Edward (Ed) F.  Sanderson - Status: U.S. Citizen

Cell Phone: 941.320.6701 - Phone: 941-922-8446

e-mail:consulting@sdsecure.com   Address: 5161 Cote du Rhone Way, Sarasota Fl 34238

Summary

As an Information Technology professional I have strong:  Project Management, Data Administration, Identity and Access Management, Information Security, Compliance & Sarbanes-Oxley Regulatory Compliance and Disaster Recovery/ Business Continuation experience.  I have a proven record of effective leadership and strong project management presence that clients can depend upon.  My background includes proficiency in the development, documentation and implementation of regulatory compliance, information security, disaster recovery, and business continuity solutions for the distributed environment. 

Professional Experience

United Air Lines, INC.  March  2007 –Current Elk Grove Village, IL

Project Manager/Security Analyst Identify technical and business requirements for SUN Identity Manager, Two Factor Authentication and PKI  integration and implementation. 

  • Managed large scale SUN Identity Manager implementation.  Developed detailed technical and business project requirement documents and project plans.  Managed the technical resources for the development of connectors for applications such as Oracle ERP and Peoplesoft and the implementation provisioning and de-provisioning workflows based upon business roles.
  • Developed strategy and architecture provision and de-provision strong authentication form factors and digital certificates authentication services using identity management technology.
  • Identify architectural Requirements to integrate Two Factor Authentication and PKI into and existing Identity Management solution
  • Identify vendors for strong authenticate solutions and PKI solutions. The PKI vendors provide both in-sourced and out-sourced CA.
  • Distribute Request for formation and Request for Proposals to vendors.
  • Develop and managed POC for two factor authentication and PKI solutions.
  • Developed PKI federation strategy using the Certipath Bridge between client and trusted governmental regulatory agencies.
  • Developed PKI and Strong Authentication vendor selection criteria and lead business and technical personnel through a rigorous vendor selection process.
  • Coordinated technical teams from the company and vendors to architect the implementation of the products in the production environment.

ICAP/EBS                      January 2007 - February 2007                    New Jersey

Identity Management Design:  Identify Management Business Project Manager

  •  Managed the fast track deliverables of a team of technical and business managers participating in identity management project.
  • Created and managed a detailed project plan that identified specific tasks, deliverable milestones and resource requirements for the Identity Management program that included internet application access and authorization options such as single sign-on, password synchronization and password self administration.  The design called for Microsoft Active Directory to be the authoritative source using bi-directional connectors.
  • Analyzed complex currency trading business process and applications as candidates for automation.  Prepared business use cases scenarios and Swim-Lane diagrams that graphically represented automated financial workflows.   Demonstrated to senior management the potential business process efficiencies and cost saving that can be achieved by adding automation to world wide currency trading applications.

Environment: Microsoft Office, MS Project, MS Client Server, Visio, HP Openview Select Identity and Access, WebSphere Java Application Server

Kraft Foods                    October 2006 – December 2006                 Northfield, IL  

Sarbanes-Oxley Compliance:  Subject Matter Expert

  • Reviewed technology and supporting financial business processes.  Prepared detailed management analysis of process issues and remediation strategies.

Environment: Microsoft Office

 T-Mobile                        April 2006 – September 2006                     Bellevue, WA     Identity Management Product Selection:  Project Manager/Analyst

  • Managed the project tasks and deliverables for a team of technical and business managers participating in identity management project.
  • Created and managed a detailed project plan that identified specific tasks, deliverable milestones and resource requirements for the Identity Management program.
  • Reviewed and analyzed organizational strategy for automated business processes and determined potential cost saving and operating efficiencies. Created presentations and whitepapers for senior management on the cost advantages of the implementation of an identity management solution.
  • Working with technology and business managers developed an Identity Management Request for Proposal that specifically addressed the client requirements. Reviewed the Request for Proposal responses from participating identity manager vendors and prepared detailed technical and business analysis of each vendor response.
  • Collaborated with network and systems management groups to develop the architecture to implement a provisioning and authorization solution into the environment.  Identified requirements and solution to implement web enabled application authentication (single sign-on) and network application reduced sign-on functionality.
  • Prepared detailed tests plan for Proof of Concept (POC) testing and vendor selection process based upon business use cases and Swim-Lane diagrams.  The POC testing requirements including establishing process connectivity using out of the box and custom connectors/agents and the creation of workflow policies with multiple levels of authorization based on business job roles that provided provisioning scenarios for a distributed environment. Created multiple workflows to determine authoritative source options.  Created workflows and implemented bi-directional connectors for both Microsoft Active Directory and SAP Human Resource/Oracle DB environments.
  • Managed rigorous testing for the selected vendors and rated each test according to standards established by the client management.  Prepared and presented detailed product selection recommendation to senior management based on testing results and the vendor ability to meet the clients business and technical identity management criteria.

