This document provides background and experience for a senior independent IT auditor with expertise in governance, risk, and compliance (GRC) audits related to IT systems in highly regulated industries like pharmaceuticals and healthcare. The auditor has over 20 years of experience conducting GRC audits, developing best practices, and contributing to standards bodies to assess risk and ensure compliance with regulations for cloud computing, big data, and other emerging technologies. They have supported many large companies and organizations in conducting audits, developing strategies, and implementing systems to meet regulatory requirements.
Ramon Ruperto - IT, CSV Project ManagerRAMON RUPERTO
Ramon Ruperto has over 26 years of experience managing IT and CSV projects for life sciences companies. He has extensive experience with ERP systems like SAP and Oracle, and validating computer systems for regulatory compliance. As a CSV expert, he is responsible for developing and approving CSV deliverables like validation plans, test protocols, and reports. Currently he is working as a CSV lead for Baxalta BioScience, supporting serialization software validation and integration with an ERP system.
Matthew Tartaglia is an Information Technology Senior Manager with over 20 years of experience leading enterprise application development implementations, overseeing support groups, and managing technology platforms. He has expertise in areas such as organizational leadership, client orientation, technology solutions, budget planning, quality management, and strategic planning. His technical expertise includes languages, databases, data warehousing tools, operating systems, and quality assurance tools. He has held senior consulting and architecture roles at Ally Financial, Jefferies, and Merrill Lynch where he led technology assessments, implemented applications, and provided strategic guidance.
Rose Ann L. Reyes is an IT professional based in Dutch Harbor, Alaska with over 5 years of experience as a Business Analyst and Systems Analyst. She has a background in business analysis, system analysis, web development, quality assurance, and project management. Her experience includes roles at Wesupport, Inc., 24/7 International, Prime Outsource Corporation, and Activ8 Solutions where she managed various IT projects, provided technical support, and developed systems using technologies like ASP, SQL, and SharePoint. She has a Bachelor's degree in Computer Science.
Mdm for materials –positive impact of data quality improvementVerdantis Inc.
Agenda
• Introduction -Positive Impact of Data Quality Improvement
• Customer Case Studies
• Oil & Gas Service Provider –Global MDM Initiative for MRO and ETO
• Global Oil & Gas (E&P) SCM/Procurement Initiative
• Post Merger Material MDM Initiative
• Questions and Answers
Enthusiastic, motivated and creative marketing professional, with a strong interest in Project Management, Digital and Analytics. Growing business through different channels, achieving results, learning about the latest developments in digital technology, creating opportunities and driving revenue are the activities that drive me. I am also great in developing trustworthy relations through my customer sensibility. I love to explore customer insights and employ the best technical and strategic marketing capacities for a more efficient achievement of companies’ goals
Whats In It For You Cool Projects (Accounting, Risk Management, Supply Chai...Veronique_Joubert
The document summarizes 3 consulting projects completed by Resources Global Professionals:
1) Reconciling social security payments for 3,500 employees of a Belgian client to meet a legal deadline. The consultant analyzed payments and reconciled figures.
2) Providing operational risk management support during organizational changes at an insurer, including producing risk reports and training staff.
3) Coaching category managers at a manufacturer's Benelux purchasing organization to improve processes and deliver world-class key performance indicators.
Anastasios Okorite Granville is an electrical engineer from Nigeria with experience in maintenance, management, and military service. He received a Bachelor of Engineering in Electrical/Electronic Engineering from the University of Port Harcourt in 2014. His work experience includes serving as a soldier in the Hellenic Army in Greece from 2016 to 2016, working as a maintenance technician in Nigeria from 2015 to 2015, and currently managing EKEEMA Clinic since 2014. He also completed internships in maintenance at Port Harcourt Refining Company in 2012 and holds various health, safety, and environmental certifications.
2015 - ING Financial Markets - Recommendation LetterEdward Bennett
Cedric Kostka provides a reference letter for Edward Bennett who worked at ING Belgium Financial Markets Run Department. Edward held roles as Operations Officer and then Team Coordinator/Operations Specialist. He was responsible for processing derivatives trades and reconciliations. Edward evolved rapidly, acquiring strong competencies in product knowledge, team coordination, and communication. He helped strengthen collaboration and was a hard-working, proactive, professional, and efficient individual. Cedric will miss Edward's presence but understands his decision to leave the company.
Ramon Ruperto - IT, CSV Project ManagerRAMON RUPERTO
Ramon Ruperto has over 26 years of experience managing IT and CSV projects for life sciences companies. He has extensive experience with ERP systems like SAP and Oracle, and validating computer systems for regulatory compliance. As a CSV expert, he is responsible for developing and approving CSV deliverables like validation plans, test protocols, and reports. Currently he is working as a CSV lead for Baxalta BioScience, supporting serialization software validation and integration with an ERP system.
Matthew Tartaglia is an Information Technology Senior Manager with over 20 years of experience leading enterprise application development implementations, overseeing support groups, and managing technology platforms. He has expertise in areas such as organizational leadership, client orientation, technology solutions, budget planning, quality management, and strategic planning. His technical expertise includes languages, databases, data warehousing tools, operating systems, and quality assurance tools. He has held senior consulting and architecture roles at Ally Financial, Jefferies, and Merrill Lynch where he led technology assessments, implemented applications, and provided strategic guidance.
