Omar Alam

Omar Alam Email and Phone Number

Senior Information Security Compliance Analyst @ UCLA
Stevenson Ranch, CA, US
Omar Alam's Location
Stevenson Ranch, California, United States, United States
Omar Alam's Contact Details

Omar Alam work email

Omar Alam phone numbers

About Omar Alam

With over 20 years of leadership experience in IT audit, compliance, and enterprise risk management, I am a results-focused and innovative consultant who delivers exceptional client outcomes. Most recently, I was an InfoSec/IT Audit Consultant for a leading global professional solutions provider, working in the banking sector.As a cybersecurity expert, I define and execute cyber risk strategies for global companies with varying levels of IT security maturity and risk profiles. I have extensive knowledge and expertise in various regulatory frameworks, such as PCI, GDPR, ISO27001, HIPAA, MAR, and SOC1/2, and industry best practices, such as CoBIT, COSO, and the NIST Cyber Security Frameworks. I have also served as an Interim CISO, CCO, and CSO, providing strategic guidance and leadership during critical transitional periods. In addition, I am a proud United States Air Force (USAF) veteran and bring the essential skills and values developed there, such as dedication and discipline, to every project.My mission is to help clients build high-performance security and audit programs that align with their business objectives and protect their data and assets. I have successfully managed and completed numerous client projects throughout my career, demonstrating a proven record of delivering value and insights. I have handled sensitive records exceeding $1 million, managed financial transaction systems worth over $8 billion, and overseen security budgets of up to $20 million. I have also built strong partnerships with board-level executives and CTOs, CISOs, CSOs, and CAEs, becoming a trusted advisor and a reliable partner. If you seek a consultant who can provide effective and efficient solutions for IT audit, compliance, cybersecurity, third-party risk, data security, privacy, and risk management, I would be honored to discuss how I can assist you.

