| Contact Information | |
| Name: | Gerald Prosser |
| Email: | gerald.prosser (at) earthlink (dot) net [email concealed] |
| Location: | Asheboro, North Carolina, United States |
| Resume | |
| Position/Title: | Security Consultant |
| Resume: |
Gerald T. Prosser CONTACT: * Email: gerald.prosser (at) earthlink (dot) net [email concealed] 336-953-9522 ROLES: * Sr. IT Auditor (SOX) (PCI) * Sr. Project Manager-IT Security * Sr. Security Consultant * Network Systems Manager * Director / Manager of IS * Program Manager IT Security * Finance and Accounting Officer INDUSTRY APPLICATION: * Global Security Services * Financial Services * Manufacturing * Retail TECHNICAL: Mainframe: (OS 390) Mid-Range: (AS400) Platforms: (Windows, Unix) e-Commerce Security (OWASPG) PCI Security (DSS v 1.2) EDUCATION: * The George Washington University * MSA Info. Systems Technology, 1980 * Upsala College * BS Accounting / Business, 1972 MILITARY: US Army, Finance Corps, 1966-1986 Retired Finance Corps Officer Vietnam Veteran * * OBJECTIVE Provide Senior level leadership in Information Technology Security or Information Technology Audit. EXPERIENCE SUMMARY Senior, Certified Information Systems Security Professional (CISSP), and IT Auditor (CISA) with more than 30 years of providing high quality accounting, auditing and information technology security leadership. SKILLS INVENTORY * Ability to communicate effectively at all levels in an organization * Consensus building collaboration efforts for IT Security. * Information Security Strategy Development * Enterprise IT Governance Development & Planning * Six years experience in Payment Card Industry (PCI) audits * Client Relationship Building & Management (Internal & External) * IT Auditing and IT Security Assessments * IT Risk Assessment & Mitigation Strategies * IT Security Project Management * Develop Global Information Security Policies and Standards PROFESSIONAL ORGANIZATIONS: * ISACA * ISC2 * SPSP CERTIFICATIONS & LICENSES: * CISSP-Certified Information System Security Professional * CISA-Certified Information System Auditor * QSA-Qualified Security Assessor, (PCI) * CHP-Certified HIPAA Professional * CHSS-Certified HIPAA Security Specialist * PA-Public Accountant, State of NC CHRONOLOGICAL SUMMARY OF EXPERIENCE Project Professional-Technology & Risk Management Practice-IT Audit Employer: Jefferson-Wells International, Charlotte, NC, November 2005-Furloughed March 2009. * Provided thought leadership in all areas of information technology security. * Performed PCI assessments for service providers and all levels of merchants. * Performed SOX 404 IT controls reviews and assessments. * Performed complete IT Risk Assessments and IT Audits. * Performed overall Enterprise Security Management and Governance when requested by the client. * Performed overall reviews of Business Continuity Plans and Disaster Recovery Plans. * Responsibilities include helping clients, improve processes, identifying and recommending internal audit best practices, creatively generating recommendations, and managing projects to completion on time and on budget. Provide overall project management for client assessments, engagement documentation and deliverable preparation and acceptance. Business Solutions Consultant- Technology & Risk Management-IT Governance Employer: ING-USFS, June 2007-February 2008 * Provide thought leadership in all areas of information technology. * Provided subject matter expertise in establishing IT controls processes throughout the USFS enterprise. * Implemented a process for monitoring and controlling changes to production applications, data, or infrastructure through self assessments and peer reviews. * Supported USFS synergy initiatives by proactively identifying, promoting, and facilitating opportunities to improve processes and tools. * Assured segregation of duties with a logical identity and access management policy. * Regularly reviewed and evaluated the business unit adherence with IT controls policy and communicated any deficiencies or opportunities to improve and expand IT controls. * Provided feedback to management of state of the Business Units through presentation of date form self assessments and peer reviews. * Maintained a repository of controls processes for all business units in USFS and managed the process for changes to these. * Developed and administered metrics to measure the success of the IT controls effort and each business units adherence to the policy * Regularly provided a metrics dashboard