Rose Ann L. Reyes is an IT professional based in Dutch Harbor, Alaska with over 5 years of experience as a Business Analyst and Systems Analyst. She has a background in business analysis, system analysis, web development, quality assurance, and project management. Her experience includes roles at Wesupport, Inc., 24/7 International, Prime Outsource Corporation, and Activ8 Solutions where she managed various IT projects, provided technical support, and developed systems using technologies like ASP, SQL, and SharePoint. She has a Bachelor's degree in Computer Science.
Mdm for materials –positive impact of data quality improvementVerdantis Inc.
Agenda
• Introduction -Positive Impact of Data Quality Improvement
• Customer Case Studies
• Oil & Gas Service Provider –Global MDM Initiative for MRO and ETO
• Global Oil & Gas (E&P) SCM/Procurement Initiative
• Post Merger Material MDM Initiative
• Questions and Answers
Enthusiastic, motivated and creative marketing professional, with a strong interest in Project Management, Digital and Analytics. Growing business through different channels, achieving results, learning about the latest developments in digital technology, creating opportunities and driving revenue are the activities that drive me. I am also great in developing trustworthy relations through my customer sensibility. I love to explore customer insights and employ the best technical and strategic marketing capacities for a more efficient achievement of companies’ goals
Whats In It For You Cool Projects (Accounting, Risk Management, Supply Chai...Veronique_Joubert
The document summarizes 3 consulting projects completed by Resources Global Professionals:
1) Reconciling social security payments for 3,500 employees of a Belgian client to meet a legal deadline. The consultant analyzed payments and reconciled figures.
2) Providing operational risk management support during organizational changes at an insurer, including producing risk reports and training staff.
3) Coaching category managers at a manufacturer's Benelux purchasing organization to improve processes and deliver world-class key performance indicators.
Anastasios Okorite Granville is an electrical engineer from Nigeria with experience in maintenance, management, and military service. He received a Bachelor of Engineering in Electrical/Electronic Engineering from the University of Port Harcourt in 2014. His work experience includes serving as a soldier in the Hellenic Army in Greece from 2016 to 2016, working as a maintenance technician in Nigeria from 2015 to 2015, and currently managing EKEEMA Clinic since 2014. He also completed internships in maintenance at Port Harcourt Refining Company in 2012 and holds various health, safety, and environmental certifications.
2015 - ING Financial Markets - Recommendation LetterEdward Bennett
Cedric Kostka provides a reference letter for Edward Bennett who worked at ING Belgium Financial Markets Run Department. Edward held roles as Operations Officer and then Team Coordinator/Operations Specialist. He was responsible for processing derivatives trades and reconciliations. Edward evolved rapidly, acquiring strong competencies in product knowledge, team coordination, and communication. He helped strengthen collaboration and was a hard-working, proactive, professional, and efficient individual. Cedric will miss Edward's presence but understands his decision to leave the company.
This curriculum vitae summarizes the professional experience and qualifications of Andrea Gabrielli. It lists his work history including research positions in Italy and France from 1998 to present. It also provides details of his education including a PhD in Physics from the University of Rome in 1998. The CV lists over 100 publications in scientific journals with a total impact factor of over 300 and nearly 2000 citations. It highlights his research interests and experience in complex systems, networks, and statistical physics applied to diverse fields.
This document provides information about an audit firm called CAFG including their aim, values, commitments, areas of expertise, activities, and international reach. CAFG specializes in internal audit, risk controlling, continuous auditing, fraud detection, process review, and training. They provide a wide range of audit types and have experience across multiple countries and sectors including insurance, finance, banking, healthcare, telecom, and public administrations.
Matías Denuble Mancini is a wind turbine technician from Spain seeking employment as a wind energy technician or team leader. He has over 10 years of experience assembling and performing maintenance on various wind turbine models. He is skilled in wiring operations, assembly operations, and elevator installations. Mancini has strong communication, organizational, and computer skills and is well-versed in quality control processes.
- Josep Pou Padrós is a marketing strategy technician currently working for his family's transportation company in Spain.
- He has several masters degrees and certificates in marketing, business, and languages.
- His previous work experience includes roles in customer service, international trade, and product homologation for a large smart card company.
This curriculum vitae is for Jarkko Ahonen, born on February 25, 1971. He has over 18 years of experience as a senior system architect at Nokia, where he has focused on user security, usability of web and command line interfaces, and technical documentation. He holds a PhD in Theoretical and Mathematical Physics from the University of Helsinki and has skills in programming languages like Java, C, and C++.
This document provides a curriculum vitae for Mikolaj Sobocinski, an academic teacher with over 15 years of experience in education and research. It outlines his employment history teaching at various universities in Poland and currently in Kuwait. It also lists his publications, conferences attended, associations, skills, languages, interests and education history. Sobocinski has published several papers on topics related to gamification in education and has organized numerous academic events. He currently resides in Kuwait where he is developing his teaching and organization skills.
