AeroLeads people directory · profile

Omar Alam Email & Phone Number

Senior Information Security Compliance Analyst at UCLA
Location: Stevenson Ranch, California, United States 46 work roles 3 schools
1 work email found @blackhawknetwork.com 2 phones found area 949 and 310 LinkedIn matched
✓ Verified Jul 2026 4 data sources Profile completeness 100%

Contact Signals · 1 work email · 2 phones

Work email o****@blackhawknetwork.com
Direct phone (949) ***-****
LinkedIn Profile matched
3 free lookups remaining · No credit card
Current company
Role
Senior Information Security Compliance Analyst
Location
Stevenson Ranch, California, United States

Who is Omar Alam? Overview

A concise factual answer block for searchers comparing this professional profile.

Quick answer

Omar Alam is listed as Senior Information Security Compliance Analyst at UCLA, based in Stevenson Ranch, California, United States. AeroLeads shows a work email signal at blackhawknetwork.com, phone signal with area code 949, 310, and a matched LinkedIn profile for Omar Alam.

Omar Alam previously worked as Information Technology/Security Audit Consultant at Forvis Mazars Us and Volunteer Certification Exam Subject Matter Reviewer | CISSP, CCSP, CC at International Information Systems Security Certification Consortium Isc2. Omar Alam holds Graduate Certificate, Six Sigma Green Belt, Operations Management And Supervision, Systems Engineering from University Of Southern California.

Company email context

Email format at UCLA

This section adds company-level context without repeating Omar Alam's masked contact details.

{first}.{last}@blackhawknetwork.com
86% confidence

AeroLeads found 1 current-domain work email signal for Omar Alam. Compare company email patterns before reaching out.

Profile bio

About Omar Alam

With over 20 years of leadership experience in IT audit, compliance, and enterprise risk management, I am a results-focused and innovative consultant who delivers exceptional client outcomes. Most recently, I was an InfoSec/IT Audit Consultant for a leading global professional solutions provider, working in the banking sector.As a cybersecurity expert, I define and execute cyber risk strategies for global companies with varying levels of IT security maturity and risk profiles. I have extensive knowledge and expertise in various regulatory frameworks, such as PCI, GDPR, ISO27001, HIPAA, MAR, and SOC1/2, and industry best practices, such as CoBIT, COSO, and the NIST Cyber Security Frameworks. I have also served as an Interim CISO, CCO, and CSO, providing strategic guidance and leadership during critical transitional periods. In addition, I am a proud United States Air Force (USAF) veteran and bring the essential skills and values developed there, such as dedication and discipline, to every project.My mission is to help clients build high-performance security and audit programs that align with their business objectives and protect their data and assets. I have successfully managed and completed numerous client projects throughout my career, demonstrating a proven record of delivering value and insights. I have handled sensitive records exceeding $1 million, managed financial transaction systems worth over $8 billion, and overseen security budgets of up to $20 million. I have also built strong partnerships with board-level executives and CTOs, CISOs, CSOs, and CAEs, becoming a trusted advisor and a reliable partner. If you seek a consultant who can provide effective and efficient solutions for IT audit, compliance, cybersecurity, third-party risk, data security, privacy, and risk management, I would be honored to discuss how I can assist you.

Listed skills include Security, It Audit, Penetration Testing, Project Management, and 46 others.

Current workplace

Omar Alam's current company

Company context helps verify the profile and gives searchers a useful next step.

UCLA
Ucla
Senior Information Security Compliance Analyst
Stevenson Ranch, CA, US
AeroLeads page
46 roles · 25 years

Omar Alam work experience

A career timeline built from the work history available for this profile.

Senior Information Security Compliance Analyst

Stevenson Ranch, Ca, Us

Information Technology/Security Audit Consultant

Current

• Conducted audits of NW Monitoring, Incident Response, TPRM, Configurations, Access Control, and EOL/EOSL for State Street Bank.• Coordinated audit walkthroughs with bank and third-party vendor personnel in the USA, Europe, and Asia to ensure compliance with NIST and FFIEC requirements.• Generated reports and management materials for phase tollgates, showcasing adherence to security protocols and controls.

Aug 2024 - Present

Volunteer Certification Exam Subject Matter Reviewer | Cissp, Ccsp, Cc

Current
International Information Systems Security Certification Consortium Isc2

Assist ISC2 on a volunteer basis with review of exam materials, question type effectiveness, and overall subject matter review. Primary duties are to help with exam content that is up to date, in line with industry trends, and appropriate for the types and levels of candidates sitting for various ISC2 exams. Our experience, and positions as subject matter experts (SME) are leveraged and provided voluntarily to help our industry progress and to have the most appropriate certification programs available.

