CORY NOTRICA

cnresume@notrica.com

 

SUMMARY

 

Technology & Security Risk Professional with extensive experience in IT Risk Management, Information Security Management, Information Technology (IT) Audit, IT Compliance, Privacy, Business Process Analysis and Project Management.  Mature leadership, problem-solving and interpersonal skills.  Proven record of successful delivery and practical knowledge.  Areas of specialization include Strategic Development, Information Risk Assessment, Project Risk Management, Network Architecture Analysis, Third Party Due Diligence and Business Process Improvement.

 

SELECTED ACCOMPLISHMENTS

 

·         Implemented IT Risk Management and Risk Control Self Assessment Methodology for a Fortune 50 global organization.

·         Provision of Senior Leadership in Information Security for major Global Financial Services firm where it did not previously exist in the Americas, raising awareness for and effectiveness of the group.

·         Co-managed development of World Class IT Audit Methodology for Fortune 50 company integrating Six Sigma principles, proven IT Audit Methodologies and IT Audit Industry Guidance.  Managed team of 20 professionals in varied technical specialties.

·         Provided ongoing technical guidance for startup Internet Sweepstakes venture, which became leading sweepstakes site on the Internet.

·         Performed control analysis and security risk reviews for the largest Metropolitan Transportation electronic fare collection system.  Developed ongoing client relationships and provided key guidance and analysis of project and technical risks.

·         Managed Audit Command Language (ACL) project critical to conversion of accounting method for U.S. House of Representatives.  Engagement team consisted of 4 ACL specialists and financial team of 10.  Translated business needs into technical specifications.

·         Outsourced IT audit function for Japanese banking client.  Performed risk assessment, annual planning, budgeting, execution and presentation oversight and maintained the client relationship.

·         Provided Forensic and Litigation Services Support.  Managed and participated in technical engagements supporting the recovery of seized computer hardware while overseeing chain-of-custody issues.

 

EXPERIENCE

 

ERNST & YOUNG, LLP

1992-1996, 2004-Present

Senior Manager –Technology and Security Risk Services, Financial Services Office (TSRS FSO) (2005-Present) New York, NY

 

Manager –Technology and Security Risk Services Financial Services Office (TSRS FSO) (2004-2005) New York, NY

 

Senior Auditor – Information Systems Auditing & Security (ISAS) (1993-1996) New York, NY

Supervised staff and day-to-day tasks in IT auditing engagements.  Reviewed systems for general controls and security risks.

·         Managed ACL technical team for U.S. House of Representatives.  Developed variable-based data analysis applications.

·         Documented and communicated issues and recommendations to client management.

 

Auditor – Information Systems Auditing & Security (ISAS) and Financial Audit (1992-1993) White Plains, NY

Worked closely with staff and performed day-to-day tasks in auditing engagements.

·         Programmed custom database for financial services client and trained staff in its use. 

 

 

UBS INVESTMENT BANK, Stamford, CT

2002-2004

Director – Security Risk Control, Americas

Responsible for overall Information Security Risk Assessment for UBS Investment Bank, Americas.

·         Present Security Risk processes and hot topics to senior management increasing visibility of IT Security issues

·         Backup for Global Chief Security Officer in Americas for Information Security issues.  Provide guidance to local staff.

·         Build relationships with regional senior management in Technology and Business areas to enhance Security awareness and strengthen interaction with entire organization.

·         Regional Information Security oversight including investigations, breaches, virus concerns, internal and perimeter protection

·         Support external efforts in Security Industry Association, Security SubCommittee; BITS: Financial Services Roundtable; Microsoft Executive Club for CSOs, Financial Services; Southwest Area Commerce & Industry Association (SACIA), CyberSecurity Task Force

·         Perform operational security risk assessments and help implement business-focused secure solutions

·         Security supervision of Energy group migration from Houston, TX to Stamford, CT and Prime Brokerage migration in New York, NY

·         Direct regional penetration and vulnerability assessment and testing work using third party consulting firm.

 

KPMG LLP, New York, NY

1997-2002

Manager – Risk and Advisory Services (formerly Information Risk Management)  (1998-2002)

Responsible for engagement delivery, management presentation, staff guidance, and technical translation to business terms.

·         Spearheaded efforts of engagement teams ranging from 1 to 20 people.

·         Managed client relationships, engagement monitoring, billing, and collection, resulting in timely revenue posting and follow-on work.  Became a trusted advisor on key technical risk management issues.

