際際滷

際際滷Share a Scribd company logo

Roger Sloan Resume

Download as DOCX, PDF
R
Roger Sloan

This document is a resume for Roger A. Sloan that outlines his experience and qualifications in information security, compliance, auditing, and risk management. Over 30 years of experience includes positions as Director of Information Security, Audit Manager, Manager of Audit Services, and various security, audit and analyst roles. Sloan holds CISSP and CISA certifications and has extensive experience developing and managing security programs, policies, compliance, risk assessments, audits, awareness training and incident response.

1 of 3
Download to read offline
Roger A. Sloan, CISSP, CISA 5119 Lakewood Drive Gibsonia, PA 15044 (h) 724-443-1704 (c) 724-991-0250 sloan0717@gmail.com Qualified By Experience in the areas of: Security compliance Information security Information technologyaudit Security awareness Security strategy and tactics Sarbanes-Oxleycompliance HIPAA compliance Risk assessment Policies andprocedures Budgeting Project management Staff management Management& board reporting DR and BCP planning Vendor security oversight Contract management System implementations Special Projects Professional Experience Federal Home Loan Bank of Pittsburgh, Pittsburgh, PA 2007 - 2016 Director, Information Security (April 2008 July 2016) Define the Banks securitystrategy and tactical security plans ensuring alignmentwith Bank-wide goals and strategies. (Developed the Banks securityprogram from its infancy, working closelywith IT, business unitand executive management,as well as the board.) Define the Banks securitypolicies,standards and procedures. This includes the Bank Security Policy, Security ManagementPolicy, Information Security Standards,Information Classification and Data Handling Standards, Security Architecture Control Standards, Cloud Computing Policy,Security IncidentResponse Procedure,etc. Implementappropriate procedures to ensure compliance with securitypolicies and standards.Directthe definition and implementation ofcompliance monitoring processes,including the definition ofkey metrics. Directthe Banks internal vulnerabilitymanagementprogram,automated policycompliance program and social engineering assessmentprogram. Direct the Banks critical data discovery and inventory process,which provides focus for implementation ofcontrols and allocation of resources. Ensure compliance with applicable regulations and regulatoryguidance to ensure safe and sound business practices.(i.e. HIPAA compliance assessment,Federal Financial Institutions Examination Council cyber security assessment,Federal Housing Finance Agency securitybulletins gap analysis,etc.) Develop and implementprocedures and reports to keep managementand the board informed aboutthe Banks security program and compliance with policies.Share relevantinformation aboutthe Banks securityprogram with managementand the board through presentations and reports. Lead efforts to identify and complete required actions to address compliance violations and analyze currentsecurity practices and implementimprovements where appropriate. Direct the Banks securityawareness training program and ensure training occurs as required bypolicy. ConductBank-wide securityrisk assessmentactivities. Direct the Banks securityincidentresponse process. Direct the analysis ofprojectrequests to define priorities and resource requirements,develop appropriate justification for supplementing existing resources,and allocate resources to address business needs.Identify external bu siness partners to supplementexisting staffand improve the efficiency and effectiveness of the department. Oversee projects to assure compliance with plans and participate in decisions regarding modifications or enhancements to the security, technologyor operating environment,which supportthe Banks business requirements. Assess and documentthe design ofsecuritycontrols for each significantsystem implementation projectand provide sign-offprior to production implementation.