Oct 2014 - Present

President

Current

Santa Monica, Ca, Us

A full fledged online media and digital advertising agency bringing leads and traffic for client's products and services. Specialties include helping companies establish their online marketing presence, maximize revenue from websites, integrating both traditional (offline media) with online media, and business overhead costs by the use of online media and internet marketing solutions.

Jun 2008 - Present

Sr. Cyber Security Audit Advisor | Grc, Iso27001, Pci, Gdpr, Hipaa, Tprm, Euc

Pleasanton, California, Us

- Executed audits of NW, cloud, VM, endpoints, cyber response, COPPA, DR/BCP, TPRM, EUC, and domains- Authored audit/remediation/compliance programs for USA, EU, APAC, LATAM, and Canadian sites- Supported security teams to meet requirements for PCI, GDPR, and ISO27001 certification- Audited privacy controls, content policy compliance, and data security for shopping sites and webpages- Reviewed supplier contracts for data security gaps and worked with stakeholders to remediate - Built partnerships with Product, Information Security, IT, Privacy, Legal, DevOps, and Marketing teams- Utilized the TeamMate audit management tool to store project workpapers and to maintain a control list

Mar 2018 - Apr 2024

It Security Grc Consultant | Iso27001, Pci, Ccpa, Cloud, Privacy, Third-Party Risk

Walnut Creek, Ca, Us

- Executed audits of vulnerability management, data privacy/mapping, remediation, and cloud security- Drafted audit charter processes and was a liaison to business units and executive leadership team- Conducted annual PCI-DSS SAQ A audit, earning a satisfactory RoC report- Performed third-party security assessments, incorporating tool scans and audit findings into summary- Audited company against ISO27001:2013, 2022 Annex A controls for years 2 and 3 surveillances- Outlined, managed, and stored project information and evidence in the AuditBoard tool- Oversaw internal audit function to plan and conduct yearly vendor third-party risk management reviews

Aug 2020 - Nov 2023

Pci Compliance Project Manager | Descoping, Mitigation, Roadmaps Integration, Grc, Policies

St Louis, Missouri, Us

- Oversaw rollouts of a) PCI-Pal DTMF, b) cloud fax migration, c) P2PE terminals, and d) iFrame payment field solution- Assessed post-implementation efforts for SAQ eligibility and drafted remediation plans for gaps found- Audited policies, procedures, and standards for secure handling of cardholder data clause statements- Created payment channel dataflows for company lines of business and recent acquisitions - Assessed DSS controls for third-party gateways Klarna, Fusebill, Citron, CyberSource, Fiserv, Stripe, TSYS - Developed PCI compliance roadmaps and programs for terminals and MID registers

Apr 2021 - Dec 2021

Pci Consultant | Gap Assessment, Descoping, Mitigation, Grc, Policies, Dataflows

Austin, Texas, Us

- Performed DSS controls gap assessment fort email, fax, online, and call center payment channels - Drafted dataflow diagrams highlighting terminals, infrastructure, payment processors, gateways - Assessed current policies and procedures for gaps in DSS requirements - Provided summary of SAQ control eligibility as well as de-scoping options to executive stakeholders

Jun 2021 - Nov 2021

Pci Consultant | Gap Assessment, Descoping, Mitigation, Grc. Policies, Dataflows

Green Bay, Wi, Us

- Performed gap assessment of payment card transactions with emails, faxes, online, and call centers - Drafted dataflow diagrams highlighting terminals, infrastructure, payment processors, gateways - Assessed current policies and procedures for gaps in DSS requirements - Provided summary of SAQ control eligibility as well as de-scoping options to lower control requirements

Jun 2021 - Oct 2021

Iso27001 Auditor Medical Devices | Readiness, Gap Assessment, Compliance, Reporting, Tprm

Palo Alto, Ca, Us

- Audited overall security posture and organizational ISMS level against IS027001 controls - Conducted walkthroughs with USA, UK, Finland, Hungary, Greece, Italy, and Germany employees - Assessed members’ ability to articulate assigned ISMS Annex processes and procedures clearly and concisely - Authored and presented final summary and maturity scorecard to executive stakeholders and CISO

Feb 2021 - Apr 2021

Banking Cyber Security Consultant | It Audit, Risk Management, Network Security, Third-Party Risk

San Francisco, California, Us

- Executed banking compliance audit test of design for network security controls - Validated network security control attributes against evidence supplied - Authored management reports with detailed findings aligning with FFIEC handbook guidelines - Provided first-level auditor support and consulting fo network and systems cyber security controls

Oct 2020 - Jan 2021

Media Content Creator And Producer

Omaralam.Tv

A joint to see an off-beat and unique approach to talking about social media, online things, what's all the fuss about technology, and maybe a little ranting and raving about things that suck in the world.