This is my latest Curriculum Vitae (CV), with re-activated YouTube link, and uploaded on Wednesday 6th June 2012 (CV 2012 [E].pdf). It features my scientific, engineering, technological and ICT qualifications and credentials. Additionally, it displays the insignias of Liverpool Community College, British Computer Society, Institution of Engineering & Technology and the Radio Society of Great Britain. They're also linked to their respective websites. Additionally, there's also a link to my "Google Profile", which can be made by clicking on my signature. My Scientific, Technological & Engineering qualifications presentation, in animated form, can be found on the YouTube website, URL:
http://www.youtube.com/watch?v=ASRTmUF9
Urban Hellner is a senior technology executive seeking a new management role in high-tech industry. He has 20 years of experience leading teams and managing multimillion dollar budgets. His background includes roles in technology strategy, engineering management, and architecture frameworks at Thales Communications and Ericsson. He has a proven record of translating business and customer requirements into technical solutions.
This document is a resume for Johan Rogiers, seeking a senior strategic management or board position. It summarizes his 25 years of experience as an entrepreneur and real estate developer in Central and Eastern Europe. He has received numerous awards and led the successful expansion of companies he founded from just a few employees to portfolios worth over 500 million Euros. His expertise includes real estate development, management, financing, and private equity investing across Belgium, Romania, Poland, and Russia.
This document is the official guide to the CISSP Common Body of Knowledge (CBK) published by (ISC)2. It contains 10 domains of knowledge needed to obtain the CISSP certification. The second edition was edited by Harold F. Tipton and contains contributions from other security experts. The guide aims to educate information security professionals according to the latest CBK.
Komal Vora has over 14 years of experience in information technology auditing and risk management. She is a CISA and CISM certified professional who has worked in roles at Kotak Mahindra Bank, KPMG, HSBC, and other organizations. Her experience includes IT audits, risk assessments, infrastructure reviews, and projects focused on areas such as governance, security, and business continuity.
The document provides details of Gourav Ladha's professional experience, qualifications, industry exposure, technical skills and sample projects. It summarizes his 10+ years of experience in SAP and IT risk consulting, including roles at EW Consultants, EXL Service.com, Ernst & Young and Sapient Consulting. His expertise includes SAP security, controls review, SOX compliance, and benchmarking engagements across multiple industries.
Tebo Ndagha has over 6 years of experience in cyber security, including security analysis, privacy and data protection, vulnerability scanning, penetration testing, and certification and accreditation. He has a bachelor's degree in computer science and information security and certifications in Oracle database administration and computer science. His experience includes developing security policies, performing risk assessments, and ensuring compliance with standards like NIST, FISMA, and ISO.
Ahmad Yusuf has over 20 years of experience in project management, architecture, and engineering roles for both government and commercial clients. He has extensive experience leading teams on programs involving systems development, integration, and modernization. Currently, he is a Project Manager and Scrum Master for the GSACAMEO program at Leidos, where he manages software development and serves as the Scrum Master.
This document is a resume for Bhushan Shende summarizing his professional experience in testing and IT. Over the past 5 years, he has worked on various projects in testing roles at Synechron Technologies and Asurion-NEW. Some of the key projects listed include the Market Regulatory and Reporting System for ABN AMRO Bank where he performed requirements analysis, test case design, and defect tracking. He also has experience with the GIDS reference and market data project at ABN AMRO. Overall, the resume emphasizes Bhushan's expertise in software testing methodologies, tools like JIRA and Quality Centre, and skills in SQL, databases, and programming languages.
Keith W. Reine is a quality assurance test lead with over 15 years of experience in project testing, quality assurance, and project management. He has worked as a test lead and consultant for several companies, including United Launch Alliance and Crop Production Services. Reine has expertise in test strategy and plan design, defect tracking, and implementing test execution and defect resolution metrics. He aims to determine system vulnerabilities and recommend solutions to testing issues.
Jeffrey Miller has over 40 years of experience in cybersecurity, systems engineering, and analysis for the Department of Defense. He has held positions as an Information Assurance Engineer and Staff Computer Analyst, where he has led efforts to develop security programs, certification and accreditation packages, and implemented security directives. Miller maintains a Secret clearance and is a Certified Information Systems Security Professional with extensive experience supporting major systems such as the Global Command and Control System for the Air Force.
The document summarizes the process and benefits of conducting an SAP security and compliance audit using the SAST SUITE tool. The audit focuses on authorization management, system configuration, and ABAP development/customizing. SAST SUITE comprehensively checks over 4,000 system settings and authorization rules. It generates a detailed report highlighting vulnerabilities and recommendations for remediation. On average, SAST SUITE can complete an audit in half the time required for a manual audit, reducing the resource burden on audited departments.
Mark Koehler is an experienced IT professional seeking a career growth opportunity in information technology. He has over 15 years of experience in security, network infrastructure, systems administration and management. His skills include security compliance, risk assessment, network design, systems management, and security system implementation. He is looking to contribute his skills and experience to help organizations succeed.
Milu Kishore Dhal has over 6 years of experience in Microsoft technologies such as SQL Server, SSIS, and SSRS. He is currently a consultant at Polaris Financial Technology Ltd and has experience developing ETL processes and reports. He has a strong background in database development, query optimization, and performance tuning.
James Craft is an experienced Information Assurance and Quality Control professional with over 20 years of experience working on DOD contracts. He has expertise in quality assurance, metric analysis, technical editing and ITIL concepts. Currently he works as a Quality Assurance Manager for a contract supporting DISA, where he established reporting processes and monitors SLAs. Previously he held roles as a senior analyst, information specialist and test engineer supporting various DOD programs and analyzing network infrastructure. He has a B.S. in Electrical Engineering Technology and numerous technical certifications.
