SlideShare a Scribd company logo

Roger Sloan Resume

Download as DOCX, PDF
R
Roger Sloan
1 of 3
Roger A. Sloan, CISSP, CISA 5119 Lakewood Drive • Gibsonia, PA 15044 • (h) 724-443-1704 • (c) 724-991-0250 sloan0717@gmail.com Qualified By Experience in the areas of:  Security compliance  Information security  Information technologyaudit  Security awareness  Security strategy and tactics  Sarbanes-Oxleycompliance  HIPAA compliance  Risk assessment  Policies andprocedures  Budgeting  Project management  Staff management  Management& board reporting  DR and BCP planning  Vendor security oversight  Contract management  System implementations  Special Projects Professional Experience Federal Home Loan Bank of Pittsburgh, Pittsburgh, PA 2007 - 2016 Director, Information Security (April 2008 – July 2016)  Define the Bank’s securitystrategy and tactical security plans ensuring alignmentwith Bank-wide goals and strategies. (Developed the Bank’s securityprogram from its infancy, working closelywith IT, business unitand executive management,as well as the board.)  Define the Bank’s securitypolicies,standards and procedures. This includes the Bank Security Policy, Security ManagementPolicy, Information Security Standards,Information Classification and Data Handling Standards, Security Architecture Control Standards, Cloud Computing Policy,Security IncidentResponse Procedure,etc.  Implementappropriate procedures to ensure compliance with securitypolicies and standards.Directthe definition and implementation ofcompliance monitoring processes,including the definition ofkey metrics. Directthe Bank’s internal vulnerabilitymanagementprogram,automated policycompliance program and social engineering assessmentprogram.  Direct the Bank’s critical data discovery and inventory process,which provides focus for implementation ofcontrols and allocation of resources.  Ensure compliance with applicable regulations and regulatoryguidance to ensure safe and sound business practices.(i.e. HIPAA compliance assessment,Federal Financial Institutions Examination Council cyber security assessment,Federal Housing Finance Agency securitybulletins gap analysis,etc.)  Develop and implementprocedures and reports to keep managementand the board informed aboutthe Bank’s security program and compliance with policies.Share relevantinformation aboutthe Bank’s securityprogram with managementand the board through presentations and reports.  Lead efforts to identify and complete required actions to address compliance violations and analyze currentsecurity practices and implementimprovements where appropriate.  Direct the Bank’s securityawareness training program and ensure training occurs as required bypolicy.  ConductBank-wide securityrisk assessmentactivities.  Direct the Bank’s securityincidentresponse process.  Direct the analysis ofprojectrequests to define priorities and resource requirements,develop appropriate justification for supplementing existing resources,and allocate resources to address business needs.Identify external bu siness partners to supplementexisting staffand improve the efficiency and effectiveness of the department.  Oversee projects to assure compliance with plans and participate in decisions regarding modifications or enhancements to the security, technologyor operating environment,which supportthe Bank’s business requirements. Assess and documentthe design ofsecuritycontrols for each significantsystem implementation projectand provide sign-offprior to production implementation.
Roger A. Sloan Page Two  Direct the Bank’s use ofindependentthird parties for security services,including network vulnerabilityand penetration assessments,social engineering assessments,securityrisk and maturity assessments, and security information and event management(SIEM) services.Negotiate and manage all associated contract  Manage securityreviews and oversightof critical third parties and cloud service providers used by the Bank.  Respond to member/customer requests for information regarding the Bank’s securitycontrol environmentand susceptibilityto specific cyber threats.(Developed an internal SSAE16-like documentto satisfy such requests, creating efficiencies and costsavings for the Bank.)  Direct the Bank’s business continuityplanning program to ensure the Bank can successfullyrecover in the event of a business interruption.Directthe definition of testing schedules and all as pects ofBCP testing exercises. (Responsibilities recentlymigrated to IT Technical Services to enable sole focus on information security.)  Exercise the usual authority of a manager including personnel decisions regarding hiring,training and development, assigning work,performance management,salaryactions,and initiating corrective actions and terminations,as well as establishing and monitoring adherence to a departmental budget. Audit Manager (July 2007 – March 2008)  Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Bank managementand external auditors.  Incorporate IT controls into application/business process audits and train non-ITaudit staff on how to conduct such reviews.  Integrate Internal Audit, SOX and independentthird party audit requirements into a single integrated auditprogram and approach creating efficiencies.  Conductsecurity, application,and general computer control reviews. Duquesne Light Company, Pittsburgh, PA 1995 - 2007 Manager, Audit Services -IT (1998 - 2007) and Audit Coordinator (1995 - 1998)  Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Companymanagementand external auditors.  Oversee and train auditstaff, as well as manage third party co-sourcing engagements (Introduced co-sourcing within Audit Services)  Conductsecurity, application,and general computer control reviews.  Lead the ongoing implementation ofcontinuous auditing/monitoring within the Audit Services Departmentand throughoutthe Company.  Participate in system developmentprojects to ensure controls are addressed.  Lead special projects and investigations as directed by executive management and provide "consulting'' type services to business units to help ensure business objectives are metand controls are implemented (i.e.Cyber Security,Y2K,Rate case refund/surcharge,etc.).  Manage and perform all Sarbanes-Oxley Section 404 IT compliance activities, including scoping, testing, documentation, external audit coordination, etc. D evelop a database for recording and tracking all Sarbanes- Oxley issues and assistin developing the approach, methodology, and standards for the Company's overall Sarbanes-Oxleyproject. The Western Pennsylvania Hospital, Pittsburgh, PA 1993 - 1995 EDP Auditor  Responsible for developing the IT Audit function, including developing the auditapproach and work programs, conducting IT audits,participating in system developmentprojects,issuing final reports and clearing audit findings.
Roger A. Sloan Page Three Allegheny General Hospital, Pittsburgh, PA 1990 - 1993 Coordinator, IS Security  Develop, maintain, and testBusiness RecoveryPlans and negotiate recovery contracts  Administer information security  Develop policies and procedures dealing with information security,computer viruses,software copyrights,etc.  Coordinate IT audit activities  Conduct security reviews of ancillary departments  Select and implement information securityand business recovery software  Maintain physical securityfor the data center Integra Financial Corporation, Pittsburgh, PA 1986 - 1990 Data Security Analyst/Manager (1988 - 1990)  Maintain CICS andapplication security for northern banks  Establish corporate data securitypolicyand procedures  Initiate development of Business Recovery Plan Staff Auditor/EDPAuditor I & II (1986 - 1988)  Develop and maintain auditprograms and software  Conduct IT audits and participate in system development projects  Train branch auditstaff Tools and Technologies Qualys, ProofPoint, Symantec Endpoint Protection, Palo Alto (with WildFire), ThreatSim (Wombat Security), RSA SecureID tokens, AirWatch, OneLogin (SAML), CyberArk, Solutionary (SIEM), Cisco network, VMware, Citrix (virtual desktop and remote access), Windows, Active Directory, Solaris, Linux, Oracle, SQL Server, B2B e-commerce Professional Development  Certified Information Systems Security Professional (CISSP)  Certified InformationSystems Auditor (CISA)  Information Systems Audit & Control Association (ISACA) member and past Pittsburgh Chapter President Education Bachelor of Science, Management Information Systems (Accounting Minor) Indiana University of Pennsylvania