Sep 2008 - Jan 2020

Cyber Security Practice Lead | Cyber And Cloud, Grc, Vulnerability Management, Tooling, Compliance

Shrewsbury, New Jersey, Us

Client Proj - Brown, Brothers, Harriman Jersey City, NJ Feb 2018-April 2018Vuln Mgmt Assessment & Maturity Roadmap

Sep 2016 - Apr 2018

Business Consultant

The Oa Group Et Al

Everything

2002 - Mar 2018

Security Management Consultant | Policy & Program Standards, Nist 800-53V4, Education, Compliance

Athens, Ohio, Us

- Authored formal NIST Security Policies and Standards for the University ISO office- Updated content in HIPAA, PCI, FERPA, and FIPS policies to cover data, vendors, and networks- Authored initial Information Security Risk Management Program for the University - Served as an executive advisory/consultative resource to ISO, CIO, and University OIT

Apr 2017 - Jan 2018

Insurance It Risk Audit Sme | Itgc, Model Audit Rule (Mar), Grc, Iso27001, Pci

Walnut Creek, Ca, Us

- Provided feedback and recommendations on current audit practices, network infrastructure design, network management, security weaknesses, data security practices, appropriate use of virtualized technology- Led or supported compliance efforts for PCI, MAR, and other DOI mandates. - Program manager GRC Tool Functional Process Development, lead enterprise IT audit process transformation using QualysGuard (VM, PC) solution to support continuous audit objectives- Led first Cyber Security assessment for NAIC audits and created and integrated control frameworks to cover NAIC Guiding Principles for Cyber Security, MAR, and various DOI audits

Jan 2012 - Jan 2017

Security Operations Consultant | Soc Program And Runbook, Bcp, Call Trees, Policy, Procedures

Madison, Wi, Us

- Authored initial SOC Program Guide for the Security Services team, - Assessed current processes to allocate resources better- Designed and helped executives with future staffing model for increased workload in the coming years- Provided recommendations on how to create and enforce policies on incident handling, management, and notification

Apr 2016 - Dec 2016

Iv & V Consultant | Leader Replacement System (Lrs), Security Asssessment, Reporting

Los Angeles County Department Of Public Social Services

- Assessed LRS work done by Accenture against LA County standards- Lead IV&V review of current security practices, data handling/identification, and compliance strategies- Reported to program managers and other key stakeholders on the current security posture of the LRS

Jun 2015 - Aug 2015

Automotive Grc Consultant | Roadmap Architect, Business Continuity, Archer, Manufacturing

London, England, Gb

- Authored Strategy Roadmap detailing client requirements for BCM process integration and master blueprint for strategic deployment and governance of Archer tool solution.- Lead strategic discussions and planning for RSA Archer eGRC platform utilization in FCA US. - Authored phased approach diagrams (1, 5, 10 years), methodology, and best practices for automobile manufacturing organizations.- Lead executive steering committee workshops to build foundations for enterprise tool governance program.- Served as the primary advisor to business continuity team members during the strategic planning phase.- Chaired initial technical design and configuration discussions with the technical architect.

Nov 2014 - May 2015

Nerc Cip Compliance Sme | Rsa Archer, V3/5 , Project Strategic Planning

San Diego, Ca, Us

- Provided strategic guidance and leadership to EGO NERC Compliance Initiative governing CIP01-CIP09 of NERC CIP v3, v5 utility requirements- Identified critical data feeds from enterprise monitoring tool solutions to meet NERC CIP requirements- Assessed process flow and authored draft ODA strategies for Security Awareness, Quarterly Access Reviews, Contacts, and Facilities- Provided NERC compliance strategies for current deployment and configurations of Cisco IronPort appliances- Identified and collaborated with executive stakeholders on future phase solutions to further expand and integrate RSA Archer into additional business functions and processes

Oct 2014 - Jan 2015

Cyber Soc Build Manager | Rsa Implementation, Dhs, Data Security, Government, Project Manager

San Pedro, California, Us

- Authored project plans for assessed Security Posture of Port SOC to determine applicable regulatory compliance- Chaired weekly meetings with vendors to evaluate solution offerings to match pricing strategy- Authoredmaster project plans, WBS, vendor schedules, and inventory tracking processes - Prepared weekly updates to CIO, CISO, Port Police, DHS, US Govt SS, RSA, and Accuvant Program Managers - Coordinated parallel work efforts of RSA, Accuvant, SoureFire, ForeScout, PoLA, and FireEye vendors- Managed overall project and program to implement industry-grade security technologies for PoLA - Oversaw solution architects' efforts to install monitoring tools and data interfaces that met project requirements - Used ISO27001/27002, CoBIT 5, COSO, and ITIL to map infrastructure/business processes to compliance mandates (HIPAA, MU, PCI, DoD, FISMA)