Omar Alam's Current Company Details
UCLA

Ucla

View
Senior Information Security Compliance Analyst
Stevenson Ranch, CA, US
Omar Alam Work Experience Details
  • Ucla
    Senior Information Security Compliance Analyst
    Ucla
    Stevenson Ranch, Ca, Us
    View
  • Forvis Mazars Us
    Information Technology/Security Audit Consultant
    Forvis Mazars Us Aug 2024 - Present
    • Conducted audits of NW Monitoring, Incident Response, TPRM, Configurations, Access Control, and EOL/EOSL for State Street Bank.• Coordinated audit walkthroughs with bank and third-party vendor personnel in the USA, Europe, and Asia to ensure compliance with NIST and FFIEC requirements.• Generated reports and management materials for phase tollgates, showcasing adherence to security protocols and controls.
    View
  • International Information Systems Security Certification Consortium Isc2
    Volunteer Certification Exam Subject Matter Reviewer | Cissp, Ccsp, Cc
    International Information Systems Security Certification Consortium Isc2 Oct 2014 - Present
    Assist ISC2 on a volunteer basis with review of exam materials, question type effectiveness, and overall subject matter review. Primary duties are to help with exam content that is up to date, in line with industry trends, and appropriate for the types and levels of candidates sitting for various ISC2 exams. Our experience, and positions as subject matter experts (SME) are leveraged and provided voluntarily to help our industry progress and to have the most appropriate certification programs available.
  • The Matador Media
    President
    The Matador Media Jun 2008 - Present
    Santa Monica, Ca, Us
    A full fledged online media and digital advertising agency bringing leads and traffic for client's products and services. Specialties include helping companies establish their online marketing presence, maximize revenue from websites, integrating both traditional (offline media) with online media, and business overhead costs by the use of online media and internet marketing solutions.
    View
  • Blackhawk Network
    Sr. Cyber Security Audit Advisor | Grc, Iso27001, Pci, Gdpr, Hipaa, Tprm, Euc
    Blackhawk Network Mar 2018 - Apr 2024
    Pleasanton, California, Us
    - Executed audits of NW, cloud, VM, endpoints, cyber response, COPPA, DR/BCP, TPRM, EUC, and domains- Authored audit/remediation/compliance programs for USA, EU, APAC, LATAM, and Canadian sites- Supported security teams to meet requirements for PCI, GDPR, and ISO27001 certification- Audited privacy controls, content policy compliance, and data security for shopping sites and webpages- Reviewed supplier contracts for data security gaps and worked with stakeholders to remediate - Built partnerships with Product, Information Security, IT, Privacy, Legal, DevOps, and Marketing teams- Utilized the TeamMate audit management tool to store project workpapers and to maintain a control list
    View
  • Cse Insurance Group
    It Security Grc Consultant | Iso27001, Pci, Ccpa, Cloud, Privacy, Third-Party Risk
    Cse Insurance Group Aug 2020 - Nov 2023
    Walnut Creek, Ca, Us
    - Executed audits of vulnerability management, data privacy/mapping, remediation, and cloud security- Drafted audit charter processes and was a liaison to business units and executive leadership team- Conducted annual PCI-DSS SAQ A audit, earning a satisfactory RoC report- Performed third-party security assessments, incorporating tool scans and audit findings into summary- Audited company against ISO27001:2013, 2022 Annex A controls for years 2 and 3 surveillances- Outlined, managed, and stored project information and evidence in the AuditBoard tool- Oversaw internal audit function to plan and conduct yearly vendor third-party risk management reviews
    View
  • Colibri Group
    Pci Compliance Project Manager | Descoping, Mitigation, Roadmaps Integration, Grc, Policies
    Colibri Group Apr 2021 - Dec 2021
    St Louis, Missouri, Us
    - Oversaw rollouts of a) PCI-Pal DTMF, b) cloud fax migration, c) P2PE terminals, and d) iFrame payment field solution- Assessed post-implementation efforts for SAQ eligibility and drafted remediation plans for gaps found- Audited policies, procedures, and standards for secure handling of cardholder data clause statements- Created payment channel dataflows for company lines of business and recent acquisitions - Assessed DSS controls for third-party gateways Klarna, Fusebill, Citron, CyberSource, Fiserv, Stripe, TSYS - Developed PCI compliance roadmaps and programs for terminals and MID registers
    View
  • Hanger, Inc.
    Pci Consultant | Gap Assessment, Descoping, Mitigation, Grc, Policies, Dataflows
    Hanger, Inc. Jun 2021 - Nov 2021
    Austin, Texas, Us
    - Performed DSS controls gap assessment fort email, fax, online, and call center payment channels - Drafted dataflow diagrams highlighting terminals, infrastructure, payment processors, gateways - Assessed current policies and procedures for gaps in DSS requirements - Provided summary of SAQ control eligibility as well as de-scoping options to executive stakeholders
    View
  • Schneider
    Pci Consultant | Gap Assessment, Descoping, Mitigation, Grc. Policies, Dataflows
    Schneider Jun 2021 - Oct 2021
    Green Bay, Wi, Us
    - Performed gap assessment of payment card transactions with emails, faxes, online, and call centers - Drafted dataflow diagrams highlighting terminals, infrastructure, payment processors, gateways - Assessed current policies and procedures for gaps in DSS requirements - Provided summary of SAQ control eligibility as well as de-scoping options to lower control requirements
    View
  • Varian
    Iso27001 Auditor Medical Devices | Readiness, Gap Assessment, Compliance, Reporting, Tprm
    Varian Feb 2021 - Apr 2021
    Palo Alto, Ca, Us
    - Audited overall security posture and organizational ISMS level against IS027001 controls - Conducted walkthroughs with USA, UK, Finland, Hungary, Greece, Italy, and Germany employees - Assessed members’ ability to articulate assigned ISMS Annex processes and procedures clearly and concisely - Authored and presented final summary and maturity scorecard to executive stakeholders and CISO