of IT Controls status and progress on efforts * Built strong and close relationships with major stakeholders and coordinate their involvement in IT control efforts. * Facilitated sharing of information and resources across the IT organizations in the USFS and other regions. * Evaluated technologies that support IT controls. Develop knowledge base of industry best practices related to IT controls Senior Project Manager-IT Audit-Certification and Accreditation-IT Governance Employer: ISYS Technologies, January 2007–June 2007 Consulting Client: US Patent and Trademark Office * Performed Certification & Accreditation (NIST 800-37) activities for the US Patent and Trademark Office (USPTO) for the Pre Grant Publication Classification System (PGPCS). * Acted as the required third party independent auditor to prepare and review the necessary documentation separate and apart from the Certifying Authority and the Accreditation Authority. Senior Project Manager-IT Audit-Certification and Accreditation-IT Governance Employer: ISYS Technologies, October 2006-January 2007 Consulting Client: Environmental Protection Agency * Performed Certification & Accreditation (NIST 800-37) activities for the Environmental Protection Agency (EPA) for FISMA reporting. * Provided optimal, policy based Agency security strategy. * Developed a phased implementation plan to accomplish the security strategy. * Assessed implementations of security policies and provided recommendations to optimize legitimate access to information. * Worked to effectively manage security-related risks and plan for mitigation of vulnerabilities. * Reviewed new technology and provided recommendations on use within the Agency. Senior Project Manager-IT Audit-IT Governance Employer: Control Solutions International, Inc., November 2004-October 2005 * Performed SOX 404 reviews and assessments including GAP analysis and IT controls review. * Performed complete IT Risk Assessments and IT Audits. * Performed overall reviews of Business Continuity Plans and Disaster Recovery Plans. * Performed overall Enterprise Security Management. * Performed overall reviews of the current Information Security Program from an IT controls viewpoint. Lead Consultant-IT Audit-IT Governance Employer: VeriSign Global Security Services, Inc., November 2003-October 2004 * Performed bank/merchant assessments for the Visa® CISP Program, MasterCard® SDP Program, and American Express® Customer Security Program. * Performed Certification & Accreditation (NIST 800-37) activities for Federal/Local Governments. * Performed complete IT Risk Assessments and IT Audits. * Applied “Best Practices” concepts in the review of enterprise security policy development. * Performed overall assessments on current Risk Assessment methodologies in use. * Performed overall reviews of the current Information Security Program. * Performed vulnerability assessments utilizing automated scanning tools. * Developed overall security programs and policies utilizing the ISO 17799, and the NIST SP-800-series guidelines. Senior Information Security Consultant & Project Manager-IT Governance Employer: TEKsystems® 2003 Consulting Client: YUM! Brands, Inc. Senior Information Security Consultant & Project Manager-IT Governance Employer: TEKsystems® 2003 Consulting Client: HQ NASA, Washington, DC Senior HIPAA Security Consultant-IT Governance Employer: TEKsystems® 2003 Consulting Client: Humana, Inc Senior Program Manager-IT Security-IT Governance Employer: PricewaterhouseCoopers, 2001-2002 Senior IT Security Consultant-IT Audit-IT Governance Employer: Lucent Technologies-Global Security Practice, 2000-2001 Senior Security Consultant & Auditor-IT Governance Employer: M?dis, 1999 Consulting Client: NC Employment Security Commission Senior IT Auditor/Vice President-IT Audit-IT Governance Employer: Bank of America, 1998 Network Systems Manager Employer: Worthington Steel Co., 1994-1997 President Employer: Total Information Planning Company, Inc., 1991-1993 Director, Management Information Services Employer: BGD Computer Systems, Inc., 1990-1991 Project Manager -Network Security Technology Employer: Westinghouse Savannah River Company, 1988-1990 Program Manager/Computer Security Employer: US Army (Civilian), G-2 XVIII Airborne Corps, 1987-1988 IT Auditor Employer: Self –Employed, 1986-1987 Automation Security Officer Employer: US Army, Finance Corps, 1976-1986 Finance and Accounting Officer Employer: US Army, Finance Corps, 1966-1976 March 1, 2009 Page 1 of 4 |