LiveCareer-Resume

Senior Manager It Security Compliance resume example with 17+ years of experience

Jessica Claire
  • Montgomery Street, San Francisco, CA 94105 609 Johnson Ave., 49204, Tulsa, OK
  • Home: (555) 432-1000
  • Cell:
  • resumesample@example.com
Accomplishments
  • Implemented IT General Control Framework using COBIT.
  • Designed and implemented IT General Control (ITGC) framework from ground zero using COBIT.
  • Implemented Oracle Financials (ERP), SAP GRC (Governance Risk and Compliance), Integrations.
  • SAP Risk Assurance, SAP Post implementation reviews.
  • Reviewing SAP design, implementation, and/or assessment of controls, including a significant understanding of the systems implementation lifecycle, including configuring and optimizing business process controls and application security.
  • Responsibilities - Information Systems Risk Management.
  • Cyber Security Risk Assessment: Led the assessment to assess the current state of Cybersecurity against leading Cybersecurity framework from NIST (National Institute of Standards and Tools) and DIBS (Defense Industrial Base Standard) and perform vulnerability scanning for SAP, Amazon Web Services (AWS) infrastructure, Cloud services and Perimeter Infrastructure.
  • Documented Management Action/Response for key observations.
  • Tracked and validated remediation for closure.
  • Prepared slides for Audit Committee.
  • IT Risk Management: Implemented IT Risk Acceptance (Policy Exception) Process.
  • Provided guidance to IT and Business teams, Managed Risk Acceptance Process.
  • Evaluate risks and identify safeguard (compensating controls) measures, document management acceptance.
  • Revisit policy exceptions on semi-annual basis.
  • SAP GRC (Governance, Risk and Compliance) Implementation: Played a functional and technical lead role for implementing SAP GRC.
  • Partnering with business, IT Applications teams, SAP Basis, SAP Implementation teams.
  • The activities include Role design, Access Provisioning, Design of User Access Review, Fire Fighter Access and control, Security Log Reviews, Client Settings and Parameter Review, Segregation of Duty (SoD), Mitigation Controls, Code Migration controls, Identifying appropriate role owners, fire fighter owners, etc.
  • Access Management: Oracle Identity Manager (OIM).
  • Defined processes and controls for Identity & Access Management for major ERP Systems.
  • Defined Approval Matrix (Delegation of Authority) Application Security.
  • Implemented automatic user account termination process.
  • IT Self-Assessment: Performed Risk Assessment for critical applications, systems, Databases and processes.
  • This includes Application Access Review, Code Migration Review, SHH keys, Access to password information, Compliance to password policies and standards, Generic/service account management, password changes, default passwords, policy exceptions (Risk Acceptance), open ports, insecure communication channels, etc.
  • Documented Management Action/Response for key observations.
  • Tracked and validated remediation for closure.
  • Prepared slides for Management Review.
  • Security Trust Assessment (STA), Partner Trust Assessment (PTA).
  • Incident Management & Response: Worked closely with CSIRT to review incidents and determine risk ratings.
  • Extended guidance on the remediation or risk acceptance.
  • Security Log Revie Performed log reviews for various security objectives to deep dive to anomalies.
  • Secure SDLC: Exposure to Secure SDLC.
  • Proficient in COSO, COBIT, NIST, DIBS, CIS Benchmarks, ISO 27001 & PCI DSS Juniper Networks Inc., as Manager, IT Application Support & Development (July 2004 to October 2007) Responsibilities - IT Application Support & Development.
  • 3+ years managed application support and development for Oracle ERP applications, manufacturing applications and other financial related applications.
  • Managed the global teams of 40+ technical/functional leads and engineers to support 24/7 operations.
  • Patterning with business.
  • Managed the teams, partnering with outsourced vendors, managed SLAs, escalation process, Quarter-end process, support SOX compliance and Management Reporting.
  • Provide quarterly operational dashboards, identify focus areas for improvements.
  • Member of Change Advisory Board.
  • Ensure cross-functional changes are tested, documented and the security reviews are completed.
  • Led implementation of various functional and technical projects.
  • Provide SOX Support.
  • Ensure compliance to preserve process and data integrity.
  • Gained broader spectrum of expertise and knowledge on cross functional systems and their dependencies, issues, vulnerabilities, etc.
  • Which led the management to transfer me to manage IT Compliance.
  • Juniper Networks Inc., as IT Technical Lead, IT Applications (September 2000 September to June 2004) Responsibilities - IT Technical Lead (ERP).
  • 3+ years, played the role of IT functional and technical lead for Procure-to-Pay (PTP) track and Manufacturing, Order Management tracks.
  • Led projects such as iProcurement implementation, multiple inbound/outbound integrations with Oracle ERP for Order Management, led Manufacturing projects, led data migration projects.
  • Designed and developed Data structures using XML and developed code using Java to migrate/convert data from old system to new systems.
  • This includes for Open Sales Orders, Open POs Vendors, other Matser data as well.
  • Designed interfaces and integrations using XML and WebMethods.
  • Led implementation of Mercury ITG (Kintana) for automatic code migrations for ERP.
  • Designed and developed many Web applications in Juniper using Java, JSP, C# .Net, Oracle PL/SQL, CGI/Perl, HTML, Java Scripts etc.
  • Web applications such as Quality Information Systems, Executive Dashboards etc.
  • Understand various cross functions, integrations, Infrastructure, activities etc.
  • Involved extensively in architecting Multi-Site, Multi-Master High Availability Manufacturing Solution for Juniper Technical Operations using Oracle Advanced Replication.
  • Results driven, accountable, pro-active, dedicated, process oriented and able to be influencing changes.
Professional Summary