Aug 2013 - Nov 2014

Chief Information Security Officer (Ciso) | Security Architect, Compliance Officer, And Cso

Los Angeles, Ca, Us

- Assess the security posture of an LA County greenfield hospital to applicable regulatory mandates- Prepared and held meetings with vendors to assess solution offerings and determine pricing strategy, architectured enterprise security and compliance programs infrastructure design models for hospital - Implemented NPM/APM OPNET solution to gather critical analytical data on infrastructure- Presented project status updates and plans to interim C-level staff, foundation BOD, and DHHS personnel- Attended quarterly city council meetings to present updates on the hospital projects- Collaborated with building architects on security concerns of technology access points within patient rooms - Prepared asset profiles and threat models for infrastructure applications and appliances being brought into the hospital environment- Used ISO27001/27002, CoBIT 5, COSO, and ITIL to map infrastructure and business processes to applicable compliance mandates (HIPAA, MU, PCI)- Managed DR/BCP strategy design, pen testing

Jun 2012 - Sep 2013

Pharmaceuticals Consultant | Standards Documentation Authoring, 21Cfr11 Compliance, Gmp Governance

Vertex Pharmaceuticals

- Created standards, policies, & and guidelines for: LAMP Stack, Social Media, AUP, Cookies/Privacy, QA, Mobile Sites, Project Management, Documentation Practices, Platform Ops- Created standards for Databases, Hosting, Flash Video, Code Markup/Best Practices, Deployment, Front/Back-End Development, Online Promotion (SEO, SEM), Video/Audio- Created FDA-compliant standards for Medical/Prescribing Information Submission, Validation Procedures, Lab Software

Sep 2010 - Jul 2013

Pci-Dss Security Consultant | Web Apps, Infrastructure, Payment Card Security Pii Data

Cupondehoy.Com

- Assessed client provided documentation to determine what PCI-DSS tier they fell under and consulted on the requirements for self-attestation - Assessed current NW infrastructure for vulnerabilities from the hosting provider, payment provider, and security controls for internal implementation- Reviewed Acunetix Vulnerability Report to meet PCI Compliance and company security needs based on risk priority.

Oct 2010 - Dec 2012

Security Consultant | Enterprise Compliance, Architecture, Data Security, Pii, Hipaa

Oakland, California, Us

- Designed and executed remediation work on IronPort servers to meet HIPAA compliance- Applied HASP assessment tools to collect technical, business process, issue, and recommendation information for essential work tracks; Application Remediation/De-Identification of Data, Encryption, Data Transmission - Collaborated with internal HASP project/program managers to develop HASP/HIPAA management solutions- Collated, organized, and analyzed collected data to produce executive summary and other presentations, reports, and dashboards related to findings and recommendations for the Meaningful Use objective- Configured McAfee Foundstone vulnerability scanner for UNIX/Linux, AS/400, AIX, Win2K3, Cisco/Juniper/Checkpoint routers, switches, firewalls, and LBs- Configured RSA Archer eGRC policies/procedures to meet HIPPA Security and MU compliance requirements- Drafted advisory recommendations to management for the usage of Cisco UCS in virtual environments- Mapped in place SOX and PCI controls to HIPPA and assessed for mitigating controls

Sep 2011 - Apr 2012

Third-Party Vendor Security | Pci, Data Security, Mobile Security, App Security, Sas70

Us

- Assessed vendor assessment questionnaires for weaknesses, accuracy, and answer strength- Audited internal and externally hosted vendor applications which interfaced with E*Trade Systems- Compiled security and risk analysis reports on levels of risk from vendor security control failures- Converted data for porting to an upgraded version of the Agiliance Risk Management tool - Audited vendor submitted SAS70/SSAE16 business continuity plans, vulnerability assessments, and penetration tests for accuracy and acceptable levels of risk- Reviewed vendor interfacing apps for technical and functional flaws and OWASP top ten web app risks- Audited vendor, E*Trade privacy policies, and awareness training programs for compliance with state, federal, and international data privacy directives- Assembled mitigating controls for failed vendor controls as well as remediation guidance for known failures

