Вы находитесь на странице: 1из 3


Extensive 20 years experience as an individual contributor and manager for Risk Management,
Information Compliance, and Security Management in the information technology industry. Process and
procedures include using ISO 17799/27001, ISO 20000, CISSP, PMP, CMMi, SDLC and both Six Sigma
and Lean Six Sigma. I have extensive experience in delivery of project solutions for Risk Management,
Payment Card Industry Data Security Standard (PCI) and Health Industry Insurance Portability and
Accountability Act (HIPAA). I have worked with both internal and external auditors on financial application
being audited for Sarbanes-Oxley Act (SOX). Experience on multi platform environments including;
Microsoft Windows (XP, Server 2000, Server 2003, Small Business Server and Exchange Server),
Midrange systems (IBM and SUN), and IBM Mainframe. I have managed teams from 3 people to as large
as 20 people. I am currently working on completing additional certifications in CISA and CISCO. US
Citizen, Local Dallas Candidate.


Project Management Institute – Project Management Professional (PMP)

ISC2 - Certified Information Systems Security Professional (CISSP)

Project Management: Delegation Skills, Facilitation Skills, Issue Tracking/Reporting, Largest number of
concurrent projects managed is 5, Largest number of people managed on a project is 20, Managing
Metrics, Microsoft Project, Planning & Organization, Project budget management, Project Estimation and
Planning, Project Management, Prototyping, SDLC, CMMi, Six Sigma and Lean Six Sigma.

Security & IT Control: Information Technology Control Policies, Sarbanes-Oxley Act (SOX), Payment
Card Industry Data Security Standard (PCI), Health Industry Insurance Portability and Accountability Act

QA: Test Defect Tracking/Reporting, Test execution methodology, Test project estimation, Test Case
documentation, Test Plan documentation, Test Planning Process, Test Director, Endeavor, Infoman,

Business Analysis: Documentation - Business requirements, Documentation -Data mapping, Process

flow, Prototyping, Rational Unified Process, Systems Analysis and Design, Unified Modeling Language,
Microsoft Access, Microsoft Excel, Microsoft PowerPoint, Microsoft Word and IBM Requisite Pro.

Current Feb 2008 – Current
SR Security Auditor / Project Manager

Manager on audit projects of financial applications for the following audits; SoX, HIPAA and
PCI. During the audits, I managed the interfaced between the audit team and the IT
application team in gathering audit evidence. At the end of each audit, I my team produces
a gap assessment on the audit finding and assist the application owners to develop and
implement solutions to remediate any audit findings. This included creation of action plans,
monitoring procedures and producing weekly reports to Sr. management on status of
outstanding findings. Creation and managing cross functional projects as required. Provide
Security Policies training monthly on current and new trends; provide new hires as needed

for new employees and annual refresher training on current policies. Team size of three

Prior Feb 2007 – Feb 2008

SR Security Auditor / Project Manager (number for employment verification 312-873-7299)

Managed several retail projects for creating PCI focused security gap assessments of
current and new issues to conform to PCI DSS certification. Worked with several retail
business units to assist in creating security environments to comply with level 1 merchant
requirement. Each project started with me performing a gap analyst between the current
operation and the PCI requirements. Presenting solutions to business and IT directors and
selection of solution to implement. After completion of the gap project either I or an
independent QSA would perform a follow-up assessment to verify PCI compliance. At the
end of each assessment a Report on Compliance (RoC) was completed for review by the
client and submitted to the client’s processor.

Prior Nov 2005 – Feb 2007

SR Security Analyst / Project Manager (number for employment verification 214-841-6111)

Managed the deployment of security and compliance solutions to current and new clients requiring either
Payment Card Industry Data Security Standard (PCI) and/or Health Industry Insurance Portability
and Accountability Act (HIPAA). Worked directly with new business teams to develop security solutions
offering in the following; Identity Management, Intrusion Detection, Antivirus & Spyware protection,
Vulnerability Management, Strong Authentication (RSA), Encryption Solution (PGP), Access Event
Management, Penetration Testing, Risk Assessment, Risk Mitigation, Ongoing Risk Management.
Worked with ACS' ITIL team for creating security assessments of current and new clients to conform to
ACS' ISO 20000 data center certification. Worked with new business teams using Lean Six Sigma. Team
size of 4 staff.

Prior Sep 2000 – Sep 2005

Sr. Technology Officer (number for employment verification 877-576-2427)

Enterprise Risk Manager - Interfaced with application managers, risk management, and audit to ensure
issues and action plans were logged, tracked, monitored, and resolved. Provided monitoring, tracking and
oversight and reporting of risk issues. Worked with application managers to monitor compliance of
application development and maintenance plans. Identified potential issues for applications, monitored
risk remediation to ensure mitigation or elimination and reported all issues identified in risk tracking
application as a result of self-assessment, risk or audit, periodic review of engineering activities for
compliance with control policies. Institutionalized the defined processes and procedures to ensure
compliance with control policies. Control policies created by global team using CMMi, COBIT, COSO and
ISO standards.

Process Improvement Manager - Employed to attain CMM Level 2 certification for pilot Investor
Services Technology software development projects, CMMI Level 2 certification for the support team
within the Application Delivery Support Services organization, and incorporate Six Sigma Digitization
practices into the CMM procedures for the Investor Services Technology organization at JPMorgan
Chase. Established and documented the development processes used by the various Application
Development groups within Investor Services (Waterfall, RAD, Iterative and XP).

Application Development and Support Manager - Managed the migration of two software applications
(Customer Service Work Station and Asset Income Reconciliation System) from Brooklyn, New York to
Dallas, Texas including staffing the operation in Dallas, Texas.


CMM Auditor Company no longer exist
Provided reviews and training as a member of client's Product Quality Group. Duties include training
project team members on policies for the delivery of software solutions using SEI-CMM methodology.

Provided periodic SEI-CMM reviews during the life of a project and a final quality audit of the completed

Prior Jun 1996 – Dec 1999

Project / QA Manager (number for employment verification 972-244-6300)
Responsibilities included working as a cross-functional team member with client's staff in Dallas and Tulsa
to develop testing methodology for Year 2000 testing. Reviewed test design documents for mainframe
and client server systems. Defined the goals of the QA testing team utilizing CMM methodology, roles and
responsibilities of the QA team members. Reviewed and selected automated tools for source code
control, documentation control, test scenario, case and data control to be used by the QA team. Defined
defect management and error reporting by platform, application, tester and developer. All standards were
designed using COBIT, IEEE and CMM.

Prior Jun 1995 – Jun 1996

Project / QA Manager (number for employment verification 972-503-4473)
Responsibilities included managing a team of 14 members with the goal of developing a Point of Sales
System for a 6000-store retail company. Migrated existing manual entry cash reporting system, under
SCO UNIX, to the new Point of Sales application, under NT 3.5. Added new functionality allowing store
manager to customize Point Of Sales devices by store. Responsible for the design of all testing, unit,
string, integration and beta tests for certification of applications deployed to retail stores. Performed
intensive string and platform tests on both hardware and software.

Prior Jun 1991 – May 1995

Project Manager
Responsibilities included developing three new systems: Inventory Management System, Store Level
Retail/Cost Analysis System and Inventory Tracking System. This application included development of a
new EDI interface to client inventory applications. Managed application team of 5 members for the
maintenance and development of both Mainframe and Client Server applications.

Bachelor of Business Administration

Project Management Institute, 2001
American Society for Quality, 2001
Software Engineering Institute, 2003
(ISC)2, 2007