data classification, SAS70s, records management, vendor oversight, incident management and training and awareness programs) and other managers, and process integration for operations and technology risk management.
• Built relationships internally with team members and stakeholders; and externally with vendors/suppliers.
• Managed the entire life cycle of the project/program (initiate, plan, execute, monitor control and close a project) for application development and infrastructure, leading the project/program team, working with global executives, management teams and IT Services Teams to ensure project/program success.
• Determined projected project staffing and financials and “trued up” costs, scheduling and resources.
• Reported weekly status of portfolio of projects, ensuring compliance with corporate standards for SDLC and accurate client reporting as well as running bi-weekly portfolio reviews with internal Program Management teams.
• Created monthly reports by plugging figures into EXCEL template. Monitored and reported statues of all projects to IT Steering Committee. Establishing and maintain a process for tracking significant deliverables, regulatory commitments, Program risks and issues and internal / external program dependencies.
• Supported the Chief Privacy Officer and Human Resources in the enterprise-wide rollout of ADP privacy and related information security initiatives globally and worked with business units, Information Security to advise on implementation of privacy compliance requirements.
• Worked with managed security service providers (e.g., RSA) to engineer, customize and deploy security platform correlation rules that would detect attacks, malwares and other security threats.
• Managed nature, scope, funding of vendor relationships for projects.
• Analyzed online storage of ADP user community by using skills in managing large data files and applying analytic skills to represent overall status or trends; experienced with excel using formulas, conditional formatting, pivot tables, and linking data.
• Managed Stakeholder and IT documentation and reporting dashboards using Sharepoint.
• Managed plans categorized under 6 sub-initiatives that were in the strategic plan across the enterprise. All of these plans were held in the SharePoint portal.
Datacom Technology Group, New York, NY (Consulting Firm) 02/10 – 11/10
VP, Security, Risk and Compliance Manager
CIT
• Developed, implemented and documented CIT IT Risk Management strategy, plan, compliance framework and remediation plans across all technology areas for FDIC, FFIEC, SOX and GLBA.
• Worked with IT leadership, Enterprise Risk and Operational Risk, Audit and Compliance teams to set the direction and goals for global IT strategy, planning and architecture, IT governance and portfolio management, compliance management, and information security management.
• Led, managed and trained personnel to assess risks of enterprise and application risks such as data privacy/leakage, desktop/laptop, mobile PDA and network security, e-banking/internet hosting, Corporate, Trade, Vendor and Transportation Finance.
• Determined required staffing and funding for projects, and validated same for others.
• Supported the CIO with Audit Management expertise, including: Reviewing audit scope, findings and recommended solutions, ensured effective, on schedule closure of IT audit points, facilitated remediation of Pan-Technology audit issues, and produced Management Reports on audit related issues and associated risks. Assisted in delivery of pan-Technology risk reduction projects and supported Technology areas in risk remediation activities. Expanded the SAS70 initiatives across all of IT Systems.
• Assisted development of security policies and standards for enterprise using Archer tool. Policies related to Access Control, Network Security, Business Continuity, Architecture, Licensing and Third Parties.
• Reported on status of portfolio (financial, quality and schedule) of application development and security projects, ensuring compliance with corporate standards for SDLC and accurate client reporting as well as running bi-weekly portfolio reviews with internal Program Management teams. Established and maintained a process for tracking significant deliverables, regulatory commitments, Program risks and issues and internal / external program dependencies.
• Assisted in gathering requirements for eGRC tool and supplied subject matter expertise regarding risk for proof of concept for GRC tools: Archer, Open Pages and Walters Kluwer, and other tools for Data Masking, Database Monitoring, Data Leakage Prevention (DLP) and encryption.
• Leveraged PPM Software to manage project dependencies, resources and schedules at CIT and Metlife.
• Managed Sharepoint Server for Department PMO, training users and control access permissions.
• Managed all plans categorized under Enterprise and IT initiatives in strategic plan. using Sharepoint portal.
• Built relationships internally with team members and stakeholders; and externally with vendors/suppliers.
Resources Global Professionals, New York, NY (Consulting Firm) 03/04 – 01/10
Project Manager, Compliance, Security and Risk
EmblemHealth
• Designed, implemented and managed the IT SOX, Risk and Control structure, strategy, metrics and plan including using Stellent System across all technology areas to ensure regulatory compliance, Application Security, General Computer Controls, and interface controls, anti-fraud controls, Segregation of Duties Security, Enterprise Risk Model for compliance with the requirements for Federal and State health care programs.
• Maintained responsibility for Actuarial & PeopleSoft and Security Integration (A/R, AP, GL, PO, Budgeting) to support company merger for project totaling 7000 hours and more than 30 people and resolution of issues and compliance with regulatory authorities.
• Evaluated processes and programs for third party payment, claims processing, and provider reimbursement.