Oct 2011 - Jan 2012

Nerc Compliance Project Manager | Smart Grid Security, Meter Systems

San Diego, Ca, Us

- Led EGO NERC Compliance Initiative governing CIP01-CIP09 of NERC CIP requirements for utilities- Assessed monitoring tool solutions for optimal settings on critical infrastructure being monitored- Audited and wrote draft security policies for Cisco IPS, Juniper FW, Check Point FW, cloud security- Audited and planned remediation for Cisco IronPort appliance configurations for NERC/PCI compliance- Reviewed system and network operator roles within SAP BW/HR modules for segregation of duties conflicts against job descriptions and security policies (system and network level)- Collected reporting data of network infrastructure and created dashboards of enterprise health status- Collected network configurations from report/log servers and verified compliance for: SOX, PCI, NERC- Updated CMDB process and policy for regulatory compliance and to reflect actual business practices/tools- Made recommendations to increase infrastructure and application security, firewall placement, IDS sensor usage, backup and recovery planning

Feb 2011 - Nov 2011

Third-Party Vendor Security | Pci, Data Security, Mobile Security, App Security, Sas70

Us

- Assessed vendor assessment questionnaires for weaknesses, accuracy, and answer strength- Audited internal and externally hosted vendor applications which interfaced with E*Trade Systems- Compiled security and risk analysis reports on levels of risk from vendor security control failures- Converted data for porting to an upgraded version of the Agiliance Risk Management tool - Audited vendor submitted SAS70/SSAE16 BCPs, vulnerability reports, and pen tests for accuracy and acceptable levels of risk- Reviewed vendor interfacing apps for technical and functional flaws and OWASP top ten web app risks- Audited vendor, E*Trade privacy policies, and awareness training programs for compliance with state, federal, and international data privacy directives- Assembled mitigating controls for failed vendor controls as well as remediation guidance for known failures

Nov 2010 - Mar 2011

Project Manager | Infrastructure/Nw Security, It Audits, Security Policy, Governance

Nuezra

Engagement lead for clients in both NorCal and SoCal. All assets of company sold in 2009.Common work involved: Authoring standards, policies, guidelines, and rules for clients: NW Firewalls, Reporting/Logging, Backup and Recovery (DR/BCP), FIPS140-2, FISMA, Remote Access, Access Control, Incident Management (OLA, SLA, ITIL), Cookies/Privacy, ERP (Oracle, PS, SAP), Project Management, Documentation Practices, Platform Ops, IDS/IPS Rules, TOGAF, CoBIT, PCI, NERC, GLBA, ISO27001/2, Offensive Security, Single Sign On (SSO) StrategiesProject manage client initiatives including NW appliance installation, report server setup, data center builds, regulatory compliance audits, authentication servers (IDM), data classification, router/switch configuration, database hardening, mainframe configurationMajor Clients: 2003-2007 Panasonic, North America2003-2007 Kaiser Permanente (cont to 2009)2004-2009 Various State/County Agencies

Feb 2003 - Feb 2010

Lead It Auditor | Grc, Controls Testing, Peoplesoft Data Security, Sox Compliance

Calabasas, California, Us

- Assessed Business and IT controls and processes for weaknesses and accuracy from PeopleSoft upgrade- Remediated existing ERP access control, security, and system infrastructure control failures- Analyzed network architecture model for the existence of NIST-based defense-in-depth strategies/strength- Recommended installation of HNIDS/HNIPS and Honeypots to remedy anomalies found in network logs- Created and implemented processes to remediate segregation of duties deficiencies - Developed Entity-Wide risk control matrix, narrative, and process flow diagrams- Designed future state business processes to ensure business and IT risks are easily managed- Tested and validated controls on critical ERP (PeopleSoft), DB (Oracle) and HR (Recruitmax) applications

Nov 2009 - Jan 2010

Engagement Project Manager | Sox 404, Change Management, Sod, Business Process Design

Coastal Technology Partners

- Create and document key SOX processes for both IT and Finance (US and UK)- Identify audit risks for management and design a plan to achieve compliance - Assessed and audited Business Continuity and Disaster Recovery Processes/Procedures for adequacy- Remediated deficiencies from internal control testing before handoff to External Auditor (E&Y)- Trained and educated staff on new controls and how to work in a regulated SOX environment- Audited Cisco ASA firewall device configurations and advised on usage of McAfee Enterprise tools- Created access controls, updated processes, and segregation of duties matrix to minimize risk/fraud- Assess and advise the client on SOX compliance concerns for the newly upgraded Great Plains application- Provide executive management with business process health on “as-is” and draft “to-be” processes

