Evanglist (Trey) Robinson, III
SUMMARY
Certified Information Systems Security Professional (CISSP) with experience evaluating the application of technology controls to business functions in the areas of manufacturing, transaction processing, finance, and protection of non-public personal information. I am also a Certified Payment Card Industry Security Manager/Auditor (CPISM/A), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), and Certified Information Privacy Professional (CIPP). My practical risk management experience includes risk assessments in the areas of program development life cycle, network vulnerability, multi-platform security, and application and data threat analysis.
EXPERIENCE
RBS WorldPay US, Atlanta, GA January 2004 – June 2009
Vice President and Senior Audit Manager, Internal Audit
Provide value-added control assurance/governance as it relates to security, e-commerce and industry compliance requirements and controls while assessing the cost effectiveness and risk(s) of implementation.
• Develop and manage budget and personnel for the Audit Department
• Develop theory and scope of audits, audit planning, scheduling, and logistics coordination
• Liaise with Information Technology and Operations areas to proactively assess security policy compliance and monitor risk
• Coordinate external/3rd party auditors, including PCI DSS, SAS 70, Record Retention, and Business Process Improvement reviews
• Perform investigations of internal fraud or presumptive fraud with a view to gathering evidence that could be presented in a court of law
• Manage internal IT audit engagements including: system platform audits, PCI Compliance Readiness reviews, IT Risk Assessments, change management, and business process control assurance
• Manage security control assessments of Payment Systems for merchant boarding and settlement of funds.
• Coordinate and perform compliance audits in accordance to the information protection, data asset and threat provisions under the Gramm-Leach-Bliley and Sarbanes-Oxley Acts.
• Coordinate with Incident Response teams for post-event diagnosis, investigation and documentation.
• Evaluate information protection governance framework against ITIL, FFIEC, and COBIT best practices.
• Evaluate and assess implementation of the disaster recovery/business continuity plan
• Provide effective project (audit) guidance and leadership to team members and management as it relates to data security and industry compliance
Hagemeyer North America, Inc., Atlanta, GA 2002 – 2003
Information Security Manager
The process owner for all ongoing activities that served to provide appropriate access to and protect the confidentiality and integrity of customer, employee, and business information in compliance with organization policies and standards. Formulated security strategy and baseline controls for a heterogeneous operating system environment. Developed security solutions that facilitate the strategic needs of the business in conjunction with the fulfillment of senior management’s fiduciary and legal responsibilities based on ISO 17799/27002 standards.
• Developed and implemented policies on information asset protection, data classification, operating system platform security, network security, and acceptable computing resource use
• Project Lead for the Secure Business Environment project encompassing network vulnerability, E-Commerce data protection, and Virus Management.
• Collected, analyzed, and interpreted information and data to support sound, cost effective recommendations for business improvement and to secure the information system environment.
• Coordinated with the business organizations to ensure the implementation of proper controls and maximum security with a minimum impact to functionality or purpose
• Performed information security risk assessments and compliance audits for information security processes regarding AS/400, AIX, OS/390, Windows 2000, and network appliances.
• Evaluated AS/400 system security values, UNIX system security files, RACF SETROPTS parameters, Windows 2000 user and workstation policy settings, firewall rule-set parameters, and router configuration files.
• Performed network vulnerability, malware, port, and IP payload scans
• Implemented processes to identify threats to the organization information assets and computer resources
• Monitored compliance with the organization's information security policies and procedures among employees, contractors, alliances, and other third parties.
• Monitored internal control systems to ensure that appropriate information access levels and security clearances are maintained.
• Participated on the Incident Management Team for the organization's disaster recovery and business continuity readiness.
• Coordinated and conduct intrusion event investigations and forensic reconnaissance.
• Functioned as participating member of the IT Leadership Team to promote unity and efficiency
Coca-Cola Enterprises, Inc., Atlanta, GA 1998 – 2002
Information Technology Audit Manager (2000)
Directed a broad range of risk management tasks and departmental administrative duties relevant to the execution of security, compliance, and project-related initiatives.
• Assessed data security controls for the Company, including the planning, design, and implementation of infrastructure security to safeguard enterprise files and data elements.
• Liaised with departments responsible for administering security software, monitoring functions, and application security across all platforms and networks.
• Audit Technical Lead: SAP Implementation Project 4.6C, Active Directory Infrastructure Security, Shared Services, and E-Procurement.