This curriculum vitae summarizes the professional experience and qualifications of Andrea Gabrielli. It lists his work history including research positions in Italy and France from 1998 to present. It also provides details of his education including a PhD in Physics from the University of Rome in 1998. The CV lists over 100 publications in scientific journals with a total impact factor of over 300 and nearly 2000 citations. It highlights his research interests and experience in complex systems, networks, and statistical physics applied to diverse fields.
This document provides information about an audit firm called CAFG including their aim, values, commitments, areas of expertise, activities, and international reach. CAFG specializes in internal audit, risk controlling, continuous auditing, fraud detection, process review, and training. They provide a wide range of audit types and have experience across multiple countries and sectors including insurance, finance, banking, healthcare, telecom, and public administrations.
Matías Denuble Mancini is a wind turbine technician from Spain seeking employment as a wind energy technician or team leader. He has over 10 years of experience assembling and performing maintenance on various wind turbine models. He is skilled in wiring operations, assembly operations, and elevator installations. Mancini has strong communication, organizational, and computer skills and is well-versed in quality control processes.
- Josep Pou Padrós is a marketing strategy technician currently working for his family's transportation company in Spain.
- He has several masters degrees and certificates in marketing, business, and languages.
- His previous work experience includes roles in customer service, international trade, and product homologation for a large smart card company.
This curriculum vitae is for Jarkko Ahonen, born on February 25, 1971. He has over 18 years of experience as a senior system architect at Nokia, where he has focused on user security, usability of web and command line interfaces, and technical documentation. He holds a PhD in Theoretical and Mathematical Physics from the University of Helsinki and has skills in programming languages like Java, C, and C++.
This document provides a curriculum vitae for Mikolaj Sobocinski, an academic teacher with over 15 years of experience in education and research. It outlines his employment history teaching at various universities in Poland and currently in Kuwait. It also lists his publications, conferences attended, associations, skills, languages, interests and education history. Sobocinski has published several papers on topics related to gamification in education and has organized numerous academic events. He currently resides in Kuwait where he is developing his teaching and organization skills.
This is my latest Curriculum Vitae (CV), with re-activated YouTube link, and uploaded on Wednesday 6th June 2012 (CV 2012 [E].pdf). It features my scientific, engineering, technological and ICT qualifications and credentials. Additionally, it displays the insignias of Liverpool Community College, British Computer Society, Institution of Engineering & Technology and the Radio Society of Great Britain. They're also linked to their respective websites. Additionally, there's also a link to my "Google Profile", which can be made by clicking on my signature. My Scientific, Technological & Engineering qualifications presentation, in animated form, can be found on the YouTube website, URL:
http://www.youtube.com/watch?v=ASRTmUF9
Urban Hellner is a senior technology executive seeking a new management role in high-tech industry. He has 20 years of experience leading teams and managing multimillion dollar budgets. His background includes roles in technology strategy, engineering management, and architecture frameworks at Thales Communications and Ericsson. He has a proven record of translating business and customer requirements into technical solutions.
This document is a resume for Johan Rogiers, seeking a senior strategic management or board position. It summarizes his 25 years of experience as an entrepreneur and real estate developer in Central and Eastern Europe. He has received numerous awards and led the successful expansion of companies he founded from just a few employees to portfolios worth over 500 million Euros. His expertise includes real estate development, management, financing, and private equity investing across Belgium, Romania, Poland, and Russia.
This document is the official guide to the CISSP Common Body of Knowledge (CBK) published by (ISC)2. It contains 10 domains of knowledge needed to obtain the CISSP certification. The second edition was edited by Harold F. Tipton and contains contributions from other security experts. The guide aims to educate information security professionals according to the latest CBK.
Komal Vora has over 14 years of experience in information technology auditing and risk management. She is a CISA and CISM certified professional who has worked in roles at Kotak Mahindra Bank, KPMG, HSBC, and other organizations. Her experience includes IT audits, risk assessments, infrastructure reviews, and projects focused on areas such as governance, security, and business continuity.
The document provides details of Gourav Ladha's professional experience, qualifications, industry exposure, technical skills and sample projects. It summarizes his 10+ years of experience in SAP and IT risk consulting, including roles at EW Consultants, EXL Service.com, Ernst & Young and Sapient Consulting. His expertise includes SAP security, controls review, SOX compliance, and benchmarking engagements across multiple industries.
Tebo Ndagha has over 6 years of experience in cyber security, including security analysis, privacy and data protection, vulnerability scanning, penetration testing, and certification and accreditation. He has a bachelor's degree in computer science and information security and certifications in Oracle database administration and computer science. His experience includes developing security policies, performing risk assessments, and ensuring compliance with standards like NIST, FISMA, and ISO.
Ahmad Yusuf has over 20 years of experience in project management, architecture, and engineering roles for both government and commercial clients. He has extensive experience leading teams on programs involving systems development, integration, and modernization. Currently, he is a Project Manager and Scrum Master for the GSACAMEO program at Leidos, where he manages software development and serves as the Scrum Master.