Sep 2008 - Mar 2009

Pre-Sox 404 It Audit Consultant | Program Compliance Manager | Server Pen Tester

Sunnyvale, California, Us

- Authored documents with key SOX processes for both IT and Finance (US and UK)- Lead client through strong internal control creation for Exchequer ERP application and AS/400 environment- Drafted business process narratives for US, UK/Canada subsidiaries- Designed end-user computing controls for critical spreadsheets and databases- Scoped/assessed critical applications and Cisco ASA policies (US, UK, Canada), identifying SOX risks - Remediated work for all noted test issues and executed follow-up tests (“to-be” processes created)- Reviewed revenue recognition for warranty service costs for compliance (S1 Filing Requirement)- Assessed current IP asset protection risks and drafted processes to protect against loss to critical assets (code)- Conducted network vulnerability scans and pen tests on servers with critical financial data in the US and UK- Assessed code change processes and controls for risk and compliance with the Perforce tool

Mar 2008 - Oct 2008

Lead It Audit Consultant | Sox, Security, Grc, Biometrics, Manufacturing, Sap

Torrance, California, Us

- Assessed effectiveness of business process controls for MFG/Pro ERP and code mgmt (Perforce)- Reviewed test plans and strategies, and identified risks for SOX 404 IT General Controls- Created and tested controls by CoBIT, COSO, and ISO27001 Standards- Validated application data security at the Mexico location to the accounting governing board “Hacienda” tax- Performed SOX audits and operational walkthroughs at Mexico locations (Tijuana, B.C.)- Completed policy and security configuration audit of WebTrend proxy filter tool- Provided drafts of corporate process upgrades to allow better AS5 alignment for Asia and Mexico sites- Advised client to use a more effective vulnerability/network scanner (Acunetix) to meet compliance- Informed clients on efficient risk management operations, more robust user access, and IT Security (logical/ physical) controls for MFG/Pro and Tress ERP package (Latin America)- Reviewed McAfee AV, SpyWare, and Enterprise Server protection adequacy for overlooked security issues- Assessed biometric hand scanning appliances, security, data management, monitoring, and regulatory concerns at both Mexico and US sites

Oct 2007 - Mar 2008

Sas 70 Consultant | Management Reports, Sod Audit, Attestations

Los Angeles, California, Us

- Created test plans and reviewed SAS 70 Report and C&A documents from 2003- Performed testing on SAS 70 effectiveness of critical systems- Provided draft RACF, SMIS, SMS (PeopleSoft), and CICS processes for “to-be” state- Created a roadmap to achieve more robust compliance and assurance for “as-as” processes- Performed Risk Assessment on current system environments, including expense processes on the mainframe- Trained client on usage and implementation of AS5 standards for future compliance upkeep

Jun 2007 - Sep 2007

Lead Automotive It Sox Advisor | Security Change Management, Grc, Mainframe, Erp

Toyota City, Aichi Prefecture, Jp

- Evaluated relevancy and effectiveness of IT process controls with CoBiT, ITIL, GLBA, and AS5 standards.- Reviewed and updated TMS test plans for SOX IT 2007 testing on UNIX, Oracle, RACF, IT Security, DR/BCP- Created remediation plans for SOD violations within Mainframe (RACF), SAP, and DB2. - Provided draft user role designs to meet internal compliance initiatives- Recommended provisioning strategies based on job responsibilities and guidance to transition users- Performed Validation audits before handing off to IA and external (KPMG)- Reviewed audit reports and usage of NMAP, Acunetix, and Nessus scanners- Assessed wireless security tool (AirDefense) logs for anomalies and operating correctness (encrypt, pw)- Created control remediation and sustainment plans for both IT and business process controls- Assembled data for usage within ClearCase and ClearQuest document management tools- Consulted with the client on the server, network firewalls, and dormant account cleanup process changes

Jan 2007 - Jun 2007

It Sox Consultant | Engagement Coordinator, Grc Sme, Retail Pos Security

El Segundo, Ca, Us

- Evaluated relevancy, applicability, and effectiveness of critical controls with JD Edwards One World ERP- Reviewed test plans for SOX IT 2006 Testing using a risk-based approach- Tested user access/segregation of duty controls and configuration settings for JD Edwards One World ERP- Tested controls against CoBIT and assisted in SAS70 Type II audits before external auditor (KPMG) review- Assessed PCI risks and documented both “as-is” and “to-be” process flows to allow for compliance - Drafted suggestions for remediation around access control, change control (Perforce), and virus scanning- Consulted client and internal teams on more efficient controls and compliance efforts

