september 14 meeting notice - ISACA – Los Angeles Chapter
Transcription
september 14 meeting notice - ISACA – Los Angeles Chapter
ISACALA.org LA Chapter Inside Meeting Notice ..........1 President’s Message ...2 Academic Relations ....3 Spring Conference......3 News Update ............4 Information Systems Audit and Control Association September 2005 SEPTEMBER 14 MEETING NOTICE MEETING TOPIC: The Impact of Security Breach Notification Laws on Information Security Policies SPEAKER: Brian Craig Corporate Counsel and Privacy Officer Cybertrust Industry News ..........7 Active Directory ........8 Monthly Article .........9 New Members .........16 Employment ...........18 Board ....................23 Chapter Officers President Cheryl Santor CISSP, CISM, CISA CCNA, CNE Metropolitan Water District of Southern California president@isacala.org (213) 217-6081 Vice President Anita Montgomery CISA, CIA Countrywide Financial Corporation vicepres@isacala.org (805) 520-5482 Secretary Amanda Xu, CISA KPMG LLP secretary@isacala.org (213) 955-8552 Treasurer Martin Rojas PricewaterhouseCoopers LLP treasurer@isacala.org (213) 217-3309 ABSTRACT: Congress and more than 15 states have adopted or are considering legislation requiring notification in the event of a data loss. Brian Craig, Cybertrust Corporate Counsel, will provide an overview of the security breach legal notification requirements and how they are impacting (and how they will impact) organizations’ information security policies. This presentation will also examine how security policies and oversight responsibilities should be modified to address the evolving legal breach notification requirements. Mr. Craig’s discussion will be a valuable session for those individuals who are responsible for managing an organization’s IS policy as well as anyone who provides their organizations with compliance oversight at a policy level. ABOUT THE SPEAKER: Brian Craig, J.D., is Corporate Counsel and Privacy Officer for Cybertrust, Inc. Mr. Craig focuses on information security and privacy law matters including HIPAA, Sarbanes-Oxley and Gramm-Leach-Bliley compliance and PKI issues. He has more than 10 years of experience in computer, network and information security legal matters. Mr. Craig previously provided counsel to network security companies as General Counsel for TruSecure Corporation and Assistant General Counsel for Axent Technologies. Mr. Craig is a former U.S. Army Artillery officer and has completed the Hawaii Ironman Triathlon. AGENDA: 5:00 PM to 5:30 PM Registration and Pre-Meeting 5:30 PM to 6:30 PM Dinner 6:30 PM to 8:30 PM Program (2 hours CPE) LOCATION Monterey Hills Steak House 3700 West Ramona Blvd. Monterey Park, CA. 91754 (323) 264-8426 Rates Reserved Walk-Ins or After Sept 8th ISACA Members $25 $35 NonMembers $30 $40 Full-Time Students $15 $25 Payment Methods: Cash and Checks (made payable to ISACA-LA) only. Reserve A.S.A.P. President’s Message September 2005 President’s Message BY CHERYL SANTOR I would like to thank the membership who voted to elect me as your President, but whether you voted, I am pleased to represent the Los Angeles Chapter of ISACA. Those of you who know me personally know my passion for this organization and I look forward to serving you. I would like to thank Thomas Phelps for an outstanding job as our President for the past two years. A busy year is ahead of us; we are now providing CISA and CISM exams twice a year which means we will be presenting the CISA Review Course in Spring and Fall. Those who are candidates for the CISA exam, look out for announcements of the next CISA Review Course. If you have questions, contact cisa@isacala. org. We would also like to present the CISM Review Course two times a year if there is a need. We had a number of candidates attend the course held for two days after the Spring Conference. Please contact cism@isacala.org if you would like us to hold the CISM Review Course this fall before the exam. We are pleased that our retiring Presidents continue to be active in our chapter. Debbie Lew has been appointed to the ISACA International Audit Committee, a position of more responsibility. She will be a good representative for Los Angeles. Larry Hanson is continuing on as our Chief Technology Officer, to which we owe much gratitude in providing us methodologies to expedite processes and use information more efficiently. Thomas Phelps is transitioning to our Chief Operations Officer and Liaison, which will assist us in fine tuning our efforts to provide membership value. Other past presidents are performing volunteer work behind the scenes and we are grateful for their efforts. Page 2 your calendars and plan for this annual event. ISACA Los Angeles strives to bring quality and value to its membership. Our first meeting is September 13th. We look forward to seeing you there. The program committee is working This past year, at the Global diligently