| Contact Information | |
| Name: | James McCracken |
| Email: | jmccrac (at) hotmail (dot) com [email concealed] |
| Location: | Saint Louis, Missouri, United States |
| Resume | |
| Position/Title: | Security Auditor |
| Resume: |
James C. McCracken, Jr. PROFESSIONAL SYNOPSIS Licensed Certified Public Accountant has twenty years of experience in system analysis and information technology. Has proficiency in Sarbanes-Oxley 404 compliance, IT security auditing, IT governance, risk assessment management, project development, data analysis, financial analysis and systems implementation. CORE COMPETENCIES Auditing Methodologies: Sarbanes-Oxley Act, Section 404; AICPA Statement on Auditing Standards (SAS) 70; ISCA Control Objectives for Information and related Technology (COBIT); and Committee of Sponsoring Organizations of Treadway Commission (COSO) Enterprise Risk Management Internal Control Integrated Framework. Operating Systems: Windows 2000, XP, NT4, 95 and 98; Linux, Unix, DOS. Domain Servers: Windows 2000 Server (Active Directory) and NT4 Server. Programming Languages: VB 6.0, C#, VB.Net, ADO.Net, ASP.Net, SQL. Database Management: Access, SQL 2000, Oracle, Paradox, and Informix. Statistical Analysis: SAS, SPSS, BMDP, and Mathematica. Analytical Analysis: Excel, PowerPoint, Crystal Reports, Visio, and Project. System and Security Tools: Veritas BackUp Exec and IDR, Symantec Corporate Anti-Virus, WatchGuard firewall and Virtual Private Network. CERTIFICATIONS * Certified Public Accountant. * Microsoft Certified System Engineer. * Oracle Certified Database Administrator. * The Data Warehouse Institute EDUCATION * 1995 to 1998, M.S., biostatistics, Tulane University. * 1992 to 1995, M.S. and B.S., mathematics, University of New Orleans. * 1965 to 1966, M.B.A., economics, University of California at Los Angeles. * 1961 to 1965, B.S., engineering, United States Air Force Academy. PROFESSIONAL HISTORY IT Sensitive Customer Data Compliance US Bank Home Mortgage Systems October 2005 - Present Independent consulting engagement contracted by TekSytems with US Bank. Responsible for documenting the location and the transmission within USBHM systems and applications of sensitive customer data as defined by the Gramm-Leach-Bliley Act and the VISA Cardholder Information Security Program (CISP). Inventoried and described the IT controls within USBHM systems to protect non-public customer information. Provided compliance with Office of the Comptroller of the Currency (OCC) annual Gramm-Leach-Bliley reporting requirements. Authored documentation used by USBHM Systems Security Group to administer user access within USBHM systems and applications. Developed and programmed a database application to track USBHM application compliance with US Bank user id, password, and system access policies. Sarbanes-Oxley Section 404 IT Controls Review Stifel, Nicolaus & Company August 2005 - September 2005 Independent contractual consulting engagement authorized by work orders issued by BKD Technologies. Re-mediated control deficiencies reported in FY 2004 Sarbanes-Oxley Section 404 reviews. Recommended changes to address inadequacies for backup and restoration policies and procedures, for MAS 500 server password administration, for IT Security Policies and Procedures Documentation reviews, for IT Change Management Policies and Procedures, and for retention of documentation of exceptions to normal processing. Documented new and changed controls, designed and authored test plans, tested subject controls, and issued a report of findings with supporting documentation as to compliance with Sarbanes-Oxley Section 404. Planned FY 2005 end-of-year and quarterly testing for Sarbanes-Oxley, Section 404 IT controls compliance with Sarbanes-Oxley requirements. Designed and wrote test plans to examine IT controls for conformity with Sarbanes-Oxley. IT Controls Review Illinois Office Auditor General August 2005 - September 2005 Independent contractual consulting engagement authorized by work orders issued by BKD Technologies. As part of the FY 2005 OAG General Computerized Systems General Control Review, inspected, documented, and reported on specific computerized application controls at Illinois State University Retirement System, at Western Illinois University, at Illinois Department of Transportation, and at Illinois Teachers' Retirement System. Issued reports of findings with attached work papers and supporting documentation regarding agency compliance with OAG information system controls policies and directives. Senior Consultant, Security Risk Management BKD Technologies March 2005 - July 2005 Engagement responsibilities include the planning and the implementing of the audits of organization technology internal controls for compliance with Section 404 of the Sarbanes-Oxley Act and the conducting and documenting of risk assessment of institution information technology security for compliance with regulatory standards. Documented core IT business processes and controls. Employing both COSO and CobiT standards, performed risk assessments to analyze likelihood, materiality and vulnerability. Updated in place controls or created new core IT controls to correct control weaknesses. Tested controls through sampling derived from threat assessment analyses. Coordinating with client management, documented action plans to mediate tested control