| Contact Information | |
| Name: | Leonard Szymanski |
| Email: | LSZY (at) comcast (dot) net [email concealed] |
| Location: | Westchester, Illinois, United States |
| Resume | |
| Position/Title: | Security Auditor |
| Resume: |
Leonard E. Szymanski 11012 Lancaster Street Westchester, IL 60154 Home: 708.531.1966 Cell: 630.363.7112 Work Status: United States Citizen LSZY (at) comcast (dot) net [email concealed] IT AUDITOR/SOX COMPLIANCE ANALYST PROFESSIONAL EXPERIENCE: 2008 - Present BAI Security (www.baisecurity.net), Schaumburg, IL - BAI Security provides IT Security Audits/Assessments, Perimeter-based Managed Security Services, and Security Policy Development. - Onsite IT Audit Consultant for a mid-sized banking corporation Reviewed ATM security compliance based on PCI checklist. Gathered information by interviews and walk-throughs at various levels and locations. Tested compliance with check list and evidence. Evaluated evidence and reported overall compliance status. - Onsite IT Audit Remediation Consultant for a global HR firm Developed, documented, and tested procedures and processes to remediate current audit and vulnerability assessment findings as required for Sarbanes-Oxley compliance. Worked with business owners to research and document key controls, classify their risk to the company, and recommend remediation options as required for Sarbanes-Oxley compliance. Developed and presented implementation plans, documentation, and formal processes to be used as a baseline for future remediation efforts. 2005 - 2008 ABN AMRO (www.abnamro.com), Chicago, IL - ABN AMRO is a global holding company with subsidiaries in approximately 63 countries which perform commercial banking operations, investment banking, and other related financial activities. - IBM Technology Risk Management/SOX Auditor Performed compliance state assessments and gap analysis of critical production banking systems, including surveying and/or conducting business owner interviews. Assisted in the development of process and procedure documentation (process narratives, policies, and procedure) based on CObIT framework for Sarbanes-Oxley compliance. Identified and analyzed risks. Recommended strategy to strengthen IT internal controls. Participated in auditing system change management and SDLC. Facilitated and tracked the bank Security Policy Exception Process. Represented the group in project status meetings with management. Responsible for monthly password monitoring and cracking procedures for legacy domain controllers across five network domains. Developed and tested a minimum baseline password standard in accordance with Gramm-Leach-Bliley Act (GLBA) requirements. Authored a tutorial on procedures to create “strong” passwords. Tracked mitigation efforts and communicated progress to the appropriate management personnel. 1998 - 2005 BAI Security (www.baisecurity.net), Schaumburg, IL - BAI Security provides IT Security Audits/Assessments, Perimeter-based Managed Security Services, and Security Policy Development. - IT Auditor/Assessor/SOX/Security Analyst Planned and executed technical and general IT system audits, conversion reviews, business process/applications controls reviews, and Disaster Recovery planning/testing. Assisted in the development of process and procedure documentation (process narratives, policies, and procedures) based on CObIT framework for Sarbanes-Oxley compliance. Conducted network security assessments. Executed vulnerability scanning and penetration/exploit testing on network devices. Conducted on-site and remote social engineering interviews, telephone system scanning, system log file review/analysis, and overall network security policy development/review. Created executive and technical level security assessment deliverables complete with mitigation recommendations. Communicated directly with client contacts to validate/mitigate findings in accordance with best practices recommendations and regulatory governance policies. Designed, implemented, and configured Managed Security Service Provider (MSSP) solutions: Firewalls, IDS/IPS, VPNs, Email Content Management, Web Content Management Data Leakage technologies, and Perimeter AntiVirus protection. Monitored firewall availability, activity tracking, remote user technical support, as well as report creation and direct communication with clients. Responsible for designing, implementing, and supporting LAN solutions including server and workstation builds, upgrades, migrations, data backup systems, network printing, enterprise antivirus, domain group policies, PDAs, email and web services. EDUCATION & TRAINING: Certified Information Systems Auditor (CISA) (scheduled to sit for 06/2009 exam) Anti-Money Laundering Course – 2006 Chicago, IL Internet Security Systems (ISS) Certified Fortinet FCSE Member of ISACA Northeastern Illinois University – Bachelor of Science |
