ISACALA ISACA .org - ISACA – Los Angeles Chapter
Transcription
ISACALA ISACA .org - ISACA – Los Angeles Chapter
ISACA .org ISACALA LA Chapter Inside CISA/CISM Exam Offer.............1 President’s Message ...2 Annual General Meeting .................2 Meeting Abstract .......3 Campus News ...........4 Monthly Article ..........5 Conference Update ....7 Academic Relations.....8 News Update ............9 Information Systems Audit and Control Association June 2005 YOU ASKED FOR IT - YOU GOT IT! CISA and CISM Exams Now Offered Twice a Year More than 20,000 candidates worldwide have registered for the June 2005 CISA and CISM exams. These unprecedented registration numbers demonstrate the vast demand and interest in the achievement of each credential. ISACA will add a second annual administration of each exam in order to accommodate more CISA and CISM candidates, beginning this December. Exam locations will be limited to large sites (75 or more past candidates/year) and more common languages (500 or more candidates/year) for the December 2005 administration. The additional exams will be offered on Saturday, December 10, 2005 and registration opens July 1, 2005. The chapter is determining whether there is interest in another CISA/CISM review program. If you are interested, please send an email to CISA@isacala.org or CISM@isacala.org. Call for Papers .........10 New Members .........11 Employment ...........14 Board ....................22 Chapter Officers President Thomas Phelps IV, CISA PricewaterhouseCoopers LLP president@isacala.org (626) 590-9995 Vice President Cheryl Santor CISSP, CISM, CISA Metropolitan Water District of Southern California vicepres@isacala.org (805) 795-2057 Secretary Anita Montgomery CIA, CISA Countrywide Financial Corporation secretary@isacala.org (805) 520-5482 Treasurer Martin Rojas PricewaterhouseCoopers LLP treasurer@isacala.org (213) 217-3309 Thomas Phelps introduces the Sarbanes-Oxley Keynote Panel: (from left to right) Scott Delanty from Computer Sciences Corporation, Gerald Conroy from PricewaterhouseCoopers LLP, Isabelle Theisen from Warner Brothers, and Steve Kinnan from Countrywide Home Loans. Early election results indicate the election slate of officers and directors will be approved by the membership. If you haven’t done so already, please return your ballot to show your support, and include a note of any help you may be able to provide the chapter. Remember it is a volunteer organization and we need your participation. June 2005 President’s Message/Annual Meeting President’s Message ISACALA Annual General Meeting Tuesday, June 14, 2005 Monterey Hills Steakhouse BY THOMAS PHELPS IV 3700 W. Ramona Blvd Monterey Park, CA 91754 (323) 264-8426 A t the 2005 Global Leadership Conference in April, the leaders of the Very Large Chapters (e.g., Korea, Hong Kong, New York, Los Angeles) were asked about the number of volunteers in their chapters. I am proud to say that our chapter has over 35 talented and dedicated volunteers. As we conclude our 2004-2005 year with our upcoming Annual General Meeting, I’d like to thank our volunteers for their selfless service, and our members for their support. We s h o u l d b e p r o u d o f o u r accomplishments in 2004-2005: • 2004 K. Wayne Snipes award for the Best Very Large Chapter in North America • Celebration of our 35th anniversary • Membership growth of 47 percent since 2004 to 767 members, and 74 percent since 2003 • Spring Conference record attendance of over 250 people, and strong attendance at monthly meetings and seminars • Over 50 CISA review course registrants As I look ahead to the future of our chapter, I’m very excited about our opportunities for growth. Thank you for your support these past two years. As the outgoing president, I look forward to supporting our chapter’s initiatives on: 1) enhancing the CISA Review training course; 2) updating our bylaws; and 3) writing another chapter in the book on ISACA’s history. Please join me in welcoming Cheryl Santor, president-elect, and your 20052006 officers and board of directors. Page 2 Meeting Topic Hardening Web Application Code Presented By Mike Villegas, CISA, CISSP Manager-Technology Risk Management Wells Fargo *FREE to ISACA-LA Members * Must RSVP on or before June 9th before 3:00pm Rates ISACA-LA Members Other ISACA Chapters NonMembers Full-Time Students Reserved *FREE $25 $30 $15 Walk-Ins or After June 9th $35 $35 $40 $25 * Free - ISACA-LA Members who Pre-Registered on or before Thursday, June 9, 2005. Payment Methods: Cash and Checks (made payable to ISACA-LA) only. Reserve A.S.A.P. Annual General Meeting - President’s Comments/achievements of the chapter - Presentation of the 2005 - 2006 chapter board - Recognition of Volunteers AGENDA: 5:00 PM to 5:30 PM Registration and Pre-Meeting 5:30 PM to 6:00 PM Annual General Meeting 6:00 PM to 6:30 PM Dinner 6:30 PM to 8:30 PM Program (2 hours CPE) June 2005 Meeting Abstract MEETING TOPIC: Hardening Web Application Code SPEAKER: Miguel (Mike) O. Villegas, CISA, CISSP Manager, Technology Risk Services Wells Fargo ABSTRACT: Almost without exception, organizations have web applications that interface with customers, vendors, businesses and employees in the open net. With the growing concern of external threats from around the world, these same organizations are finding quickly the importance of developing these web applications with secure code. In many organizations, unsecure or badly written code is implemented over time and without incident. This false sense of security is highlighted when their code is reviewed by competent security personnel, outside consultants, Big-4 members or the organization’s web application developers. In some organizations, developers now are required to take additional training in writing secure code for external facing web sites and sensitive web sites inside the DMZ. This lecture will describe the risks associated with unsecure code, what to look for, some tools in the market Page 3 place used for secure code reviews, suggested training for developers and recourse in the event of security incidents occurring due to unsecure code written by outside contractors or outsourced to development firms. ABOUT THE SPEAKER: Mike is Vice President & Technology Risk Manager for Wells Fargo Services responsible for Sarbanes-Oxley 404 technology testing and technology compliance. He has over 24 years of information systems security and IT audit experience. Mike was previously a partner at Ernst & Young and Arthur Andersen over their information systems security and audit groups over a span of nine years. He has managed several IT Internal Audit departments for two large California banking institutions. He has focused on IT audits and security of mainframe and enterprise environments providing professional consulting services to Fortune 1000 companies across all industries. Mike is currently 1st Vice President of the ISACA San Francisco Chapter, Chair of their 2005 Fall Conference, and a member of their Education Committee. He also served for two years as Vice President on the Board of Directors for ISACA International. Mike is a Certified Information Systems Auditor (CISA) and a Certified Information Systems Security Professional (CISSP). Spring Conference Committee members with student volunteers June 2005 C ongratulations! California State Polytechnic University, Pomona has been designated as a National Center of Academic Excellence in Information Assurance Education for academic years 2005-2008. Official letters of notification are being sent to the university president, state governor, Members of Congress, and appropriate Congressional Committees. A press release has been posted on the National Security Agency web site, http://www. nsa.gov/ia/academia/acade00001.cfm. Cal Poly Pomona is the only California State University with that designation, and one of only four institutions in the state, along with Stanford University, University of California Davis and the Naval Postgraduate School in Monterey. Cal Poly Pomona submitted the Information Systems Audit option of its Master’s of Science in Business Administration, and Computer Information