This document is a resume for Bhushan Shende summarizing his professional experience in testing and IT. Over the past 5 years, he has worked on various projects in testing roles at Synechron Technologies and Asurion-NEW. Some of the key projects listed include the Market Regulatory and Reporting System for ABN AMRO Bank where he performed requirements analysis, test case design, and defect tracking. He also has experience with the GIDS reference and market data project at ABN AMRO. Overall, the resume emphasizes Bhushan's expertise in software testing methodologies, tools like JIRA and Quality Centre, and skills in SQL, databases, and programming languages.
Keith W. Reine is a quality assurance test lead with over 15 years of experience in project testing, quality assurance, and project management. He has worked as a test lead and consultant for several companies, including United Launch Alliance and Crop Production Services. Reine has expertise in test strategy and plan design, defect tracking, and implementing test execution and defect resolution metrics. He aims to determine system vulnerabilities and recommend solutions to testing issues.
Jeffrey Miller has over 40 years of experience in cybersecurity, systems engineering, and analysis for the Department of Defense. He has held positions as an Information Assurance Engineer and Staff Computer Analyst, where he has led efforts to develop security programs, certification and accreditation packages, and implemented security directives. Miller maintains a Secret clearance and is a Certified Information Systems Security Professional with extensive experience supporting major systems such as the Global Command and Control System for the Air Force.
The document summarizes the process and benefits of conducting an SAP security and compliance audit using the SAST SUITE tool. The audit focuses on authorization management, system configuration, and ABAP development/customizing. SAST SUITE comprehensively checks over 4,000 system settings and authorization rules. It generates a detailed report highlighting vulnerabilities and recommendations for remediation. On average, SAST SUITE can complete an audit in half the time required for a manual audit, reducing the resource burden on audited departments.
Mark Koehler is an experienced IT professional seeking a career growth opportunity in information technology. He has over 15 years of experience in security, network infrastructure, systems administration and management. His skills include security compliance, risk assessment, network design, systems management, and security system implementation. He is looking to contribute his skills and experience to help organizations succeed.
Milu Kishore Dhal has over 6 years of experience in Microsoft technologies such as SQL Server, SSIS, and SSRS. He is currently a consultant at Polaris Financial Technology Ltd and has experience developing ETL processes and reports. He has a strong background in database development, query optimization, and performance tuning.
James Craft is an experienced Information Assurance and Quality Control professional with over 20 years of experience working on DOD contracts. He has expertise in quality assurance, metric analysis, technical editing and ITIL concepts. Currently he works as a Quality Assurance Manager for a contract supporting DISA, where he established reporting processes and monitors SLAs. Previously he held roles as a senior analyst, information specialist and test engineer supporting various DOD programs and analyzing network infrastructure. He has a B.S. in Electrical Engineering Technology and numerous technical certifications.
Lavetta McClorin is a systems analyst/programmer with over 15 years of experience in healthcare and insurance industries. She has a strong technical background with skills in C#, ASP.NET, SQL Server, Visual Studio, and Agile methodologies. Most recently, she worked as a senior programmer analyst at Blue Cross Blue Shield of South Carolina developing and implementing various claims processing systems.
The document provides an overview of the FAA's Aviation Safety and Efficiency business units, ATO service units, and IT enterprise services including application solutions, information delivery, user and infrastructure support, software development, enterprise framework, user management, business intelligence, and program enablers like quality assurance and control. It also lists services provided and recommendations.
The document provides an overview of the FAA's Aviation Safety and Efficiency business units, ATO service units, and IT enterprise services including application solutions, information delivery, user and infrastructure support, software development, enterprise framework, user management, business intelligence, and program enablers like quality assurance and control. It also lists services provided and recommendations.
This document provides a summary of Cathy White's experience and qualifications. She has over 15 years of experience leading business analysis and project management for healthcare IT projects. Some of her past roles and responsibilities include serving as project lead for Medicaid expansion projects in New Hampshire and Alaska, implementing new Medicaid Management Information Systems, and heading requirements gathering and testing for various software development projects. She has expertise in areas such as ANSI X12 standards, Medicaid claims processing, and Agile methodologies.
Senthil Ramadoss is an SAP Security Technical Consultant with over 5 years of experience in SAP Security and Authorization. He has expertise in ECC 6.0, BW 7.0, SCM 7.0, and GRC 10.0. He has worked on various projects involving security re-engineering, access requests, role implementation, and SAP upgrades. Currently he works as a Consultant for Infosys Technologies on a project for PepsiCo International.
Sidhartha Chatterjee has over 8 years of experience in SAP security with skills in ECC, BI, HR and GRC. He has experience implementing, developing, rolling out and supporting SAP security solutions. He has led SAP security projects for clients like Ericsson, Philips, Target and COK. His responsibilities included role development, issue resolution, auditing and developing tools to automate user administration tasks. He received awards for his work from Philips and praise from Target and Capgemini for custom solutions that improved efficiency.
Kaizentric is a Data Analytics firm, based in Chennai, India. Statistical Analysis is performed on a well-built client specific data warehouse, supported by Data Mining.