Recommended

Michelle M. Ogan - Resume
Michelle M. Ogan - ResumeMichelle M. Ogan - Resume
Michelle M. Ogan - ResumeMichelle Ogan
 
TyroneResume[1]
TyroneResume[1]TyroneResume[1]
TyroneResume[1]Tyrone Parker, MBA
 
We Bought Some Tools
We Bought Some ToolsWe Bought Some Tools
We Bought Some ToolsJim Bowker, CISSP
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security StrategyInfo-Tech Research Group
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 

Recommended

Michelle M. Ogan - Resume
Michelle M. Ogan - ResumeMichelle M. Ogan - Resume
Michelle M. Ogan - ResumeMichelle Ogan
 
TyroneResume[1]
TyroneResume[1]TyroneResume[1]
TyroneResume[1]Tyrone Parker, MBA
 
We Bought Some Tools
We Bought Some ToolsWe Bought Some Tools
We Bought Some ToolsJim Bowker, CISSP
 
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy Dam Frank
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Security metrics
Security metrics Security metrics
Security metrics PRAYAGRAJ11
 
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security StrategyInfo-Tech Research Group
 
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ InfrastructurePriyank Hada
 
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-PracticesMarco Raposo
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
FORD-KEITH USAJOBS
FORD-KEITH USAJOBSFORD-KEITH USAJOBS
FORD-KEITH USAJOBSKeith Ford
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfLERNER Consulting
 
Monitoring and evaluation
Monitoring and evaluationMonitoring and evaluation
Monitoring and evaluationMd Rifat Anam
 
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010Donald E. Hester
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Donald E. Hester
 
Chapter 5
Chapter 5Chapter 5
Chapter 5sivadnolram
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it envDr Vijay Pithadia Director
 
Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Meshack Lomoywara
 
2012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 122012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 12Randy Lange
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 
LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTIONMiss. Antónia FICOVÁ, Engineer. (Not yet Dr.)
 