Roger A. Sloan Page Two Direct the Banks use ofindependentthird parties for security services,including network vulnerabilityand penetration assessments,social engineering assessments,securityrisk and maturity assessments, and security information and event management(SIEM) services.Negotiate and manage all associated contract Manage securityreviews and oversightof critical third parties and cloud service providers used by the Bank. Respond to member/customer requests for information regarding the Banks securitycontrol environmentand susceptibilityto specific cyber threats.(Developed an internal SSAE16-like documentto satisfy such requests, creating efficiencies and costsavings for the Bank.) Direct the Banks business continuityplanning program to ensure the Bank can successfullyrecover in the event of a business interruption.Directthe definition of testing schedules and all as pects ofBCP testing exercises. (Responsibilities recentlymigrated to IT Technical Services to enable sole focus on information security.) Exercise the usual authority of a manager including personnel decisions regarding hiring,training and development, assigning work,performance management,salaryactions,and initiating corrective actions and terminations,as well as establishing and monitoring adherence to a departmental budget. Audit Manager (July 2007 March 2008) Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Bank managementand external auditors. Incorporate IT controls into application/business process audits and train non-ITaudit staff on how to conduct such reviews. Integrate Internal Audit, SOX and independentthird party audit requirements into a single integrated auditprogram and approach creating efficiencies. Conductsecurity, application,and general computer control reviews. Duquesne Light Company, Pittsburgh, PA 1995 - 2007 Manager, Audit Services -IT (1998 - 2007) and Audit Coordinator (1995 - 1998) Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Companymanagementand external auditors. Oversee and train auditstaff, as well as manage third party co-sourcing engagements (Introduced co-sourcing within Audit Services) Conductsecurity, application,and general computer control reviews. Lead the ongoing implementation ofcontinuous auditing/monitoring within the Audit Services Departmentand throughoutthe Company. Participate in system developmentprojects to ensure controls are addressed. Lead special projects and investigations as directed by executive management and provide "consulting'' type services to business units to help ensure business objectives are metand controls are implemented (i.e.Cyber Security,Y2K,Rate case refund/surcharge,etc.). Manage and perform all Sarbanes-Oxley Section 404 IT compliance activities, including scoping, testing, documentation, external audit coordination, etc. D evelop a database for recording and tracking all Sarbanes- Oxley issues and assistin developing the approach, methodology, and standards for the Company's overall Sarbanes-Oxleyproject. The Western Pennsylvania Hospital, Pittsburgh, PA 1993 - 1995 EDP Auditor Responsible for developing the IT Audit function, including developing the auditapproach and work programs, conducting IT audits,participating in system developmentprojects,issuing final reports and clearing audit findings.
Roger A. Sloan Page Three Allegheny General Hospital, Pittsburgh, PA 1990 - 1993 Coordinator, IS Security Develop, maintain, and testBusiness RecoveryPlans and negotiate recovery contracts Administer information security Develop policies and procedures dealing with information security,computer viruses,software copyrights,etc. Coordinate IT audit activities Conduct security reviews of ancillary departments Select and implement information securityand business recovery software Maintain physical securityfor the data center Integra Financial Corporation, Pittsburgh, PA 1986 - 1990 Data Security Analyst/Manager (1988 - 1990) Maintain CICS andapplication security for northern banks Establish corporate data securitypolicyand procedures Initiate development of Business Recovery Plan Staff Auditor/EDPAuditor I & II (1986 - 1988) Develop and maintain auditprograms and software Conduct IT audits and participate in system development projects Train branch auditstaff Tools and Technologies Qualys, ProofPoint, Symantec Endpoint Protection, Palo Alto (with WildFire), ThreatSim (Wombat Security), RSA SecureID tokens, AirWatch, OneLogin (SAML), CyberArk, Solutionary (SIEM), Cisco network, VMware, Citrix (virtual desktop and remote access), Windows, Active Directory, Solaris, Linux, Oracle, SQL Server, B2B e-commerce Professional Development Certified Information Systems Security Professional (CISSP) Certified InformationSystems Auditor (CISA) Information Systems Audit & Control Association (ISACA) member and past Pittsburgh Chapter President Education Bachelor of Science, Management Information Systems (Accounting Minor) Indiana University of Pennsylvania