Environment: Microsoft Office, MS Project, MS Client Server, SUN Identity Manager, Oracle

24 Hour Fitness             January 2005 - April 2006                           Carlsbad, CA 

Information Security Classification and Identify Management: Project Manager/Analyst

  • Managed and performed the process to analyze existing access entitlements for Oracle M2 (Accounts Payable, Customer Services), Oracle Financials (Accounts Receivable, Fixed Assets, General Ledger) and Oracle Human Resources responsibilities by user job roles.  Establish user access criteria for segregation of duties based upon existing Oracle Financial responsibilities and rolesIdentified and remediated user entitlements where access did not conform to established access criteria.  
  • Performed vendor evaluation for single sign-on solutions and developed architecture to support web based identity management tools such as Oblix and Netgrity.

Environment: Microsoft Office, MS Project, MS Client Server, Oracle Financials, Oracle M2, Oracle Human Resources.

Hovnanian Builders       March 2005 – December 2005                   New Jersey 

Security and Change Manage Process and Compliance:  Subject Matter Expert

  • Developed System Life Cycle strategies, policies, and procedures focusing on distributed management accountability controls for JDEward and industry specific ERP Systems.   The audit programs focused on change management and security for Accounts Receivable, Accounts Payable and General Ledger process and segregation of duties functions.  Tested implemented ERP strategies and developed detailed Gap analysis and remediation plan.
  • Prepared Sarbanes-Oxley audit review and testing IT Operations, Security and Change Management Controls using CobiT//COSO model.

Environment: Microsoft Office, MS Project, MS Client Server, Oracle Financials,    

JDEdwards

 Equity One                     September 2004 - March 2005                   Miami, FL

Sarbanes-Oxley Compliance:  Subject Matter Expert

  • Managed and reviewed technology and supporting financial business processes for compliance to SOX requirements.  Prepared detailed management analysis of process issues and coordinated remediation strategies.
  • Prepared Sarbanes-Oxley audit review and testing IT Operations, Security and Change Management Controls using CobiT//COSO model.
  • Created and managed a detailed project plan that identified specific tasks, deliverable milestones and resource requirements for the compliance program.
  • Managed the project tasks and deliverables and reported to CIO and CFO.

Environment: Microsoft Office, MS Project, MS Client Server, SQL Server, Epicor

 UPS, Mahwah                July 2004 – August 2004                             New Jersey

Sarbanes-Oxley Compliance:  Subject Matter Expert

  • Managed and reviewed technology and supporting financial business processes for compliance to SOX requirements.  Prepared detailed management analysis of process issues and coordinated remediation strategies. Prepared Sarbanes-Oxley audit review and testing IT Operations, Security and Change Management Controls using CobiT//COSO model.

Environment: Microsoft Office, MS Project

Pfizer Global Manufacturing               April 2004 – June 2004          Lincoln, NE

Information Classification:  Project Lead

  • Managed and performed a detailed review of information objects classified under ISO 17799 standards. Performed Gap Analysis of classified objects to determine compliance with corporate standards, 21 CFR Part 11, or Sarbanes-Oxley standards and regulations. Prepared Remediation Analysis of objects where potential issues in implemented compliance controls were questioned.    

Environment: Microsoft Office, MS Project

 Cendant Car Rental Group (Avis)     January 2003 – April 2004     Parsippany, NJ

Security and Compliance: Project Lead

  • Assisted in review of a strategy to implement Tivoli Access and Identity Managers.  Identified opportunities for single sign-on for internet applications.
  • Security project manager for the conversion and implementation of a large mainframe based rental and reservation system. Identified and coordinated user access requirements with RACF and Database resource rules. Reviewed web site privacy policy to comply with Australian and Canadian privacy laws and company PII policy.
  • Performed functional and gap analysis and created deliverables.  Developed Sarbanes-Oxley compliance and auditing program using ISO 17799, COSO, and CobiT framework.
  •   Prepared Policies and Process based on ITIL best practice model.