Similar to Senior Independent IT Auditor (GRC), CISSP & CISA_April 28th, 2015 (20)
Senior Independent IT Auditor (GRC), CISSP & CISA_April 28th, 2015
1. CONFIDENTIAL
Pw Carey
Compliance Partners, LLC
250 South Grove Ave., Suite 200, Barrington, Illinois 60010 - USA
Senior Independent IT Auditor (GRC), CISSP, CISA
San Francisco-Chicago-Boston & Best, Netherlands
224-633-1378, 650-264-9617 or 278-3731 - FAX: 847-381-2067
tc-pcarey@raland.com or pwc.pwcarey@gmail.com
http://www.complysys.com
BACKGROUND:
• GRC IT Audits, Cloud/Big Data/Mobile, CFTC, Part 22, PCI-DSS, e-Discovery Re: BSA/AML, PCAOB, GAAP, FASB, IASB, &
IFRS-9
• COBIT-5 IT Audits Focusing on Related Parties & Significant & Unusual Transactions, including Long-term Obligations (TLTROs)
• ECPA, 18 U.S.C., CFR 21, Part 11, ICFR & ITGC, ISF, IIA, Rule 404(b), BSA (Bank Secrecy Act), SOX, Dodd-Frank
• SIEM, ID/PS, APT Analysis, Metasploit, Nexpose, Nessus, Splunk, RSA/EMC, Symantec), PEN Testing, SCAP, & CAESARS
• GRC/CIA Compliance Attestation, NIST SP 800-53, SP 800-37, GAO/OMB, COFAR, A-133 Std., Cloud/Big Data risk assessments
• Risk Analysis, COBIT5. SAML, & ISO/IEC 17799, 27001, 27002, ISO/IEC 17025:2005 Accreditation of the Digital Forensics
• DOJ/SEC FCPA, SEC Internal Guidance, SSAE No. 16 AT Section 801, ISAE 3402. FedRAMP, FISMA, FISCAM & GAGS
• IETF (Network/WebSec), Cloud/BigData Ecosystems: OpenStack, AWS, and Azure, (MSN, Cisco, Oracle & IBM), via (IPv4&IPv6)
• ITIL, COSO, ICEFR, CobiT5, RACI, & ZACHMAN Frameworks, via PMBOK, PRINCE2, SABSA, TOGAF, SIEM, ID/PS strategies
• SP 800-86 Forensic Techniques, SIRT (Security Incident Response Team), Risk Analysis & Fraud-Re: Cloud/BigData/Hadoop
• HIPPA/HITECH incorporating eDiscovery & Digital Forensics via PCAOB Stds., lastly an RF/PF Adviser, w/CIB and U.S. Passport
EXPERIENCE
Compliance Partners, LLC Mar. 2003 to Present
250 Grove Ave., Suite 200,
Barrington, IL 60010-USA
Client – NIST/ITL, Gaithersburg, MD Mar. 2011 to
Present
Contributor-Senior IT Auditor (GRC), CISA, CISSP supporting NIST’s (National Institute of Standards and Technology) Big Data/Cloud Eco-
system initiatives. SME, including; Cloud Computing Standards Roadmap, SP 500-291, Ver. 1.0, July, 2011/2013 & Cloud Computing Security
Reference Architecture, SP 500-299, Ver. 1.0, May 15th, 2013. Big Data, Digital Forensics in the Cloud Eco-system, Forensics, Gaithersburg,
MD, Nov. 28th-30th, Big Data/Cloud Computing Security, Privacy and Forensics WGs. Reference Architecture & Taxonomy, (Big Data/Cloud
Computing) Forensics, Technology RoadMap & SLA Workgroups, Cloud Security WG Work Group, Big Data/CC Road Map WG (Accessibility &
Performance).Incorporating; IEEE Cloud Profiles WG 2301 & Intercloud WG 2302. CSA Cloud Security Alliance, (CSA) Group 2: GRC
Governance, Risk & Compliance, within Cloud/Big Data Eco-systems WGs: Reference Architecture and Taxonomy, Standards Acceleration to
Jumpstart Adoption of Cloud Computing (SAJACC), Security, Standards Roadmap, Business Use Cases, and the Koala Project, incorporating
PCAOB, DoJ, GAO, SEC and IRS regulatory standards, guidelines and best practices in-line with US Code Title 18.
Professional Sabbatical 2009 thru 2011
Big Data/Cloud Eco-system Audits/GRC best practices
Senior IT Auditor, (CISA/CISSP) Contributor: Cloud Security Alliance CSA Group 2, NIST CC Security & Roadmap WGs, AICPA, & COSO
RFC’s & Whitepapers. AICPA Request for Comments (RFC): SAS 59 The Auditor's Consideration of an Entity's Ability to Continue as a
Going Concern, January 31st
, COSO Internal Control-Integrated Framework (ICIF), 2011-Request for Comments (RFC)
• SAP GRC Cloud Security & Computing: Best Practices, Limitations and Liabilities, GAO's IG Quality Standards for Inspection and
Evaluation, January 2011 & Financial Audit Manual FAM 2008, Cloud Security Alliance (CSA) Group 2: Governance, Risk
Management, Compliance, Audit, Physical, BCM, DR. Security Models, ITIL, COSO, CobiT, ISO/IEC , organizational security
standards, ISO 9001:2008, ISO 27001:2005, ISO 27002, ISO 20000-1 and ISO 38500:2008 Corporate Governance, Zachman &
SABSA, ISO/IEC 17799:2000, ISO/IEC 15408:1999.