Systems concentration Campus News (Internet Programming and Security track) of its Bachelor’s of Science in Business Administration for consideration for the designation. The National Center of Excellence in Information Assurance Education program aims to reduce vulnerability in the nation’s information infrastructure. It honors 4-year colleges and graduate-level universities that produce professionals with information assurance expertise in various disciplines. During the application process applicants are evaluated against stringent criteria and must pass a rigorous review demonstrating their commitment to academic excellence in information assurance education. A ceremony recognizing Cal Poly Pomona’s achievement will be held at 9:30 a.m., on Tuesday, June 7th, 2005 during the annual conference of the Colloquium for Information Systems Security Education. The conference will be held at the Georgia Tech Conference Center, Atlanta Georgia. Page 4 Once again, the ISACA LA Chapter extends our congratulations to Cal Poly Pomona for its outstanding academic achievement! From left to right: Steven Curl (department chair), Dan Manson (Professor), Fred Gallegos (Lecturer) and Dean Lynn Turner of the College of Business Computer Information Systems department worked hard to have the department designated as a National Center of Excellence in Information Assurance Education. (Photo and source information courtesy of PolyCentric, Cal Poly Pomona Web site http://polycentric. csupomona.edu/news.asp?id=855) Attendees at the opening meeting of the 2005 Spring Conference hosted by the Los Angeles Chapter of ISACA. June 2005 PREVENTING PENETRATION THROUGH WEB SERVER SECURITY Justin Peltier Senior Security Consultant, Peltier Associates Email: jpeltier@pelttech.com Y our web server has to be available to the Internet. Think about what that means. This means that at least one system from your organization will allow anyone on the Internet to access it. Because of this, corporate web servers are one of the more popular targets for attackers and other malicious entities to use to gain access to your critical data or your internal corporate network. This should not cause an organization to run to the network operations center (NOC) and power off the web server. There are several key controls, when they are correctly implemented, which can minimize the likelihood that a web server penetration will happen in your organization. In order to understand how to secure your web server against attack we need to discuss exactly how a web server can be exploited. When an attacker begins to attack a web server the first step is to perform reconnaissance attacks. The goal of these attacks is to gain information about which type of web server your organization is using as well as the underlying operating Monthly Article Page 5 system. An attacker needs to know this because most attacks are going to be effective against only one type of web server and one operating system. There are many different places that attackers will gather information that will let them know which type of web server your organization is using. It is good practice to change these settings to reflect another type of popular web server. This can confuse a skilled attacker for a while and deter a less skilled hacker altogether. windows2000/downloads/ recommended/urlscan/default.asp. One of the primary sources of information an attacker will use is something called the application banner. This banner is a response that is given when the application receives data and usually this uniquely identifies the web server. For example when an attacker uses any number of utilities the server will respond with some type of application banner. One of the more common responses is: Server: Microsoft-IIS/5.0. Httprint uses mostly bad web page requests to determine what type of web server the target is actually running. One way that Httprint gets the web server to generate an error page is by requesting a directory from the web server of “/ antidisestablishmentarianism”. A very easy way to prevent an attacker from gaining this type of information is by blocking requests for this directory at a content filtering firewall or by creating a directory with the name of “antidisest ablishmentarianism”. This response tells the attacker that this is a Microsoft web server and it is version number 5.0 (this is the default web server on a Microsoft Windows 2000 Server). This is actually an easy fix to provide false information to an attacker. What you are hoping to do is change the settings to reflect another popular web server. This can be done with many common web server security utilities. One of the most popular is urlscan available directly form Microsoft’s website. The link for this utility is h t t p : / / w w w. m i c r o s o f t . c o m / This is not a definitive solution to stopping an attacker from fingerprinting your web server, but it is an effective first step. An attacker is typically going to follow up the web banner response with another utility to verify this information. One of the most common utilities to do this is called Httprint and it is available from http://net-square.com/httprint/. Another fingerprinting technique that can be used by an attacker is to use the TCP window size. This field is sent by the web server as a way of negotiating the amount of data that can be sent between the server and the client. This field is unique to each operating system and this can be used to determine or verify which system the remote web server is currently running. Since this See PREVENTING, page 6 June 2005 PREVENTING continued from page 5 field uses a predictable value an attacker could determine the system type by simply using a utility like a network sniffer and making a web request with a web browser like Microsoft’s Internet Explorer. Seeing this field an attacker could determine the system type quickly and then select the appropriate exploit to attempt against the web server. To protect your web server against this type of information gathering attack change the TCP window size to a non default value. This change is just made in the registry of the systems. Information on changing the TCP window size is located on Microsoft’s website at http://support.microsoft.com/ default.aspx?scid=kb;en-us;810382 . Once an attacker has determined the type of web server and the underlying operating system the attacker will then launch an attack. The most common type of attack that will allow an attacker to execute arbitrary commands on the target web server is a buffer overflow. A buffer overflow is a detailed attack, but greater detail on buffer overflow attacks is for another article at another time. When an attacker executes a buffer overflow against your web server it will be sent against the common port for web traffic (TCP port 80). Since this port is open on most firewalls to allow web Monthly Article server requests from legitimate clients, the firewall will not stop this type of attack during this phase. Page 6 mentioned above (placing restrictive egress filters) provides protection against many attacks against your web server. This means that even if the web Once the buffer has been overflowed most exploit code will then perform a “call to home”. This will open a connection from web server back to the attacker’s remote machine. This connection will typically open a high port on the web server to a high port of the attacker’s system. Since this communication will take place on nonstandard ports, your firewall can help prevent the attack during this phase. Unfortunately, most organizations configure their firewalls to allow all outgoing traffic (egress filtering) while placing a restrictive set on incoming traffic (ingress filtering). This common configuration does not block the buffer overflow attack at all. However by changing the firewall’s configuration to allow only web server traffic (TCP port 80) as outgoing traffic from the web server, we can block the “call to home” connection to the attacker’s machine. server has a vulnerability the firewall will provide some protection against attack. However