• Maintained responsibility for integration of finance and IT SOX controls for (project totaling 7000 hours and more than 30 people) and resolution of issues with regulatory authorities.
• Reported status of SOX-related application development projects (e.g., financial, scheduling and quality) to ePMO and Compliance.
• Maintained responsibility to ensure policies are published correctly and aligned within the Governance Risk Compliance system. Developed security policy for enterprise for mainframe, client server, network and third parties. Supported the development and monitoring of the policy development, maintenance, and compliance scorecard and dashboards for reporting to the Chief Information Office and other IT leadership.
• Maintained relationships with stakeholders and IT Leadership to monitor the progress of the IT Policy Management processes and facilitate decision-making, interpreting policies and determining corrective actions.
• Reviewed data warehouse and data mart architecture and processes to ensure integrity, accuracy and completeness.
• Built relationships internally with team members and stakeholders; and externally with vendors/suppliers.
Business Edge Solutions, East Brunswick, NJ (Consulting Firm) 06/03 – 01/04
Quality Assurance Testing Manager (Consultant)
Arch Insurance
• Managed QA/QC department and team of 4 consultants in testing of MGA/TPA specialty insurance policies, claim and Suspense Paid Loss Ledger data to downstream systems such as WINS System, using an Oracle-based data warehouse. Managed budget against actual for hours/costs. WINS is an AS-400 based application that covers functionality such as Claims, Reinsurance and Policies. Developed and maintain the project work plan based on information from Product Managers.
• Coordinated the deliverable and project specific activities performed by cross-functional project teams. Worked to control change, adjust the budget, timeline, and project scope to accommodate approved changes. Helped create and implement PMO methodologies, practices and procedures.
• Managed application development projects from project initiation to implementation.
• Developed and maintained strong working relationships with all key internal stakeholders including Customer Executives, Product Managers and Resource Manager.
• Maintained responsibility for all resources assigned to projects to achieve project goals and satisfy customers. Managed nature, scope, funding of vendor relationships for projects. Used TOAD software to evaluate data warehouse and data mart architecture and processes to ensure integrity, accuracy and completeness.
• Reported on status of portfolio of projects to CTO, ensuring compliance with corporate standards for SDLC and accurate client reporting as well as running bi-weekly portfolio reviews with internal Program Management teams. Establish and maintain a process for tracking significant deliverables, regulatory commitments, Program risks and issues and internal / external program dependencies.
• Leveraged PPM Software to manage project dependencies, resources and schedules.
CNA Insurance, Monmouth Junction, NJ (permanent - job to be relocated) 02/03 – 5/03
Quality Assurance and Testing Manager, NJ
• Managed an IT QA property & casualty team of 10 from Chicago and their activities, and had responsibility for the performance, budget and development of staff in accordance with corporate strategic direction.
• Led QA projects of actuarial data marts, databases, and data warehouse and legacy systems for Finance, Underwriting, and teams and consulted with IT management and staff throughout the systems project life cycle.
CGS Technology Associates, Iselin, NJ (Consulting Firm) 04/02 – 01/03
Project Manager/Technical Writer
American Re – Insurance, Project Manager
• Maintained responsibility of server reduction project to achieve savings, evaluate and document current Windows 2000/NT Server environment.
• As SME, created Standard Operating Procedures (SOPs), best practices and recommendations for the server environment including inventory and profile, hardware acquisition, staffing model, performance and disaster recovery based on management’s need to outsource the operation.
• Managed operating plan, project performance, status, schedule, milestone status, budget, issues, and risks for projects.
• Built relationships internally with team members and stakeholders; and externally with vendors/suppliers.
Pfizer, Manager, Project Manager
• Managed staff to create and implement Best Practices for Application Center 2000, Visual Source Safe in Consumer Health Care, Standard Operating Procedures (SOPs) for change control, and promotion to production, stress testing and other project documentation, in Microsoft Word, Excel, PowerPoint and Visio.
• Managed vendors (Mercury Interactive and Compuware) for proof of concept of stress testing software.
• Recommended strategy for needs assessment and training for Application Center, Visual Source Safe and Stress Test tools.
ADP, Project Manager/Project Manager
• Created technical and user documentation for data warehousing and reporting system using features of Microsoft SQL Server 2000 Analysis Services.
• Created system for cube processing using Data Transformation Services (DTS), database views in SYBASE and SQL, and project documentation using Microsoft EXCEL 2000 with OLAP Services.
Info Technology Inc., NYC, NY (Consulting Firm)
American International Group (AIG) 09/01 – 01/02
Project Manager
• Managed development projects (onshore and offshore), risk management and supervised testers performing testing of web based applications and databases across business lines, more than 400 SQL queries, data mapping, designed to validate integrity and system interfaces for automated feeds for third party claims.
• Defined and managed budget, operating/actual, project plans using project reporting, and project management tools.
