You are on page 1of 3


Extensive 20 years experience as an individual contributor and manager for Risk Management, Information Compliance, and Security Management in the information technology industry. Process and procedures include using ISO 17799/27001, ISO 20000, CISSP, PMP, CMMi, SDLC and both Six Sigma and Lean Six Sigma. I have extensive experience in delivery of project solutions for Risk Management, Payment Card Industry Data Security Standard (PCI) and Health Industry Insurance Portability and Accountability Act (HIPAA). I have worked with both internal and external auditors on financial application being audited for Sarbanes-Oxley Act (SOX). Experience on multi platform environments including; Microsoft Windows (XP, Server 2000, Server 2003, Small Business Server and Exchange Server), Midrange systems (IBM and SUN), and IBM Mainframe. I have managed teams from 3 people to as large as 20 people. I am currently working on completing additional certifications in CISA and CISCO. US Citizen, Local Dallas Candidate.

Project Management Institute – Project Management Professional (PMP) ISC2 - Certified Information Systems Security Professional (CISSP)

Project Management: Delegation Skills, Facilitation Skills, Issue Tracking/Reporting, Largest number of concurrent projects managed is 5, Largest number of people managed on a project is 20, Managing Metrics, Microsoft Project, Planning & Organization, Project budget management, Project Estimation and Planning, Project Management, Prototyping, SDLC, CMMi, Six Sigma and Lean Six Sigma. Security & IT Control: Information Technology Control Policies, Sarbanes-Oxley Act (SOX), Payment Card Industry Data Security Standard (PCI), Health Industry Insurance Portability and Accountability Act (HIPAA). QA: Test Defect Tracking/Reporting, Test execution methodology, Test project estimation, Test Case documentation, Test Plan documentation, Test Planning Process, Test Director, Endeavor, Infoman, LoadRunner. Business Analysis: Documentation - Business requirements, Documentation -Data mapping, Process flow, Prototyping, Rational Unified Process, Systems Analysis and Design, Unified Modeling Language, Microsoft Access, Microsoft Excel, Microsoft PowerPoint, Microsoft Word and IBM Requisite Pro.

Current SR Security Auditor / Project Manager Feb 2008 – Current

Manager on audit projects of financial applications for the following audits; SoX, HIPAA and PCI. During the audits, I managed the interfaced between the audit team and the IT application team in gathering audit evidence. At the end of each audit, I my team produces a gap assessment on the audit finding and assist the application owners to develop and implement solutions to remediate any audit findings. This included creation of action plans, monitoring procedures and producing weekly reports to Sr. management on status of outstanding findings. Creation and managing cross functional projects as required. Provide Security Policies training monthly on current and new trends; provide new hires as needed


for new employees and annual refresher training on current policies. Team size of three staff. Prior Feb 2007 – Feb 2008 SR Security Auditor / Project Manager (number for employment verification 312-873-7299) Managed several retail projects for creating PCI focused security gap assessments of current and new issues to conform to PCI DSS certification. Worked with several retail business units to assist in creating security environments to comply with level 1 merchant requirement. Each project started with me performing a gap analyst between the current operation and the PCI requirements. Presenting solutions to business and IT directors and selection of solution to implement. After completion of the gap project either I or an independent QSA would perform a follow-up assessment to verify PCI compliance. At the end of each assessment a Report on Compliance (RoC) was completed for review by the client and submitted to the client’s processor. Prior Nov 2005 – Feb 2007 SR Security Analyst / Project Manager (number for employment verification 214-841-6111) Managed the deployment of security and compliance solutions to current and new clients requiring either Payment Card Industry Data Security Standard (PCI) and/or Health Industry Insurance Portability and Accountability Act (HIPAA). Worked directly with new business teams to develop security solutions offering in the following; Identity Management, Intrusion Detection, Antivirus & Spyware protection, Vulnerability Management, Strong Authentication (RSA), Encryption Solution (PGP), Access Event Management, Penetration Testing, Risk Assessment, Risk Mitigation, Ongoing Risk Management. Worked with ACS' ITIL team for creating security assessments of current and new clients to conform to ACS' ISO 20000 data center certification. Worked with new business teams using Lean Six Sigma. Team size of 4 staff. Prior Sr. Technology Officer (number for employment verification 877-576-2427) Sep 2000 – Sep 2005

Enterprise Risk Manager - Interfaced with application managers, risk management, and audit to ensure issues and action plans were logged, tracked, monitored, and resolved. Provided monitoring, tracking and oversight and reporting of risk issues. Worked with application managers to monitor compliance of application development and maintenance plans. Identified potential issues for applications, monitored risk remediation to ensure mitigation or elimination and reported all issues identified in risk tracking application as a result of self-assessment, risk or audit, periodic review of engineering activities for compliance with control policies. Institutionalized the defined processes and procedures to ensure compliance with control policies. Control policies created by global team using CMMi, COBIT, COSO and ISO standards. Process Improvement Manager - Employed to attain CMM Level 2 certification for pilot Investor Services Technology software development projects, CMMI Level 2 certification for the support team within the Application Delivery Support Services organization, and incorporate Six Sigma Digitization practices into the CMM procedures for the Investor Services Technology organization at JPMorgan Chase. Established and documented the development processes used by the various Application Development groups within Investor Services (Waterfall, RAD, Iterative and XP). Application Development and Support Manager - Managed the migration of two software applications (Customer Service Work Station and Asset Income Reconciliation System) from Brooklyn, New York to Dallas, Texas including staffing the operation in Dallas, Texas. SOFTWARE QUALITY PARTNERS Feb 2000 – Aug 2000 CMM Auditor Company no longer exist Provided reviews and training as a member of client's Product Quality Group. Duties include training project team members on policies for the delivery of software solutions using SEI-CMM methodology.

Provided periodic SEI-CMM reviews during the life of a project and a final quality audit of the completed product. Prior Jun 1996 – Dec 1999 Project / QA Manager (number for employment verification 972-244-6300) Responsibilities included working as a cross-functional team member with client's staff in Dallas and Tulsa to develop testing methodology for Year 2000 testing. Reviewed test design documents for mainframe and client server systems. Defined the goals of the QA testing team utilizing CMM methodology, roles and responsibilities of the QA team members. Reviewed and selected automated tools for source code control, documentation control, test scenario, case and data control to be used by the QA team. Defined defect management and error reporting by platform, application, tester and developer. All standards were designed using COBIT, IEEE and CMM. Prior Jun 1995 – Jun 1996 Project / QA Manager (number for employment verification 972-503-4473) Responsibilities included managing a team of 14 members with the goal of developing a Point of Sales System for a 6000-store retail company. Migrated existing manual entry cash reporting system, under SCO UNIX, to the new Point of Sales application, under NT 3.5. Added new functionality allowing store manager to customize Point Of Sales devices by store. Responsible for the design of all testing, unit, string, integration and beta tests for certification of applications deployed to retail stores. Performed intensive string and platform tests on both hardware and software. Prior Jun 1991 – May 1995 Project Manager Responsibilities included developing three new systems: Inventory Management System, Store Level Retail/Cost Analysis System and Inventory Tracking System. This application included development of a new EDI interface to client inventory applications. Managed application team of 5 members for the maintenance and development of both Mainframe and Client Server applications.

Bachelor of Business Administration

Project Management Institute, 2001 American Society for Quality, 2001 Software Engineering Institute, 2003 (ISC)2, 2007