    View
  • Wells Fargo
    Banking Cyber Security Consultant | It Audit, Risk Management, Network Security, Third-Party Risk
    Wells Fargo Oct 2020 - Jan 2021
    San Francisco, California, Us
    - Executed banking compliance audit test of design for network security controls - Validated network security control attributes against evidence supplied - Authored management reports with detailed findings aligning with FFIEC handbook guidelines - Provided first-level auditor support and consulting fo network and systems cyber security controls
    View
  • Omaralam.Tv
    Media Content Creator And Producer
    Omaralam.Tv Sep 2008 - Jan 2020
    A joint to see an off-beat and unique approach to talking about social media, online things, what's all the fuss about technology, and maybe a little ranting and raving about things that suck in the world.
  • Stratus Technology Services, Llc
    Cyber Security Practice Lead | Cyber And Cloud, Grc, Vulnerability Management, Tooling, Compliance
    Stratus Technology Services, Llc Sep 2016 - Apr 2018
    Shrewsbury, New Jersey, Us
    Client Proj - Brown, Brothers, Harriman Jersey City, NJ Feb 2018-April 2018Vuln Mgmt Assessment & Maturity Roadmap
    View
  • The Oa Group Et Al
    Business Consultant
    The Oa Group Et Al 2002 - Mar 2018
    Everything
  • Ohio University
    Security Management Consultant | Policy & Program Standards, Nist 800-53V4, Education, Compliance
    Ohio University Apr 2017 - Jan 2018
    Athens, Ohio, Us
    - Authored formal NIST Security Policies and Standards for the University ISO office- Updated content in HIPAA, PCI, FERPA, and FIPS policies to cover data, vendors, and networks- Authored initial Information Security Risk Management Program for the University - Served as an executive advisory/consultative resource to ISO, CIO, and University OIT
    View
  • Csaa Insurance Group, A Aaa Insurer
    Insurance It Risk Audit Sme | Itgc, Model Audit Rule (Mar), Grc, Iso27001, Pci
    Csaa Insurance Group, A Aaa Insurer Jan 2012 - Jan 2017
    Walnut Creek, Ca, Us
    - Provided feedback and recommendations on current audit practices, network infrastructure design, network management, security weaknesses, data security practices, appropriate use of virtualized technology- Led or supported compliance efforts for PCI, MAR, and other DOI mandates. - Program manager GRC Tool Functional Process Development, lead enterprise IT audit process transformation using QualysGuard (VM, PC) solution to support continuous audit objectives- Led first Cyber Security assessment for NAIC audits and created and integrated control frameworks to cover NAIC Guiding Principles for Cyber Security, MAR, and various DOI audits
    View
  • Great Lakes Higher Education Corporation And Affiliates
    Security Operations Consultant | Soc Program And Runbook, Bcp, Call Trees, Policy, Procedures
    Great Lakes Higher Education Corporation And Affiliates Apr 2016 - Dec 2016
    Madison, Wi, Us
    - Authored initial SOC Program Guide for the Security Services team, - Assessed current processes to allocate resources better- Designed and helped executives with future staffing model for increased workload in the coming years- Provided recommendations on how to create and enforce policies on incident handling, management, and notification
    View
  • Los Angeles County Department Of Public Social Services
    Iv & V Consultant | Leader Replacement System (Lrs), Security Asssessment, Reporting
    Los Angeles County Department Of Public Social Services Jun 2015 - Aug 2015
    - Assessed LRS work done by Accenture against LA County standards- Lead IV&V review of current security practices, data handling/identification, and compliance strategies- Reported to program managers and other key stakeholders on the current security posture of the LRS
  • Fca - North America
    Automotive Grc Consultant | Roadmap Architect, Business Continuity, Archer, Manufacturing
    Fca - North America Nov 2014 - May 2015
    London, England, Gb
    - Authored Strategy Roadmap detailing client requirements for BCM process integration and master blueprint for strategic deployment and governance of Archer tool solution.- Lead strategic discussions and planning for RSA Archer eGRC platform utilization in FCA US. - Authored phased approach diagrams (1, 5, 10 years), methodology, and best practices for automobile manufacturing organizations.- Lead executive steering committee workshops to build foundations for enterprise tool governance program.- Served as the primary advisor to business continuity team members during the strategic planning phase.- Chaired initial technical design and configuration discussions with the technical architect.
    View
  • Sempra Energy
    Nerc Cip Compliance Sme | Rsa Archer, V3/5 , Project Strategic Planning
    Sempra Energy Oct 2014 - Jan 2015
    San Diego, Ca, Us
    - Provided strategic guidance and leadership to EGO NERC Compliance Initiative governing CIP01-CIP09 of NERC CIP v3, v5 utility requirements- Identified critical data feeds from enterprise monitoring tool solutions to meet NERC CIP requirements- Assessed process flow and authored draft ODA strategies for Security Awareness, Quarterly Access Reviews, Contacts, and Facilities- Provided NERC compliance strategies for current deployment and configurations of Cisco IronPort appliances- Identified and collaborated with executive stakeholders on future phase solutions to further expand and integrate RSA Archer into additional business functions and processes
    View
  • Port Of Los Angeles
    Cyber Soc Build Manager | Rsa Implementation, Dhs, Data Security, Government, Project Manager
    Port Of Los Angeles Aug 2013 - Nov 2014
    San Pedro, California, Us
    - Authored project plans for assessed Security Posture of Port SOC to determine applicable regulatory compliance- Chaired weekly meetings with vendors to evaluate solution offerings to match pricing strategy- Authoredmaster project plans, WBS, vendor schedules, and inventory tracking processes - Prepared weekly updates to CIO, CISO, Port Police, DHS, US Govt SS, RSA, and Accuvant Program Managers - Coordinated parallel work efforts of RSA, Accuvant, SoureFire, ForeScout, PoLA, and FireEye vendors- Managed overall project and program to implement industry-grade security technologies for PoLA - Oversaw solution architects' efforts to install monitoring tools and data interfaces that met project requirements - Used ISO27001/27002, CoBIT 5, COSO, and ITIL to map infrastructure/business processes to compliance mandates (HIPAA, MU, PCI, DoD, FISMA)