even if the “call to home” connection is blocked an attacker can usually use the same vulnerability to perform a denial of service (DOS) attack. To summarize the best countermeasures that can be used to protect your web server are: 1. Change your web server’s application banner 2. Create or modify directories and web pages to stop attacker utilities like Httprint from working against your web server 3. Change your web server’s default TCP window size 4. Implement egress filtering on your firewall to allow only traffic on needed ports from your web server By making the changes listed above With this connection blocked the attacker cannot execute commands or interact with the firewall in any way unless the firewall’s configuration is changed. To an attacker this means having to either compromise the firewall as well to change the configuration or to simply give up and move to another host. it will take much more effort for an attacker to determine what type of web server you are using and also it will increase the difficulty of compromising your web server. These changes are not an iron-clad guarantee that your web server cannot be compromised. You will always need to keep up to date with patches and to check your web server for The type of firewall configuration vulnerabilities regularly. Conference Update June 2005 2005 Spring Conference BY DEBBIE LEW, CISA 2005 SPRING CONFERENCE ANOTHER SUCCESS!!! There were over 250 participants for this year’s conference. We received many positive comments and ideas for next year. The conference would not be a success without its volunteers. Please acknowledge and thank the student volunteers and the conference committee: Sandy Geffner - Valacon Larry Hanson - Southern California Edison Lisa Kinyon - Countrywide Financial Tom Knodle - IndyMac Bank David Lowe - Sony Pictures Entertainment Anita Montgomery - Countrywide Financial Frank Ness - Honda North America Thomas Phelps IV PricewaterhouseCoopers, LLP Cheryl Santor, Metropolitan Water District Rachel Sciacca, PricewaterhouseCoopers, LLP Amanda Xu - KPMG, LLP We start planning next year’s conference this summer. We’re seeking speakers and topics, if you have ideas or want to speak, email conference@isacala.org. Next year’s conference is tentatively scheduled for May 1 - 3, 2006. So, circle your calendars!!! Debbie Lew Spring Conference Chair ISACA GLOBAL LEADERSHIP CONFERENCE April 22-24, 2005 by Cheryl Santor The Los Angeles Chapter of ISACA was privileged to send Thomas Phelps, President, Cheryl Santor, Vice President, and, Anita Montgomery, Secretary, to the 2005 Global Leadership Conference held in Las Vegas, Nevada, over the weekend of April 22-24, 2005. Debbie Lew, Membership Board member, taught and facilitated several workshops at this event. The Global Leadership Page 7 conference was well attended by individuals from every corner of the world. We often heard comments of how long it took to get to Las Vegas from distant places such as Malta, which took 26 hours of travel time. It was inspiring to see representatives from chapters in 55 countries attend to learn and explore what they can achieve in their local chapters. Ideas were shared for improvement at the International level and the local levels. The Los Angeles Chapter was the proud recipient of the K. Wayne Snipes award for the Best Very Large Chapter in North America. We are very proud of our chapter’s hard work in providing high quality services to our chapter members and, for our efforts, we WON! Thanks to all the volunteers who contributed to this award. Also, the Los Angeles Chapter was honored to donate $5,000 in support of the ITGI research area of ISACA. It was inspiring to see chapters lining up to donate to this worthy endeavor. The Los Angeles chapter receives the K. Wayne Snipes award for the Best Very Large Chapter in North America. From the left, Anita Montgomery, Secretary; Thomas Phelps, President; Marios Damianides, International President, ISACA and ITGI; and, Cheryl Santor, Vice President. June 2005 Academic Relations and Research BY AMANDA XU BEST PAPER CONTEST ISACA LA Chapter is offering one or more awards totaling up to $1,500 to promote knowledge in Information Systems Auditing. Papers will be accepted from April 1, 2005 through June 30, 2005. Recipients will be selected in the summer. Winners will be announced in a Fall 2005 dinner meeting of the Los Angeles Chapter of ISACA. Papers should be typewritten, a minimum of 2,500 words and follow the Chicago Manual of Style using endnotes, rather than footnotes, to credit sources. The entry form can be downloaded from the ISACA website at www.isacala.org or you can email academicrelations@isac ala.org to receive the form. Minimum criteria for the paper are: • Original material on a current topic related to Information Systems Auditing • Well researched with the majority (>50%) of the references less than 2 years old • Paper must be well organized and free from grammatical and spelling errors • Preference will be given to papers that are presented in a format that is easy to read and understand. Academic Relations Page 8 All award recipients are subject to approval by the Board of Directors of the Los Angeles Chapter. Awards will not be given if candidates do not meet minimum qualifying criteria. at a Fall 2005 dinner meeting of the Los Angeles Chapter of ISACA. All award recipients are subject to verification and approval by the Board of Directors of the Los Angeles Chapter. Send papers with entry form, questions or comments to academicrelations@is acala.org. Send entries, questions or comments to academicrelations@isacala.org. ACADEMIC SCHOLARSHIPS One or more scholarships totaling up to $1,500 are being offered to promote information systems auditing. Candidates should submit a letter defining their qualifications for the scholarship, three letters of reference (school or work), and a copy of their transcript to academicrelations@isac ala.org. The minimum qualifications for the scholarship are a minor or major in Information Systems Auditing, CIS, or related major and a GPA of 3.0 or greater (undergraduate) or 3.5 or greater (graduate) . Preference will be given to those currently pursuing a career in Information Systems Auditing or who have published in the field of IS Auditing. Grade point average, number of articles published and level of professional involvement will also influence the selection. Entries for the scholarship will be accepted from April 1, 2005 through June 30, 2005. Recipient(s) will be selected following the entry deadline and the scholarship(s) will be presented STUDENT LIAISON PROGRAM ISACA-LA is searching for one to two student representatives from each local college and university to promote ISACA-LA events (dinner meetings, spring conference, CISA Review, summer picnic, etc.). Academic Relations offers free student membership for the selected student representatives. Contact academicrelations@isacala.org for more information. ISACA STUDENT MEMBERSHIP (ONLY $25) Two years ago the ISACA International Board of Directors approved the reduction of ISACA Student Membership Dues. The International dues for students have been reduced from US $60 to US $25 annually. Also, student fees are waived for the Los Angeles Chapter. To facilitate the 58% reduction in dues, the benefits that student received by mail will now be available electronically. Most notably, the IS Control Journal will be made available exclusively online via the web site. Please visit ISACA’s student site at http://www. isaca.org and click on the link “Students & Educators” for more information. June 2005 News Update Page 9 ISACA’S CAREER CENTER IS security standards, codes of practices how successful enterprises have NOW ONLINE! and methodologies have been integrated information technology developed and published, all with and business strategies, culture, the purpose of providing some level and ethics to optimize information of direction or support for security value, attain business objectives and objectives. capitalize on technologies even in The Career Center is now available for IT professionals seeking to hire and