Recommended

Michelle M. Ogan - Resume
Michelle M. Ogan - ResumeMichelle M. Ogan - Resume
Michelle M. Ogan - Resume
Michelle Ogan
TyroneResume[1]
TyroneResume[1]TyroneResume[1]
TyroneResume[1]
Tyrone Parker, MBA
We Bought Some Tools
We Bought Some ToolsWe Bought Some Tools
We Bought Some Tools
Jim Bowker, CISSP
Information Security Governance and Strategy
Information Security Governance and Strategy Information Security Governance and Strategy
Information Security Governance and Strategy
Dam Frank
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
Network Intelligence India
Security metrics
Security metrics Security metrics
Security metrics
PRAYAGRAJ11
Build and Information Security Strategy
Build and Information Security StrategyBuild and Information Security Strategy
Build and Information Security Strategy
Info-Tech Research Group
Security Organization/ Infrastructure
Security Organization/ InfrastructureSecurity Organization/ Infrastructure
Security Organization/ Infrastructure
Priyank Hada
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
Marco Raposo
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
InfosecTrain
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
FORD-KEITH USAJOBS
FORD-KEITH USAJOBSFORD-KEITH USAJOBS
FORD-KEITH USAJOBS
Keith Ford
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
Asad Raza
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
LERNER Consulting
Monitoring and evaluation
Monitoring and evaluationMonitoring and evaluation
Monitoring and evaluation
Md Rifat Anam
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
Donald E. Hester
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
Donald E. Hester
Chapter 5
Chapter 5Chapter 5
Chapter 5
sivadnolram
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
powertech
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
Dr Vijay Pithadia Director
Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2
Meshack Lomoywara
2012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 122012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 12
Randy Lange
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
John Intindolo
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
Claude Baudoin
LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION
Miss. Ant坦nia FICOV, Engineer. (Not yet Dr.)
M gres dec2016
M gres dec2016M gres dec2016
M gres dec2016
Marcus Germain
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
Jonathan resume
Jonathan resumeJonathan resume
Jonathan resume
jonathan beluong
Resume 2016
Resume 2016Resume 2016
Resume 2016
Megan Lehman

More Related Content

What's hot (20)

Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
Marco Raposo
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
InfosecTrain
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
FORD-KEITH USAJOBS
FORD-KEITH USAJOBSFORD-KEITH USAJOBS
FORD-KEITH USAJOBS
Keith Ford
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
Asad Raza
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
LERNER Consulting
Monitoring and evaluation
Monitoring and evaluationMonitoring and evaluation
Monitoring and evaluation
Md Rifat Anam
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
Donald E. Hester
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
Donald E. Hester
Chapter 5
Chapter 5Chapter 5
Chapter 5
sivadnolram
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
powertech
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
Dr Vijay Pithadia Director
Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2
Meshack Lomoywara
2012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 122012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 12
Randy Lange
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
John Intindolo
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
Claude Baudoin
LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION
Miss. Ant坦nia FICOV, Engineer. (Not yet Dr.)
M gres dec2016
M gres dec2016M gres dec2016
M gres dec2016
Marcus Germain
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92
Security Audit Best-Practices
Security Audit Best-PracticesSecurity Audit Best-Practices
Security Audit Best-Practices
Marco Raposo
CISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrainCISA Domain- 1 - InfosecTrain
CISA Domain- 1 - InfosecTrain
InfosecTrain
Understanding the security_organization
Understanding the security_organizationUnderstanding the security_organization
Understanding the security_organization
Dan Morrill
FORD-KEITH USAJOBS
FORD-KEITH USAJOBSFORD-KEITH USAJOBS
FORD-KEITH USAJOBS
Keith Ford
Information System Audit and Control
Information System Audit and ControlInformation System Audit and Control
Information System Audit and Control
Asad Raza
Nine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask YourselfNine HIPAA Compliance Questions to ask Yourself
Nine HIPAA Compliance Questions to ask Yourself
LERNER Consulting
Monitoring and evaluation
Monitoring and evaluationMonitoring and evaluation
Monitoring and evaluation
Md Rifat Anam
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010IT Best Practices for Community Colleges Part 2: Business Continuity 2010
IT Best Practices for Community Colleges Part 2: Business Continuity 2010
Donald E. Hester
Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010Information Systems Audit & CISA Prep 2010
Information Systems Audit & CISA Prep 2010
Donald E. Hester
Chapter 5
Chapter 5Chapter 5
Chapter 5
sivadnolram
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
powertech
Bankauditin it env
Bankauditin it envBankauditin it env
Bankauditin it env
Dr Vijay Pithadia Director
Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2Monitoring and Evaluation: Lesson 2
Monitoring and Evaluation: Lesson 2
Meshack Lomoywara
2012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 122012 IWS Corporate Overview Updated 27 Sept 12
2012 IWS Corporate Overview Updated 27 Sept 12
Randy Lange
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
mfmurat
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
John Intindolo
Security Maturity Assessment
Security Maturity AssessmentSecurity Maturity Assessment
Security Maturity Assessment
Claude Baudoin
LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION LOGICAL FRAMEWORK FOR THE ACTION
LOGICAL FRAMEWORK FOR THE ACTION
Miss. Ant坦nia FICOV, Engineer. (Not yet Dr.)
M gres dec2016
M gres dec2016M gres dec2016
M gres dec2016
Marcus Germain
Steps in it audit
Steps in it auditSteps in it audit
Steps in it audit
kinjalmkothari92

