Michael McKelvey CISSP CISA CISM PCI-QSA
Details
Secureworks
Senior Manager Information Security
As part of the Governance , Risk and Compliance (GRC) team, providing day to day information security risk management and client risk assessments.
• Performing PCI DSS, HIPAA, Experian EI3PA and ISO27001 risk assessments and audits.
• Supporting early project risk planning, including efforts to enter China and several other high-risk geographies, and implementation of HIPAA and PCI P2PE programs.
• Supported after-assessment risk mitigation projects. This includes projects such as outsourcing Exchange, outsourcing financial reporting functions, integration of internal acquisitions and changes in the identity and access management process.
• Developed risk assessment and risk governance program processes and process improvements.
2011 :
Dell SecureWorks
Security Systems Sr. Advisor
Working independently, but as part of a team, to assess supplier’s compliance in 7 Information Security domains.
• Provided detailed reports of compliance for Supply Chain Management and the remediation team.
• Assessed compliance against internal bank standards, as well as industry standards such as ISO17799 & NIST.
2011 : 2011
Akraya Inc
Supplier Assessor
Given responsibility to audit and remediate issues with security in a multi-account, multi-platform environment at American Express and other Fortune 100 clients.
Selected Achievements & Projects :
• Acted as a compliance focal for Identity and access management processes involving SOX, HIPAA, SAS 70, GSD331 and iSec.
• Resolved an audit finding concerning access to 3000+ unix systems by using innovative programming and process techniques to identify owners for all user and service IDs.
• Developed processes to perform windows and unix security provisioning, and unix auditing and remediation.
• Developed automation for data extraction, access resolution and log file acquisition, increasing compliance to SOX, GLBA, SAS-70 and internal standards of both IBM and the client.
• Performed audit related research and developed processes to improve audit compliance accuracy and response time.
2008 : 2010
Artech Information Systems as a consultant for IBM
Data Security Analyst
This is the same assignment as above. I entered it to show IBM as the ultimate client.
2005 : 2010
IBM
Information Security Consultant
About
With long experience in a variety if areas of IT, I am now working in the area of information security. I am currently working for Dell SecureWorks as a Governance Risk and Compliance (GRC) consultant, performing a wide range of security assessment and GRC efforts.
Prior to this, I was assigned as a SecureWorks resident Information Security Risk Analyst at a client site. This assignment allowed me to be deeply involved in ISO27001 risk analysis and process development. The work was fast paced, and required superior customer service and and problem resolution skills. Flexibility was the key to this assignment.
Prior to my audit experience, I spent many years in Information Security, seeing the other side of the equation. I worked on projects including auditor support for SOX, HIPAA and SAS70, identity and access management, unix login remediation, Active Directory management and migration, data analysis, business continuity, and transfer and termination secondary controls.
In my past life, I have been a mainframe systems programmer and commercial software developer.
I'm creative, have a good work ethic, make a good mentor, and don't shy away from difficult assignments.
Specialties: Supplier/vendor IT assessments and audits, audit remediation, Identity and Access Management, Active Directory management, data analysis using Microsoft Access.
Profile Photo
