Providing Security Assurance for ZEROFOX Clients

Texas Land Management

Senior Security & Compliance Advisor | IT Compliance Program Manager | GRC Systems Analyst

Independent consultant for Information Security Management/certified ISO27001 Lead Auditor. Well skilled in SOX, PCI, Sarbanes Oxley (SOX IT), Privacy, AICPA SOC-2, ISO 27001, and General IT Controls. Work with teams to ensure controls and procedures are documented, repeatable and manage non-conformities and risks. . Key strengths are process and control design, control effectiveness evaluation, gap and root cause analysis, and remediation of compliance non-conformities. Implementation of GRC process and tools using Thompson Reuters Paisley, Metric Stream, Archer and Service Now.

Perform quality review under the ISO 9001 QMS framework.

SOC 2, SOX and PCI internal controls and risk assessment, process and control design to ensure operating effectiveness. Conduct reviews of process and controls, manage remediation milestones and timelines across all lines of business. Provide internal consulting on risks and controls and development of security processes. Standards include SOX, ISO27001, AICPA SOC 2, PCI DSS 3.2. Support SiriusXM enterprise risk and security compliance goals for both internal, external customers and partners

British Telecom AmericaCompliance and Controls Improvement 08/2012 - presentInternal controls assessment and remediation for SOX Finance, PCI, Anti-Corruption and Bribery and Consumer Goods Contract Operations. Conduct audits of process and controls for Finance and IT. Administered quarterly internal controls certifications for BT Americas finance. Managed all internal and external audit Issues for BT Americas. Standards include Sarbanes Oxley, ISO27001, ISO9001 and COBIT. Managed audit findings remediation, control owner certification and quarterly attestations.

Lead ISO 27001 auditor for critical RIM and Blackberry™ systems and business processes. Determine audit scope, conduct entrance and exit presentations and manage remediation of findings Partner with RIM Business units to remediate non-conformities and reduce risks. Strive for continuous improvement in Information Security Compliance programs, improving internal control effectiveness. ISO27001, SOX, and BSI Audit support. Primary responsibility is to conduct internal compliance audits, security risk assessments and remediation of control gaps. Served as the owner of Archer findings management for all of Corporate Security. Led the NFC Blackberry "Wallet" project to successful certification for mobile payment authorizationReceived the CIO "Achieve Now" award for exemplary work on C-TPAT (Customs Trade Partnership Against Terrorism) certification.

Senior IT Security and Compliance Analyst 04/2008 – 01/2011Manage IT compliance and IT risk management for Brink’s US as the primary interface with Ernst & Young financial audit teams. Responsible for IT Audit, Sarbanes Oxley program management, and IT Security policies that support internal and external compliance requirements. Primary responsibility was for management of external audit and remediation of control gaps. Internal Controls testing for financial and PCI systems, network and IT security services. Additional duties include IT risk assessments and oversight for issues remediation discovered through security assessments and audits. Produced and presented the first annual SOX Workshops for IT key control owners, CIO and CFO. Possess strong technical knowledge of IT Security and technology controls based on COSO, ISO27001 and COBIT standards. Well versed in security and audit tools such as ACL, Quest Change Auditor, LogAdmin, Log Logic, Varonis ESM, Quest Security Manager, NetIQ. Systems Tools, AD Manager. Manage remediation milestones and timelines for compliance issues

Responsible for management of IT audit compliance for Sarbanes Oxley Section 404 for Mortgage and Construction, and for analysis and design of underlying business processes for financially significant IT controls. Key job requirements:• Primary interface with Ernst & Young financial audit teams for mid year and fiscal year end audits on all IT General Controls / SOX 404 controls • Control design (TOD) and control effectiveness (TOE) testing and remediation• Exception and remediation reporting to senior management • Audit program development and work paper maintenance• Oversight of internal IT compliance and risk management activities• Policy and procedure ownership: policy gap analysis, policy and procedure development

Information Security Engineer responsible for Security Compliance for PCI and Sarbanes Oxley as required by Internal Audit / Internal Controls. Administered Security Awareness Program, Co-Chair of the AA Privacy Council under the direction of the Chief Privacy Officer. Developed / insourced the Forensics capabilities in support of eDiscovery and Corporate Security as well as managed Incident Response for IT Security, working closely with AA Legal an HR management.Designed the AA Security AAdvocate program to build a matrix security team across key cross functional teams. Received the CIO award for innovation - 2004