User:Terence Duffy

Terence Duffy IT Audit and Information Security Professional BS in Aeronautical and Astronautical Engineering from Ohio State University in Columbus OH MBA from George Washington University in Washing DC •	Certified Information Systems Auditor (CISA), ISACA •	Certified Information Security Manager (CISM), ISACA •	Former Certified Information Systems Security Professional (CISSP), (ISC)2 •	Former Principal Certified Lotus Professional (PCLP) in Development & Administration, IBM Currently seeking work in the Greater Los Angeles Metropolitan Area

www.linkedin.com/in/terencejosephduffy/

Work History:

Dell Security System Senior Advisor 2011 to 2014 • Conducted ISO 27001risk assessments of changed IT systems throughout the Amgen worldwide enterprise • Prepared professional work papers supporting objective and informed conclusions and recommendations • Assisted Amgen Directors and Project Managers so they could balance IT security risks against business requirements for medical research, manufacturing, sales, and collaboration with external business partners. • Enabled Amgen directors to maximize net potential profits by selecting the optimum combination of security controls.

Northrop Grumman Corporation Senior Security Analyst 2009 to 2011 • Conducted Federal Information Security Management Act (FISMA) and DoD Information Assurance Certification and Accreditation (C&A) Process (DIACAP) IT Security C&A for Los Angeles Air Force Base (LAAFB) Networks. • Assisted the management of IT security vulnerabilities for a campus of 4,000 users.

Superior Resources Inc Senior IT Internal Auditor 2008 to 2009 • Conducted the 2009, National Institute of Science & Technology (NIST) Special Publication 800 (SP 800) 53 & 53a assessment of the California Department of Health Services (CA DHS) Medi-Cal IT System (www.medi-cal.ca.gov). • Medical expenditures are 1/3rd of the State of California’s total expenditures. Therefore, I verified the existence and adequacy of the internal and IT controls; analyzed transactions, documents, records, and reports for accuracy; determined that staff DHS staff performed duties in accordance with policies, procedures, management instructions, and all regulatory requirements; determined that DHS assets were safeguarded adequately; determined that transactions were recorded promptly and accurately; and verified that the DHS SURGE, automated anti-fraud system was effective. • Conducted interviews DHS staff to supplement Medi-Cal/Medicaid audit tests.

Technicolor Manager of IT Risk Managment 2008–2008 • Region IT Security Manager for Thomson, Grass Valley, and Technicolor in the Americas (North, Central, & South) • Managed 6 IT security professionals and a 3 million dollar budget • Operationally managing the Thomson, Grass Valley, and Technicolor firewalls, VPNs, and Proxy servers worldwide. • Developed and coordinated IT security policy, procedures, and practices for a company of 20,000 employees. • Assisted Strategic Business Units (SBUs) to meet the IT requirements of new contracts from non-governmental organizations such as the Motion Picture Association of America (MPAA), Major Hollywood studios, and Microsoft.

Jack in the Box Senior IT Internal Auditor 2007 to 2007 • Performed Sarbanes Oxley Internal Audits of all IT Systems. • Analyzed financial anti-fraud control measures for control gaps. • Perform surveys of headquarters staff functions and activities in assigned IT areas to determine the nature of the operations and the existence and adequacy of the internal and IT controls used to achieve established objectives • Performed detailed operational efficiency reviews of Information Systems (IS) Department. • Analyzed General and Administrative (G&A) budgets and spending to verify efficient spending.

KPMG Security Contractor 2006 to 2007 • Completed two high speed IT security Audits for a Biotech firm and an Investment Firm as a KPMG contractor from Payroll Outsourcing Plus Inc.

Superior Resources Inc Sarbanes Oxley, FISMA, and NIST IT Security Consultant 2005 to 2006 • Conducted the 2006, FISMA & NIST SP 800 assessment of the CA DHS Medi-Cal IT System (www.medi-cal.ca.gov). • Evaluated adequacy of proposed Computer Assisted Auditing Techniques (CAAT) used by Intel Corporation for annual and quarterly SOx requirements and verified their effectiveness in 2006 reporting. • Evaluated complex business security risks and implementing controls to mitigate risks for Medi-Cal/Medicaid systems. • Documented process narratives, control matrices, testing plans, testing scripts, and testing. • Conducted a special IT security audit of SAP with respect to daily payroll operations. • Analyzed ERP systems & tested automated features of SAP and SAP supplementary applications. • Used PCAOB rulings, COSO Framework, and COBIT Domains to evaluate IT security control objectives. • Performed IT Audits of internal controls over financial reporting systems as required by section 404 of the Sarbanes Oxley Act 2002 for Deloitte, BDO BridgeMark Risk Consulting, CBIZ Accounting, Aeroflex Corporation, Hain-Celestial Group/Jason Natural Products, and Intel Corporation.

DCS Corp Security and IT Systems Consultant 1995 to 2005 • Assisted with DIACAP certification for Crytologic systems. • Conducted system engineering analysis to select commercial IT systems and government developed system to meet Navy-wide Cryptologic and IT Network Defense needs, based on performance requirements. • Developed a full range of Department of Defense Compliance Documents related to system acquisition, finance, engineering, testing, logistics, training, maintenance, safety, environmental, and security for the Naval Air Systems Command (NAVAIR) and the Space and Naval Warfare Systems Command (SPAWAR). • Supported DCS Corporation's commercial customers with Lotus Notes application development and Domino system administration in environments of NT, Novell, and Sun Solaris UNIX for Semtech (IC Chip Manufacturer). • Designed, implemented, and maintained Lotus Notes and Domino working web sites, Intranets, and Extranets.

Engineering Purchasing Consultant LSA Inc 1993 to 1995 • For Aircrew Systems, developed a full range of Department of Defense Compliance Documents related to system cost analysis, acquisition, finance, engineering, testing, logistics, training, maintenance, and safety for NAVAIR. • Developed cost estimates for planned Navy system acquisitions and used life cycle cost reduction techniques to lower cost and ongoing support of a wide range of Navy IT systems.

BAE Systems Engineering Purchasing Consultant and Program Manager (BAE/Tracor) 1987 to 1993 • Supervised six engineers consulting on improvements to Naval engineering systems and logistics for the Naval Sea Systems Command (NAVSEA). • Assisted in the development of the Depot Modernization Period (DMP), which reduced industrial availability costs by 60% and duration by 30% compared to regular overhauls of SSN 688 Class submarines. • Recommended and gained NAVSEA approval for specific operational maintenance changes to reduce SSN 637 and SSN 688 Class submarine maintenance costs by more than 20%, without reducing readiness.

US Navy Nuclear Trained Submarine Officer 1984 to 1987 • On board the USS MINNEAPOLIS-SAINT PAUL (SSN 708), supervised operations of the nuclear reactor, propulsion, and electrical power generation during all normal operating and emergency conditions. • Supervised the E-Div and RC-Div enlisted technicians in the repair of shipboard electronic equipment. • Earned an Expeditionary Medal and a Battle E ribbon through outstanding independent submarine operations. • Then as Type Desk Officer at the COMSUBLANT Admiral's Staff, supervised the material office coordinating day-to-day repair operations throughout the 2nd (Atlantic) and 6th (Mediterranean) Fleets Expeditionary Medal

Volunteer Experience & Causes Singer Saint Francis Xavier Choir, Burbank, CA