those searching for a job. ISACA members can look for jobs online highly competitive environments. This and can specify criteria to limit each The purpose of this technical study search. Job seekers can search by is to provide CISM holders with geography, professional certification, a guide to the better-known and experience level and a number of other more widely available information RESEARCH PROJECT factors. Act now to be among the first security documents. More than 17 SPOTLIGHT: NEW to post your resume in the members- standards/guidance were evaluated only resume database. Members have across a number of criteria, enabling the added advantage of being able to information security managers to receive e-mail notification when new identify those that may be most jobs are posted. appropriate for improving their own skills and knowledge or for use within publication is available at the ISACA Bookstore, www.isaca.org/bookstore. THE CEO’S GUIDE TO IT VALUE@RISK Effective IT governance is one of many board priorities. An their organizations. organization that has not suitably and information security professionals. The full study includes insights significant opportunities to enhance The Career Centre highlights the learned from a global survey of CISM CISA and CISM designations, thus holders. It is posted on the web site for providing a special opportunity for ISACA members. exposing the business to significant NOW AVAILABLE: guidance helps CEOs, boards and GOVERNANCE OF THE senior management respond to these new offering! EXTENDED ENTERPRISE challenges. INFORMATION SECURITY Globalization and worldwide IT issues are often poorly understood, HARMONISATION— communications have overridden and they are given correspondingly CLASSIFICATION OF GLOBAL national boundaries. In many lower priorities, despite the increasing GUIDANCE markets, the effects of global financial reliance placed on IT. Within many interdependence (governmental, enterprises, IT costs are the second The role of the information security political and business) are now highest expenditure after staffing, manager has evolved over the past few so interconnected that they must yet how that money is spent and years from an essentially IT-focused be considered with almost any what value is actually delivered can position to that of a business/IT decision being made. Governance hybrid. At the same time, numerous of the Extended Enterprise shows For those seeking to hire, the ISACA Career Centre is the source for IT audit those interested in hiring CISA or CISM holders. Please visit www. isaca.org/jobs to explore this exciting addressed the subject could be missing shareholder value and improve market capitalization, while at the same time financial and reputational risks. This See News Update, page 10 News Update June 2005 News Update, continued from page 9 Visit the Bookstore at www.isaca. be uncertain. While complexity and of secure online ordering, or see pervasiveness make it difficult to track the Journal’s Bookstore insert for costs and value, it could be one of the additional information. Contact the most significant value drivers within Bookstore at bookstore@isaca.org or an enterprise. +1.847.253.1545, ext. 401, with any This publication is available at www. itgi.org. BOOKSTORE UPDATE New ITGI research and peerreviewed books offered in the ISACA • 19-21 September 2005— Network Security Conference, Enterprise Risk Assessment and Business Impact Analysis • Essentials of Strategic Project Management The bookstore is also having a special sale - see www.isaca.org/salebooks for descriptions. 16-19 October 2005— • Amsterdam, The Netherlands • 14-16 November 2005— Information Security Management Conference, Amsterdam, The Netherlands 19-21 September 2005— Vegas, Nevada, USA 14-16 November 2005— Network Security Conference, Las Vegas, Nevada, USA Management Conference, Las • • EDUCATIONAL EVENTS Fundamentals Security Risks in IT Systems Australia • CONFERENCES AND Information Security Assessing and Managing CACS, Perth, Western Australia, ADDITIONAL 2005 Information Security • 24-26 October 2005—Oceania City, Panamá • COBIT® 3a Edición • Latin America CACS, Panamá COBIT® Security BaselineTM • 6-7 October 2005—Asia CACS, Bangkok, Thailand questions. • Principles of Fraud Detection • org/bookstore and take advantage Bookstore include: • Page 10 • 8-9 December 2005— IT Audit Executive Forum, Scottsdale, Arizona, USA CALL FOR PAPERS Dear ISACALA members, We are seeking articles to include in future editions of our newsletter. The newsletter provides a forum for you to contribute to the continuing education of our members. This is an excellent opportunity to receive recognition for your areas of expertise among the ISACA family and to raise your profile among the professionals in your field. Our readers have expressed interest in the following areas: IT security and governance, audit and controls, information assurance, compliance issues, tools and technologies, and emerging issues. Please send your submissions to news@isacala.org. We really look forward to hearing from you! Mary Ma ISACALA Newsletter Editor June 2005 New Los Angeles Members Page 11 Welcome New Members! Name Company Name Company James Merideth American Honda Motor co., Inc. Metropolitan Transit Authority PricewaterhouseCoopers LLP Zenith Insurance Company Bruce Roton American Honda Finance Corp. RemedyIT Services Inc. Superior Industries Int’l, Inc. The Walt Disney Company Ernst & Young LLP PricewaterhouseCoopers LLP Pelican Products Tetra Tech, Inc. Telelogic NA Inc. Washington Mutual Bank Homestead Studio Suites Lidia Ortiz Castillo Debra Santos William Bautista Charlene Chao Moises Gomez Jamie Roughan Sana Ahmad Susan Anderson Rodney Dor Stacie King Stacey Lee Lawrence Tran Yijia Zhou Mala Chana Aubrey Clarke Matthew Lee Simon Leung Balaji Pachiyappan Michael Shie Ernst & Young LLP Abet Financial LLC SCPH Hitachi Consulting Deloitte & Touche LLP mizuho Deloitte & Touche LLP Deloitte & Touche LLP Cal Poly Pomona Deloitte & Touche LLP Deloitte & Touche LLP Sangeeta Patel Ivan Ivanov Linda Carmody Bruce Roton Michiko Suzumoto Anthony Ramirez Steven Busco Drew Maness Tresno Santoso James Koh Steve Hochheiser Callistus Lucien John Carrillo Haidi Harieg LaTonya Meanus Hocine Souane W. Krag Brotby Steve Nessen Michael Du Chung Lin Trevor Hayden Ashish Matalia Kwang Oh Jerry Yen Tarana Damania Easy i Hutchinson and Bloodgood LLP Corinthian Colleges, Inc. Tilos, Inc KPMG LLP Deloitte & Touche LLP KENNY H LEE CPA GROUP LA County ISD Ernst & Young LLP Hyun U Cedric Bonner John DeGeorge Nitin Jindal Trent Larson Erika Siqueira Matthew Timbol Evan Tsai Leon VI AillaudManzanera Jenai Robinson Ron Agarwala Francis Franco Matthew Meyer BT Infonet Contract Connection CosoMatrix Corporation Ernst & Young LLP KPMG LLP Deloitte & Touche LLP Hua Nan Commercial Bank Sox Solutions KPMG LLP PricewaterhouseCoopers LLP Protiviti Zenith Insurance Company Amgen June 2005 New Los Angeles Members Page 12 Welcome New Members! Name Company Name Company Pedro Zuniga Countrywide Financial Corporation Wellpoint KPMG LLP Jennifer Zeng Patrick Luce Cal Poly Pomona Los Angeles Unified School District Kevin Delson Joanne Heng Richard Tagumasi Jabulani Leffall Erica Miu Jennifer Felix-Shannon Nazee Hajebi Paul Smart Dharmesh Choksey Hillary Wang Chris Mang Steven Brunasso Mitchell Cochran Karen Doolittle Nicolas Nunez Karen Otto Paul Bryson Peter Choi Kim Dinaully Joanna Gaunder Louis Kroll Augustine Kwak John Loader Sanjeevi Rao Christopher Kanaar Martin Lazniarz Richard Lee Janice Riblet Deloitte & Touche LLP Amgen Deloitte and Touche LLP Pepperinde University KPMG LLP KPMG LLP KPMG LLP Ernst & Young LLP Bank of the West City of Monrovia Ernst & Young LLP Pacific Broadband, Inc. Sony Pictures Entertainment LACMTA - Office of Inspector General city national bank City National Bank City National Bank PricewaterhouseCoopers LLP Countrywide Home Loans Lotus Management Toyota Motor Sales, U.S.A., Inc. PricewaterhouseCoopers LLP SCE Angie Quinn Anurag Sarin Artin Amiryan Jay Brown William Irvin Milton Devore Kellie Morris Joseph Olsen Marta Ruiz