Syed K. Ishaq Arlington, VA 22202 syed.ishaq@gmail.com EXECUTIVE SUMMARY - Align technology with business, strengthen security, gain efficiencies and reduce costs. - Sold risk management projects in excess of $1 million. - Expert in Audit, Compliance, Security, Data Analytics, Privacy and Project Management. - Thorough understanding of leading practice guidance and regulatory compliance requirements, including SOX 404, AS5, COBIT, COSO, SSAE16, GLBA, PCI, HIPAA, FISMA, NIST, OMB. - Advanced experience in oversight of the planning and performance of internal control procedures by assigned staff, including establishing scope and audit approach; analyzing evidence and defining audit findings. - Adept at dissecting data, author full suite of policies and procedures, perform risk assessments, develop formula driven management reports and make executive presentations. - Develop cost-effective marketing strategies, hire and mentor multidisciplinary teams, make accurate payroll. - Certifications: CCISO, CISA and CRISC PROFESSIONAL EXPERIENCE American Risk Consulting - Washington, DC Director, Risk Management, 12-07 - Present ARC provides unsurpassed expertise in compliance readiness, audit, network assessment, advisory services, program management and social media strategy. Key Achievements - Sold $1.2 million advisory consulting projects (generated revenues in excess of a quarter-million per annum). - Rescued $2 million and increased ROI by 75% from intelligent decisions made via an enterprise risk assessment. - Deployed new compliance program which passed full scrutiny of an independent audit firm, thus enabling a pre-IPO organization to a successful public offering. - Implemented internal controls for a non-accelerated filer that resulted in year-one compliance. - Secured U.S. Dept. of Defense, Dept. of Labor, Health and Human Services and Small Business Administration. - Closed 99% of workpapers on initial submission with the Inspector General over a three year time span. - Evaluated over 800 workpapers prepared by management's outsourced audit firm and identified over 70 exceptions that could have prevented a clean audit opinion. External auditors identified zero exceptions post remediation. - Deployed IT policies at 5 organizations that received global 'buy-in' (from receptionist to CEO). - Reduced reporting time from 5 business days to minutes by means of technology automation. - Trained up to 90 personnel leveraging presentation slides, intranet, video and telephone. - Realized 50% work product improvement by transforming 5 sub-performers into strong professionals. Key Responsibilities - Business Development: Generate business leads; recruit employees (including H-1 sponsorship), subcontractors and offshore development teams; personnel development; methodology design; manage payroll. - SOX: Implement AS5 top-down, risk-based SOX programs. Identify the as-is state, strategize the to-be state, establish a project plan and utilize team members to execute objectives. Conduct walkthroughs, document narratives, produce risk control matrices and create flow diagrams using Visio swim lanes to depict system interrelationships and information flow. Evaluate SLAs and SSAE16 reports. Design, test, remediate and optimize General and Application controls utilizing COSO and COBIT. Conduct a risk assessment, document policies and procedures, install access provisioning, segregation of duties, super user admin and change management processes. Affect configuration, process and behavioral change as part of implementation effort. Interface with external auditors on behalf of management to avert adverse audit opinions. Securely manage artifacts and utilize dashboards to report progress to all stakeholders. Develop and deliver effective training program. - FISMA: Implement, test and audit FISMA objectives and controls pertaining to security authorization and assessment, risk assessment, SSP, Contingency Planning, STE, POAMs and privacy. - POAM: Transform existing POAM process into a mature and sustainable program. Document policy and procedures, train staff and install a quality assurance process to ensure closure artifacts are evaluated consistently, completely and accurately. Code a formula-driven metric-based dashboard to monitor progress and report real-time. Focus management's tone at the top to promote an enduring culture of risk mitigation. - Risk Assessment: Construct a formula-driven model to calculate the (inherent and residual) risks posed by all exploitable vulnerabilities. Present a cost-benefit analysis for each proposed solution to allow for intelligent strategic, budget and compliance decisions, which serves to better align IT priorities to business strategy. - Project Management (PMO): Led multiple concurrent projects ranging in scale and complexity involving hundreds of person-hours, coordinating and supervising teams. Drive positive organizational change thru strategic planning, clearly defined scope, business requirements, and budget, identify risks, manage resources, hit targeted milestones, control costs, determine and drive client expectations, report milestone progress to all stakeholders, deliver presentations and conduct training. Project evaluation experiences have involved evaluating IT project management and PMO functions at multiple complex organizations. - Software Selection: Experienced at helping clients with software selection including key business requirements definition, vendor identification, RFP development, proposal evaluation, vendor management and SLA metrics. - Data Analytics: Employ SQL, Excel Functions and MS Access to dissect big data to identify anomalies and trends. Navigant Consulting - Vienna, VA, Sr. Consultant, 06-06 - 12-07 Fannie Mae - Washington, DC, Internal Auditor, 06-05 - 06-06 KPMG - Houston, TX, Associate-Risk Advisory Services, 10-03 - 05-05 Reliant Energy - Houston, TX, Business Systems Analyst, 02-02 - 10-03 Enron - Houston, TX, Technologist, 07-01 - 12-01 Sabre - Southlake, TX, IT Intern, 05-00 - 08-00 Equiva Services - Houston, TX, IT Intern, 05-99 - 08-99 TECHNICAL SKILLS Regulatory Compliance: SOX, AS5, PCI DSS, GLBA, HIPAA, Data Privacy, FISMA, FISCAM, NIST, OMB Audits: Oracle E-Business Suite, Oracle 9i/10g, PeopleSoft, Great Plains, AS/400, ADP, Baan, Sybase, SQL Server, Active Directory, Exchange, QAD/MfgPro, Hyperion, Veritas NetBackup, Tandem, Windows, Unix, Coda, Heat, QuickBase, Cherwell, Imperva, Approva, Quest's ChangeAuditor, E-Commerce, EDI, Data Security, PDA, Disaster Recovery, SSAE16, SAS70 Applications: MS Access, Excel, Word, PowerPoint, Project, Visio, Oracle Report Writer 6i, CSAM, SharePoint, Remedy, Toad, SQL*Loader, Cognos Web Reports, Dreamweaver, Fireworks, Flash, FTP, Photoshop Programming: SQL, PL/SQL, VBA, VBScript, CSS, HTML EDUCATION and CERTIFICATION - University of Houston - BBA (cum laude), Major - Management Information Systems - CCISO, CISA and CRISC Certified - Candidate for CISSP CLEARANCE and MEMBERSHIP - US Citizen with Active Security Clearance - ISACA and EC Council