| Contact Information | |
| Name: | dana arnett |
| Email: | dnd.arnett (at) wavecable (dot) com [email concealed] |
| Location: | Silverton, , United States |
| Resume | |
| Position/Title: | Security Auditor |
| Resume: |
DANA D. ARNETT 1522 Lakeview Dr Silverton, OR 97381 971.242.9069 or 503.873.4235 Dnd.arnett (at) wavecable (dot) com [email concealed] OBJECTIVE: Security consultant position, where I can utilize my years of IT experience and contribute to improving the Information Security services. Special emphasis on Holistic information security practices within frameworks such as (COBIT, COSO, ISO, HIPAA & SOX) to align information security and business to provide leadership and support for a progressive company. Highlights of Qualifications: • Internal IT Auditor, Security consultant, technical consultant for diverse enterprise implementation. Previous Project leader for MRP/SAP manufacturing implementation. • Professional grounding in International best practices for Information Security & Audit Governance as well as General IT Governance i.e. ISO 27002, ITIL, CobiT and COSO. • HISP Certified: Knowledgeable in applying and assessing regulatory standards which include HIPAA, COBIT, ISO17799/27001, NIST, SOX and other framework standards for operation and implementation teams in management of information systems. • Solutions based technical support and systems' integration for various industries including Healthcare, High-tech manufacturing, financial and University systems. • Twelve years experience putting together tactical teams for front line support, development, diagnosis of infrastructure and sustaining information technology. • Network Services Manager of team of 12 engineers directly responsible for security operations and infrastructure of major hospital and Academic campus technology. • Proven success in developing security solutions. • Experience in providing information security consulting services. • Experience in providing compliance guidance to technology/financial sector OR • Experience in providing compliance guidance to the healthcare sector. • Strong conceptual and analytical skills. • The ability to work independently as well as part of a team. • Excellent oral and written communications skills. • Patience, flexibility and a sense of humor. •Skilled in: oAuditing, planning, organizing, directing and reviewing the work of professional and technical personnel; oSupervising, training, disciplining and evaluating staff; oCoordinating and participating in systems analysis, design, and programming; oAnalyzing data and developing logical solutions to complex business problems; oAccurately identifying and evaluating computer hardware and software needs and requirements. •Able to: oTake a Holistic risk management approach to Information Security. oHave a hybrid Information Security professional background, well balanced between technical and business skills. oCan function effectively in the capacity of a CISO, CCO by tackling the challenge of Information Security as a business concern that is not solved by technology alone, but by People, Process and Technology. oMap International best practices of IS0 27002, ITIL, CobiT and COSO to current and future regulatory compliance requirements. oUnderstand and interpret specifications, plans, and reports pertaining to the design, maintenance, repair, and installation of information systems, data centers and networks; oNegotiate with contractors regarding the scope and cost of services; oMeasure and respond to business owners needs to assure technology is right fit and solution based with return on investment; oAdminister contracts; plan and coordinate assigned staff to achieve project requirements and objectives within established turnaround timelines and budget requirements; oEstablish and maintain effective working relationships with those contacted in the course of work including a variety of Campus and other public officials, community groups, and the general public; oOperate effectively in a team environment; communicate clearly and concisely, both orally and in writing. Able to successfully deliver these services: * Comprehensive risk assessments * Threat and vulnerability analysis, pen testing/assessment * Regulatory compliance roadmaps * Information security program development * Information security policy and procedure development * Incident response process design and testing * Disaster recovery and business continuity program design and testing EMPLOYMENT HIGHLIGHTS: February 2007 to Present, IT Internal Auditor, Compliance and Audit Services (CAS), Providence Health & Services (PH&S), Beaverton, OR Perform complex level professional internal auditing work. Work involves leading or conducting performance, financial, compliance, and information technology audit projects; providing consulting services to the organization’s management and