Alfaro Rufina Stefanovski Daniel Calvo Bruce Hoffman Bill Sundblad Marie Moran Willie Ong John Seddon Albert Arboleda Mary Nelson Ankur Patel Mayra Torres Ty Tran Andrew Feng Carol Lee Huaimin Liu Michelle Locke Scott Peyton Jun Suto Yakov Ginzburg Irene Ku Shauna Huynh Relsys Inc Jefferson Wells Deloitte & Touche LLP 21st Century Insurance Ernst & Young LLP Ernst & Young LLP Rufina Stefanovski KPMG LLP City National Bank Union Bank of CA Washington Mutual California State University Northridge Deloitte & Touche LLP Ernst & Young LLP KPMG LLP KPMG LLP KPMG LLP DirecTV Peyton & Associates S-Cube Consulting LLC Farmers Insurance Group, Inc. Washington Mutual June 2005 New Los Angeles Members Page 13 Welcome New Members! Name Company Name Company Xiaodong Yun Kristina Bohn Brad Jorgensen Stephen Masterson Eric Peoples Eiji Isobe Patrick Nguyen Sally Luu Cal Poly Pomona Protiviti Los Angeles Times Grant Thornton LLP Jefferson Wells Michael Tutko Motorcar Parts of America Debbie Newman Jouji Yuasa Mark Casas Anthony KIM Anwar Abdus-Samad Jason Atherley Andrea Cangialosi Gaylin Laughlin Caesar Sedek Charles Chantakrivat Andrew Hong Sean O`Donoghue Ariel Coro Hazel Bisou Barry Kraus Deborah Morrisette Douglas Nakakihara Esther Rickman Ernst & Young LLP California State University of Los Angeles PricewaterhouseCoopers LLP Nestle USA California Institute of Technology The Boeing Company California Institute of Technology California Institute of Technology Warner Bros. Entertainment Inc. Cal Poly Pomona Los Angeles County Beaches & Harbors The Macerich Company Cisco Systems, Inc. KPMG LLP Amgen - Corporate Audit Micro Application Training Technologies Holthouse Carlin & Van Trigt LLP Bank of the West Peggy Zeller Nikola Maccaferri Hazael Meza Troy Snyder Edward Carrion Josephine Cheatham Isaac Clarke Robert Greene Allen Khozahi Howard Kung Terence Ou Ismael Padron William Prado Brandon Sauve Adele Simmons David Son Colin Sullivan Janet Valenti NATTPAN ACOSTA Cameron Doherty Rashmila Gurumurthy James Hanger Shannon Kramer Robert Mai Juan Victor Balenton Ilona Basilyan Ari Gati Jonathan Huynh Michelle Romero Washington Mutual Bank NWQ Ernst & Young LLP carrion & associates Jefferson Wells International Ernst & Young LLP Deloitte & Touche LLP Deloitte Consulting Los Angeles County, Department of Audito MAXENT GROUP LLC KPMG LLP BearingPoint DIRECTV Washington Mutual Bank Ernst & Young LLP Ernst & Young LLP County of Orange Health Care Agency Deloitte & Touche LLP Deloitte & Touche LLP JBL Professional Homestore Inc. Nestle USA LA County Auditor-Controller June 2005 Employment Opportunities Employment Ads FIRST DATA CORPORATION Technical Audit Team Lead Denver, Colorado Job Description: • The Technical Audit Team Lead is responsible for establishing objectives for and participating in complex IT audits and consulting projects. • The incumbent is also responsible for identification of required resources, project time scales, detailed project objectives, pre-assessment of risk, establishing time and travel budgets, and leading other team members in completing analysis. Qualifications: • Bachelor’s degree in MIS, computer science, or business related. • A minimum of 6 years experience in audit, information technology, or process management. • Background in mainframe, distributed systems, and/or project management. • Strong knowledge of internal audit function and consultative skills. • Advanced degree or professional certification (CIA, CISA), foreign language, or experience in major public accounting firm. Contact: To apply for this position, please complete our online application found at www.firstdatajobs.com, requisition 001CO10400159. =========================== AMN HEALTHCARE IT/Sox Audit Manager San Diego, CA Job Description: • Assist the Director of Internal Audit, as directed, in the planning of the Sarbanes-Oxley Section 404 (SOX 404) compliance work. • Lead the IT SOX 404 effort for internal audit by managing the outsourced internal auditors, performing compliance work and coordinating external auditor procedures. • Assist the Director of Internal Audit, as directed, in the planning of information technology (IT) internal control audits. • Gather, analyze and document complex information using programming and system query techniques and financial analysis tools. • Identify key control points of the activity being audited, and execute audit procedures using prescribed audit programs, ensuring each step is appropriately and timely addressed. Qualifications: • Bachelor’s degree in Computer Science, Information Systems, Business or Accounting. • Certified Public Accountant, Certified Internal Auditor, Certified Information Systems Auditor and/ or Certified Information Systems Security Professional desirable. • Experience in Sarbanes-Oxley documentation and testing. • 10+ years total information systems experience, with a minimum of 3 years of information systems auditing (private industry or public accounting firm). • 5+ years experience in auditing business financial and information technology processes. Salary Range: $90K - $110K Page 14 Contact: To apply directly for this position, please submit resume/salary to 076ITAM.AMN@hiredesk.net =========================== BDO SEIDMAN, LLP IT Audit ALL levels (Staff through Senior Manager) Los Angeles and Costa Mesa, CA Job Description: • Reviewing, documenting, evaluating and testing general controls in a wide range of environments including mainframe, mid-range and client/server. • General control procedures address IS organization and administration practices, system development and maintenance procedures, system software and hardware controls, security and access controls, computer operations, environmental protection and detection, and backup and recovery procedures. • Reviewing, documenting, evaluating and testing application controls, particularly automated controls on a wide range of software application packages including PeopleSoft, JD Edwards, SAP, Lawson, Oracle Financials, Great Plains, Solomon IV and MAS/90500. These controls focus on application control procedures that are designed and implemented to ensure transactions are completely and accurately entered and properly processed by the application system(s). • Identifying opportunities for the use of computer assisted audit techniques (CAATs) and programming these CAATs using audit software (i.e., IDEA, ACL, etc.) and other available tools. • SAS70 and other consulting June 2005 Employment Opportunities projects. • Participating in the review of internal controls as described in the Sarbanes-Oxley Act of 2002. Qualifications: • The ideal candidate should have an undergraduate degree in MIS/CIS, computer science, accounting, finance or a related field from a recognized college or university. An advanced degree is a plus but not required. • Entry level or up to 5 years of Information Systems and Operational Auditing. • Public accounting and internal auditing experience. Strong background in controls and compliance. • Experience in performing both general and application control reviews. • A working knowledge of Windows, UNIX, OS400, and major accounting and ERP application software packages. • A professional certification such as CPA, CISA, CISSP, CFE is a plus but not a requirement . Application Deadline: 8/1/2005 Contact: Please email resumes to Dana Henry: dhenry@bdo.com Recruiter-Western Region, BDO Seidman, LLP 1900 Avenue of the Stars, 11th Floor, Los Angeles, CA 90067 Phone: 310.557.8286 Fax: 310.557.1777 =========================== BECKMAN COULTER, INC. Senior Internal Auditor - Information Technology Fullerton, CA Job Description: • Review entities to assess internal controls, operational practices and compliance with company policies and regulatory requirements with focus on information technology. • Plan and conduct complex IT and integrated audit projects that will include ERP post implementation evaluations, general computer and application controls assessments and other specialized technical reviews. • Experience in the development of computer assisted audit techniques using ACL and other tools desirable. • Must have