    View
  • Martin Luther King, Jr. Community Hospital
    Chief Information Security Officer (Ciso) | Security Architect, Compliance Officer, And Cso
    Martin Luther King, Jr. Community Hospital Jun 2012 - Sep 2013
    Los Angeles, Ca, Us
    - Assess the security posture of an LA County greenfield hospital to applicable regulatory mandates- Prepared and held meetings with vendors to assess solution offerings and determine pricing strategy, architectured enterprise security and compliance programs infrastructure design models for hospital - Implemented NPM/APM OPNET solution to gather critical analytical data on infrastructure- Presented project status updates and plans to interim C-level staff, foundation BOD, and DHHS personnel- Attended quarterly city council meetings to present updates on the hospital projects- Collaborated with building architects on security concerns of technology access points within patient rooms - Prepared asset profiles and threat models for infrastructure applications and appliances being brought into the hospital environment- Used ISO27001/27002, CoBIT 5, COSO, and ITIL to map infrastructure and business processes to applicable compliance mandates (HIPAA, MU, PCI)- Managed DR/BCP strategy design, pen testing
    View
  • Vertex Pharmaceuticals
    Pharmaceuticals Consultant | Standards Documentation Authoring, 21Cfr11 Compliance, Gmp Governance
    Vertex Pharmaceuticals Sep 2010 - Jul 2013
    - Created standards, policies, & and guidelines for: LAMP Stack, Social Media, AUP, Cookies/Privacy, QA, Mobile Sites, Project Management, Documentation Practices, Platform Ops- Created standards for Databases, Hosting, Flash Video, Code Markup/Best Practices, Deployment, Front/Back-End Development, Online Promotion (SEO, SEM), Video/Audio- Created FDA-compliant standards for Medical/Prescribing Information Submission, Validation Procedures, Lab Software
  • Cupondehoy.Com
    Pci-Dss Security Consultant | Web Apps, Infrastructure, Payment Card Security Pii Data
    Cupondehoy.Com Oct 2010 - Dec 2012
    - Assessed client provided documentation to determine what PCI-DSS tier they fell under and consulted on the requirements for self-attestation - Assessed current NW infrastructure for vulnerabilities from the hosting provider, payment provider, and security controls for internal implementation- Reviewed Acunetix Vulnerability Report to meet PCI Compliance and company security needs based on risk priority.
  • Kaiser Permanente It
    Security Consultant | Enterprise Compliance, Architecture, Data Security, Pii, Hipaa
    Kaiser Permanente It Sep 2011 - Apr 2012
    Oakland, California, Us
    - Designed and executed remediation work on IronPort servers to meet HIPAA compliance- Applied HASP assessment tools to collect technical, business process, issue, and recommendation information for essential work tracks; Application Remediation/De-Identification of Data, Encryption, Data Transmission - Collaborated with internal HASP project/program managers to develop HASP/HIPAA management solutions- Collated, organized, and analyzed collected data to produce executive summary and other presentations, reports, and dashboards related to findings and recommendations for the Meaningful Use objective- Configured McAfee Foundstone vulnerability scanner for UNIX/Linux, AS/400, AIX, Win2K3, Cisco/Juniper/Checkpoint routers, switches, firewalls, and LBs- Configured RSA Archer eGRC policies/procedures to meet HIPPA Security and MU compliance requirements- Drafted advisory recommendations to management for the usage of Cisco UCS in virtual environments- Mapped in place SOX and PCI controls to HIPPA and assessed for mitigating controls
    View
  • E*Trade Financial Corporation
    Third-Party Vendor Security | Pci, Data Security, Mobile Security, App Security, Sas70
    E*Trade Financial Corporation Oct 2011 - Jan 2012
    Us
    - Assessed vendor assessment questionnaires for weaknesses, accuracy, and answer strength- Audited internal and externally hosted vendor applications which interfaced with E*Trade Systems- Compiled security and risk analysis reports on levels of risk from vendor security control failures- Converted data for porting to an upgraded version of the Agiliance Risk Management tool - Audited vendor submitted SAS70/SSAE16 business continuity plans, vulnerability assessments, and penetration tests for accuracy and acceptable levels of risk- Reviewed vendor interfacing apps for technical and functional flaws and OWASP top ten web app risks- Audited vendor, E*Trade privacy policies, and awareness training programs for compliance with state, federal, and international data privacy directives- Assembled mitigating controls for failed vendor controls as well as remediation guidance for known failures
    View
  • Sempra U.S. Gas & Power
    Nerc Compliance Project Manager | Smart Grid Security, Meter Systems
    Sempra U.S. Gas & Power Feb 2011 - Nov 2011
    San Diego, Ca, Us
    - Led EGO NERC Compliance Initiative governing CIP01-CIP09 of NERC CIP requirements for utilities- Assessed monitoring tool solutions for optimal settings on critical infrastructure being monitored- Audited and wrote draft security policies for Cisco IPS, Juniper FW, Check Point FW, cloud security- Audited and planned remediation for Cisco IronPort appliance configurations for NERC/PCI compliance- Reviewed system and network operator roles within SAP BW/HR modules for segregation of duties conflicts against job descriptions and security policies (system and network level)- Collected reporting data of network infrastructure and created dashboards of enterprise health status- Collected network configurations from report/log servers and verified compliance for: SOX, PCI, NERC- Updated CMDB process and policy for regulatory compliance and to reflect actual business practices/tools- Made recommendations to increase infrastructure and application security, firewall placement, IDS sensor usage, backup and recovery planning
