|
Edward (Ed) F. Sanderson - Status: U.S. Citizen Cell Phone: 941.320.6701 - Phone: 941-922-8446 e-mail:consulting@sdsecure.com Address: 5161 Cote du Rhone Way, Sarasota Fl 34238 Summary As an Information Technology professional I have strong: Project Management, Data Administration, Identity and Access Management specializing in Information Security and Regulatory Compliance in the areas of Payment Card Industry (PCI), Sarbanes Oxley (SOX) and Gramm-Leach-Bliley Act (GLBA) and disaster recovery and contingency. I have a proven record of effective leadership with strong project management skills on which clients can depend upon. My background includes proficiency in the development, documentation and implementation of regulatory compliance, information security, disaster recovery, and business continuity solutions for the distributed environment. Professional ExperienceTarget Stores, June 2009 to September 2009 Minneapolis, MN Project Manager/Security Analyst Outlined standards to establish an environment that is to be accessed by only those technologists responsible for PCI and GLBA applications. · Developed criteria to identify and secure application in an environment that is restricted to applications that meet GLBA and PCI criteria. · Identify application/utilities that may be used to access and alter identified GLBA and PCI Applications. Developed access criteria for identified application based on job roles business and technical requirements. · Collaborated in designing a secure network segment that contained infrastructure that supported GLBA,PCI and SOX applications. United Air Lines, INC. March 2007 to June 2009 - Elk Grove Village, IL Project Manager/Security Analyst: Identified technical and business requirements for SUN Identity and SUN Role Manager, Two Factor Authentication and PKI integration and implementation. · Managed a large-scale implementation of the SUN Identity Manager and SUN Role Manage (Vaau). Developed and executed detailed technical and business project requirement documents and project plans. · Managed the technical resources for the development of connectors for applications such as Oracle ERP and PeopleSoft and the implementation of provisioning and de-provisioning workflows based upon business roles. · Developed and implemented detailed Disaster Recovery and Contingency Plans for Identity Management and Strong Authentication infrastructures. · Collaborated in designing a secure network segment that contained infrastructure that supported PCI and SOX applications. · Performed Security Event and Incident Management using RSA envision tool for servers in secure network segment. · Assisted business units in identifying Identity Management process requirements and prepared use cases and swim lane process flows that addressed requirements. · Managed defects attributed to SUN Identity Manager and SUN Role Manager by defining each issue, preparing project plan to remediate the issues and coordinated remediation with SME’s. · Participated in a PCI task force which identified the requirements for secure remote access using the PCI Data Security Standard as a guide. The documents created detailed requirements for Two Factor Authentication implementation and VPN access requirements. · Developed Policies and Procedures for Remote Access VPN access and resource authorization that complied with PCI DSS specifications. · Identified vendors for Two Factor Authentication (strong authentication) and Public Key Infrastructure (PKI) solutions. Distributed RFI and RFP to vetted vendors using the PCI DSS standards developed by the PCI working group. · Developed PKI federation strategy using the Certipath Bridge between client and trusted governmental regulatory agencies. Developed PKI and Strong Authentication vendor selection criteria and led business and technical personnel through a rigorous vendor selection process. · Coordinated and architected the implementation selected Strong Authentication vendor in the production environment in a secure security segment. · Identified user who performed PCI related activities and technicians who were responsible for managing platforms where PCI data was stored. Coordinated with PCI users and network security to develop VPN access control based on PCI user’s roles. · Developed user documentation and coordinated the distribution of strong authentication form factors to selected PCI VPN users and had external PCI auditors certify the solution. Environment: Microsoft Office, MS Project, MS Client Server, Visio, Sun Identity and SUN Role Manager, Aladdin Token Management System, Exostar Digital Certificates, Checkpoint