staff; providing key input to development of the Annual Audit Plan; and providing training and coaching to Internal Audit staff. Using Information Technology General Control (ITGC) standards and aligning with industry standards such as ISO, NIST, HIPAA , SOX and COBIT audits, Identify technologies risks, and independently evaluate the efficiency and effectiveness of information technology infrastructure and application controls, including security and internal controls. November 2005 to February 2007, Enterprise Supervisor for IT Security operations (ITSO), Providence Health & Services (PH&S), Tigard, OR Responsible for the secure access and maintenance for all regions in the health care system, including but not limited to CA, AK, OR, WA and Eastern Montana. Directly supervise 19 staff of Account management specialists who are tasked with providing customer access to over 200 applications and authentication points. Oversee all process and documentation, security policies, regulatory issues pertaining to protecting privacy of the patient access, employee privacy and access to all systems under our care. Provide all security, auditing, planning, disaster recovery, procurement and polices to sustain 50,000 accounts region wide and collaborate with 4 other service areas to assure all access is secure and consistent with the regulations for HIPAA and other regulatory compliance. Other PH&S duties and accomplishments: Interim Supervisor for Enterprise System Information Services (SIS) Tier 2 Customer Service Engineers as well as the Interim supervisor for the Tier 1 Customer Support, setup standards and policies to transition CA region service area to OR Service Desk. Worked with team to reduce six month backlog of (3000 requests for access) to meet 72 hour SLA. The team is now averaging 10 requests in the queue consistently within 95 percentile or better meeting the SLA. August 2005 to November 2005 SITE Information Technology Manager, Applied Computer Services (ACS) Tualatin, OR Responsible for the Call center for SPRINT, Nextel and NIKE customer care support team. Provide all security, planning, disaster recovery, procurement and polices to sustain 480 agents and collaborate with 4 other call center sites for redundant services and routing. Directly oversee 3 FTE to support the day-to-day operations. In this role, I was responsible for meeting the site’s compliance and auditing requirements for Sarbanes-Oxley (SOX) and security compliance audits and implementation. July 2005 to August 2005 Information Technology Director, Liberty Wire Cable, Colorado Springs, CO I was responsible for the Wholesale Distribution and IT Support, security, infrastructure and operations, which included the service desk and all systems access. Directly oversee 2 FTE. This was a temp position and covered them during a staffing change and until relocation and permanent job was available. * Due to family health issues relocation back to Oregon was eminent. December 2004 to July 2005 Information Technology Director, Colorado College, Colorado Springs, CO Responsible for the Support Center Service Desk, directly oversee 6 FTE and 8 student consultants. Provide all security, planning, disaster recovery, procurement and polices to sustain secure campus technology needs. This included but was not limited to the adherence of Family Educational Rights and Privacy Act (FERPA) and security compliance audits and implementation. * Due to family health issues relocation back to Oregon was eminent. October 2001 to December 2004 Information Technology Manager, Oregon State University, Corvallis, OR Directly supervise 8 classified staff and 8 student consultants to support the faculty and staff of various college programs and curriculum. These services include the backbone for IP and infrastructure services, desktop operating systems, remote access, Secure VPN and network access as well as the daily operations of their desktop infrastructure. Manage service desk and respond to support issues affecting contracted support of customer’s technology needs. March 1999 to October 2001 Information Technology Services Network Manager, Asante Health System, Medford, OR Manage and design network for major health care provider in Rogue Valley. This included the responsibility for daily monitoring of infrastructure and integrity for 40 WAN/LAN sites. Successfully implemented secure web portal now known as the “Asante-net” for all physician and clinical access to electronic medical records. Develop cross-functional teams to design and implement VPN security and SSL connections for remote users and web transactions. Supervise and direct responsibility for developing and supporting professional staff. Reported directly to the VP of Information technology services costs associated to sustain the infrastructure and services. This included acting as a technical consultant for the