to provide subjects of Leadership Conference, we won interest for your careers. They have the International K. Wayne Snipes plans to present timely information award as the Best Very Large Chapter at our monthly meetings and to in North America. Our volunteers collaborate with peer organizations are the reason we excel and gain in joint seminars and events. recognition. We would like you to be part of achieving goals and One last note, if there is something you recognition, please contact chapter wish to discuss with me personally or leaders and put your name in as want to suggest an idea for the chapter someone that wants to participate, to entertain, please do not hesitate to remember even small tasks add up contact me. I will continue to send out the meeting reminders to keep in to large achievements. touch with all of you. The Spring Conference for 2006 is April 3-5, 2006, with workshops Take care and let’s have a Great on April 2, 2006. We are booking Year! a CISM Review Course for the two days immediately after the Sincerely, conference, April 6-7, 2006. We Cheryl Santor have already begun scheduling Los Angeles Chapter President topics, speakers and vendors. Mark president@isacala.org ISACA Global Leadership Conference, April 2006. From Left to Right: Frank Yam (Vice President, ISACA Board of Directors), Debbie Lew (Membership Board and Conference Speaker), Iwan Atmawidjaja (Director, Indonesia Chapter), Susanna Chiu (President, Hong Kong Chapter and COO, DVN Ltd), Vincent Chan (Vice President, Hong Kong Chapter and Partner, Ernst & Young, Technology & Security Risk Services). Academic Relations September 2005 Academic Relations and Research S TUDENT V OLUNTEERS N EEDED FOR ISACA 2006 SPRING CONFERENCE BY AMANDA XU UPCOMING EVENT Dinner Meeting for November will be held at Cal Poly Pomona. Pre-meeting topic will be “How to sell yourself in today’s job market” presented by Sandy Geffner. Sandy will discuss how the job market has been much slower these last few years, and even though there has been more activity recently, it is still tough obtaining a good position. How can you best represent yourself and increase your odds of not only finding but also winning that “right” position? Following the pre-meeting will be the panel discussion on Career Development. Representatives from Big 4 and senior management from local companies will share their experiences on career development and answer questions. ISACA LA Chapter is very excited that one of the three 2005 best paper winner was selected by the ISACA International Journal to be published in the IS Audit & Control Journal. This year’s best paper winners will be announced in the November’s dinner meeting to be held at Cal Poly Pomona. FOR ISACA LA is looking for student volunteers to assist with forming of the ISACA Student Chapter at Cal Poly Pomona and USC. Anyone interested should contact the academic relations at academicrelations@isacala.org or sshar@kpmg.com. waived for the Los Angeles Chapter. To facilitate the 58% reduction in dues, the benefits that student received by mail will now be available electronically. Most notably, the IS Control Journal will be made available exclusively online via the web site. Please visit ISACA’s student site at http://www. isaca.org and click on the link “Students & Educators” for more information. 2006 Spring Conference FREE DINNER MEETING Students have the opportunity to publish an article in our local newsletter and attend our dinner meeting for free. Submit a short article on an emerging technology emphasizing audit, security, and/or controls to Stephen Shar at sshar@kpmg.com or academicrelation s@isacala.org. If the article is selected and published, the student will receive a complementary dinner meeting. Newsletters are published quarterly and up to three articles may be selected. STUDENT LIAISON PROGRAM BEST PAPER CONTEST WINNER S TUDENT V OLUNTEERS N EEDED ISACA STUDENT CHAPTER ISACA LA is looking for student volunteers for the Spring Conference. This is an excellent opportunity to attend a professional conference for free and to network with working professionals. The dates are April 2 - 5. Anyone interested should contact the academic relations at academicre lations@isacala.org or sshar@kpmg. com, as we are currently in the process of finalizing all plans. The deadline for submission will be March 1, 2006. Page 3 ISACA-LA is searching for one to two student representatives from each local college and university to promote ISACA-LA events (dinner meetings, spring conference, CISA Review, summer picnic, etc.) Academic Relations offers free student membership for the selected student representatives. Contact academicrelations@isacala.org for more information. ISACA STUDENT MEMBERSHIP (ONLY $25) Two years ago, the ISACA International Board of Directors approved the reduction of ISACA Student Membership Dues. The International dues for students