deficiencies. Re-tested and documented test results for mediated controls. Developed risk assessments based on requirements of Gramm-Leach-Bliley Act to safeguard customer information. Documented business processes or functions that client considered important to daily operations and assets that supported business systems. Threats, threat scenarios, and likelihood and potential impact of each threat were then identified for the client. Calculated risk scores for threats assets and systems. Produced risk profiles, risk management reports and business continuity reports. Sarbanes-Oxley Act Section 404 Documentation and Testing, Forest Pharmaceuticals July 2004 - February 2005 Consulting engagement under the direction of PriceWaterhouseCoopers included ensuring adequate documentation of existing controls that comprise the internal control structure for the inventory process and the financial reporting process. Employed the COSO framework to document sub-processes included ordering, receiving, shipment, physical inventory accounting, general ledger inventory financial accounting, standard cost development, product dating and recall, and standing data maintenance. Significant controls in the inventory process and the financial reporting process were identified and were tested to assess the effectiveness of the control environment. The test results were then evaluated to construct conclusions about the effectiveness of the internal controls. With the coordination of management and staff, developed and implemented mitigating corrective action plans to address control deficiencies. Tested and documented test results for mediated controls. Director, Information Technology Department, The Financial Group 2000-2003 Information technology security responsibilities included directing SAS 70 I and II in-depth audits to describe and to test controls over information technology and related processes, managing compliance with the Gramm-Leach-Bliley Act and state insurance regulations, and enhancing network security. Supervised network security improvements included virus protection, data backup, firewall hardware and software. Application development responsibilities included the management of the creation of new insurance and bank load protection software systems. Applications included a bank branch, desktop program to quote loans and to calculate debt protection program fees; a laptop property and casualty program allowing agents to quote premiums and to create policies at remote locations; a database system to administer term insurance policies; and a three-tier program for administering claims, fee collection, and reserve calculations. Directed the installation, support, and administration of an enterprise network with Internet access that consisted of Windows 2000 Server controllers using Active Directory, Windows 2000 file servers, UNIX SCO 5.6 file server, and Windows 2000 Professional clients on TCP/IP Ethernet LAN. Biostatistics Consultant 1995-2000 Health care consulting projects included impact of multiple factors upon infant birth weight, tracking of infant lead paint poisoning, food preferences in primary schools, and quality of life for women using a dietary supplement. Expert litigation projects included effects of Lindane exposure on primary school students, health complaints to improper sewerage treatment, a reverse discrimination complaint, and problems resulting from a chemical plant fire. Vice President, Commercial Lending, Standard Mortgage Corporation 1986-1992 Principally responsible for negotiation of $10 million to $100 million commercial loans for large regional shopping centers, multi-phase apartment projects, and high-rise commercial office towers. Lenders included Aetna, Allstate, Cigna, FNAM, and State Farm. Designed and supervised the installation of a Novell Netware Local Area Network. Director of Development, Financial Services Group, Anacomp Inc. 1981-1985 Developed and administered new programs for an organization that concentrated in large, mainframe financial computer software systems. Provided research and planning for acquisitions. Major program development included a retail banking system underwritten by 25 major banks, a branch banking automation program, and an IBM Value Added Reseller equipment agreement. District Manager, Information Network Division (INFONET), Computer Sciences Corporation 1975-1980 Responsible for revenue growth, facilities management, personal recruitment and supervision, and all cost expenditures. Marketed services included database management, project management, engineering, financial, and statistical applications. Provided advanced technology that included teleprocessing, system development tools, and programming languages. Client applications included Solar Turbine warranty database, circulation models for Time-Life and CBS, critical path management of expansion of SDG&E operating plant, computer design of composite heat sinks for Burroughs, structural design of Rohr Marine Surface Effects Ship and cash flow management for San Diego County. Business Development, Consumer Products Division, Trane Company 1971-1974 Responsible for automated accounting and financial services to nation-wide Trane franchises. MILITARY EXPERIENCE Pilot, United States Air Force 1965-1971 Distinguished Flying Cross and six Air Medals for aerial performance in Southeast Asia, 1968-1970. |