physician groups requesting technology. Managed the operations budget of $900,000.00 and capital budget of $750,000.00 tier 2 support for help desk team and 24/7 call center support for major health care provider. May 1996 to February 1999 Systems Engineer/project manager, Electronic Data Systems (EDS) /Fujitsu Micro Electronics, Inc. / Storage tech/ GM Attached to the High tech Manufacturing SBU as a Project leader for the design and implementation of NT enterprise systems and creating desktop standards. One of the projects I was the lead on, the migration of all Novell servers to NT 4. This covered 6 sites 4 states and 2500 users. My team successfully converted existing IPX networks in several high tech manufacturing sites to all IP services. Tasked with creating documentation and standards for sustainability of infrastructure. I was able to reduce desktop cost of ownership by $65,000 annually, by converting Windows 3.x clients to Windows NT workstation and implementing a help desk for focusing all customer issues centrally. As part of the implementation, we successfully implemented a “train the trainer” process for all departments to have a better understanding of technology, which reduced staff training time and allowed for cross-functional teams. Technical adviser in design to allow for diverse route and disaster recovery segments from Gresham Oregon to San Jose, CA sites. August 1992 to May 1996 Systems Engineer/ IT Manager, JAE Oregon, Inc., Tualatin, OR Supervisor/Project leader of MRP for Manufacturing: Re-designed and upgraded network, technical consultant for Irvine CA, Japan ancillary sites and offices, successfully converted Novell network to Microsoft NT. Reduced desktop cost of ownership by $45,000.00 a year by standardizing on single platform and Microsoft applications. Established communication standards and converted accounting system for North American offices. The result was a standardized software application base controlling costs of software licenses and compliance issues. Consulting: March 1990 to Present Systems Engineer, Arnetts & Associates Provide consulting for health care providers in Rogue Valley, the Willamette Valley and Portland vicinity. Assure security and compliance to Health Insurance Portability and Accountability Act, (HIPAA). Train office staff and implement cross-functional teams to design and implement secure connections for remote users. Provide support for PC and Networks of small office systems. Certification - Education - Training: Holistic Information Security Practitioner (HISP) Certification - April 2008 http://www.hispi.org/ ITIL Foundation framework Certification – March 2006 Microsoft Certified System Engineer (MCSE), Courses -Windows 2000 Associates Degree in Management of Information Services, American Institute of Banking, Portland Oregon Bachelors Science, Computer Science, Phoenix University UNIX System V A.T. & E. Inc., Portland, OR Systems Engineer/Project management (SE) 2 year certification program, EDS, Plano Texas SCO Tech. Training Certification, Software University, Portland, OR Supporting Microsoft Active Directory, Oregon State University, Network Engineering Advanced Web Design, Oregon State University, College of Distance and Continuing Education Leadership training: Society of Cable Telecommunications Engineer graduate, Sacramento, CA, Disney Institute for People in Healthcare Management graduate, Walt Disney World, Orlando, Florida Help Desk Manager Certification course, Help Desk Institute OSU CORE training, Oregon State University Journey into Leadership, Oregon State University Service Center Leadership Support, Help Desk Institute Software: Nessus, Nmap security scanner, Wireshark, ethereal, Microsoft Active Directory 2000/2003, SMS, Microsoft Office XP/2000/9x, Microsoft Visio, Microsoft Outlook, Microsoft Exchange 2003/5.5, Microsoft Project, Access, UNIX, Linux, FreeBSD System, Microsoft Windows (all), SQL, Microsoft server NT, 2000, 2003, Basic, Java, ASP, PHP, MySQL and C (language), Crystal Reports, Apple OS X.x Hardware: Avaya phone switch, Cisco routers and switches, PIX firewall, Microtel ACD and Audix admin, IBM AS/400 operations, Concurrent Masscomp 5400 Series. Understand and capable of supporting all IBM and clone models of servers and personal computers microcomputers. Prefer Dell, Compaq, and HP systems. Palm OS PDA’s Blackberry devices, Tablet notebooks and systems. Professional Associations & membership: Holistic Information Security Practitioner (HISP) http://www.hispi.org/ Information Systems Audit and Control Association (ISACA) - http://www.isaca.org/ Information Systems Security Association (ISSA) - http://www.issa.org/ Computer Security Institute (CSI) http://www.gocsi.com/ Information Technology Infrastructure Library (ITIL) Association of Healthcare Internal Auditors - http://www.ahia.org/ REFERENCES: Upon request |