excellent interpersonal and communication skills (written and verbal). Qualifications: • Requires a BA in Information Technology, or business related field with a minimum of 4 years IT Audit experience. • CISA, CISSP, CIA or CPA credentials preferred. • Second language fluency is highly desirable. Salary Range: Commensurate with experience. Contact: Apply online at www. beckmancoulter.com. Search on Job # 02661 =========================== BECKMAN COULTER, INC. Senior Quality Systems Assessment Specialist Fullerton, CA Job Description: • Conduct reviews of Information Technology functions to address IT practices and internal controls. Page 15 • Perform reviews to assess the effectiveness of IT controls and compliance with Company policies/ procedures and applicable regulatory requirements. • Provide relevant recommendations to strengthen and enhance IT risk management practices and controls. • Assist in year-end audit with public accountants and special management projects. Qualifications: • Requires a Bachelor’s degree with a major in IT. • Master’s degree in Business Administration, professional certification (CISA/CIA/CPA) desirable. • Second language fluency is highly desirable. Salary Range: Commensurate with experience Contact: Apply online at http//www. beckmancoulter.com Contact Fax: (714) 961-4113 =========================== CALIFORNIA STATE UNIVERSITY NORTHRIDGE Security Analyst Department of ITR Administration - Northridge, CA Job Description: • Coordinate development & ongoing support of security-related processes & architectures for the campus information security plan & other related activities. • Take lead role in the design & implementation of appropriate business processes. • Perform other duties as assigned. June 2005 Employment Opportunities Qualifications: • 4 year degree plus 5 years FT technical/functional experience. • Significant experience in program analysis & development in info security processes. • Experience in designing & implementing appropriate business processes, and policies & procedures, audit processes & reports. Application Deadline: Open Until Filled Salary: $4202-6303 mo./full-time (Hiring Range: $4202-5500 mo.) Contact: You MUST submit our Employment Application to be considered for this position, available at our website: http://www-admn. csun.edu/hrs/Employment Email Address: applications@csun.edu Phone: 818 677-2101 Fax: 818 677-7863 =========================== ERNST & YOUNG Technology & Security Risk Services Senior Los Angeles, Irvine, San Diego, Las Vegas, Denver, Phoenix Job Description: • Participate in identification and testing of IT processes and controls (general & application). • Help plan engagement and develop work programs timelines, risk assessments, & other doc’s. • Work with audit team to document business processes dependent on information technology. • Direct progress of fieldwork and manage staff performance. Page 16 Qualifications: • Degree in business, accounting, finance, CS, IS, engineering and/or other related major. • Min. 2 yrs audit exp. for public accounting firm or systems experience to meet special needs. • Advanced written and verbal communication skills. • Excellent leadership and teamwork skills. • Demonstrated integrity within a professional environment. other related major. • Min. 5 yrs audit exp. for public accounting firm or systems experience to meet special needs. • Advanced written and verbal communication skills. • Excellent leadership and teamwork skills. • Demonstrated integrity within a professional environment. Salary Range: DOE - Depends on experience Contact: For consideration, please submit your résumé/CV using the password 26514 at: http://ey.com/ ca/doorway (http://ey.com/ca/porte). Visit our Web site at: www.ey.com. Contact: For consideration, please submit your résumé/CV using the password 26514 at: http://ey.com/ ca/doorway (http://ey.com/ca/porte). Visit our Web site at: www.ey.com. =========================== ERNST & YOUNG Technology & Security Risk Services Manager Los Angeles, Irvine, San Diego, Las Vegas, Denver, Phoenix Job Description: • Lead team in identification and testing of IT processes and controls (general & application). • Collaborate with audit team regarding client’s IT environment and industry IT trends. • Assess effectiveness of organization’s IT functions. • Generate new business opportunities by developing ideas and solutions to present to clients. Qualifications: • Degree in business, accounting, finance, CS, IS, engineering and/or Salary Range: DOE - Depends on experience =========================== FIRST FEDERAL BANK OF CALIFORNIA Auditor Santa Monica, CA Job Description: • Plans and executes information technology audits for the Bank including retail offices, lending & finance divisions, the IT Department and other operating departments. • Verifies the accuracy, efficiency, and effectiveness of controls over information systems • Reviews local and wide area networks, e-commerce areas such as telecommunications, internet banking, gateways, routers, firewalls, servers, and other internet technologies. • Reviews new information technology systems as they are being developed to ensure that adequate internal controls are designed and implemented and that the project is properly managed. June 2005 Employment Opportunities • Prepares audit reports at conclusion of audits that accurately report the findings of each audit. Qualifications: • A four-year degree in Computer Science or Business from an accredited college or university is preferred however extensive experience may be considered in lieu of the college degree. • At least one year of information technology audit experience with an understanding of internal controls and their impact on related business process. • Excellent written and verbal communication skills. • Possesses excellent interpersonal and organizational skills. • Previous audit experience in the banking or financial industry. Salary Range: $50k-$60k Contact: John Mutti jmutti@firstfedca.com Fax: 310 3195900 =========================== FREMONT INVESTMENT AND LOAN Senior IT Auditor Brea, CA Job Description: • Plan and perform complex IT audits. Assist in IT testing during integrated audits. • Consult with system implementation project teams to provide guidance on internal controls. • Assist in performing company-wide and process specific risk assessments. Page 17 Qualifications: • Bachelor Degree in Accounting, MIS or Computer Science • Minimum of 3 year IT audit experience • CISA, CIA, CPA preferred • Big 4 experience preferred Contact: Reply to attention of job code HNA10499/TDD, Honda North America, 1919 Torrance Boulevard, MS100-1C-3A, Torrance, CA 90501-2746. Fax: (310) 783-2110. Responses accepted from principals only. No emails, please. EOE/AA Salary Range: Extremely competitive with exceptional benefits, matching 401K, ESOP program. Contact Fax: (310) 783-2110 Contact: Pete Mitchell at pmitchell@fmtinv.com =========================== MAZDA Senior IT Auditor Irvine California =========================== HONDA NORTH AMERICA Senior Info Systems Auditor Torrance California Job Description: • Primary responsibilities include audit planning & conducting business systems reviews, process reviews ( SDLC, BRP, etc.), and general ISD control reviews of Honda companies, suppliers and other Honda service providers. • Other responsibilities include technical support for the department and also working on non-technical reviews. Qualifications: • The qualified candidate will have an appropriate BS degree (CISA desired) or equivalent experience • Minimum of 10 years work experience in pre/post implementation reviews of manufacturing systems( Inventory , accounting , SAP, PeopleSoft, etc) • Please see: http://www. hondacorporate.com/careers/index. html?subsection=results&location=al l&keywords=Systems+Auditor&job_ id= Job Description: • Under the direction of the Audit Manager, Senior Management and the Audit Committee, supervise and perform audits and special projects and follow-up on action plans as outlined in the Audit Plan. • Perform operational, IT and compliance audits in a timely manner and complete