    View
  • E*Trade Financial Corporation
    Third-Party Vendor Security | Pci, Data Security, Mobile Security, App Security, Sas70
    E*Trade Financial Corporation Nov 2010 - Mar 2011
    Us
    - Assessed vendor assessment questionnaires for weaknesses, accuracy, and answer strength- Audited internal and externally hosted vendor applications which interfaced with E*Trade Systems- Compiled security and risk analysis reports on levels of risk from vendor security control failures- Converted data for porting to an upgraded version of the Agiliance Risk Management tool - Audited vendor submitted SAS70/SSAE16 BCPs, vulnerability reports, and pen tests for accuracy and acceptable levels of risk- Reviewed vendor interfacing apps for technical and functional flaws and OWASP top ten web app risks- Audited vendor, E*Trade privacy policies, and awareness training programs for compliance with state, federal, and international data privacy directives- Assembled mitigating controls for failed vendor controls as well as remediation guidance for known failures
    View
  • Nuezra
    Project Manager | Infrastructure/Nw Security, It Audits, Security Policy, Governance
    Nuezra Feb 2003 - Feb 2010
    Engagement lead for clients in both NorCal and SoCal. All assets of company sold in 2009.Common work involved: Authoring standards, policies, guidelines, and rules for clients: NW Firewalls, Reporting/Logging, Backup and Recovery (DR/BCP), FIPS140-2, FISMA, Remote Access, Access Control, Incident Management (OLA, SLA, ITIL), Cookies/Privacy, ERP (Oracle, PS, SAP), Project Management, Documentation Practices, Platform Ops, IDS/IPS Rules, TOGAF, CoBIT, PCI, NERC, GLBA, ISO27001/2, Offensive Security, Single Sign On (SSO) StrategiesProject manage client initiatives including NW appliance installation, report server setup, data center builds, regulatory compliance audits, authentication servers (IDM), data classification, router/switch configuration, database hardening, mainframe configurationMajor Clients: 2003-2007 Panasonic, North America2003-2007 Kaiser Permanente (cont to 2009)2004-2009 Various State/County Agencies
  • On Assignment
    Lead It Auditor | Grc, Controls Testing, Peoplesoft Data Security, Sox Compliance
    On Assignment Nov 2009 - Jan 2010
    Calabasas, California, Us
    - Assessed Business and IT controls and processes for weaknesses and accuracy from PeopleSoft upgrade- Remediated existing ERP access control, security, and system infrastructure control failures- Analyzed network architecture model for the existence of NIST-based defense-in-depth strategies/strength- Recommended installation of HNIDS/HNIPS and Honeypots to remedy anomalies found in network logs- Created and implemented processes to remediate segregation of duties deficiencies - Developed Entity-Wide risk control matrix, narrative, and process flow diagrams- Designed future state business processes to ensure business and IT risks are easily managed- Tested and validated controls on critical ERP (PeopleSoft), DB (Oracle) and HR (Recruitmax) applications
    View
  • Coastal Technology Partners
    Engagement Project Manager | Sox 404, Change Management, Sod, Business Process Design
    Coastal Technology Partners Sep 2008 - Mar 2009
    - Create and document key SOX processes for both IT and Finance (US and UK)- Identify audit risks for management and design a plan to achieve compliance - Assessed and audited Business Continuity and Disaster Recovery Processes/Procedures for adequacy- Remediated deficiencies from internal control testing before handoff to External Auditor (E&Y)- Trained and educated staff on new controls and how to work in a regulated SOX environment- Audited Cisco ASA firewall device configurations and advised on usage of McAfee Enterprise tools- Created access controls, updated processes, and segregation of duties matrix to minimize risk/fraud- Assess and advise the client on SOX compliance concerns for the newly upgraded Great Plains application- Provide executive management with business process health on “as-is” and draft “to-be” processes
  • Nexsan By Imation
    Pre-Sox 404 It Audit Consultant | Program Compliance Manager | Server Pen Tester
    Nexsan By Imation Mar 2008 - Oct 2008
    Sunnyvale, California, Us
    - Authored documents with key SOX processes for both IT and Finance (US and UK)- Lead client through strong internal control creation for Exchequer ERP application and AS/400 environment- Drafted business process narratives for US, UK/Canada subsidiaries- Designed end-user computing controls for critical spreadsheets and databases- Scoped/assessed critical applications and Cisco ASA policies (US, UK, Canada), identifying SOX risks - Remediated work for all noted test issues and executed follow-up tests (“to-be” processes created)- Reviewed revenue recognition for warranty service costs for compliance (S1 Filing Requirement)- Assessed current IP asset protection risks and drafted processes to protect against loss to critical assets (code)- Conducted network vulnerability scans and pen tests on servers with critical financial data in the US and UK- Assessed code change processes and controls for risk and compliance with the Perforce tool
    View
  • Motorcar Parts Of America
    Lead It Audit Consultant | Sox, Security, Grc, Biometrics, Manufacturing, Sap
    Motorcar Parts Of America Oct 2007 - Mar 2008
    Torrance, California, Us
    - Assessed effectiveness of business process controls for MFG/Pro ERP and code mgmt (Perforce)- Reviewed test plans and strategies, and identified risks for SOX 404 IT General Controls- Created and tested controls by CoBIT, COSO, and ISO27001 Standards- Validated application data security at the Mexico location to the accounting governing board “Hacienda” tax- Performed SOX audits and operational walkthroughs at Mexico locations (Tijuana, B.C.)- Completed policy and security configuration audit of WebTrend proxy filter tool- Provided drafts of corporate process upgrades to allow better AS5 alignment for Asia and Mexico sites- Advised client to use a more effective vulnerability/network scanner (Acunetix) to meet compliance- Informed clients on efficient risk management operations, more robust user access, and IT Security (logical/ physical) controls for MFG/Pro and Tress ERP package (Latin America)- Reviewed McAfee AV, SpyWare, and Enterprise Server protection adequacy for overlooked security issues- Assessed biometric hand scanning appliances, security, data management, monitoring, and regulatory concerns at both Mexico and US sites