Viewers also liked (14)

Jonathan resume
Jonathan resumeJonathan resume
Jonathan resume
jonathan beluong
Resume 2016
Resume 2016Resume 2016
Resume 2016
Megan Lehman
FV Sales Professional Stement
FV Sales Professional StementFV Sales Professional Stement
FV Sales Professional Stement
marc loveday
Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg
Resume
Resume Resume
Resume
Manjunath Kumbar
Deborah cox roush resume
Deborah cox roush resumeDeborah cox roush resume
Deborah cox roush resume
Deborah Cox Roush
Katherine Somer Resume
Katherine Somer ResumeKatherine Somer Resume
Katherine Somer Resume
Katy Somer
Kevin Henderson resume 1
Kevin Henderson resume 1Kevin Henderson resume 1
Kevin Henderson resume 1
Kevin Henderson
Jose M. Castaneda Resume 2016
Jose M. Castaneda Resume 2016Jose M. Castaneda Resume 2016
Jose M. Castaneda Resume 2016
Jose Bon Castaneda
BTW Resume
BTW ResumeBTW Resume
BTW Resume
Brent Wight
Terry Robinson Resume
Terry Robinson ResumeTerry Robinson Resume
Terry Robinson Resume
terry robinson
Detailed Resume
Detailed ResumeDetailed Resume
Detailed Resume
Chuck Frazier
Conscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M ThompsonConscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M Thompson
Madeline Gutierrez-Thompson
emwilson.resume
emwilson.resumeemwilson.resume
emwilson.resume
Emmanuel Wilson
Jonathan resume
Jonathan resumeJonathan resume
Jonathan resume
jonathan beluong
Resume 2016
Resume 2016Resume 2016
Resume 2016
Megan Lehman
FV Sales Professional Stement
FV Sales Professional StementFV Sales Professional Stement
FV Sales Professional Stement
marc loveday
Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg Professional Resume - 01-23-2017
Jeff Chugg
Resume
Resume Resume
Resume
Manjunath Kumbar
Deborah cox roush resume
Deborah cox roush resumeDeborah cox roush resume
Deborah cox roush resume
Deborah Cox Roush
Katherine Somer Resume
Katherine Somer ResumeKatherine Somer Resume
Katherine Somer Resume
Katy Somer
Kevin Henderson resume 1
Kevin Henderson resume 1Kevin Henderson resume 1
Kevin Henderson resume 1
Kevin Henderson
Jose M. Castaneda Resume 2016
Jose M. Castaneda Resume 2016Jose M. Castaneda Resume 2016
Jose M. Castaneda Resume 2016
Jose Bon Castaneda
BTW Resume
BTW ResumeBTW Resume
BTW Resume
Brent Wight
Terry Robinson Resume
Terry Robinson ResumeTerry Robinson Resume
Terry Robinson Resume
terry robinson
Detailed Resume
Detailed ResumeDetailed Resume
Detailed Resume
Chuck Frazier
Conscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M ThompsonConscientious Administrative Professional Resume_M Thompson
Conscientious Administrative Professional Resume_M Thompson
Madeline Gutierrez-Thompson
emwilson.resume
emwilson.resumeemwilson.resume
emwilson.resume
Emmanuel Wilson

