seeking compliance with federally mandated HIPAA regulations. Conducted MainframeSecurity audits for clients. Wrote IT Security Audit reports for clients.
The University of Medicine and Dentistry of NJ Nov. 1999 – June 2002
Computing and Network Security Manager
Presented results of System Penetration Test, conducted by CISCO representatives, to UMDNJ Divisionmanagement. Duties included representing the Information Technology (IT) group at security relatedmanagement meetings. Drafted Computer Security Policies using COBIT guidelines. Developed a strategic plan for implementing a University wide security program, in compliance with HIPAA regulations. Monitoredthe progress of the Health Insurance Portability and Accountability Act (HIPAA) security and privacyregulations. Assisted in the development of a HIPAA website for UMDNJ.
Ernst & Young, LLP, NJ May 1998 – Sept, 1999
IT Audit Senior - Internal Audit Services
Performed a security audit of PeopleSoft 7.0. Conducted an Oracle database audit in an HP UNIXenvironment. Utilized a SQL based software application, Business Objects, to develop audit reports for useduring regional business unit audits. Utilized Audit Command Language (ACL) to identify and reportduplicate payments made to vendors. Ensured laptop computer security was maintained. and standarddepartment application were created properly for new hires
ADP, New Jersey Jan. 1995 – May 1998
Senior IS Auditor - Corporate Audit Department
Evaluated the General Computer Controls over the IBM mainframe computer environment (including CICSand RACF). Coordinated the 3rd party KPMG review of payroll product, AutoPay.Audit Dept. representativeon the Year 2000 task force. Reviewed department consolidations prepared using the Hyperion application.Used ACL software to perform automated tests of client data. Used Easytreive software to code and runAccounts Receivable confirmations.
Witco Corporation Nov. 1989 – June 1994
IT Auditor- Audit Department
Designed and executed computer programs on the mainframe computer using the EASYTREIVE PLUS programming language. Conducted data center audits and RACF Data Security reviews.Assisted the financial staff with their Computer Assisted Audit Techniques (CAAT’s)
EAB, Long Island Nov. 1987 – Nov. 1989
EDP Audit Officer
Conducted and supervised technical audits of system areas including; CICS Services, IDMS Services, MVSTechnical Services and ACF2 Data Security. Conducted audits of Data Centers. Wrote audit reports utilizing personal computer software.
Earlier Audit Work Experience:
Metropolitan Life Insurance Company, New York Citibank, New York, NYStandard Security Life Insurance Company, New York Coopers and Lybrand, New York Chemical Bank, New York
MBA in Operations Research, St. John's University, Queens, New York June, 1979.BBA in Accounting and Computer Systems in Business, The Bernard M. Baruch College of the CityUniversity of New York Jan., 1976