    View
  • City Of Los Angeles
    Sas 70 Consultant | Management Reports, Sod Audit, Attestations
    City Of Los Angeles Jun 2007 - Sep 2007
    Los Angeles, California, Us
    - Created test plans and reviewed SAS 70 Report and C&A documents from 2003- Performed testing on SAS 70 effectiveness of critical systems- Provided draft RACF, SMIS, SMS (PeopleSoft), and CICS processes for “to-be” state- Created a roadmap to achieve more robust compliance and assurance for “as-as” processes- Performed Risk Assessment on current system environments, including expense processes on the mainframe- Trained client on usage and implementation of AS5 standards for future compliance upkeep
    View
  • Toyota Motor Sales, N.A
    Lead Automotive It Sox Advisor | Security Change Management, Grc, Mainframe, Erp
    Toyota Motor Sales, N.A Jan 2007 - Jun 2007
    Toyota City, Aichi Prefecture, Jp
    - Evaluated relevancy and effectiveness of IT process controls with CoBiT, ITIL, GLBA, and AS5 standards.- Reviewed and updated TMS test plans for SOX IT 2007 testing on UNIX, Oracle, RACF, IT Security, DR/BCP- Created remediation plans for SOD violations within Mainframe (RACF), SAP, and DB2. - Provided draft user role designs to meet internal compliance initiatives- Recommended provisioning strategies based on job responsibilities and guidance to transition users- Performed Validation audits before handing off to IA and external (KPMG)- Reviewed audit reports and usage of NMAP, Acunetix, and Nessus scanners- Assessed wireless security tool (AirDefense) logs for anomalies and operating correctness (encrypt, pw)- Created control remediation and sustainment plans for both IT and business process controls- Assembled data for usage within ClearCase and ClearQuest document management tools- Consulted with the client on the server, network firewalls, and dormant account cleanup process changes
    View
  • Big 5 Sporting Goods
    It Sox Consultant | Engagement Coordinator, Grc Sme, Retail Pos Security
    Big 5 Sporting Goods Oct 2006 - Jan 2007
    El Segundo, Ca, Us
    - Evaluated relevancy, applicability, and effectiveness of critical controls with JD Edwards One World ERP- Reviewed test plans for SOX IT 2006 Testing using a risk-based approach- Tested user access/segregation of duty controls and configuration settings for JD Edwards One World ERP- Tested controls against CoBIT and assisted in SAS70 Type II audits before external auditor (KPMG) review- Assessed PCI risks and documented both “as-is” and “to-be” process flows to allow for compliance - Drafted suggestions for remediation around access control, change control (Perforce), and virus scanning- Consulted client and internal teams on more efficient controls and compliance efforts
    View
  • J2 Global
    It Sox Project Manager | Grc, Data Security, Network Security, App Controls
    J2 Global Jun 2006 - Oct 2006
    Los Angeles, California, Us
    - Reviewed/formatted compliance documents for acceptance by an automated compliance management tool- Formulated strategy for document maintenance and executive alerts for compliance (SOX 302)- Coordinated with Business Control Owners to review access control and application control design and effectiveness to avoid duplication of testing efforts- Advised senior management advisor on SOX 404 best practices to meet external (D&T) guidelines.- Tested ITGC, PCI, and key ERP application controls in Security, Change Management, Data Operations/Management, Entity level, and End-User Computing.- Assessed usage and configurations of McAfee Enterprise (servers, networks) as well as NIPS/HIPS- Created remediation plans for SOD discrepancies and executed new tests for the client
    View
  • Cinram Group, Inc.
    It Sox Audit Pm | Itgc, App Controls, Oracle
    Cinram Group, Inc. Feb 2006 - Jun 2006
    - Reviewed and updated CINRAM SOX process documentation for testing - Performed Design and Operational testing on ITGC and IT application controls - Drafted Application Control Operational Effectiveness test plans for Oracle technologies- Rationalized control relevancy and accuracy of key IT and business process controls - Remediated user access SOD violations within Oracle ERP
    View
  • Disney Abc Television Group
    It Audit Consultant | Sox, Retail Systems, Entertainment, Pci-Dss
    Disney Abc Television Group Mar 2006 - May 2006
    Burbank, California, Us
    - Analyzed documentation to execute quarterly SOX and GLBA compliance audits - Provided business analysis, assembled test documentation kits, risk matrices, and version control process- Tested controls against the existing control environment in line with external auditor guidelines (PwC).- Reviewed IT user roles with access to HR/ACCT/FIN systems and databases within SAP(HR) for segregation of duties conflicts against job descriptions and security policies (system and network level)- Formulated/integrated compliance program process & and control effectiveness recommendations- Assembled compliance analysis reports for usage in long-term SOX assurance- Analyzed current security policy SOX adherence and made recommendations on improvements- Reviewed data interface security risks and PCI concerns for the in-house royalty system
    View
  • Valueclick Media
    It Sox Auditor | Itgc, Change Management, Security Advisory
    Valueclick Media Dec 2005 - Mar 2006
    Westlake Village, Ca, Us