To achieve excellence in the field of Information Security & Compliance by utilizing my technical, functional and program management skills, business proficiency, analytical, leadership skills and professional etiquettes. Overall, 21+ years of professional experience in various IT Domains and Software Development industries. Of which, last 10+ years of experience in managing IT Compliance Program including Sarbanes Oxley (SOX), IT Risk Management, Security Assessments and Cyber Security Audits. 3+ years of experience in managing Global IT Operations & Development. 4+ years of experience in leading major ERP implementations such as Oracle Financials and SAP. 5+ years of experience in Software Research & Development.

Received CEO Excellence Award for the leadership and contributions to mature compliant IT environment. Admired challenges with passion and Influenced changes to build compliant IT environment.  Designed and implemented IT General Control (ITGC) framework from ground zero. Implemented Oracle Financials (ERP), SAP GRC (Governance Risk and Compliance), Integrations. Architected & Designed Multi-Site, Multi-Master High Availability Manufacturing Solution for Juniper Technical Operations Designed and developed various multi-tier web applications and automatons to enable business operations with increased productivity and user experience.  Built and managed with passion a global team of 40+ functional and technical leads with cost-effective onsite-offshore model. *Carried out complex research projects in Software Research & Development unit in the largest Silicon Studio in Asia. *World class Object Oriented Programming Analysis, design and development experience and strong Database programing experience. *A strong and focused team player with leadership qualities. *Proficient in COSO, COBIT, NIST, DIBS, CIS Benchmarks, ISO 27001 & PCI DSS Member of Architecture Review Board (ARB), Change Advisory Board (CAB). *CISSP, CRISC, CISA, ITIL, Java certified. Master of Computer Science. Experienced IT Security & Compliance professional committed to maintaining cutting edge technical skills and up-to-date industry knowledge. Systems architect with expertise in requirement gathering and analysis, architectural, component and interface design and development for web-based applications in multiple domains. Graphic Design Specialist with practical knowledge of design techniques, tools and principles for production of technical plans. System analyst specializing in object-oriented analysis and design. Deadline-focused Graphic Design Specialist with broad skill range including collateral design, web design and project management. Veteran systems architect with expertise in coding, application design, defined architectures and successful project leadership.