Similar to Roger Sloan Resume (20)

Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore.
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resume
Dennis Batdorf
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
priyanshamadhwal2
Paul charife-allen resume-it security
Paul charife-allen resume-it securityPaul charife-allen resume-it security
Paul charife-allen resume-it security
Paul-Charife Allen
Paul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT SecurityPaul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT Security
Paul-Charife Allen
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
koushikDutta62
vertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAvertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISA
arjunnegi34
Mahalakshmi_Profile
Mahalakshmi_ProfileMahalakshmi_Profile
Mahalakshmi_Profile
Mahalakshmi S
G-CISO
G-CISOG-CISO
G-CISO
Namrata Bhise
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
Gail Gillis
Michael Bowers Resume
Michael Bowers ResumeMichael Bowers Resume
Michael Bowers Resume
michaelsbowers
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred Resume
Jason Allred, MBA, CISA, CRISC, ITIL v3
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
Anshu Gupta
Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)
Candice Franklin
MDacey_Bus Exp
MDacey_Bus ExpMDacey_Bus Exp
MDacey_Bus Exp
Mike Dacey
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
cveiga12
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
cveiga12
S Rod Simpson Resume
S Rod Simpson ResumeS Rod Simpson Resume
S Rod Simpson Resume
Rod Simpson CRISC, CISM, CISA
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016
Tom Reinheimer
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance AnalystBayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore, IT Auditor-Compliance Analyst
Bayo Omisore.
Dennis Batdorf resume
Dennis Batdorf resumeDennis Batdorf resume
Dennis Batdorf resume
Dennis Batdorf
CCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdfCCISO_Certification_Training_Course-Outline.pdf
CCISO_Certification_Training_Course-Outline.pdf
priyanshamadhwal2
Paul charife-allen resume-it security
Paul charife-allen resume-it securityPaul charife-allen resume-it security
Paul charife-allen resume-it security
Paul-Charife Allen
Paul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT SecurityPaul-Charife-Allen_Resume_IT Security
Paul-Charife-Allen_Resume_IT Security
Paul-Charife Allen
Cyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptxCyber Security_Consultant_Nial Lande.pptx
Cyber Security_Consultant_Nial Lande.pptx
koushikDutta62
vertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISAvertical in CISA certification and Five Domains are in CISA
vertical in CISA certification and Five Domains are in CISA
arjunnegi34
Mahalakshmi_Profile
Mahalakshmi_ProfileMahalakshmi_Profile
Mahalakshmi_Profile
Mahalakshmi S
G-CISO
G-CISOG-CISO
G-CISO
Namrata Bhise
Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015Gail Gillis Resume vMarch 2015
Gail Gillis Resume vMarch 2015
Gail Gillis
Michael Bowers Resume
Michael Bowers ResumeMichael Bowers Resume
Michael Bowers Resume
michaelsbowers
Jason Allred Resume
Jason Allred ResumeJason Allred Resume
Jason Allred Resume
Jason Allred, MBA, CISA, CRISC, ITIL v3
Developing an Information Security Program
Developing an Information Security ProgramDeveloping an Information Security Program
Developing an Information Security Program
Shauna_Cox
Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap Security and Compliance Initial Roadmap
Security and Compliance Initial Roadmap
Anshu Gupta
Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)Candice R. Franklin Resume (1)
Candice R. Franklin Resume (1)
Candice Franklin
MDacey_Bus Exp
MDacey_Bus ExpMDacey_Bus Exp
MDacey_Bus Exp
Mike Dacey
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
IIA GAM CS 8-5: Audit and Control of Continuous Monitoring Programs and Artif...
cveiga12
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
CS 8-5_Audit and Control of Continuous Monitoring Programs and Artificial Int...
cveiga12
S Rod Simpson Resume
S Rod Simpson ResumeS Rod Simpson Resume
S Rod Simpson Resume
Rod Simpson CRISC, CISM, CISA
Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016Thomas reinheimer resume 04152016
Thomas reinheimer resume 04152016
Tom Reinheimer

