William H. Linder has over 20 years of experience in IT security risk management, auditing, and compliance using frameworks such as COBIT and COSO. He has worked as an IT security risk manager and auditor for companies such as NBC Universal and Citigroup. Some of his responsibilities have included assessing risks, advising on control requirements, reviewing suppliers for compliance, and testing that controls are operating effectively. He also has experience in areas such as network security, disaster recovery, and application security assessments.
1. William H. Linder
1-718-882-5277 whlinder@juno.com
1
PROFILE
IT Security Risk Manager
IT Security & Compliance Auditor, using COBIT/COSO standards as a framework, establishing controls
over IT governance/best practices.
Proven ability to drive controls assessments,conduct riskand gap analysis,and responsible for the
mitigation of security vulnerabilities.
IT Project Manager, using Project Management Institute methodologies, offering proven skill in system
design development and security architecture, technical documentation, systemmigration, configuration,
and implementation across diverse industries.
Project lifecycle experience including needs assessments,requirements gathering, development planning,
systemdesign, analysis, testing,implementation, compliance, and support of business systems and security.
Expert ability to bridge communication gaps between technical teams, end users and compliance personnel.
Demonstrated talent as a team builder and motivator, capable of creating cohesion and project engagement
across diverse groups.
High technical aptitude; driven to remain on the cutting edge of new technology products,concepts,and
regulations.
AUDIT and SARBANES-OXLEYAREAS OF EXPERIENCE
Reviewed Processes, Controls and Issues/Gaps for:
Physical security of installations (power, temperature,UPS, access)
Logical security of systems (access)
Change management procedures
System Development Life Cycle (SDLC)
Network security
Backup and restore procedures
Disaster recovery – business continuity
Application systems and software controls
Operations
Problem and incident management
User training
Third party services and Service Level Agreements (SLA)
End Point Security
Auditing Software: CCH TeamMate, Power Broker,various in-house systems
AssessedRisk as a result of the Controls tested in conjunction with the Gaps revealed.
PROFESSIONAL EXPERIENCE
NBC Universal (12/2015 – Present)
Information Risk Management Organization Controllership
Measure compliance with external regulations (SOX, Privacy, access)
Advise and educate technical teams, asset owners in control requirements and best practices
Assess needs and risks across all applications
2. William H. Linder
1-718-882-5277 whlinder@juno.com
2
Communicate regulatory requirements and risks
Test that controls are operating effectively
Review suppliers for compliance with privacy requirements
Robert Half (8/2015 – 10/2015)
Consultant: Citigroup Citi Technology Infrastructure group of Internal Audit.
Perform internal audit of data protection products: Checkpoint Endpoint Media Encryption, Symantec
DLP,Microsoft PKI,EntrustCA, VenafiSSL.
Experis (ManpowerGroup) (12/2014 – 5/2015)
Consultant: IPG. Performed SOX audit review of user access rights and timely account suspension of
terminated users.
Consultant: United Bank for Africa. Performed Disaster Recovery/Business Continuity review.
Reviewed results of 2014 Disaster Recovery/Business Continuity test results, and action plans to mitigate
findings resulting from this test. Reviewed and verified test results with business continuity management
and staff.
GRMS IT Consulting (6/2013 – 11/2014)
Consultant/Senior Information Systems Risk Officer at Deutsche Bank
Application security assessment:Determined effectiveness of infrastructure application security
controls for global facing applications. Full scale assessments included server security controls,
identifying and segregating various environments (UAT/DEV/DR/PROD)application User and System
accounts, controlling developer access,monitoring: emergency changes keystroke log-in procedures,
server patches,and change request.
Application security remediation: Provided workable solutions for access/environment
segregation/separation, change monitoring, creating change request to implement solutions (implementing
security controls over application accounts and server).
Maintain metrics dashboard to monitor remediation progress and outstanding issues.
Sony Music Corp
Consultant (Protiviti/Robert Half) (9/2012 – 3/2013)
Perform application compliance review of Hyperion and Eros systems.
United Bank for Africa
Consultant (Experis)(7/2012 – 9/2012)
Performed General Computer Controls and IT security audit.
Atlas Air
Consultant (KForce) (5/2012-6/2012)
End Point security audit and patch management of mobile computing devices.
NewYork Community Bancorp
Consultant (Protiviti/Robert Half) (11/2011 -3/2012)
Performed Application Compliance Review of FIS MISER System. Field work results on
CCH TeamMate.
United Bank for Africa
Consultant (Experis/Jefferson Wells)(7/2011 – 10/2011)
Performed General Computer Controls and IT security audit.
3. William H. Linder
1-718-882-5277 whlinder@juno.com
3
BBE, Inc.
Consultant (3/2011 – 7/2011)
Perform IT security controls review for major international bank.
Review SAS 70s for completeness and accuracy
Review service level agreements (SLA) of third party vendors
Write security assessments of third party vendors and make remediation
recommendations, including findings.
Citigroup
Consultant (8/2010 –12/2010)(AxisTechnology)
Mainframe Entitlement Simplification Project: Pilot project focusing on credit card business.
EmblemHealth, NewYork, NewYork
Consultant (7/2010 – 8/2010)
Review User access rights on medical health care system.
UBS, Weehawken, NewJersey
Associate Director, ITI Risk Management, Distributed Systems and Storage (2007 – 12/2009)
Coordinate and monitor internal and external IT audits of Distributed Systems and Storage (Windows,
UNIX, SQL/Oracle databases, AS400) to arrive at a consistent view on technology and risk.
Reviewed and assessed findings to ensure actions plans were implemented and in compliance with
Sarbanes-Oxley regulations.
Developed and maintained a strong partnership with platform and application owners of Distributed
Systems and Storage to implement effective observations and timely closure of agreed action plans.
Reviewed new system implementation and system refresh projects to identify and escalate any
technology risk issues for compliance with Sarbanes-Oxley and corporate standards.
Consulting Assignments, NewYork, NewYork
IT Security Consultant (1999-2006)
Analyze and document diverse IT infrastructures in support of Auditing and Sarbanes-Oxley compliance and
access control for public companies. Included business process and technicalaudits of client systems and
processes. Engagement highlights include:
Rabobank (Jefferson Wells)
New York Life Insurance Co. (Jefferson Wells)
Flushing Savings Bank (Jefferson Wells)
Citigroup (Jefferson Wells)
AIG (Jefferson Wells)
CIT (Jefferson Wells)
Agere, Inc.
Hollywood Casino, Division of Penn National Gaming
Finlay Fine Jewelry Co.
Tiffany & Company – IT Division, Parsippany, NewJersey
Project Leader(1998)
Piloted migration of overseas computer data centers in London and Zurich to U.S. to support goal of providing
better technical support and secure systemreliability.
Yusen Air & Sea Service, Garden City, NewYork
Wide Area Network (WAN) Manager (1992-1998)
Led software development team to design ocean export system.
4. William H. Linder
1-718-882-5277 whlinder@juno.com
4
Consolidated nationwide computer operations onto a centralized IBM AS/400 computer and frame
relay network across North America.
Managed migration of 6 warehouses spanning the U.S. to new facilities.
EDUCATION & CAREER DEVELOPMENT
Master of Arts, Hunter College of the City University of New York (CUNY)
Bachelor of Arts, Temple University
Diploma in Computer Science,New York University
Oracle Developer Certificate, New Age Training, Inc., New York, New York (2003)
Interconnecting Cisco Networking Devices, Global Knowledge, New York, New York
Foreign Language Skills: Proficiency in German and working knowledge of Polish