VPN. ICAP/EBS January 2007 - February 200 7 New Jersey Identity Management Design: Identify Management Business Project Manager · Managed the fast track deliverables of a team of technical and business managers participating in identity management project. · Created and managed a detailed project plan that identified specific tasks, deliverable milestones and resource requirements for the Identity Management program that included internet application access and authorization options such as single sign-on, password synchronization and password self administration. The design called for Microsoft Active Directory to be the authoritative source using bi-directional connectors. · Analyzed identified application for user access to ensure that the solutions developed would comply with access requirements for Gramm-Leach-Bliley Act (GLBA) certification. · Analyzed complex currency trading business process and applications as candidates for automation. Prepared business use cases scenarios and Swim-Lane diagrams that graphically represented automated financial workflows. Demonstrated to senior management the potential business process efficiencies and cost saving that can be achieved by adding automation to worldwide currency trading applications. Environment: Microsoft Office, MS Project, MS Client Server, Visio, HP Openview Select Identity and Access, WebSphere Java Application Server Kraft Foods October 2006 - December 2006 Northfield, IL Sarbanes-Oxley Compliance: Subject Matter Expert · Reviewed technology and supporting financial business processes. Prepared detailed management analysis of process issues and remediation strategies. Environment: Microsoft Office T-Mobile April 2006 - September 2006 Bellevue, WA Identity Management Product Selection: Project Manager/Analyst · Managed the project tasks and deliverables for a team of technical and business managers participating in identity management project. · Created and managed detailed project plans that identified specific tasks, deliverable milestones and resource requirements for the Identity Management program. · Working with technology and business managers developed an Identity Management Request for Proposal that specifically addressed the client requirements. Reviewed the Request for Proposal responses from participating identity manager vendors and prepared detailed technical and business analysis of each vendor response. · Collaborated with network and systems management groups to develop the architecture to implement a provisioning and authorization solution into the environment. · Prepared detailed tests plan for Proof of Concept (POC) testing and vendor selection process based upon business use cases and Swim-Lane diagrams. The POC testing requirements including establishing process connectivity using out of the box and custom connectors/agents. · Managed testing for the selected vendors and rated each test according to standards established by the client management. Prepared and presented detailed product selection recommendation to senior management based on testing results and the vendor ability to meet the clients business and technical identity management criteria. Environment: Microsoft Office, MS Project, MS Client Server, SUN Identity Manager, Oracle Identity Manager 24 Hour Fitness January 2005 - April 2006 Carlsbad, CA Information Security Classification and Identify Management: Project Manager/Analyst · Managed and performed the process to analyze existing access entitlements for Oracle M2 (Accounts Payable, Customer Services), Oracle Financials (Accounts Receivable, Fixed Assets, General Ledger) and Oracle Human Resources responsibilities by user job roles. Establish user access criteria for segregation of duties based upon existing Oracle Financial responsibilities and roles. Identified and remediate user entitlements where access did not conform to established access criteria. · Prepared documentation detailing requirements to comply with Payment Card Industry Data Security Standards (PCI DSS) and reviewed access controls for identified PCI applications. · Performed vendor evaluation for single sign-on solutions and developed architecture to support web based identity management tools such as Oblix and Netgrity. Environment: Microsoft Office, MS Project, MS Client Server, Oracle Financials, Oracle M2, Oracle Human Resources. Hovnanian March 2005 – December 2005 New Jersey Security and Change Manage Process and Compliance: Subject Matter Expert · Developed System Life Cycle strategies, policies, and procedures focusing on distributed management accountability controls for JDEdwards and