special projects as scheduled on the Audit Plan. • Plan and conduct integrated and IT audit projects that will include ERP post implementation evaluations. • General computer and application controls assessments and other specialized technical reviews. • Initiate and ensure completion of audits and projects designed to mitigate identified risks within the operational departments Qualifications: • Bachelor’s degree in Business or Accounting from an accredited college or university. • Five or more years of experience and training derived from internal auditing of IT environments and related accounting experience with June 2005 Employment Opportunities a professional automotive sales, distribution and financial services corporate audit department and/or auditing with a public accounting firm. • CPA, CIA or CISA certifications preferred. Additional certifications are a plus (i.e. CFE) • Working knowledge of the following types of applications: Sales and Distribution, Vehicles, Parts, Warranty, Loans, Leases, Accounting & Finance, etc. • Proficiency in Microsoft Word, Excel, VISIO, and ACL and other computer assisted audit software. Proficient in the IIA Standards for the Professional Practice of Internal Auditing and Generally Accepted Accounting Principles (GAAP) as well as COSO/COBIT. Contact: Please apply online at http://www.mazdausa.com =========================== PCAOB (PUBLIC COMPANY ACCOUNTING OVERSIGHT BOARD) Manager of Inspection - Information Systems Orange County, CA Job Description: • Develop a vigorous program of regular and special inspections of registered public accounting firms (“firms”) relating to the IS Auditing of publicly traded companies • Fully execute the IS Audit facet of inspection programs (interviewing audit firm personnel; communicating/ reporting issue identification, findings, and recommendations; etc.) • Evaluate the firms’ assessment of information systems and automated accounting systems for the public companies under review • Determine if the firms’ engagement team had performed appropriate procedures to achieve the resulting assessment • Effectively document and communicate any deficiencies or weaknesses in the firms’ procedures applied to the engagement under review to the inspection teams Qualifications: • At least 6 years of progressively responsible IS Audit experience with recent experience as an external IS Auditor at a public accounting firm. • Strong grasp of automated accounting systems with experience documenting transaction flows through various financial accounting applications. • Proficiency identifying automated application controls and programmed accounting procedures in automated accounting systems. • Strong knowledge and experience performing general controls reviews in various IS environments • Ability to clearly explain why general controls are important and the relationship between general controls and accounting systems. Contact: Please view the full posting and apply online via our Career Center at www.pcaobus.org =========================== PRICEWATERHOUSECOOPERS Manager – Security Controls Practice SAP – NY City; Oracle – Los Angeles Job Description: • Join our Security Controls practice, which is part of the Global Risk Management Solutions (GRMS) group. Page 18 • Business Process and Controls / Security Reviews of SAP or Oracle. • Lead controls and/or Security Reviews in SAP or Oracle Qualifications: • 5-7 Years professional service / consulting experience, including working knowledge of functional business processes and resources; participation complete SAP or Oracle controls/reviews implementation; deep knowledge of controls. • Proven track record in revenue generating functions or $500k + (presentations, proposals, add on business and/or business development). • Experience directing, supervising, and reviewing work of others is required. • Plus to have Big 4 experience, and/or Security Concepts of SAP or Oracle (Authorization, Authentication, Access Controls). • Minimum of 4-year degree required - prefer MIS or MIS/ Accounting Contact: Kelly Cochran at Kelly. cochran@us.pwc.com =========================== PRICEWATERHOUSECOOPERS Sr. Associate – Threat & Vulnerability Management San Francisco, San Jose, Los Angeles Job Description: • Develop work plans and lead core security projects • Participate in penetration testing, system security assessments, incident response and forensic analysis, privacy policy development, training and awareness program development, June 2005 Employment Opportunities security strategy development, and IT security and privacy risk assessments. • Support internal audit and external financial audit projects involving focused security and controls reviews of information systems. Qualifications: • BA/BS degree required with an emphasis in MIS/CS. CISA/CISSP a plus. • Mainframe, Unix, Windows NT/2000, Netware, firewalls, Cisco routers, intrusion detection • Experience in security policy development and risk assessments a plus • Strong oral and written communication skills • Ability to travel at least 50% or greater Contact: Please submit resumes to our website at: http://search.pwcglobal.com/ extweb/jobsrch.nsf/search?openform& language=eng~country=us~interest= =========================== SONY Senior IT Auditor Culver City, CA Job Description: • Sony Corporate of America seeks a Senior IT Auditor primarily for our entertainment operations in Culver City, California. • The position carries a wide range of responsibilities in performing IT audits, with emphasis on assessing business/technology risks and controls and providing practical, value-added recommendations Qualifications: • Minimum three years of IT audit experience, with CISA, CISSP or other related certifications • A BS degree in Business, Computer Science, Information Systems, or a related field. • Experience in identifying and linking business risks to the relevant IT audit procedures. • Experience with IT general controls, system development and integrated audits. • Experience in performing network, web, Windows, Novell, UNIX, or database audits. Contact: Go to IT_ AUDITJOBS@SONYUSA.COM . PLEASE REFER TO ITSA2914 IN YOUR SUBJECT LINE. NO AGENCY REFERRALS. Contact Fax: (310) 244-1919 =========================== SONY Senior IT (SAP) Auditor Culver City, California Job Description: • Sony Corporate of America seeks a Senior IT Auditor primarily for our entertainment operations in California. • The position will perform SAP and a variety of other IT and integrated audits, with emphasis on assessing business/technology risks and controls and providing practical, value-added recommendations • The position requires occasional domestic and international travel Qualifications: • Working knowledge of SAP that focuses on security over the financial modules. Page 19 • Minimum three years IT audit experience, with CISA, CISSP or other related certification • BS degree in Business, Computer Science, Information Systems, or a related field. • Experience in identifying and linking business risks to the relevant IT audit procedures. • Experience in performing network, web, Windows, Novell, UNIX, or database audits. Contact: Go to IT_ AUDITJOBS@SONYUSA.COM . PLEASE REFER TO ITSA2914 IN YOUR SUBJECT LINE. NO AGENCY REFERRALS. Contact Fax: (310) 244-1919 =========================== SOUTHERN CALIFORNIA EDISON Senior Operational Auditor (JP19309, JP19310) Rosemead, CA Job Description: • Independently conduct, lead, direct and/or participate as a team member on complex, sensitive audits. • Audits may include reviews of plants under construction, operational aspects of power plants and commensurate services and transmission and distribution facilities. • Routinely conduct specialized projects in various operational areas to address management inquiries or concerns often involving the coordination of efforts among multiple organizations. • Develop recommendations within the departments and/or corporate policies, procedures, or operations. June 2005 Employment Opportunities • Position may require approximately 25% domestic travel. synthesizing the audit team’s work, and interfacing with audit department and