Roger Sloan Resume

  • 1. Roger A. Sloan, CISSP, CISA 5119 Lakewood Drive Gibsonia, PA 15044 (h) 724-443-1704 (c) 724-991-0250 sloan0717@gmail.com Qualified By Experience in the areas of: Security compliance Information security Information technologyaudit Security awareness Security strategy and tactics Sarbanes-Oxleycompliance HIPAA compliance Risk assessment Policies andprocedures Budgeting Project management Staff management Management& board reporting DR and BCP planning Vendor security oversight Contract management System implementations Special Projects Professional Experience Federal Home Loan Bank of Pittsburgh, Pittsburgh, PA 2007 - 2016 Director, Information Security (April 2008 July 2016) Define the Banks securitystrategy and tactical security plans ensuring alignmentwith Bank-wide goals and strategies. (Developed the Banks securityprogram from its infancy, working closelywith IT, business unitand executive management,as well as the board.) Define the Banks securitypolicies,standards and procedures. This includes the Bank Security Policy, Security ManagementPolicy, Information Security Standards,Information Classification and Data Handling Standards, Security Architecture Control Standards, Cloud Computing Policy,Security IncidentResponse Procedure,etc. Implementappropriate procedures to ensure compliance with securitypolicies and standards.Directthe definition and implementation ofcompliance monitoring processes,including the definition ofkey metrics. Directthe Banks internal vulnerabilitymanagementprogram,automated policycompliance program and social engineering assessmentprogram. Direct the Banks critical data discovery and inventory process,which provides focus for implementation ofcontrols and allocation of resources. Ensure compliance with applicable regulations and regulatoryguidance to ensure safe and sound business practices.(i.e. HIPAA compliance assessment,Federal Financial Institutions Examination Council cyber security assessment,Federal Housing Finance Agency securitybulletins gap analysis,etc.) Develop and implementprocedures and reports to keep managementand the board informed aboutthe Banks security program and compliance with policies.Share relevantinformation aboutthe Banks securityprogram with managementand the board through presentations and reports. Lead efforts to identify and complete required actions to address compliance violations and analyze currentsecurity practices and implementimprovements where appropriate. Direct the Banks securityawareness training program and ensure training occurs as required bypolicy. ConductBank-wide securityrisk assessmentactivities. Direct the Banks securityincidentresponse process. Direct the analysis ofprojectrequests to define priorities and resource requirements,develop appropriate justification for supplementing existing resources,and allocate resources to address business needs.Identify external bu siness partners to supplementexisting staffand improve the efficiency and effectiveness of the department. Oversee projects to assure compliance with plans and participate in decisions regarding modifications or enhancements to the security, technologyor operating environment,which supportthe Banks business requirements. Assess and documentthe design ofsecuritycontrols for each significantsystem implementation projectand provide sign-offprior to production implementation.
  • 2. Roger A. Sloan Page Two Direct the Banks use ofindependentthird parties for security services,including network vulnerabilityand penetration assessments,social engineering assessments,securityrisk and maturity assessments, and security information and event management(SIEM) services.Negotiate and manage all associated contract Manage securityreviews and oversightof critical third parties and cloud service providers used by the Bank. Respond to member/customer requests for information regarding the Banks securitycontrol environmentand susceptibilityto specific cyber threats.