M gres dec2016
M gres dec2016M gres dec2016
M gres dec2016Marcus Germain
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it auditkinjalmkothari92
 
Jonathan resume
Jonathan resumeJonathan resume
Jonathan resumejonathan beluong
 
Resume 2016
Resume 2016Resume 2016
Resume 2016Megan Lehman
 

More Related Content

What's hot

Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-PracticesMarco Raposo
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainInfosecTrain
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organizationDan Morrill
 
FORD-KEITH USAJOBS
FORD-KEITH USAJOBSFORD-KEITH USAJOBS
FORD-KEITH USAJOBSKeith Ford
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and ControlAsad Raza
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfLERNER Consulting
 
Monitoring and evaluation
Monitoring and evaluationMonitoring and evaluation
Monitoring and evaluationMd Rifat Anam
 
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010Donald E. Hester
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Donald E. Hester
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Meshack Lomoywara
 
2012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 122012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 12Randy Lange
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloJohn Intindolo
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity AssessmentClaude Baudoin
 

What's hot (20)

Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
 
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
 
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
 
FORD-KEITH USAJOBS
FORD-KEITH USAJOBSFORD-KEITH USAJOBS
FORD-KEITH USAJOBS
 
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
 
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
 
Monitoring and evaluation
Monitoring and evaluationMonitoring and evaluation
Monitoring and evaluation
 
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
 
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
 
Chapter 5
Chapter 5Chapter 5
Chapter 5
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
 
Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2
 
2012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 122012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 12
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
 
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
 
LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION
 
M gres dec2016
M gres dec2016M gres dec2016
M gres dec2016
 
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
 

Viewers also liked

FV Sales Professional Stement
FV Sales Professional StementFV Sales Professional Stement
FV Sales Professional Stementmarc loveday
 
Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017Jeff Chugg
 
Katherine Somer Resume
Katherine Somer ResumeKatherine Somer Resume
Katherine Somer ResumeKaty Somer
 
Kevin Henderson resume 1
Kevin Henderson resume 1Kevin Henderson resume 1
Kevin Henderson resume 1Kevin Henderson
 
Conscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M ThompsonConscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M ThompsonMadeline Gutierrez-Thompson
 

Viewers also liked (15)

Jonathan resume
Jonathan resumeJonathan resume
Jonathan resume
 
Resume 2016
Resume 2016Resume 2016
Resume 2016
 
FV Sales Professional Stement
FV Sales Professional StementFV Sales Professional Stement
FV Sales Professional Stement
 
Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017
 
Resume
Resume Resume
Resume
 
Deborah cox roush resume
Deborah cox roush resumeDeborah cox roush resume
Deborah cox roush resume
 
Katherine Somer Resume
Katherine Somer ResumeKatherine Somer Resume
Katherine Somer Resume
 
Kevin Henderson resume 1
Kevin Henderson resume 1Kevin Henderson resume 1
Kevin Henderson resume 1
 
Jose M. Castaneda Resume 2016
Jose M. Castaneda Resume 2016Jose M. Castaneda Resume 2016
Jose M. Castaneda Resume 2016
 
BTW Resume
BTW ResumeBTW Resume
BTW Resume
 
Terry Robinson Resume
Terry Robinson ResumeTerry Robinson Resume
Terry Robinson Resume
 
Better Resume
Better ResumeBetter Resume
Better Resume
 
Detailed Resume
Detailed ResumeDetailed Resume
Detailed Resume
 
Conscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M ThompsonConscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M Thompson
 
emwilson.resume
emwilson.resumeemwilson.resume
emwilson.resume
 

Similar to Roger Sloan Resume

Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore.
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfpriyanshamadhwal2
 
Paul charife-allen resume-it security
Paul charife-allen resume-it securityPaul charife-allen resume-it security
Paul charife-allen resume-it securityPaul-Charife Allen
 
Paul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT SecurityPaul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT SecurityPaul-Charife Allen
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxkoushikDutta62
 
vertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAvertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAarjunnegi34
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security ProgramShauna_Cox
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Anshu Gupta
 
Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)Candice Franklin
 
MDacey_Bus Exp
MDacey_Bus ExpMDacey_Bus Exp
MDacey_Bus ExpMike Dacey
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Tom Reinheimer
 
C_COHEN_RESUME
C_COHEN_RESUMEC_COHEN_RESUME
C_COHEN_RESUMECarl Cohen
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterDavid Sweigert
 

Similar to Roger Sloan Resume (20)

Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance Analyst
 
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resume
 
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
 
Paul charife-allen resume-it security
Paul charife-allen resume-it securityPaul charife-allen resume-it security
Paul charife-allen resume-it security
 
Paul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT SecurityPaul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT Security
 
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
 
vertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAvertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISA
 
Mahalakshmi_Profile
Mahalakshmi_ProfileMahalakshmi_Profile
Mahalakshmi_Profile
 
G-CISO
G-CISOG-CISO
G-CISO
 
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
 
Michael Bowers Resume
Michael Bowers ResumeMichael Bowers Resume
Michael Bowers Resume
 
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred Resume
 
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
 
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
 
Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)
 
MDacey_Bus Exp
MDacey_Bus ExpMDacey_Bus Exp
MDacey_Bus Exp
 
S Rod Simpson Resume
S Rod Simpson ResumeS Rod Simpson Resume
S Rod Simpson Resume
 
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016
 
C_COHEN_RESUME
C_COHEN_RESUMEC_COHEN_RESUME
C_COHEN_RESUME
 
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project CharterSAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
SAMPLE HIPAA Security Rule Corrective Action Plan Project Charter
 