• Documented business process, system touch points, achieved business signoff on the requirements and agreement to the prioritization, and made presentations to Senior Management.
Metropolitan Life Insurance, Inc. Bridgewater, NJ 04/99 – 12/00
Project Quality Manager, PMO (Permanent)
• Supervised all project teams (Infrastructure, Development, Data Migration, Customization, General Ledger Conversion, Interface & Integration, and Testing) in Enterprise Initial Public Offering (IPO). Monitored project at least included 1000 or more tasks with tenure more than 3 months, and high value projects with total costs of at least $500,000.
• Determined budgeted project financials and reported status to PMO for enterprise wide projects.
• Managed development, QA and teams in software and service delivery and hands-on quality control function for outside vendors (Price Waterhouse Coopers and Connect Systems) converting policyholder and actuarial risk data, resident on more than 75 mainframe systems, to one system to handle distributions to policyholders.
• Coached Project Managers in implementing Hiperstation automated software, and managed project status, testing regions and documentation. Develop and maintain the project work plan based on information from Product Managers
• Reported on status of portfolio of projects to CTO and Steering Committee, ensuring compliance with corporate standards for SDLC and accurate client reporting as well as running bi-weekly portfolio reviews with internal Program Management teams. Established and maintained a process for tracking significant deliverables, regulatory commitments, Program risks and issues and internal / external program dependencies.
• Leveraged PPM Software to manage project dependencies, resources and schedules at CIT and Metlife.
Capital Market and Quality Systems, Inc. (Self-Employed/Consulting) 12/92 – 4/99
• Generated more than $400,000 in revenue and additional business through cold calling, and generating list of potential clients thru profile, and site visits.
AT&T
Technical Writer/Software Quality Control Manager 11/98 - 4/99
Merrill Lynch and Company, Princeton, NJ 12/95 – 10/98
Project Manager, Quality Assurance
AT&T, Somerset, NJ 08/94 - 12/95
Supervising LAN Software Testing Engineer Consultant
Chase Manhattan Bank, NYC, NY 12/92 - 8/94
Software Engineer Consultant
TECHNICAL SKILLS_________________________________________________
Programming Languages: C++; COBOL; PASCAL; VISUAL BASIC; VBA; CULPRIT/FOCUS; UNIX; CICS; LOTUS/EXCEL; SPUFI
Operating Systems Used: WINDOWS 2000; WINDOWS NT; WINDOWS 95; MVS/XA;
Word Processing: MS Office 2000
Database Software: IBM DB2; MS Access 2000; MS Access; Sybase 11; LBMS; COGNOS; SQL/WINDOWS; Microsoft Analysis Services SQL Server 2000; Oracle 9i; SQL Plus; Stellent; Policy IQ; PeopleSoft Enterprise/Tools; PeopleSoft Finance v8.8 GL Query
Communications Used: MS Outlook; MS Exchange with Schedule+; PROFS
General Software: MS Suite; MS Visio; MS Word; PowerPoint; MS Excel
Security Software: RACF; ACF2
Software Test Applications: Rational SQA Suite 6.x; QA Partner; Hyperion; Win Runner; PVCS Tracker; Test Director; Rational Rose Clearquest; Snag-It.
Change Management Software: PVCS; Starbase; Visual Source Safe
Project Management Software: MS Project; ABT Workbench; Primavera TEAMPLAY
Internet Software: IE 7.0; HTML; MS Front Page;
Hardware: IBM PC; MACINTOSH; COMPAQ; IBM; DELL; DEC/VAX
AFFILIATIONS
• ISO
o US TAG to ISO/TC 236 – PMI - Program Management
o US TAG to ISO/IEC/JTC/WG 6 – Information Security – ISACA SME
o US TAG to ISO/TC 247 - Fraud Countermeasures and Controls
• ISC2 – CISSP/CISM Exam Proctor, 2007-2009; CSSP Exam Item Writer
• ACFE – Fraud Magazine Editorial Advisory Review Committee
o Vice Chair, ACFE Foundation Scholarship Committee
• ISACA – Government Risk Advisory Board Area 4 Sub Committee (legislation review;
o health care privacy; cyber security)
o Expert Reviewer for Oracle Database Security, e-commerce security and Technical Guide
o CISA Item Writer
o IT Governance Institute Audit Program Review
o Professional Influence/Advocacy Committee
o Articles recently published in ISACA journal concerning Health Care and Cyber Security
• PMI – PMINYC Program Manager, Nominations & Elections Committee;
o By Laws Rewrite Project;
o 2009 Reviewer for PMI Awards Program
o Articles published in Knowledge Base concerning planning and leading IT risk management projects
• HITSP/ANSI: Healthcare Information Technology Standards Tiger Team Panel (HITSP), 2009 - 2010
• Boy Scout Association – Cub Scout Adult Leader for Webelos I/II – 2003-2005
o Merit Badge Counselor – 2003-2011