Skills
  • IT Compliance Program
  • Program/Project Management
  • IT General Controls (ITGC)
  • IT SOX Audits
  • SSAE-16 SOC1, SOC2
  • Governance Risk & Compliance (GRC)
  • Identity & Access Management
  • Enterprise Resource Planning (ERP) Implementations (Oracle Financials, SAP)
  • Business processes PTP, OTC, RTR, GL, AP, AR, Mfg, CRM, MTS, GTS, SAP PI, SAP GRC etc.
  • Service Model PasS, IaaS, SaaS.
  • Information Systems Risk Management
  • Cyber Security Audit and Assessments
  • Application Security
  • Cloud Security & Assessment
  • Security Log Management
  • Incident Management & Response
  • Internal and External Vulnerability assessment
  • Network Security
  • OS Hardening.
  • Enterprise Resource Planning (ERP) Implementations (Oracle Financials, SAP)
  • Design and development of multi-tier web applications
  • Integrations with downstream systems.
  • Object oriented system analysis, design, development, implementation
  • Automation of Application and automatic code migration processes (Kintana ITG).
  • Oracle Financials 11i, SAP, GRC, MakrkView Invoice Approval Systems, Manufacturing applications, Oracle Advanced Replications, iExpense, iProcurement, Concur, Coupa, Product Configurator, Quality Mgmt Systems, Real time Executive Dashboards.Functional: PTP, OTC, RtR, GL, Mfg, CRM, MTS, MTD (SCM), Mfg Tech Ops, Expense, Procurement, Reporting, GRC, IT Application Support &
  • Development.C/C++, Visual C++, Java, Oracle SQL/PL-SQL, C# .Net, Perl/CGI, Unix Scripts, VB, JavaScript, JSP, HTML, COBOL, Pascal, FORTRANDatabase: Oracle 8i/9i, Sybase, QAD Progress, SQLSERVERFrameworks/Standards: COSO, COBIT, NIST, DIBS, CIS Benchmarks, ISOExcellent problem-solving abilitiesData privacy applicationsExcellent communication skillsRefined system debugging skills
  • Java/C/C++
  • Coding and modularization Excellent diagnostic skills
  • Expert in Java, PHP and Perl
Work History
Senior Manager IT Security & Compliance, 10/2007 to Current
Kas Software Solutions Llc, ,
  • IT Risk & Compliance responsible for assisting the Vice-President of Information Security & Compliance, to establish and maintain an IT Compliance program that will minimize risks to IT objectives through effective, efficient, scalable, & cost-effective design and operation of controls, including, Sarbanes Oxley (SOX), ITGC (IT General Control) using COBIT Framework, and other domestic & international compliance requirements at Juniper.
  • Acts as an end-to-end expert in managing IT-related compliance initiatives; effectively achieve and sustain compliance with regulatory, industry and contractual obligations; and influence related priorities and decisions.
  • Establish a sustainable/scalable program & project management processes.
  • Collaborate with Internal Audit, External Audit, SOX PMO in a regular cadence, discuss changes to the control environment, prepare effective, efficient compliance and substantive test plans and SOX Calendar.
  • Assess new system and process impacts against compliance controls, and perform reviews of processes/control issues.
  • Champion efforts to standardize and rationalize current IT processes.
  • Perform Assessments and on-boarding of applications to SOX.
  • Provide regular business view updates of the state of compliance for senior leadership and external stakeholders.
  • Produce metrics showing operational compliance with best practices.
  • Perform Control Self-Assessments to minimize audit findings.
  • Perform control Execution and Monitoring to ensure adequate and timely performance of the controls.
  • Evaluate and document specific compliance issues where a "deeper dive" is needed as requested by the Internal Auditor, External Auditor of Controller.
  • Provide a Global SOX Audit & Awareness Training, and targeted focused trainings to the control performers and owners.
  • Maintain deficiency dashboard and monitor remediation status.
  • Advise leadership on how to remediate deficiencies.
  • Understand how to capitalize on the investment made in IT internal control systems already in place.
  • Document and report status of agreed upon remediation plans, owners and commitment dates.
  • Prepare quarterly results decks; evaluate results and remediation plans; and prepare trend analysis.
  • Provided support for compliance strategy development in collaboration with senior IS leadership, Internal Audit and Controller.
  • Coordinate the timing of audits and the timely receipt of information requests with our sites as well as both audit teams (internal and external).
  • Conduct annual walkthroughs including coordination with Coach Internal & External Auditors.
  • Utilize sound judgment to identify and assess risk, materiality, adequacy of audit evidence, compensating controls, and significance of findings.
  • Lead Annual Access Validation Project across all Global Systems - internally & externally hosted.
  • Review and maintain Segregation of Duties (SOD) in applicable systems and environments.
  • Ensuring assurance by reviewing third party attestation reports (SSAE 16 SOC1, SOC2) for controls relevant to internal organization's controls related to financial statements, security, integrity, confidentiality and privacy of the information processed by the systems.
  • ensure client considerations are adequately performed to meet compliance objectives.
  • Identify projects that impact SOX Systems, Key business processes and controls.
  • Collaborate with Project Managers and enable them to ensure the PM Controls are adequately executed.
  • Developed and implemented complex Internet and Intranet applications on multiple platforms.
  • Diagnosed and troubleshooted UNIX and Windows processing problems and applied solutions to increase company efficiency.
  • Monitored network performance and provided network performance statistical reports for both real-time and historical measurements.
  • Proposed technical feasibility solutions for new functional designs and suggested options for performance improvement of technical objects.
  • Provided methodologies for object-oriented software development and efficient database design.
  • Established compatibility with third party software products by developing program for modification and integration.
  • Coordinated with systems partners to finalize designs and confirm requirements.
  • Organized and created shooting schedules for graphic design team, supervising the progress of projects from production to post production.
  • Consistently met deadlines and requirements for all production work orders.
  • Developed work-flow charts and diagrams to ensure production team compliance with client deadlines.
  • Recommended architectural improvements, design solutions and integration solutions.


