Stephen Siano, Cisa, Cfe, Cissp Email & Phone Number

New York City Metropolitan Area

Franklin Lakes, New Jersey, United States

• Lead interactions between Security Governance and Technology (IT) teams. Intake security requests and apply BD’s cybersecurity framework to identify requisite security services as needed.
• Lead discussions and clarify objectives with eleven project owners of twenty-two projects resulting from recent NIST CSF maturity assessment. Regularly present status updates to C-Level executive leadership.
• Assist in the development of 3-year cybersecurity roadmap in partnership with IT… Show more
• Assist in the development of 3-year cybersecurity roadmap in partnership with IT leadership.
• Collaborate with security risk owners to strategize and develop risk treatment plans to manage identified security risks as part of Information Security Risk Register. Effectively triaged over 200 security risks over.
• Collaborate with IT and IS Strategy leaders to develop, improve, and report out cybersecurity metrics to executive leadership, including the Cybersecurity Risk Committee. Areas measured include endpoint protection.

Franklin Lakes, New Jersey, United States

• Led and managed a team of Senior IT Auditors who delivered over 50 global IT audits on various subject matter including NIST CSF, security operations, privacy (GDPR), application and cloud security, data centers.
• Conducted semi-annual qualitative and quantitative IT risk assessments and leveraged results to generate annual IT Audit Plan. Presented results to Audit, IT… Show more
• Conducted semi-annual qualitative and quantitative IT risk assessments and leveraged results to generate annual IT Audit Plan. Presented results to Audit, IT, and Information Security leadership teams.
• Managed technology and security risks as identified during internal audits; collaborated with risk owners and IT risk management counterparts to mitigate and remediate risks.
• Led NIST CSF maturity and capability assessment of the Information Security function, covering both IT and Security. Collaborated with external vendor to plan, execute, and report out on results to internal.

Franklin Lakes, New Jersey, United States

New Providence, New Jersey, United States

• Managed and executed IT internal audits using internal or co-sourced Big 4 resources. Audits included application implementations/upgrades, program management (IT outsourcing), privacy / HIPAA /cybersecurity, and GDPR.
• Implemented ACL software for data analysis. Designed and executed ad-hoc data analytics for use on audits. Supported financial audit teams with custom data analytics support.
• Evaluated automated application controls (JD Edwards) for design and operating effectiveness… Show more
• Evaluated automated application controls (JD Edwards) for design and operating effectiveness in support of SOX compliance. Show less

IT audit, operational audit, fraud investigations, computer forensics, contract compliance, ACL analytic design, ACL implementation, source data manipulation and configuration. Experience auditing and automating controls in the following process areas: Accounts Payable, T&E expense, Purchasing Card, Procurement, Payroll. Experience with EnCase v6 & EnCase.

IT Audit Consultant. Worked on SOX compliance. Tested/designed General Computer Controls at Bristol-Myers Squibb Co. Administered OpenPages testing repository for General Computer Controls.

Bachelor Of Science (Bs), Computer Science

Education record