Oct 2006 - Jan 2007

It Sox Project Manager | Grc, Data Security, Network Security, App Controls

Los Angeles, California, Us

- Reviewed/formatted compliance documents for acceptance by an automated compliance management tool- Formulated strategy for document maintenance and executive alerts for compliance (SOX 302)- Coordinated with Business Control Owners to review access control and application control design and effectiveness to avoid duplication of testing efforts- Advised senior management advisor on SOX 404 best practices to meet external (D&T) guidelines.- Tested ITGC, PCI, and key ERP application controls in Security, Change Management, Data Operations/Management, Entity level, and End-User Computing.- Assessed usage and configurations of McAfee Enterprise (servers, networks) as well as NIPS/HIPS- Created remediation plans for SOD discrepancies and executed new tests for the client

Jun 2006 - Oct 2006

It Sox Audit Pm | Itgc, App Controls, Oracle

- Reviewed and updated CINRAM SOX process documentation for testing - Performed Design and Operational testing on ITGC and IT application controls - Drafted Application Control Operational Effectiveness test plans for Oracle technologies- Rationalized control relevancy and accuracy of key IT and business process controls - Remediated user access SOD violations within Oracle ERP

Feb 2006 - Jun 2006

It Audit Consultant | Sox, Retail Systems, Entertainment, Pci-Dss

Burbank, California, Us

- Analyzed documentation to execute quarterly SOX and GLBA compliance audits - Provided business analysis, assembled test documentation kits, risk matrices, and version control process- Tested controls against the existing control environment in line with external auditor guidelines (PwC).- Reviewed IT user roles with access to HR/ACCT/FIN systems and databases within SAP(HR) for segregation of duties conflicts against job descriptions and security policies (system and network level)- Formulated/integrated compliance program process & and control effectiveness recommendations- Assembled compliance analysis reports for usage in long-term SOX assurance- Analyzed current security policy SOX adherence and made recommendations on improvements- Reviewed data interface security risks and PCI concerns for the in-house royalty system

Mar 2006 - May 2006

It Sox Auditor | Itgc, Change Management, Security Advisory

Westlake Village, Ca, Us

- Led and executed audits on controls for critical ERP systems for SOX and PCI compliance.- Presented and reviewed test documentation findings to external auditor PwC for PCI and SOX compliance.- Authored and implemented project control documents tracking testing activities and project progress.- Authored and consulted on draft control gap mitigation recommendations to the COO, CFO, and CIO - Updated IT Change Management process, policy, and procedures, to meet SOX and PCI compliance - Authored remediation roadmap and executed plan for SOD violations within Oracle ERP to meet compliance- Executed audits of NW access control settings of Cisco IronPort appliance to meet SOX compliance - Drafted strategies and security architecture (LLD/HLD) models for usage of McAfee IPS on workstations

Dec 2005 - Mar 2006

It Sox Project Manager | Grc, Data Security, Network Security, App Controls

Singapore, Sg

- Reviewed current application changes and checked for accuracy in JD Edwards ERP- Evaluated and revised Dole’s existing General Computing and Application Controls to better address SOX- Directed SOX audit documentation activities and liaison to external auditors (D&T).- Tested ITGC and application controls (GL, AR, AP, PR, TX, FA, EX, HR, IN, FR modules)- Drafted and executed test plans for AS/400, JDE interfacing, and Hyperion (Essbase)- Remediated/developed policy for Latin America, Europe, and Asia, Security Logs, Access Management, and HR - Reviewed HP Web Inspect policy, configuration, and reports for vulnerabilities and security violations- Assessed risk on key JDE financial modules and user access control processes- Evaluated process narratives for completeness/accuracy and drafted baselines for ERP upgrade (JD ONE).

Aug 2005 - Jan 2006

It Banking Audit Pm | Sox Compliance, Peoplesoft Data Security, Euc

Charlotte, Nc, Us

- Determined and provided process gap remediation solutions for PeopleSoft FS Upgrade and SDLC process- Reviewed and updated control framework using COBIT, OTC/AML/BSA rules as guiding frameworks. - Performed design and operational module control tests for AR, Compensation, Benefits, HR, Payroll, FX - Tested application controls for the Treasury module using COSO as the guidance framework. - Formulated baseline documents & and version control process for ERP implementations/upgrades.- Documented current “as-as” processes and compared to draft “to-be” for PeopleSoft FS Upgrade