Programmer Analyst, 03/1998 to 2000
Borders Group IncCity, STATE,
  • Also, designed and developed Real-time Quarter End Manufacturing Dashboard for Senior Executive to view the Open Orders and Sales Numbers at very high-level and detailed level as well.
  • This was very much appreciated Senior Management for their real-time visibility on the Manufacturing Operations especially on the Quarter End.
  • Worked as a UNIX system administrator for six months.
  • Played a DBA role for few months in Juniper for Oracle Databases.
  • Played Application Administrator role for many IT and Business applications.
  • Worked for Syntel Inc, Troy, MI, where I was managing and leading onsite and offshore teams to develop software tools using C/C++, managed and led oracle data warehousing project for Borders Groups Inc.
  • Developed and implemented complex Internet and Intranet applications on multiple platforms.


Assistant Consultant, 06/1995 to 02/1998
PentaFour Software Inc, , India
  • Worked for PentaFour Software the leading multi-media company in the Asia.
  • Involved and developed applications in Research & Development Unit.
  • Worked as an Assistant Consultant for design and development of high quality 3D authoring suits using Visual C++ & Open GL.
  • Designed and developed High Quality Image Processing projects, Voice Recognition and Voice automated systems.
  • Designed and developed Document Management Systems.


Education
Master of Science: Computer Science, Expected in 1XXX
St. Claire's College - Bharathidasan University,
GPA:
  • Emphasis in Computer Algorithms & Data Structures, Computer Oriented Numerical and Statistical Methods, Compiler Design, Operating Systems, Parallel Processing, Relational Calculus, Database Management Systems, System Analysis and Design, Image Processing and an academic Project.


CISA (Certified Information System Auditor): IT Audit, Expected in 2011
ISACA - Information Systems Audit and Control Association - USA,
GPA:


IT Auditing
Certified in Risk and Information Systems Control (CRISC): IT Risk Managment, Expected in 2011
Information Systems Audit and Control Association (ISACA) - USA,
GPA:

Risk Management
Certified Information Systems Auditor (CISA): IT Audit, Expected in 2011
Information Systems Audit and Control Association (ISACA) - USA,
GPA:

IT Security
Certified Information Systems Security Professional (CISSP): IT Security, Expected in 2016
Information Security Certification (ISC2) - IT Security,
GPA:
IT Risk Management
Additional Information
  • 27001 & PCI DSS *Employment Status: US Citizen.

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

Your data is safe with us

Any information uploaded, such as a resume, or input by the user is owned solely by the user, not LiveCareer. For further information, please visit our Terms of Use.

Resume Overview

School Attended

  • St. Claire's College
  • ISACA - Information Systems Audit and Control Association
  • Information Systems Audit and Control Association (ISACA)
  • Information Systems Audit and Control Association (ISACA)
  • Information Security Certification (ISC2)

Job Titles Held:

  • Senior Manager IT Security & Compliance
  • Programmer Analyst
  • Assistant Consultant

Degrees

  • Master of Science
  • CISA (Certified Information System Auditor)
  • Certified in Risk and Information Systems Control (CRISC)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)

By clicking Customize This Resume, you agree to our Terms of Use and Privacy Policy

*As seen in:As seen in: