1. JASON W. ALLRED
6313 SEAL COVE, FORT WORTH, TX 76179, (817) 938-3298, JASON.W.ALLRED@GMAIL.COM
SUMMARY
A consummate leader in all areas of IT governance, risk, compliance, audit and security with a demonstrated
ability to clearly identify, design and implement policies, standards, procedures and best practices promoting
regulatory compliance (PCI, GLBA, S-Ox, MLA, ECOA, FCRA, CFPB, FISMA, DCAA, etc.) utilizing standard frameworks
(COBIT, ITIL, PCI-DSS, etc.)
WORK EXPERIENCE
JUNE 2011 – PRESENT Cash America International Fort Worth, TX
INFORMATION TECHNOLOGY SECURITY & COMPLIANCE ANALYST II
Lead and manage internal and external IT audits (S-Ox, PCI, MLA, GLBA, ECOA, FCRA and CFPB) by coordinating
risk/control matrix updates, receiving audit requests, obtaining and validating all audit evidence, hosting
walkthrough meetings with stakeholders, and communicating audit updates to IT and business
management
Develop, implement, and manage the IT risk management program inclusive of the chartering and chairing of
the IT Governance-Risk-Compliance (GRC) Committee
Design, execute, and manage internal IT compliance assessments against medium and high risk processes and
controls to measure for operating effectiveness
Track and monitor of all audit and compliance deficiencies through remediation in matrix driven processes
Update existing IT policies and procedures and aid in the development of new IT policies and procedures
Lead in the implementation and management of the NetIQ Access Governance Suite identity and access
management solution
Manage annual application and system user attestation reviews for all financially significant applications,
servers, and databases
Contribute in the ongoing operation and compliance of the IT change management, release management, and
configuration management practices as a backup to the primary manager of those functions
Liaise with all IT teams to process and manage exceptions to policies as needed
Lead the team on all corporate compliance work efforts and projects with an information technology
involvement and/or impact
OCTOBER 2010 – MAY 2011 Contineo Fort Worth, TX
INFORMATION TECHNOLOGY AUDITOR / CONSULTANT
Executed GLBA information technology audits for financial institution clients encompassing review of policy,
procedure and practice in the areas of risk management, information security, software acquisition and
development, strategic planning, vendor oversight, disaster recovery, and business continuity
Performed and interpreted internal and external network vulnerability assessments using vulnerability
assessment testing tools to include SAINT, Nessus, and GFI LANGuard
Conducted social engineering activities against financial institution clients to include dumpster diving, pretext
calling, and phishing all in attempt to test how well employees are trained on security policies and
procedures
Consulted with financial institutions to craft and implement information technology policies, standards, and
procedures for their institutions reflective of their operating practices
Analyzed and documented information flow processes covering points of entry, storage, transfer, use, and
destruction for financial institution clients followed by assessing compliance, reputation, financial, and
technological risk associated with those processes
Aided financial institution clients with strategic information systems planning by performing current use and
needs assessments, identifying inefficiencies with the existing environment, and making recommendations
for improvement for increased return on investment
JULY 2008 – SEPTEMBER 2010 Cash America International Fort Worth, TX
SENIOR INTERNAL INFORMATION TECHNOLOGY AUDITOR
Aided in the execution of risk assessments and development of risk based control frameworks to ensure the
integrity of data processing in revenue generating information technology resources to reduce the
likelihood of material financial misstatements
Developed and executed audit procedures inspired by risk and control matrices to test the design and
operating effectiveness of implemented information technology controls in pursuit of compliance with
Sarbanes Oxley requirements, Payment Card Industry requirements, etc.
2. Coordinated the timely remediation of control deficiencies detected through internal information technology
audit testing
Authored report of findings reflecting audit results and recommendations for improvements in daily operations
in pursuit of a more mature compliance posture
Presented report findings to executive management, audit committee, and board of directors
SEPTEMBER 2007 – JULY 2008 DynCorp International Fort Worth, TX
INFORMATION TECHNOLOGY SECURITY & COMPLIANCE ANALYST
Assisted in design, writing, and implementation of the IT change management policy, standards, and
procedures for all production applications, databases and infrastructure
Managed weekly change management oversight committee meetings by presenting all of the routine change
requests submitted for consideration and approval by committee members in addition to facilitating the
post mortem discussion of emergency changes implemented in the prior week
Implemented and managed the Ecora Auditor Professional application purchased by the company to facilitate
effective day to day IT configuration management, system audit, and change monitoring of all production
applications, databases and supporting infrastructure
Analyzed security logs from applications, operating systems, databases, routers, and firewalls for potential
security violations based on established thresholds and benchmarks
Participated in internal and external information technology audits along side Big Four audit firms to identify
risks associated with IT resources and processes in an effort to ascertain first year compliance with
Sarbanes Oxley Section 404
Coordinated the design and implementation of COBIT based IT controls to bring technology operations into
compliance with Sarbanes Oxley Section 404 to pass external audit
Managed quarterly recertification of production network operating system, application, and database users
and follow up with the removal of unauthorized and non-compliant users
Implemented and administered enterprise IT auditing software to collect application and security event logs
from in-scope IT resources and generate aggregate security reporting for review
JUNE 2004 – SEPTEMBER 2007 Credit Union Resources, Inc. Farmers Branch, TX
INFORMATION TECHNOLOGY CONSULTING SUPERVISOR
Performed information security risk assessments and technical network audits for over 75 credit unions per
mandates set forth in Sarbanes Oxley, Gramm Leach Bliley, NCUA, and other federal regulations
Authored information security policies and programs for credit union clients
Created and implemented a monthly security monitoring and reporting program entailing operating system,
application, and database log aggregation analysis for credit union clients
Managed and executed custom information technology projects to include network implementations and data
migration
Developed new information security and compliance programs to increase departmental revenue
Designed and presented information security and compliance seminars at industry trade shows and
conferences with audiences ranging from 50 to over 1000 attendees
Managed three other Information Technology Consultants that were direct reports
CERTIFICATIONS
ISACA – Certified in Risk and Information Systems Control (CRISC)
ISACA – Certified Information Systems Auditor (CISA)
ITIL v3 (2011) – Foundation Certificate in IT Service Management
ITIL v3 (2011) – Intermediate Certificate in Planning, Protection, and Optimization
ITIL v3 (2011) – Intermediate Certificate in Release, Control, and Validation
ITIL v3 (2011) – Intermediate Certificate in Service Operations
EDUCATION
2005 – 2009 Tarleton State University Stephenville, TX
M.B.A. BUSINESS ADMINISTRATION
1998 – 2002 Embry Riddle Aeronautical University Daytona Beach, FL
B.S. MANAGEMENT OF TECHNICAL OPERATIONS