·         Assisted clients with implementing eBusiness strategies.  Identified technical vulnerabilities and key business risk areas.

·         Co-managed the development of global World Class IT Risk Assessment and Audit methodology for Fortune 50 client.

·         Performed risk-based annual IT Audit Planning for leading Consumer Markets company.

·         Instructed client training courses in IT Risk Assessment, IT Governance, and IT Audit Methodologies.  Attendees included both business and technical personnel.  Focused on IT Risk Benchmarking, Information Security, Project Management, Change Management, and eGovernment.

·         Participated in new-hire and experienced-hire recruiting.  Full day on-campus recruiting sessions to identify key candidates for Information Risk Management group.

·         Mentored Associates and Senior Associates informally, in addition to providing formal Performance Management guidance to Associates and Senior Associates.  Documented formal reviews for staff personnel on each engagement.

·         Monitored global requests for IT Risk Management Benchmarking (ITRMB) guidance as New York Office ITRMB Product Champion.

·         Clients included Consumer Markets (Food and Beverage), Financial Services (Retail Banking, Credit Card Processing, and Brokerage), Media and Entertainment, Public Services, Dot-com, Multi-industry Fortune 100 companies, and Pharmaceuticals.

·         Directed SAS 70 Type I and II engagements for Outsourced Data Centers, Retirement Services, and Payroll Processing clients.

 

Senior Consultant – Information Risk Management  (1997-1998)

Performed risk assessment reviews in Internet technology, security, change management, development and business continuity.  Completed detailed security risk assessments for various platforms.

·         Assisted Forensic & Litigation team in IT investigations.  Oversaw seizure of computer hardware, provided technical assistance in recovering deleted documents, and monitored chain-of-custody issues.

·         Assessed ERP implementation risks.  ERP systems included SAP, PeopleSoft and Oracle Financials.  Clients included Media and Entertainment, Consumer Electronics, and major metropolitan Governmental and Education clients.

 

PRUDENTIAL SECURITIES, New York, NY

 

1996-1997

Information Systems Audit Consultant – Internal Audit Department (IAD) 

Internet/Intranet specialist reviewing user access, change controls, and policies and procedures.  Reviewed Intranet sites in development and provided feedback to development teams on design and security issues.

·         Created and developed Intranet site for the IAD.  Leveraged site development knowledge for small businesses since 1996.

·         Reviewing trading and settlement application controls and proposed and communicated issues to senior management.  Analyzed connection risks between purchase and sales system and SIAC.

 

EDUCATION

 

Syracuse University, Syracuse, NY

B.S., Accounting – 1991; Concentrations:  Musical Theatre Performance and Psychology

Semester abroad, Syracuse University, London, England, 1990

Zeta Beta Tau Fraternity, Omicron Chapter, Membership Development Director

 

COMPUTER SKILLS

 

Hardware Selection and Building for Intel-based systems; Windows XP,  Windows NT, RedHat Linux, Networking, AS/400 (OS/400), Tandem (Compaq) Non-Stop Systems - Guardian 90 & Safeguard, Novell NetWare, Windows, DOS, MVS OS/390, Top Secret, RACF and Macintosh OS, HTML and ACL (Command Line/Batch & GUI), ISS, Kane Security Analyst, Axent ESM, BindView, Monarch, Netscape Composer, Adobe PhotoShop, Animated GIF Construction, Microsoft Office Suite (Access, Word, Outlook, Excel, Project, FrontPage), Lotus Notes and ABT Workbench.

 

CERTIFICATIONS & AFFILIATIONS

 

Certified Information Privacy Professional (CIPP), 2006; Certified Information Security Manager (CISM), 2003; Certified Information Systems Security Professional (CISSP), 2002; Certified Information Systems Auditor (CISA), 1996; SecurWorld ACE Server Certified, 1997; ABT Workbench Certified, 1998.  Information Systems Audit and Control Association (ISACA); (ISC)2 International Information Systems Security Certification Consortium;  International Association of Privacy Professionals (IAPP); Active Screen Actors’ Guild (SAG) Member.

 

LANGUAGES

 

Functional in French and Spanish

 

INTERESTS

 

Vice President – Scenic Ridge Homeowners’ Association (2000-2003)

Softball, tennis, skiing (water and snow), volleyball (indoor and beach), racquetball, web site development, landscaping.