    - Led and executed audits on controls for critical ERP systems for SOX and PCI compliance.- Presented and reviewed test documentation findings to external auditor PwC for PCI and SOX compliance.- Authored and implemented project control documents tracking testing activities and project progress.- Authored and consulted on draft control gap mitigation recommendations to the COO, CFO, and CIO - Updated IT Change Management process, policy, and procedures, to meet SOX and PCI compliance - Authored remediation roadmap and executed plan for SOD violations within Oracle ERP to meet compliance- Executed audits of NW access control settings of Cisco IronPort appliance to meet SOX compliance - Drafted strategies and security architecture (LLD/HLD) models for usage of McAfee IPS on workstations
    View
  • Dole Packaged Foods, Llc
    It Sox Project Manager | Grc, Data Security, Network Security, App Controls
    Dole Packaged Foods, Llc Aug 2005 - Jan 2006
    Singapore, Sg
    - Reviewed current application changes and checked for accuracy in JD Edwards ERP- Evaluated and revised Dole’s existing General Computing and Application Controls to better address SOX- Directed SOX audit documentation activities and liaison to external auditors (D&T).- Tested ITGC and application controls (GL, AR, AP, PR, TX, FA, EX, HR, IN, FR modules)- Drafted and executed test plans for AS/400, JDE interfacing, and Hyperion (Essbase)- Remediated/developed policy for Latin America, Europe, and Asia, Security Logs, Access Management, and HR - Reviewed HP Web Inspect policy, configuration, and reports for vulnerabilities and security violations- Assessed risk on key JDE financial modules and user access control processes- Evaluated process narratives for completeness/accuracy and drafted baselines for ERP upgrade (JD ONE).
    View
  • Countrywide
    It Banking Audit Pm | Sox Compliance, Peoplesoft Data Security, Euc
    Countrywide Jun 2005 - Oct 2005
    Charlotte, Nc, Us
    - Determined and provided process gap remediation solutions for PeopleSoft FS Upgrade and SDLC process- Reviewed and updated control framework using COBIT, OTC/AML/BSA rules as guiding frameworks. - Performed design and operational module control tests for AR, Compensation, Benefits, HR, Payroll, FX - Tested application controls for the Treasury module using COSO as the guidance framework. - Formulated baseline documents & and version control process for ERP implementations/upgrades.- Documented current “as-as” processes and compared to draft “to-be” for PeopleSoft FS Upgrade
    View
  • Ameriquest Capital Group
    Enterprise Project Manager It Sox | Peoplesoft Network Security, Glba, Banking
    Ameriquest Capital Group Mar 2004 - Jul 2005
    Us
    - Managed enterprise compliance efforts to comply with SOX, GLBA, Privacy, and customer data protection - Provided GRC and security support to asset management, procurement, and Information Security groups - Authored and executed audit programs on Cisco IronPort devices (configs, policies) for SOX compliance - Authored project plans, WBS, Gantt charts as part of PM practice and control document creation work- Delivered and managed key IT process documents (SharePoint) for SOX, ITIL, Reg W, PCI, GLBA, SAS70 II - Assessed overall IT risk and compiled both GRC and Security Thread Model documents for executive usage- Authored PeopleSoft ERP process narratives and test plans for design/operational effectiveness audits- Lead audits on policy/setup, configuration of McAfee RM Tools (Policy Advisor, AV, Rogue System, net sec, MOVE, NIPS/HIPS, - Reviewed and made changes to policies on the WebTrend proxy filter for compliance and security needs- Executed internal/external vulnerability scans using NMAP, Acunetix, and BurpSuite to assess NW security - Advised executive management on GRC and Security best practices to improve internal control and security posture for SOX, GLBA, CAN-SPAM, and applicable banking regulations (AML, CIP)
    View
  • Ibm Global Services
    Project Manager | Audits, Business Analysis, Software Audits, Web Design, Client Service Delivery
    Ibm Global Services Sep 2000 - Aug 2002
    Armonk, New York, Ny, Us
    - Managed extensive project portfolio, including SDLC process management and internal audits.- Designed, authored, and presented executive-level cost/benefit analysis reports for project governance.- Provided IT audit services supporting enterprise control weaknesses, procedures/processes.- Led IT audits of critical information systems, and applications.- Authored risk control matrices and process narratives for enterprise GRC and Security requirements.- Drafted business process re-engineering models and flows for projects involving process design tasks.- Authored audit project charters, methodologies, and guidelines, with integrated PMI control practices.- Drafted executive reports on change, configuration, and incident tracking tools supporting IBM GRC.- Fulfilled security admin role for Lotus Notes, PeopleSoft, SAP, Bugzilla, and Perforce tool.
    View
  • Cisco Systems
    Qa Systems Internship | It Analysis, Web Design. Network Security
    Cisco Systems Apr 2000 - Oct 2000
    San Jose, Ca, Us
    - Internal Testing group liaison for web-based apps/projects- Coordinated user acceptance testing related to web-based projects- Compiled/maintained test libraries of scripts for a variety of projects as required- Queried (SQL) Oracle databases to extract required data for reporting purposes- Developed and implemented departmental Win2000 upgrade- Created operational reports and presented new tool research to management - Developed areas of QA Team website and managed group network activities- Wrote business requirements for subscriptions-based revenue generation B2C site with Rational Rose tools - Coordinated team source code and project documentation into the Starbase repository
    View
  • United States Air Force
    Paramedic/Emergency Medical Technician (Emt) | E-4
    United States Air Force Apr 1994 - Apr 1998
    Randolph Afb, Tx, Us
    - Honorably discharged veteran with E-4 rank- Scheduled, planned, instructed, and led a squadron of 500 members- Managed budgets, technology expenses, policy reviews, and public relations- Fully trained as an emergency medical technician and low-level nurse- Fully combat-prepared in disaster preparedness and field surgery- Trained in the usage of M-4 and Ruger firearms- Knowledgeable of UCMJ laws and U.S. civilian laws
    View

