Marie-Anne Byrne's Email Addresses & Phone Numbers

📖 Summary

Information Security Manager @ Particular areas of security expertise include: • ISO27001 / ISO27002 / ISO17799 / BS7799 • Cryptography • Security Policy and Procedure Development / Review • Security Assessment • Risk Management • Security of payment cards and automated payments • IT Audit From March 2014 to Present (1 year 10 months) Computer Audit Manager @ - Creation, management and delivery of a three year risk based IT audit plan. - The annual audit review and certification of the Societies compliance with PCI PIN Security standards, PCI DSS and Link LASISS. - Providing risk and control advice to various IT projects. - Managing, planning and executing risk based technical audits to include Windows and UNIX operating systems, Oracle database reviews, application reviews, programme and project governance, system development lifecycle, business continuity and change management, including the analysis of systems and procedures in line with ISO 27001. - Managing the follow up of IT audit actions, reporting progress to the appropriate audit and risk committees. - Extensive use of IDEA, SQL, Business Objects, Crystal reports and Excel to facilitate the use of CAATs. - Design, setup and maintenance of a repeatable suite of data extraction reports using Crystal Reports and Business Objects. - Recruiting and managing external resource to supplement the in-house IT audit skills and knowledge. From June 1997 to March 2014 (16 years 10 months) Senior Operational Risk Analyst (IT) @ - The set-up and operation of the IT area of the newly formed Operational Risk department, evaluating the regulatory requirements and implementing a program of work to enable compliance to be achieved. - Developing an approach to be adopted by the Society when formally assessing the Society’s exposure to risk when developing new or changing existing applications, systems and processes. - The development and implementation of End User Computing controls. - The development and implementation of project management standards. - Key stakeholder for all major IT projects, leading the evaluation of risk and control, making recommendation for security improvements. - Providing risk sign off for all major projects. - The development of regular and ad-hoc reports for on-going identification of fraud and for investigating specific incidents. - Perform ad-hoc reviews following IT incidents in order to independently report to Executive and senior management on control weaknesses. From February 2005 to April 2007 (2 years 3 months) Senior Computer Auditor @ - The production, agreement and management of an annual risk assessment of the IT systems and procedures in order to develop an annual risk based plan. - The development, management and delivery of formal IT audits programs in line with ISO 27001. - Providing specialist risk and control advice to major IT projects regarding the security of new systems and processes being developed. Investigate and report back on security considerations for new technology. - Providing risk and control advice to the IT department when formulating the IT Security Policy. - The design and production of regular and ad-hoc reports detailing data exceptions or meaningful samples to be analysed as part of business audit reviews and financial crime investigations. - The provision of detailed technical knowledge to the business audit team regarding the systems and applications in place. - The commission and review of penetration tests on behalf of the Society. From June 1997 to February 2005 (7 years 9 months) Computer Auditor @ - Various IT audits, including the review of data centre installations, application security, UNIX and IT system procurement. - The evaluation, purchase and implementation of the IDEA data interrogation package. - Development of data interrogations for use on various business and IT audits including UNIX, windows, payroll and accounts payable applications. From January 1994 to June 1997 (3 years 6 months) Applications Support Analyst @ - Restoration and correction of production systems on failure. - Investigation and correction of reported discrepancies. - Writing basic Cobol programs. - Participation in the creation and development of system development and operational standards. - Designing standards for the development of Structured Control Language (SCL) scripts for running batch procedures. - Monitoring adherence to system development standards prior to implementation of software. - Providing out of hours cover for the resolution of incidents with production systems and batch schedules. - Creating specifications for and writing procedures using System Control Language (SCL) From April 1989 to December 1989 (9 months) HND, Computer Studies; Computer Science @ Bourneville College Marie-Anne Byrne is skilled in: IT Audit, Operational Risk, Risk Analysis, IDEA, PCI PIN, PCI DSS, ISO 27001, LASSIS, Electronic Payments, Unix audit, Oracle audit, Windows audit, Crystal Reports, Business Objects, caats