Jun 2005 - Oct 2005

Enterprise Project Manager It Sox | Peoplesoft Network Security, Glba, Banking

Us

- Managed enterprise compliance efforts to comply with SOX, GLBA, Privacy, and customer data protection - Provided GRC and security support to asset management, procurement, and Information Security groups - Authored and executed audit programs on Cisco IronPort devices (configs, policies) for SOX compliance - Authored project plans, WBS, Gantt charts as part of PM practice and control document creation work- Delivered and managed key IT process documents (SharePoint) for SOX, ITIL, Reg W, PCI, GLBA, SAS70 II - Assessed overall IT risk and compiled both GRC and Security Thread Model documents for executive usage- Authored PeopleSoft ERP process narratives and test plans for design/operational effectiveness audits- Lead audits on policy/setup, configuration of McAfee RM Tools (Policy Advisor, AV, Rogue System, net sec, MOVE, NIPS/HIPS, - Reviewed and made changes to policies on the WebTrend proxy filter for compliance and security needs- Executed internal/external vulnerability scans using NMAP, Acunetix, and BurpSuite to assess NW security - Advised executive management on GRC and Security best practices to improve internal control and security posture for SOX, GLBA, CAN-SPAM, and applicable banking regulations (AML, CIP)

Mar 2004 - Jul 2005

Project Manager | Audits, Business Analysis, Software Audits, Web Design, Client Service Delivery

Armonk, New York, Ny, Us

- Managed extensive project portfolio, including SDLC process management and internal audits.- Designed, authored, and presented executive-level cost/benefit analysis reports for project governance.- Provided IT audit services supporting enterprise control weaknesses, procedures/processes.- Led IT audits of critical information systems, and applications.- Authored risk control matrices and process narratives for enterprise GRC and Security requirements.- Drafted business process re-engineering models and flows for projects involving process design tasks.- Authored audit project charters, methodologies, and guidelines, with integrated PMI control practices.- Drafted executive reports on change, configuration, and incident tracking tools supporting IBM GRC.- Fulfilled security admin role for Lotus Notes, PeopleSoft, SAP, Bugzilla, and Perforce tool.

Sep 2000 - Aug 2002

Qa Systems Internship | It Analysis, Web Design. Network Security

San Jose, Ca, Us

- Internal Testing group liaison for web-based apps/projects- Coordinated user acceptance testing related to web-based projects- Compiled/maintained test libraries of scripts for a variety of projects as required- Queried (SQL) Oracle databases to extract required data for reporting purposes- Developed and implemented departmental Win2000 upgrade- Created operational reports and presented new tool research to management - Developed areas of QA Team website and managed group network activities- Wrote business requirements for subscriptions-based revenue generation B2C site with Rational Rose tools - Coordinated team source code and project documentation into the Starbase repository

Apr 2000 - Oct 2000

Paramedic/Emergency Medical Technician (Emt) | E-4

Randolph Afb, Tx, Us

- Honorably discharged veteran with E-4 rank- Scheduled, planned, instructed, and led a squadron of 500 members- Managed budgets, technology expenses, policy reviews, and public relations- Fully trained as an emergency medical technician and low-level nurse- Fully combat-prepared in disaster preparedness and field surgery- Trained in the usage of M-4 and Ruger firearms- Knowledgeable of UCMJ laws and U.S. civilian laws

Apr 1994 - Apr 1998
3 education records

Omar Alam education

Graduate Certificate, Six Sigma Green Belt, Operations Management And Supervision, Systems Engineering

University Of Southern California

Associate'S Degree, Business Administration And Management, General

De Anza College

Bachelor'S Degree, Dual Degree: Business Administration, Mis

San José State University
FAQ

Frequently asked questions about Omar Alam

Quick answers generated from the profile data available on this page.

What company does Omar Alam work for?

Omar Alam works for UCLA.

What is Omar Alam's role at UCLA?

Omar Alam is listed as Senior Information Security Compliance Analyst at UCLA.

What is Omar Alam's email address?

AeroLeads has found 1 work email signal at @blackhawknetwork.com for Omar Alam at UCLA.

What is Omar Alam's phone number?

AeroLeads has found 2 phone signal(s) with area code 949, 310 for Omar Alam at UCLA.

Where is Omar Alam based?

Omar Alam is based in Stevenson Ranch, California, United States while working with UCLA.

What companies has Omar Alam worked for?

Omar Alam has worked for Ucla, Forvis Mazars Us, International Information Systems Security Certification Consortium Isc2, The Matador Media, and Blackhawk Network.

How can I contact Omar Alam?

You can use AeroLeads to view verified contact signals for Omar Alam at UCLA, including work email, phone, and LinkedIn data when available.

What schools did Omar Alam attend?

Omar Alam holds Graduate Certificate, Six Sigma Green Belt, Operations Management And Supervision, Systems Engineering from University Of Southern California.

What skills is Omar Alam known for?

Omar Alam is listed with skills including Security, It Audit, Penetration Testing, Project Management, Information Technology, Computer Security, Cissp, and Sarbanes Oxley Act.

Find 750M verified contacts

Search by job title, company, industry, location, and seniority. Export verified B2B contact data when you need it.