Omar Alam Skills

Security It Audit Penetration Testing Project Management Information Technology Computer Security Cissp Sarbanes Oxley Act Data Security Entrepreneurship Change Management Enterprise Architecture Firewalls Internal Audit Executive Management Cisa Incident Management Data Privacy It Grc Pci Dss Iso 27001 Security Audits Social Media Network Security Enterprise Risk Management Computer Forensics Sem Web Application Security Mobile Security Juniper Vulnerability Assessment Network Design Network Administration Ssl Security Architecture Design Cisco Ios Enterprise Architecture Planning Sox Togaf Cisco Security Mainframe Information Security Governance Healthcare Consulting Ethical Hacking Database Security Network Management Software Arcsight Greenfield Projects Ccsp Checkpoint

Omar Alam Education Details

  • University Of Southern California
    University Of Southern California
    Systems Engineering
  • De Anza College
    De Anza College
    General
  • San José State University
    San José State University
    Mis

Frequently Asked Questions about Omar Alam

What company does Omar Alam work for?

Omar Alam works for Ucla

What is Omar Alam's role at the current company?

Omar Alam's current role is Senior Information Security Compliance Analyst.

What is Omar Alam's email address?

Omar Alam's email address is mr****@****ail.com

What is Omar Alam's direct phone number?

Omar Alam's direct phone number is +194923*****

What schools did Omar Alam attend?

Omar Alam attended University Of Southern California, De Anza College, San José State University.

What skills is Omar Alam known for?

Omar Alam has skills like Security, It Audit, Penetration Testing, Project Management, Information Technology, Computer Security, Cissp, Sarbanes Oxley Act, Data Security, Entrepreneurship, Change Management, Enterprise Architecture.

Free Chrome Extension

Find emails, phones & company data instantly

Find verified emails from LinkedIn profiles
Get direct phone numbers & mobile contacts
Access company data & employee information
Works directly on LinkedIn - no copy/paste needed
Get Chrome Extension - Free

Aero Online

Your AI prospecting assistant

Download 750 million emails and 100 million phone numbers

Access emails and phone numbers of over 750 million business users. Instantly download verified profiles using 20+ filters, including location, job title, company, function, and industry.