(Developed an internal SSAE16-like documentto satisfy such requests, creating efficiencies and costsavings for the Bank.) Direct the Banks business continuityplanning program to ensure the Bank can successfullyrecover in the event of a business interruption.Directthe definition of testing schedules and all as pects ofBCP testing exercises. (Responsibilities recentlymigrated to IT Technical Services to enable sole focus on information security.) Exercise the usual authority of a manager including personnel decisions regarding hiring,training and development, assigning work,performance management,salaryactions,and initiating corrective actions and terminations,as well as establishing and monitoring adherence to a departmental budget. Audit Manager (July 2007 March 2008) Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Bank managementand external auditors. Incorporate IT controls into application/business process audits and train non-ITaudit staff on how to conduct such reviews. Integrate Internal Audit, SOX and independentthird party audit requirements into a single integrated auditprogram and approach creating efficiencies. Conductsecurity, application,and general computer control reviews. Duquesne Light Company, Pittsburgh, PA 1995 - 2007 Manager, Audit Services -IT (1998 - 2007) and Audit Coordinator (1995 - 1998) Manage the IT audit function, including conducting enterprise-wide risk assessments,preparing the IT audit plan and managing relationships and engagements with Companymanagementand external auditors. Oversee and train auditstaff, as well as manage third party co-sourcing engagements (Introduced co-sourcing within Audit Services) Conductsecurity, application,and general computer control reviews. Lead the ongoing implementation ofcontinuous auditing/monitoring within the Audit Services Departmentand throughoutthe Company. Participate in system developmentprojects to ensure controls are addressed. Lead special projects and investigations as directed by executive management and provide "consulting'' type services to business units to help ensure business objectives are metand controls are implemented (i.e.Cyber Security,Y2K,Rate case refund/surcharge,etc.). Manage and perform all Sarbanes-Oxley Section 404 IT compliance activities, including scoping, testing, documentation, external audit coordination, etc. D evelop a database for recording and tracking all Sarbanes- Oxley issues and assistin developing the approach, methodology, and standards for the Company's overall Sarbanes-Oxleyproject. The Western Pennsylvania Hospital, Pittsburgh, PA 1993 - 1995 EDP Auditor Responsible for developing the IT Audit function, including developing the auditapproach and work programs, conducting IT audits,participating in system developmentprojects,issuing final reports and clearing audit findings.
  • 3. Roger A. Sloan Page Three Allegheny General Hospital, Pittsburgh, PA 1990 - 1993 Coordinator, IS Security Develop, maintain, and testBusiness RecoveryPlans and negotiate recovery contracts Administer information security Develop policies and procedures dealing with information security,computer viruses,software copyrights,etc. Coordinate IT audit activities Conduct security reviews of ancillary departments Select and implement information securityand business recovery software Maintain physical securityfor the data center Integra Financial Corporation, Pittsburgh, PA 1986 - 1990 Data Security Analyst/Manager (1988 - 1990) Maintain CICS andapplication security for northern banks Establish corporate data securitypolicyand procedures Initiate development of Business Recovery Plan Staff Auditor/EDPAuditor I & II (1986 - 1988) Develop and maintain auditprograms and software Conduct IT audits and participate in system development projects Train branch auditstaff Tools and Technologies Qualys, ProofPoint, Symantec Endpoint Protection, Palo Alto (with WildFire), ThreatSim (Wombat Security), RSA SecureID tokens, AirWatch, OneLogin (SAML), CyberArk, Solutionary (SIEM), Cisco network, VMware, Citrix (virtual desktop and remote access), Windows, Active Directory, Solaris, Linux, Oracle, SQL Server, B2B e-commerce Professional Development Certified Information Systems Security Professional (CISSP) Certified InformationSystems Auditor (CISA) Information Systems Audit & Control Association (ISACA) member and past Pittsburgh Chapter President Education Bachelor of Science, Management Information Systems (Accounting Minor) Indiana University of Pennsylvania
AboutCopyright
息 2025 際際滷