• ASTM E-55 Pharmaceuticals & ASTM E-48 Biotechnology Forums, ISACA San Francisco Chapter (CISA Examination Course), ISSA-
San Francisco Chapter – (CISSP Exam Course), NIST SP 800-30 & 800-66, OECD, NIST-FISMA, CDER, 21 CFR 314.50(l) (NDAs), 21
CFR 314.94(d) (ANDAs), 21 CFR 601.14(b) (BLAs), and 21 CFR 314.81(b) (annual reports to marketing applications), ISO 9000, ISO
13485 RAPS Risk Evaluation and Mitigation Strategy (REMS).
CLIENT – Genentech/Roche SSF, CA Dec. 2008 to May 2009
IT Systems Analyst, SAP (Pharmaceuticals-Logistics-Clinical Trials) GRC (Governance, Risk & Compliance), PM audit and validation expertise
for client’s product development/clinical trials group, providing GRC guidance for clients IT systems: data management, clinical trials, sponsors,
and Contract Research Organizations (CROs), within FDA and EMEA guidelines.
CLIENT - Philips Medical Systems (PMS), PMS Best/Eindhoven, NL Feb. 2007 to May 2007
CONFIDENTIAL - Page 1 of 2 – CONFIDENTAL
2. CONFIDENTIAL
IT Systems Analyst serving in the capacity of Project Liaison; (SAP-Pharmaceuticals/Logistics)-SPS/Liaison/SPS Blueprint utilizing PMBOK,
GRC & SCRUM Best Practices while serving as the Royal Dutch Philips (PMS) SPSBlueprint Liaison, supporting PMS's UPS.
CLIENT - Boston Scientific, Natick, MA Oct. 2006 to Jan. 2007
IT Systems Analyst providing validation, auditing and GRC PM knowledge and expertise as an SAP (Pharmaceuticals/Logistics) Lead, directly
supporting Boston Scientific's SAP 4.6c to 4.7 global upgrade of Supply Chain, Production and Product Development, Sales & Distribution and
Marketing modules. Formal reviews of BPs (Business Processes) & SW Requirements), due to FDA 483s and CAPA Audits.
CLIENT - Medtronic, Mpls./St. Paul, MN Jan. 2005 to Aug.
2006
IT Systems Analyst providing validation, testing, and GRC PM expertise as an SAP (Pharmaceuticals/Logistics) Team Lead 21 CFR, Part 11
SAP (SD, MM, WM, QM and PP-PI) Analyst, requiring Track Wise tool integration. Serving as Team Lead providing guidance and training
for the clients in developing logistics test scripts for their (global) SAP Implementation, & SOX requirements: 302, 404/09, 802 & 809.
EXPERIENCE (Continued)
CLIENT - American Pharmaceutical Partners, Schaumburg, IL Mar. 2003 to Dec. 2004
IT Systems Analyst providing GRC auditing, validation, testing expertise for SAP Pharmaceuticals/Logistics). Lead analyst, conducting CAPA
integrity assessments and audits while supporting client's SAP implementation under FDA regulations 21 CFR, Part 11, 210 and 211. Client's
legacy system transitioned over from JD Edwards to I-many's Contract Administration and Reporting System (CARS). I-many application
supported client's logistical requirements including 3rd party vendors addressing requirements such as: plant to plant transfers of unrestricted or
restricted finished product(s), processing unauthorized return delivery from a customer’s warehouse, stock transfers orders - plant to plant in
addition to EDI 3rd party vendors within their SAP R/3 implementation. Also, directly supporting the client’s logistics groups with their
implementation of SAP, as Protocol Director, developed client’s BPRs: FI/CO, SD, PP-PI, WM, MM, and QM.
CLIENT - Eli Lilly & Company, Indianapolis, IN Jun. 2002 to Mar. 2003
IT Systems Analyst providing validation, GRC and SOX requirements analysis covering: 302, 404, 409, 802 & 809. Auditing experience includes
SAP (Pharmaceuticals/Logistics):Systems Analyst, supporting clients SAP ERP upgrade following: (21 CFR, Part 11, 210 and 211) FDA
Standards interfacing with I-Many bolt-on application requiring GRC validation, risk assessments and analysis using IBM Rational tools.
GvS, LLC, Belmont, CA Apr. 2000 to May 2002
IT Systems Analyst supporting Silicon Valley Start-up. SAP (Business Systems Analyst/Logistics): Business Lead, and SAP Development
Manager --- In response to pharmaceutical clients RFPs, out team developed an integrated mobile SAP R/3 implementation proposal, from initial
concept through business continuity risk assessment, requirements, testing, development, implementation, (DQ, IQ, OQ, & PQ) thru system
retirement, for functional modules (FI, CO, PP, WM, MM, QM, and SD) within their 21 CFR Part 11 environments.
Oracle Corp., Redwood Shores, CA Dec. 1999 to Apr. 2000
Systems Analyst Courseware Developer: Initial Oracle 11i E-Business Suite Implementation for our Automated Sales Force module. Product roll
out required the building upon Oracles 8i and 9i Business Applications, for a comprehensive suite of integrated ERP, SCM and CRM modules,
including iStore, Order Management and Workflow.
