Uploaded File
Luis
corredorluis@yahoo.com
786-346-6209
2893 NW 123rd Avenue
Newport Beach, CA 92663
IT Audit Manager
32 years experience W2
0
Recommendations
Average rating
25
Profile views
Summary

PROFESSIONAL SUMMARY:

Results-driven, analytical problem-solver with extensive experience in identifying Information Security Risks and developing cost-effective solutions to meet business requirements. Skilled at defining security metrics and KPIs to track team performance against optimal targets. Established track record of working effectively across multiple business cultures, including Mexico, Colombia, and Europe. Natural communicator and team leader skilled in motivating and leading interdisciplinary project teams to systematically address business risk challenges.

EDUCATION:

  • Masters of Science in Engineering - Lviv Polytechnic National University, Lviv, Ukraine
  • Bachelor Degree as System-Techniques Engineer - Lviv Polytechnic National University, Lviv, Ukraine

CERTIFICATIONS:

  • CISSP - Certified Information Systems Security Professional
  • CISA - Certified Information Systems Auditor
  • CISM - Certified Information Security Manager
  • CRISC- Certified in Risk and Information Systems Control
  • CGEIT - Certified in the Governance of Enterprise IT
  • ITIL V 3.0 Fundamentals

CORE COMPETENCIES:

  • Experience in conducting IT risk assessments based on Information Security Risks and compliance with requirements associated within a broad range of information technology platforms. Demonstrated ability to reconcile technical recommendations with specific business needs, within agreed budgetary framework.
  • Experience in auditing requirements of Payment Card Industry (PCI) standards and of regulatory associated with Sarbanes Oxley (SOX) 404/GLBA, SSAE 16/18, BASEL II, HIPAA and related privacy and security standards.
  • Experience in the design and implementation of IS policies and governance improvement programs.
  • Proven ability to effectively engage, influence, negotiate with, and lead stakeholders at both technical and business levels into making effective security decisions throughout the lifecycle of high profile technology projects.

Experience
AVP/ISO IS Governance and Security (CISA CISM CRISC CGEIT CISSP)
Information Technology
Jul 2016 - Nov 2017
Miami, AZ

Projects:

  • Performed Governance, Risk, and Compliance assessments.
  • Managed IT compliance control activities, violations, and identified IT Audit findings to ensure their timely resolution.
  • Implemented and managed the IT and cybersecurity incident response plan.
  • Managed monitoring/DLP, device control, vulnerability scans, SIEM (Security Incident Event Management) initiatives to avoid data leakage (DLP) and improved reporting and alerts.
  • Managed GLBA Assessments.
  • Performed cybersecurity risk assessments using the Cybersecurity Assessment Tool (CAT).
  • Managed vulnerability risk assessments of Information Technology.
  • Interfaced extensively with stakeholders to ensure compliance of IS policies, developing and maintaining information Security Architecture, Corporate IS Standards, Entity IS Procedures, Guidelines, and monitor the development of the Information Security Program based on COBIT, NIST, SSAE 16/18, PCI, ISO 27001/27002, SOX, and GLBA/FFIEC regulatory requirements.
  • Managed and implemented Project Security solutions to satisfy privacy, monitoring (SIEM/SOC) and DLP requirements following the established Project Management Framework to ensure projects stay on budget, on target dates, and defined scope including project risk management.
CISM CISSP Compliance Cyber Security GLBA Information Security NIST PCI Risk Assessment Risk Management SIEM SOX Auditing FFIEC
Remove Skill
Corporate and Information Security Officer (CISA CISM CISSP)
Banking/Financial
Oct 2015 - Jun 2016
Coral Gables, FL

Projects:

  • Interfaced extensively with stakeholders and IT leadership to ensure compliance of IS policies and monitor the development of the Information Security Program based on COBIT, NIST, PCI, SSAE 16, ISO 27001/27002, and instituting corrective actions where necessary to ensure compliance of GLBA/FFIEC regulatory requirements.
  • Created and delivered presentations to technical and business stakeholders to communicate project objectives and milestones, including defined metrics to report successes and progress of the security program.
  • Managed IT compliance control activities and violations to ensure their timely resolution.
  • Conducted cybersecurity risk assessments.
  • Performed third/fourth party vendor risk assessments.
  • Managed vulnerability risk assessments of Information Technology.
  • Prepared and developed the Information Security Awareness Program.
  • Participated in initiatives addressed to improve the methodology and procedures to prevent data leakage (DLP), avoid and improve fraud detection.
CISM CISSP Compliance Cyber Security GLBA Information Security NIST PCI Risk Assessment
Remove Skill
IT Audit Manager (CISA CISM CISSP)
Information Technology
Jul 2014 - Sep 2015
Miami, AZ

