Profiles search

Anthony Petralia

Senior IT Audit and Security Management Professional
Lake Saint Louis, MO, United States

Details

Education: BS Business Administration

Bus

Southeast Missouri State University - Harrison College of Business

1966 : 1971

Associate of Arts and Sciences - AAS

Data Processing

Southeast Missouri State University - Harrison College of Business

1966 : 1971



Cyber Security

Webster University

2016 :
Experience: • Perform comprehensive Information security risk assessments of variety of Information asset classes such as Infrastructure, Business Unit and Enterprise Applications, Commercially of the shelf Software, , Network Connectivity Services, Worker Facilitated Authentication, Utility Software, General Assessments, Private Cloud, and Publicly Accessible Applications

• Demonstrate good knowledge and technical skills on multiple information security domains such as : Information classification and handling, Encryption, Media handling, Third Party Security Management, Incident Management, Change and Vulnerability Management, Security in software development, Network Security Configuration and Management, Access Control, Business Continuity Planning, Application Security

• Determine the impact levels on 5 key aspects such as Regulatory, Financial, Operational, Consumer and Reputational

• Analyze high risks and communicate the results and risk treatment options to appropriate levels of management

• Completion multiple assessments and meet aggressive time frames

2021 : Present

Wells Fargo

Senior Information Security Analyst

• IT Governance Align corporate policy and departmental procedures to RSA/Archer controls

• Performed test to evaluate design, compliance and operational effectiveness of departmental procedures and RSA/Archer controls

• Identify gaps and partner with line of business to resolve inadequate internal processes, systems or human error.

• Align RSA Archer technical standard with ISO 27001 controls and ISO 27002 implementation guidance

• Identify 3rd party risk assessment process gaps, compliance gaps and provide guidance

2019 : 2019

Rose International

Senior Information Security Analyst

• Develop, and updated testable question sets and guidance to address ISO 27002 GDPR, NIST Cyber Security Framework, and Center for Internet Security best practices.

• Aligned NIST Cyber Security Framework, Center for Internet Security Controls and Capability Maturity Model scoring

2018 : 2019

Collabera Inc.

3rd Party Information Security Assessments

• Perform Security Risk assessments using the ISO 27001 framework, Qualys data and documenting results in the Archer, Governance, Risk, And Compliance ( GRC) tool for a foreign entity’s US based Business Units.

• Developed trust with Business Units, Communicated finding, provided a complete understanding of risks, the process, root causes.

• Assisted in the development of Corrective Action Plans, assigned responsibility and the execution of the planned activities

2017 : 2018

Robert Half

Sr. IT Auditor

• Mentor others addressing application and general computing controls

• Performed FISCAM audit readiness assessments, documenting, testing and monitoring internal controls in alignment with FISCAM guidance

• Identify deficiencies, document corrective action plans(CAPS) provide support for remediation and perform remediation testing

2015 : 2017

11th Hour Service

Sr. IT Auditor
Company: Wells Fargo
Years of Experience: 16

Skills

Accounting, Analysis, Auditing, Banking, Budgets, Business Analysis, Business Development, Business Process Improvement, Business Strategy, Change Management, Consulting, Disaster Recovery, Finance, Human Resources, Information Technology, IT Audit, Leadership, Management, Process Improvement, Program Management, Project Management, Regulatory Compliance, Risk Assessment, Risk Management, Software Documentation, Team Building, Team Leadership, Training, Vendor Management, Business Process

About

Profile¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬¬ ––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

A DOER who is a unique blend of T Auditor, and Regulatory Compliance Manager. Process Improvement Consultant, IT Project Manager and Accounting/Financial Manager,







• Risk/Compliance Management: Improve visibility into the full range of risk exposures and particularly with 3rd parties.

• IT Risk Assessments; proposing and prioritizing issues based on risks; making recommendations for mitigating risk and enhancing efficiency and effectiveness of controls.

• Sarbanes Oxley compliance documentation, and testing

• IT Project Management: coordinating; application vendors, mainframe, client server, network, web and database resources through all stages of the business strategy, initiation, design, build and final implementations.

• Management Consulting/Process Improvement: on-site implementation of multi million dollar process improvement initiatives.

• Management Consulting/Bankruptcy: guiding a company and successfully pulling it back from the brink of a Chapter 11.

• Management Consulting/Training: Designing and delivering a customer service and worker skills training in multiple environments to increase customer satisfaction and improve worker skills.

• Risk/Compliance Management: Develop robust collection, debt sales and bankruptcy auditing programs to establish internal controls, compliance expectations, and ongoing monitoring for vendor actions.

• IT Security: Developed a tactical threats and vulnerabilities “Security Protection” framework to manage unknown /unknowns.



Industry Focus –––––––––––––––––––––––––––––––––––––––––––––––––––––––––



Mortgage Banking Manufacturing Photo Processing

Retail Banking Beer Brewing Retail Drug stores

Consumer Lending Education Credit Card Collections

Rendering Mining /Mineral Processing