• Assisted in the creation of the roles and responsibilities matrix for SAP user profiles and authorities based on functional groupings
• Developed the IT audit portion of the internal audit department Annual Plan. Execute those audits, activities, projects, and special services to fulfill Annual Plan commitments.
• Contributed to the development of security solutions based on risk balancing, business need, technology availability, and practicality.
• Facilitated end-of-audit exit conferences with Corporate and IT executive management.
• Performed managerial functions related to the IT Audit staff (mentoring, training & development, performance appraisals, recruiting qualified team members).
Principal Information Technology Auditor (1999-2000)
Performed risk assessments that identify threats to security of information, systems, and computing assets throughout the IT infrastructure. Applied technology and audit best practices to address business needs.
• Project Lead: Domestic and European Data Security engagement encompassing the AIX, OS/400, Windows NT, and OS/390 platforms.
• Audit Technical Lead: SAP Implementation Project 3.1G, Enterprise Network Vulnerability Assessment, Supply Chain Integration, Shared Services, and E-Procurement.
• Evaluated SAP user profiles and authorities via query through the Basis module
• Evaluated SAP global application security values via the Basis module and RSPARM report
• Participated in process re-engineering task teams with the Harvest and Vendor Managed Inventory projects.
• Wrote formal audit engagement reports for distribution to the CIO and IT Directors.
• Developed automated testing utilities and scripts.
Senior Information Technology Auditor (1998-1999)
Focused on several audit projects across multiple platforms targeting risk assessment, risk reduction, compliance, and business continuity.
• Performed hands-on analysis of multi-platform and application security.
• Participated in platform and application Disaster Recovery exercises.
• Performed data center security reviews.
• Developed action plans for internal control enhancements.
• Project Lead: AIX, AS/400 data security reviews.
• Project Team member: EDI, HR/Payroll, Kronos Timekeeping and Sales Reporting Systems engagements.
AMSOUTH BANCORPORATION, Birmingham, AL 1994 – 1998
Information Systems Administrator – International Banking Services
Managed all midrange, network, and stand-alone information system activities encompassing development, implementation, and support regarding computing functionality.
• Systems Administrator for the AS/400, Solaris, AIX, and Windows NT hosts servicing the Alabama, Florida, Georgia, and Tennessee branches.
• Administered system security, capacity planning and performance monitoring.
• Worked closely with Business Analysts on end-user requirements and application modifications.
• Developed electronic Letter of Credit application form using Visual Basic.
• Performed data mapping for EDI and SWIFT transactions.
• Developed and implemented Business Recovery strategy.
ALFA INSURANCE CORPORATION, Montgomery, AL 1993 – 1994
Programmer Analyst
Designed, coded, and documented computer programs.
• Developed and modified software applications using COBOL, Visual C++, and Visual Basic.
• Participated in special project task teams to research business systems, operations, and data needs to assist in the development of automated systems.
TECHNICAL SKILLS
Languages:
• Visual Basic • Visual C++ • COBOL 400/CL
Operating Systems:
• MS/PC-DOS • OS/400 • AIX
• OS/2 Warp • OS/390 • Windows XP/Pro
• Novell • Linux • Windows 2000 Pro
• Cisco IOS • Solaris • Windows 2000 Server
Networking Protocol Suites:
• TCP/IP • SNA • IPSEC/SSL
Software Applications:
• SAP R/3 Basis • Movex ERP • W2K Active Directory
• Oracle 11g • Check Point VPN-1 • NetIQ
• SQL RDMS • Juniper M40 • IBM Proventia IPS
• ACL • Shavlik Netchk • IBM RealSecure
PROFESSIONAL CERTIFICATIONS
Certified Information Systems Security Professional (CISSP)
Certified Payment Card Industry Security Manager (CPISM)
Certified Payment Card Industry Security Auditor (CPISA)
Certified Information Privacy Professional (CIPP)
Certified Information Security Manager (CISM)
Certified Information Systems Auditor (CISA)
AFFILIATIONS
International Information Systems Security Certification Consortium
Information Systems Audit and Control Association
International Association of Privacy Professionals
Society of Payment Security Professionals
Information Systems Security Association
Institute of Internal Auditors
EDUCATION
B.S.B.A., Management Information Systems
University of Alabama-Huntsville
School of Administrative Science