CLIENT - Thomson Corp., Foster City, CA Sep. 1998 Nov. 1999
IT Systems Analyst/Business Systems Analyst: Team Lead requiring development of internal customer based pre-implementation software
requirements protocol, roles and responsibilities matrix and validation traceability matrix. Pre-Implementation Software Requirements SOP.
Deliverables covered the preparation of: maintenance, network security and escalation. Methodologies used: UML & Rational Rose.
NAI, Santa Clara, CA Jul. 1997 to Aug. 1998
Systems Analyst: Primary project duties and responsibilities included the design and development of technical deliverables for the client’s end
users, field support personnel, DBAs and System Administrators. This 3-tier network design strategy, focuses on a Web based system delivering
an enterprise wide solution addressing: security, installation, maintenance, troubleshooting, and on-line help.
GigaLabs, Sunnyvale, CA Jan. 1996 to Jul. 1997
Systems Analyst/project management responsibilities for this Silicon Valley startup included the direct support of product beta testing (test
scripts/manual only) and user interface, in addition to the design and development of technical deliverables for our gigabit Ethernet switches and
routers. Deliverables included support for Field Technicians responsible for: PCI I/O NIC installations, SBus NIC installations.
Technically Elite, San Jose, CA Sep. 1996 to Jan. 1996
Systems Analyst/team lead and project management providing software testing modules: (test scripts, integration, regression, user interface,
etc.), system administrator's incorporating RMON-II technology, for UNIX LAN network monitoring/administration, security, troubleshooting and
maintenance application. Methodologies included: Rational Rose, (UML) Ver. 4.0 Lite and Visual Test.
AERO SPACE & DEFENSE ANALYST 1985 to 1996
Internal Auditor, SQA/Configuration Management, SDLC Military Aerospace and Defense Government Contracts. Security Clearance; Top
Secret/Secret Final (Inactive). Projects included requirements design and development for; V-22 Tilt Rotor, Command, Control, Communication,
Computers, and Intelligence (C4I) Systems, Star Wars-Ballistic Missile Defense System, and THAAD Systems.
EDUCATION
Business Development & Entrepreneurship, Stanford University, Palo Alto, CA, MS Information Science - (Candidate), Minnesota State
University, Mankato, MN, BS/Honors Program, Gustavus Adolphus College, Saint Peter, MN
PROFESSIONAL PRESENTATIONS, ASSOCIATIONS, SOCIETIES & TRAINING
ISC2
, ISACA, IPSEC WG, AFS (Apache Software Foundation), NIST CC WG, OCEG, CSA & CSA Group 2, Cloud Security, GRC & Audit,
Open Group, Jerico Forum, ISACA, ISSA, PCAOB, IIA, OWASP, ISC2
Intersec, SAP SDN & BPX, SAP Certification Training, (ERP
Upgrade), CRM Community, DIA, NoCOUG, PDA (PDA-Auditor), ISPE, RAPS, PMForum.org, IETF, E55 Pharmaceuticals, E-48
Biotechnology, and RF/PF Advisor. SAJACC, NIST SP 800-53-Rev 4, SP 500-291 & SP 500-292, Standards Roadmap, Business Use Cases,
Cloud Audit WG, IEEE Cloud Profiles WG (CPWG) Working Group 2301_WG & IEEE Intercloud WG (ICWG) 2302 WG, IETF Cloud
WG,CSA (Cloud Security Alliance) Contributor, CSA SecaaS (Security as a Service) WG, Peer Reviewer: Security Guidance For Critical
Areas of Focus in Cloud Computing Ver. 3.0, Black Hat Workshop: OWASP SamuraiWTF Intro to the Zed Attack Proxy, CSA Security
CONFIDENTIAL - Page 2 of 2 – CONFIDENTAL
3. CONFIDENTIAL
Guidelines, Ver. 3.0, Domain 7: Business Continuity, DR & Traditional Security, October 10th
, 2011, Domain-14 Security As A Service, FCPA
Foreign Corrupt Practices Act, Basel III Security Requirements, AICPA, 2012, Contributor: ISO/IEC 2nd WD 27017–Information technology–
Security techniques– Information security Management--Guidelines on Information security controls for the use of cloud computing services
based on ISO/IEC 27002, April 6th
, 2012, GAGAS,GAO 2011 Government Auditing Standards ‘Yellow Book’, Black Hat, DC, SAP
Backdoors & Web Applications, and EUROPA Mar 15th, 2011 Barcelona, SAP: Session (Fixation) Attacks and Protections (in Web
Applications). Service Organization Control (SOC) Reports. 12th
Annual ISACA Security Conference, San Francisco, Oct. 15th
-17th
Committee,
11th
Annual ISACA Security Conference, San Francisco, Nov. 7th
-9th
-Speaker: G32: WikiLeaks, Social Media & Whistleblowers: The Future of
IT Auditing A Definitive Landscape & G32-The Changing Influences of Social Media, WikiLeaks and Whistleblowers: A Modest Proposal: The
Future of IT Auditing by Mapping ITIL V3 and ISO/IEC 27002 With CobiT 4.1 Control Objectives, Conference Speaker’s Committee’s &
Moderator. 10th Annual ISACA Security Conference, San Francisco [Speaker’s Committee & Speaker]: C24: Fraud In The Workplace: Three
Mock Trials For Auditors.
a
CONFIDENTIAL - Page 3 of 2 – CONFIDENTAL