Environment: Microsoft Office, MS Project, RACF, Internet, and Tivoli,WebSphere Java Application Server

 A&P                               March 2002 – January 2003                                    Montvale, NJ

Information Security:  Project Manager/Security Analysis

  • Managed a project to introduce identity management into the corporate environment. Identified technologies available in the market.   Developed business case, security architecture, and process implementation for an Identity Management process. 
  • Prepared management presentation identifying ROI opportunities with identity management technologies.  Performed identity and access management demonstration for senior management.  Created presentations and whitepapers for senior management on the cost advantages of the implementation of an identity management solution.  Performed detailed security and access control analysis of Oracle Financial system being implemented.  Created access control strategy focusing on Segregation of Duties for Accounts Receivable, Accounts Payable, and General Ledger and Fixed Asset modules. Developed end-to-end strategies for on-boarding requirements for consultants and employees.
  • Performed Single Sign-On vendor evaluation with emphasis strong authentication such as PKI, Tokens, and biometrics.
  • Prepared Policies and Process based on ITIL and HIPPA best practice model.

Environment: Microsoft Office, MS Project, Windows 2000, AIX, RACF

Maryland Motor Vehicle Administration   January 2002 – February 2002  Glen Burnie, MD

Information Security:  Project Manager/Security Analysis

  •     Information Security Analysis

Environment: Microsoft Office, MS Project, Windows 2000, Active Directory, COM+

Bristol-Myers Squibb          June 2001 – December 2001                           Princeton, NJ

Information Security:  Project Manager/Security Analysis

  • Developed an on-boarding strategy for new employees and consultants that could leverage an automated identity management and provisioning solution solutions such as Evidian  AccessMaster and Netegrity  SiteminderThe strategy identified user roles and access requirements to comply with 21 CFR Part 11. 
  • Developed formal selection criteria for Single Sign-On and PKI vendors using 21 CFR Part 11 guidelines.  Performed Single Sign-On vendor evaluation with emphasis strong authentication such as PKI, Tokens, and biometrics. Used Microsoft Active Directory as the authoritative source with bi-directional connectors.
  • Prepared Policies and Process based on ITIL best practice model.

Environment: Microsoft Office, UNIX and NT

Pfizer (Agouron),                  March 2001-June 2001                            San Diego, CA

Information Systems Disaster Recovery: Project Manager

Corning                                 December 2000 – February 2001           Corning, NY

Windows 2000 Security Migration: Security Project Manager/Analyst

 Carlson Travel                        October 2000 – November 2000        Minneapolis, MN

Encryption and PKI Review:  Project Manager/Analyst

Merrill Lynch Bank                    May 2000 – September 2000                  Plainsboro  NJ

E-Commerce Information Security Analysis: Project Coordinator

Chase H & Q,                              November 1999 – April 2000               San Francisco CA

Disaster Recovery/Business Contingency Planning:  Project Manager/Analyst   

INTELSAT                               May 1999 – November 1999                    Washington D.C

Disaster Recovery/Business Contingency Planning: Project Manager/Analyst

Guardian Life Insurance        September 1997 – April 1999                   New York City,

E-Commerce Information Security Architecture:  Security Project Manager/Analyst

Environment:  RACF, Proxima SSO, Tivoli/TACF, Unix, NT, Firewalls

Wal-Mart                                 April 1997 - August 1997                   Bentonville, AK

Security Consultant:  RACF Project Analyst

Environment: RACF, ISPF, TSOI, MVS

Virginia Power and Light         July 1996  - March 1997                        Richmond, VA

Security Consultant:   Top Secret Project Analyst    

Environment:  CA-Top Secret, ISPF, TSO, MVS, DB2

 Putnam Investments                 February 1996 to June 1996                 Boston                         

Disaster Recovery/Business Contingency Planning: Project Manager/Analyst

 Affiliations:

  • ISACA, PMI

 Education

Bachelor of Science in Business Administration Pace University, New York City, New York