industry specific ERP Systems. · Prepared Sarbanes-Oxley audit review and testing IT Operations, Security and Change Management Controls using CobIT/COSO model. Environment: Microsoft Office, MS Project, MS Client Server, Oracle Financials, JDEdwards Equity One September 2004 - March 2005 Miami, FL Sarbanes-Oxley Compliance: Subject Matter Expert · Prepared Sarbanes-Oxley audit review and testing IT Operations, Security and Change Management Controls using CobiT//COSO model. · Created and managed a detailed project plan that identified specific tasks, deliverable milestones and resource requirements for the compliance program. · Managed the project tasks and deliverables and reported to CIO and CFO. Environment: Microsoft Office, MS Project, MS Client Server, SQL Server, Epicor UPS, Mahwah July 2004 - August 2004 New Jersey Sarbanes-Oxley Compliance: Subject Matter Expert · Prepared Sarbanes-Oxley audit review and testing IT Operations, Security and Change Management Controls using CobiT//COSO model. Prepared detailed management analysis of process issues and coordinated remediation strategies Environment: Microsoft Office, MS Project Pfizer Global Manufacturing April 2004 - June 2004 Lincoln, NE Information Classification: Project Lead · Managed and performed a detailed review of information objects classified under ISO 17799 standards. Performed Gap Analysis of classified objects to determine compliance with corporate standards, 21 CFR Part 11 and Sarbanes-Oxley standards and regulations.. Environment: Microsoft Office, MS Project Cendant Car Rental Group (Avis) January 2003 - April 2004 Parsippany, NJ Security and Compliance: Project Lead · Assisted in review of a strategy to implement Tivoli Access and Identity Managers. Identified opportunities for single sign-on for internet applications. · Security project manager for the conversion and implementation of a large mainframe based rental and reservation system. Identified and coordinated user access requirements with RACF and Database resource rules.. · Developed and implemented detailed business contingency plan for subsidiary environment. · Performed functional and gap analysis and created deliverables. Developed Sarbanes-Oxley compliance and auditing program using ISO 17799, COSO, and CobiT framework. · Prepared Policies and Process based on ITIL best practice model. Environment: Microsoft Office, MS Project, RACF, Internet, and Tivoli, WebSphere Java Application Server A&P March 2002 - January 2003 Montvale, NJ Information Security: Project Manager/Security Analysis/Disaster Recovery · Developed detailed Disaster Recovery plan for a large distributed environment. · Managed a project to introduce identity management into the corporate environment. Identified technologies available in the market. Developed business case, security architecture, and process implementation for an Identity Management process.
· Performed Single Sign-On vendor evaluation with emphasis strong authentication such as PKI, Tokens, and biometrics. · Prepared Policies and Process based on ITIL and HIPPA best practice model. Environment: Microsoft Office, MS Project, Windows 2000, AIX, RACF Maryland Motor Vehicle Administration January 2002 - February 2002 Glen Burnie, MD Information Security: Project Manager/Security Analysis Bristol-Myers Squibb June 2001 - December 2001 Princeton, NJ Information Security: Project Manager/Security Analysis
Pfizer (Agouron), March 2001-June 2001 San Diego, CA Information Systems Disaster Recovery: Project Manager Corning December 2000 - February 2001 Corning, NY Windows 2000 Security Migration: Security Project Manager/Analyst Merrill Lynch Bank May 2000 - September 2000 Plainsboro NJ E-Commerce Information Security Analysis: Project Coordinator Chase H & Q, November 1999 - April 2000 San Francisco CA Disaster Recovery/Business Contingency Planning: Project Manager/Analyst INTELSAT May 1999 - November 1999 Washington D.C Disaster Recovery/Business Contingency Planning: Project Manager/Analyst Guardian Life Insurance September 1997 - April 1999 New York City, E-Commerce Information Security Architecture: Security Project Manager/Analyst Wal-Mart April 1997 - August 1997 Bentonville, AK Security Consultant: RACF Project Analyst Environment: RACF, ISPF, TSOI, MVS Virginia Power and Light July 1996 - March 1997 Richmond, VA Security Consultant: Top Secret Project Analyst Putnam Investments February 1996 - June 1996 Boston Disaster Recovery/Business Contingency Planning: Project Manager/Analyst Affiliations:
Education Bachelor of Science in Business Administration Pace University, New York City, New York |