business unit management. Qualifications: • Certificate: CIA, CISA, CFE, CPA. • 2 years project management experience. • 10 or more years of operational and/or auditing experience. • Bachelor’s degree or an equivalent combination of education, training and experience. • Masters Degree Preferred. Qualifications: Contact: If you are interested in this position, please submit your resume in confidence by visiting www. edisonjobs.com. =========================== SOUTHERN CALIFORNIA EDISON Senior IT Auditor Rosemead, CA Job Description: • Conduct or lead audits and special projects of company computer applications, information security, computer operations, or business recovery processes. • Perform all phases of an audit engagement including risk assessment, program development, testwork and controls evaluation, report writing, and follow-up. • Assess business and management implications of IT control issues and place observations in proper perspective. • When leading a team, responsible for reviewing and editing work papers, • BA/BS in Information Technology, Business Administration, or related field with relevant experience. • 3 - 6 years of experience in IT and 3-6 years of experience in internal auditing. • May require up to 30% domestic travel. • Comprehensive understanding of internal controls, information technology, information security, and auditing. • Demonstrated ability to communicate with various levels of management both orally and in writing. Strong project management and leadership skills. Ability to evaluate business and technical risks, analyze business operations, and present recommendations that are practical and relevant. Demonstrated ability to effectively resolve issues. Page 20 THE VENETIAN RESORT HOTEL CASINO Senior IT Auditor Las Vegas, NV Job Description: • Three to five years of recent professional Information Systems auditing experience. • Demonstrated understanding of various computing platforms and technologies. • Familiarity with Windows server and AS400 desirable. • Good understanding of the Internet and related technology, firewalls and network security. • Experience auditing UNIX, NT, Oracle, IBM mainframe OS, ERP systems, or wireless technology is a plus. Experience using audit software tools and performing retrievals is also a plus. Qualifications: • Working knowledge of AS400, SQL, ACL and SOX 404. • Knowledge of application software controls, operations and change controls. • Excellent verbal and written communications skills. Self-starter, able to work independently and effectively manage multiple priorities. • Bachelor’s degree in management information systems, computer science, business administration, accounting, or a related field. • CISA strongly preferred. Gaming industry experience a plus. Up to 25% travel. • Certifications: CIA, CISA, CISSP, etc., a plus. Application Deadline: 5/20/2005 Contact: www.edisonjobs.com Position reference number JP20013 Contact: Please apply online at: https://www.jobflash.com/venetian =========================== =========================== • Sound understanding of controls in mainframe and multi-platform, networked computing environments. June 2005 Employment Opportunities V JEFFERSON WELLS ALACON, INC. “We Practice Quality” Information Systems Auditor Irvine, CA Job Description: We are seeking Information Systems Audit Professionals for a variety of engagements including SarbanesOxley. Consultants must understand business processes, internal control risk management, IT controls and related regulations for identification of Page 21 The job market is now very active. As new opportunities arise, are you prepared to take advantage? Call us now so that we know what you are looking for, and we can alert you when “your” position is available. Outstanding career moves and outstanding candidates don’t usually just appear out of the blue. They are a result of effort and careful screening and matching. In addition to his 13 years of recruiting experience, Sandy Geffner was an IS Audit director and manager for eight years and a Big 4 consultant prior to that. He has passed the CISA and CPA exams. If you are looking for an opportunity that’s right for you, or a person who’s right for your opening, let him put his 20+ years of experience to work on your behalf. technology and evaluation of business process risks. Consultants must also have excellent interpersonal skills to build positive working relationships PARTIAL LIST OF JOB POSTINGS • Senior IT Audit Manager - Entertainment Company. Diverse environment. Experienced management skills. Strong IT/Business/Risk understanding. Combo of Big4/Private exp. Need excellent communication skills. • Senior / Staff IT Auditor - Full range of IT Audits (applications, general controls, systems development, technical, audit software). Oracle, UNIX +. Strong communications skills. Big 4 exp +. Travel to 20%, including International. Salary to $60s - $80s DOE. • IT Audit Senior / Manager – Entertainment Company. Wide range of IS audits. SDLC, Applications, General Controls. Solid IT Audit exp. Client Server, AS400, Mainframe. Limited Travel. Salary $60s to $100s DOE. • IT Audit Senior Manager / Seniors – Big 4. Diversified skillsets needed. Good interpersonal/communications skills necessary. Salary $70s - $100s. • IT Audit Manager – Billion Dollar Company. Oversee staff and cosource / contract personnel. Perform applications reviews, general controls, some technical, Sarbanes, etc. Domestic / International travel to 25 or 30%. Self starter with management experience. Salary $100s. • Call for additional oportunities. • IT Audit openings in Northern California, Pacific Northwest and Texas - call for details. with clients. Qualifications: Candidates should have a minimum of 5 years business experience and 3 years prior experience in audit or IT audit. BA/BS in Business Administration, Accounting, Computer Science, Information Systems Administration or related field; CPA, CIA, CISA, preferred. For consideration, please apply to: Jefferson Wells 2 Park Plaza, Suite 950 Irvine, CA 92614. Contact: helga_ maxwell@jeffersonwells.com Sandy Geffner Phone: (626) 296-2751 Fax: (626) 296-2760 Email: sandy@valacon.com Valacon, Inc., P.O. Box 6136, Altadena, CA 91003-6136 www.valacon.com Information Systems Audit and Control Association Los Angeles Chapter PO Box 712726 Los Angeles, CA 90071 www.isacala.org ISACA LOS ANGELES CHAPTER BOARD OF DIRECTORS ASSOCIATE DIRECTORS & VOLUNTEERS Spring Conference Chair Debbie Lew, CISA Ernst & Young, LLP conference@isacala.org (818) 703-4728 Reservations Chair Sandy Geffner Valacon, Inc. reservations@isacala.org (626) 296-2751 Employment Chair Roger Lux Farmers Insurance employment@isacala.org 323-930-4053 Membership Chair Mark Stanley, CISA Toyota Financial Services membership@isacala.org (310) 468-8587 Newsletter Editor Mary Ma PricewaterhouseCoopers LLP news@isacala.org (213) 356-6305 CISA Review Chair Greg Ash, CISA Southern California Edison cisa@isacala.org (626) 302-9959 Webmaster Chair Edson Gin, CISA, CFE, SSCP City National Bank webmaster@isacala.org Spring Conference and Marketing Frank Ness, CISA Honda North America marketing@isacala.org (310) 781-4673 Seminars Chair David Lowe, CISA, CISSP Sony Pictures Entertainment seminars@isacala.org (310) 665-6630 Academic Relations Chair Amanda Xu KPMG LLP academicrelations@isacala.org (213) 955-8552 Chief Technology Officer Larry Hanson, CPA, CISA, CIA Southern California Edison cto@isacala.org (626) 302-9956 Newsletter Layout Editor Don Kuo Cal Poly Pomona news@isacala.org Co-Webmaster - Associate Director Peter Hewitt, CISA, CISSP HealthNet Audit Chair webmaster@isacala.org Michelle Quan, CPA (818) 676-7734 PricewaterhouseCoopers LLP audit@isacala.org Marketing Committee Chair Membership Committee Robert Brown Constance Slack PricewaterhouseCoopers LLP Ingram Micro marketing@isacala.org membership@isacala.org (310) 500-7957
Similar documents
september 14 meeting notice - ISACA – Los Angeles Chapter
promote ISACA-LA events (dinner meetings, spring conference, CISA Review, summer picnic, etc.) Academic Relations offers free student membership
More information