First Data Corporation - FDC (Coral Springs USA)

  • Managed auditing projects on Premises and Cloud (AWS) for compliance of the Banking Industry regulatory requirements and Information Security Standards based on COBIT, NIST, SSAE 16, PCI, and ISO 27001/27002 to ensure success of IS policies and adequacy and effectiveness of the applied Information Security and ITGC including Identity and Access Management (IAM), Program Change & Development, and Computer Operations.
  • Managed and conducted the audit planning, execution, follow up, closing and reporting of IT Audit findings and concise recommendations during the fieldwork and wrap up to the leadership team.
  • Participated in initiatives addressed to improve the methodology and procedures of the Integrated Risk Based Approach Audits to avoid fraud and improve detection.
Auditing CISM CISSP Compliance IAM Information Security NIST PCI
Remove Skill
IT Risk and Information Security Officer (CISM, CISA, CISSP)
Information Technology
Aug 2011 - Feb 2014

Projects:

  • Managed, implemented and supported SAP Identity and Access Management (IAM) with User Access Control of GRC SAP following the defined project management (PMI) framework.
  • Interfaced extensively with stakeholders and IT leadership to ensure compliance of IS policies.
  • Managed Auditing Projects for compliance of GLBA/FFIEC regulatory requirements and Information Security Standards based on COBIT, NIST, SSAE 16, and ISO 27001/27002 to ensure success of IS policies.
  • Managed and support of the Endpoint Security Solution to update the existing Network Security Platform including policy definition, network visibility, advance analysis, DLP and forensics, device control, vulnerability scans, system and user behavior and improved reporting and alerts.
  • Utilized Security Information and Event Management (SIEM), Intrusion Detection & Prevention (IDS / IPS), Data Leakage Prevention (DLP), forensics, sniffers and malware analysis tools.
  • Implemented and regularly reviewed Infrastructure and Servers Security Guidelines.
  • Created and delivered presentations to technical and business stakeholders to communicate project objectives and milestones.
  • Managed the Computer Security Incident Response Team (CSIRT) and owned the Information Security Incident Response Plan.
  • Performed third/fourth party vendor risk assessments.
  • Managed IT compliance control activities and violations to ensure their timely resolution.
  • Managed vulnerability risk assessments of Information Technology
CISSP Compliance GLBA IAM Information Security Network Security NIST Risk Assessment
Remove Skill
Information Security Manager (CISM CISA)
Information Technology
Sep 2009 - Feb 2010

Projects:

  • Conducted risk assessments of Information Technology business processes highlighting risk areas that required additional controls.
  • Implemented and managed the IT security incident response plan.
  • Interfaced extensively with stakeholders and IT leadership to ensure success of IS policies.
  • Developed methodology and conducted risk evaluation of IT infrastructure and business applications including third/fourth party vendor risk assessments.
  • Prepared and conducted the Information Security Awareness Program.
  • Implemented Business Continuity Management (BCP/DRP) based on COBIT, SAS 70, ISO 27001/27002, ITIL, and CMMI.
  • Increased Information security awareness from 45% to 85%, satisfying key target of Disaster Recovery project.
Information Security Risk Assessment SAS 70 Stakeholder Engagement
Remove Skill
Information Security Manager (CISM CISA)
Information Technology
May 2008 - Aug 2009

Projects:

  • Managed the development, monitoring, and sustainability of the information security and compliance management program (including Sarbanes & Oxley requirements) to protect the privacy and confidentiality of information and assets of the corporation.
  • Implemented Group Information Security Standards based on NIST, PCI, SOX COBIT, ISO17799/27001/27002, ITIL, and CMMI.
  • Implemented and regularly reviewed Infrastructure and Servers Security Guidelines.
  • Interfaced comprehensively across the organization to monitor the development and maintenance of Information Security Architecture, IT Policy Management processes, and instituting corrective actions where necessary.
  • Managed and implemented project security solutions to satisfy monitoring (SIEM/SOC) requirements following the established Project Management Framework (PMI) to ensure projects stay on budget, on time, and scope.
  • Conducted applications and infrastructure risk assessments using CITICUS ONE (based on FIRM- a research-based methodology for measuring and managing information risk across enterprises of all types and sizes).
  • Conducted third party vendor risk assessments.
  • Managed the IT security incident response plan.
  • Managed Compliance and IT Audit findings to ensure their timely resolution.
  • Consulted with IT technical services staff to evaluate, select, install, and configure hardware and software systems with appropriate security functionality.
  • Prepared and Developed Information Security Awareness Program.
  • Increased Information security awareness from 35% to 55% (2009 AXA World-wide Staff Evaluation).
Auditing Compliance Information Security NIST PCI Project Management Risk Assessment SOX
Remove Skill
Information Security Systems Auditor
Information Technology
Jan 2007 - May 2008

Projects:

  • Managed the risk based Audit Information Systems Program using COBIT, ISO17799, ITIL, and CMMI.
  • Reported regularly on individual project milestones via formal presentations to business and technical leads.
  • Performed risk assessments using well known frameworks and methodologies such as COBIT and OCTAVE.
  • Managed IT Auditing Projects for compliance of Information Security Standards.
  • Contributed to improved ITIL and ISO17799 compliance of Information security systems from 60% to 75% based on annual audit process.
Auditing Compliance Information Security Risk Assessment
Remove Skill
Information Security and IT Manager
Information Technology
Apr 2003 - Dec 2006

Projects:

  • Conducted annual risk assessment across all information technology processes to isolate and address critical system vulnerabilities.
  • Monitored remediation programs to ensure resolution of all identified threats including DLP and compliance violations.
  • Managed the development, monitoring, and sustainability of the information security and compliance management program (including SOX/SAS 70 requirements) to insure the privacy and confidentiality of information and assets of the corporation.
  • Implemented and supported Windows 2000/2003 servers according to Windows Servers Security Guidelines and regularly reviewed Windows 2000/2003 security logs to identify any potential lapses and/or diagnose root causes.
  • Managed development, testing, implementation, support of Agency's requirements and documentation following the project management framework (PMI) in line to Corporate Worldwide Information Security Architecture and SAP project implementation including IT security incident response plan and BCP/DRP.
  • Contributed to improved ITIL and ISO17799 compliance of Information security systems from 85% to 93% based on annual Corporate Evaluation process.
Compliance Information Security Project Management Risk Assessment SAP SAS 70 SOX
Remove Skill
IT Service Center Manager
Information Technology
Aug 1989 - Dec 2002
Bogota, IL

Projects:

  • Developed new IT portfolio solutions and managed the Authorized Service and Support Center for different brands such as 3com, Novell, Microsoft, Tripp Lite, AST, and Summagraphics.
  • Supported sales and developed the Continuous Sales Technical Education Program.
  • Implemented complete IT Networked Based Solutions including Servers, Routers, and Switches.
  • Managed and supported Microsoft Win NT and Unix Servers, 3com, Novell solutions for different customers.
  • Contributed to increased company Sales revenue of 400% based on new IT solutions portfolio.
No skills were added
Remove Skill
Edit Skills
Non-cloudteam Skill
Education
Master's in Engineering
Lviv Polytechnic National University
Bachelor's in System-Techniques Engineer
Lviv Polytechnic National University
Certifications
CISSP - Certified Information Systems Security Professional
CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
CRISC- Certified in Risk and Information Systems Control
CGEIT - Certified in the Governance of Enterprise IT
ITIL V 3.0 Fundamentals
Skills
Information Security
2017
12
Compliance
2017
11
Risk Assessment
2017
11
NIST
2017
6
SOX
2017
6
Auditing
2017
5
CISSP
2017
5
GLBA
2017
4
PCI
2017
4
Project Management
2009
4
SAS 70
2010
4
CISM
2017
3
IAM
2015
3
SAP
2006
3
Cyber Security
2017
2
Network Security
2014
2
FFIEC
2017
1
Risk Management
2017
1
SIEM
2017
1
CISA
0
1
Stakeholder Engagement
2010
1