Roger Sloan Resume

  • 1. Roger A. Sloan, CISSP, CISA 5119 Lakewood Drive • Gibsonia, PA 15044 • (h) 724-443-1704 • (c) 724-991-0250 sloan0717@gmail.com Qualified By Experience in the areas of:  Security compliance  Information security  Information technologyaudit  Security awareness  Security strategy and tactics  Sarbanes-Oxleycompliance  HIPAA compliance  Risk assessment  Policies andprocedures  Budgeting  Project management  Staff management  Management& board reporting  DR and BCP planning  Vendor security oversight  Contract management  System implementations  Special Projects Professional Experience Federal Home Loan Bank of Pittsburgh, Pittsburgh, PA 2007 - 2016 Director, Information Security (April 2008 – July 2016)  Define the Bank’s securitystrategy and tactical security plans ensuring alignmentwith Bank-wide goals and strategies. (Developed the Bank’s securityprogram from its infancy, working closelywith IT, business unitand executive management,as well as the board.)  Define the Bank’s securitypolicies,standards and procedures. This includes the Bank Security Policy, Security ManagementPolicy, Information Security Standards,Information Classification and Data Handling Standards, Security Architecture Control Standards, Cloud Computing Policy,Security IncidentResponse Procedure,etc.  Implementappropriate procedures to ensure compliance with securitypolicies and standards.Directthe definition and implementation ofcompliance monitoring processes,including the definition ofkey metrics. Directthe Bank’s internal vulnerabilitymanagementprogram,automated policycompliance program and social engineering assessmentprogram.  Direct the Bank’s critical data discovery and inventory process,which provides focus for implementation ofcontrols and allocation of resources.  Ensure compliance with applicable regulations and regulatoryguidance to ensure safe and sound business practices.(i.e. HIPAA compliance assessment,Federal Financial Institutions Examination Council cyber security assessment,Federal Housing Finance Agency securitybulletins gap analysis,etc.)  Develop and implementprocedures and reports to keep managementand the board informed aboutthe Bank’s security program and compliance with policies.Share relevantinformation aboutthe Bank’s securityprogram with managementand the board through presentations and reports.  Lead efforts to identify and complete required actions to address compliance violations and analyze currentsecurity practices and implementimprovements where appropriate.  Direct the Bank’s securityawareness training program and ensure training occurs as required bypolicy.  ConductBank-wide securityrisk assessmentactivities.  Direct the Bank’s securityincidentresponse process.  Direct the analysis ofprojectrequests to define priorities and resource requirements,develop appropriate justification for supplementing existing resources,and allocate resources to address business needs.Identify external bu siness partners to supplementexisting staffand improve the efficiency and effectiveness of the department.  Oversee projects to assure compliance with plans and participate in decisions regarding modifications or enhancements to the security, technologyor operating environment,which supportthe Bank’s business requirements. Assess and documentthe design ofsecuritycontrols for each significantsystem implementation projectand provide sign-offprior to production implementation.
  • 2. Roger A. Sloan Page Two  Direct the Bank’s use ofindependentthird parties for security services,including network vulnerabilityand penetration assessments,social engineering assessments,securityrisk and maturity assessments, and security information and event management(SIEM) services.Negotiate and manage all associated contract  Manage securityreviews and oversightof critical third parties and cloud service providers used by the Bank.  Respond to member/customer requests for information regarding the Bank’s securitycontrol environmentand susceptibilityto specific cyber threats.(Developed an internal SSAE16-like documentto satisfy such requests, creating efficiencies and costsavings for the Bank.)  Direct the Bank’s business continuityplanning program to ensure the Bank can successfullyrecover in the event of a business interruption.Directthe definition of testing schedules and all as pects ofBCP testing exercises. (Responsibilities recentlymigrated to IT Technical Services to enable sole focus on information security.)  Exercise the usual authority of a manager including personnel decisions regarding hiring,training and development, assigning work,performance management,salaryactions,and initiating corrective actions and terminations,as well as establishing and monitoring adherence to a departmental budget. Audit Manager (July 2007 – March 2008)  Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Bank managementand external auditors.  Incorporate IT controls into application/business process audits and train non-ITaudit staff on how to conduct such reviews.  Integrate Internal Audit, SOX and independentthird party audit requirements into a single integrated auditprogram and approach creating efficiencies.  Conductsecurity, application,and general computer control reviews. Duquesne Light Company, Pittsburgh, PA 1995 - 2007 Manager, Audit Services -IT (1998 - 2007) and Audit Coordinator (1995 - 1998)  Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Companymanagementand external auditors.  Oversee and train auditstaff, as well as manage third party co-sourcing engagements (Introduced co-sourcing within Audit Services)  Conductsecurity, application,and general computer control reviews.  Lead the ongoing implementation ofcontinuous auditing/monitoring within the Audit Services Departmentand throughoutthe Company.  Participate in system developmentprojects to ensure controls are addressed.  Lead special projects and investigations as directed by executive management and provide "consulting'' type services to business units to help ensure business objectives are metand controls are implemented (i.e.Cyber Security,Y2K,Rate case refund/surcharge,etc.).  Manage and perform all Sarbanes-Oxley Section 404 IT compliance activities, including scoping, testing, documentation, external audit coordination, etc. D evelop a database for recording and tracking all Sarbanes- Oxley issues and assistin developing the approach, methodology, and standards for the Company's overall Sarbanes-Oxleyproject. The Western Pennsylvania Hospital, Pittsburgh, PA 1993 - 1995 EDP Auditor  Responsible for developing the IT Audit function, including developing the auditapproach and work programs, conducting IT audits,participating in system developmentprojects,issuing final reports and clearing audit findings.
  • 3. Roger A. Sloan Page Three Allegheny General Hospital, Pittsburgh, PA 1990 - 1993 Coordinator, IS Security  Develop, maintain, and testBusiness RecoveryPlans and negotiate recovery contracts  Administer information security  Develop policies and procedures dealing with information security,computer viruses,software copyrights,etc.  Coordinate IT audit activities  Conduct security reviews of ancillary departments  Select and implement information securityand business recovery software  Maintain physical securityfor the data center Integra Financial Corporation, Pittsburgh, PA 1986 - 1990 Data Security Analyst/Manager (1988 - 1990)  Maintain CICS andapplication security for northern banks  Establish corporate data securitypolicyand procedures  Initiate development of Business Recovery Plan Staff Auditor/EDPAuditor I & II (1986 - 1988)  Develop and maintain auditprograms and software  Conduct IT audits and participate in system development projects  Train branch auditstaff Tools and Technologies Qualys, ProofPoint, Symantec Endpoint Protection, Palo Alto (with WildFire), ThreatSim (Wombat Security), RSA SecureID tokens, AirWatch, OneLogin (SAML), CyberArk, Solutionary (SIEM), Cisco network, VMware, Citrix (virtual desktop and remote access), Windows, Active Directory, Solaris, Linux, Oracle, SQL Server, B2B e-commerce Professional Development  Certified Information Systems Security Professional (CISSP)  Certified InformationSystems Auditor (CISA)  Information Systems Audit & Control Association (ISACA) member and past Pittsburgh Chapter President Education Bachelor of Science, Management Information Systems (Accounting Minor) Indiana University of Pennsylvania