have reduced from US $60 to US $25 annually. Also, student fees are T BY DEBBIE LEW, CISA he 2006 Spring Conference has been scheduled!!! Circle April 2 to 5, 2006 on your calendars and plan to be at the Universal Hilton and Towers for another quality educational event offered by the chapter. We will be holding our pre-conference workshops on April 2, and the multitrack, concurrent sessions during April 3 to 5. The CISM review program will be offered for 2 days after the conference. The conference committee is in the process of developing the program to provide you with affordable quality speakers and emerging topics on IT Auditing, security concepts, and emerging technology risks. If you’re interested in speaking or want to see a topic included, please go to the website www.isacala.org to complete the “Call For Papers” or email conference@isacala.org. Check the website periodically for current updates on program/workshop and speaker details. News Update September 2005 CISA/CISM UPDATE CERTIFICATION UPDATE SECOND EXAM ADMINISTRATION 2005 IN A second annual administration of the CISA and CISM exams will take place for the first time on December 10, 2005. Exam locations and languages for the December administration will be limited and have been determined based upon current demand for the June administration. The December CISA exam will be the last using the current CISA job practice areas. The Los Angeles Chapter will be offering a CISA review program this fall - please email CISA@isacala. org with your interest and questions. The CISM review program will be offered subsequent to the annual spring conference in April 2006. Registration for the December exam will open on July 1. To view additional details, a list of test sites and a series of frequently asked questions (FAQs), please visit www.isaca.org/certification. Page 4 BOOKSTORE If you are sitting for either the CISA or CISM exam to be held December 10, 2005 you should prepare using the 2005 editions of the study aids. Candidates sitting for the 2006 exams should prepare using the 2006 editions of the study aids, which will be available in the fourth quarter of 2005. For more information on the CISA and CISM study aids, please visit www. isaca.org/cisabooks and www.isaca.org/ cismbooks, respectively. Please contact the Bookstore at bookstore@isaca.org or +1.847.253.1545, ext. 401 or 478, with any questions. CISA CONTENT EFFECTIVE 2006 AREAS Content-Based Area % of Exam 1 IS Audit Process 10 2 IT Governance 15 NEW CISM JOB PRACTICE ANALYSIS CONTINUES 3 Systems and Infrastructure Lifecycle Management 16 A CISM job practice analysis study to update the criteria used to certify and examine CISM candidates continues. A task force of security management experts revised the current delineation, which was then submitted for review and comment to two panels of security managers. The resulting document has been sent to a team of international subject matter experts for another level of review. Following this, the task force will integrate the comments and submit the completed document to security managers and CISMs around the world. The final specification will be incorporated into the CISM exam in 2007. 4 IT Service Delivery and Support 14 5 Protection of Information Assets 31 6 Business Continuity and Disaster Recovery 14 CONTENT AREA 1: IS AUDIT PROCESS Provide IS audit services in accordance with IS audit standards, guidelines, and best practices to assist the organization in ensuring that its information technology and business systems are protected and controlled. CONTENT AREA 2: IT GOVERNANCE To provide assurance that the organization has the structure, policies, accountability, mechanisms, and monitoring practices in place to achieve the requirements of corporate governance of IT. CONTENT AREA 3: SYSTEMS INFRASTRUCTURE LIFECYCLE AND To provide assurance that the management practices for the development/acquisition, testing, implementation, maintenance, and disposal of systems and infrastructure will meet the organization’s objectives. CONTENT AREA 4: IT SERVICE DELIVERY AND SUPPORT To provide assurance that the IT service management practices will ensure the delivery of the level of services required to meet the organization’s objectives. CONTENT AREA 5: PROTECTION INFORMATION ASSETS OF To provide assurance that the security architecture (policies, standards, procedures, and controls) ensures the confidentiality, integrity, and availability of information assets. CONTENT AREA 6: BUSINESS CONTINUITY AND DISASTER RECOVERY To provide assurance that in the event of a disruption the business continuity and disaster recovery processes will ensure the timely resumption of IT services while minimizing the business impact. See News Update, page 5 News Update September 2005 News Update, continued from page 4 NEWS BRIEFS DAMIANIDES FEATURED OXLEY WEBCAST IN SARBANES- Marios Damianides, CISA, CISM, CPA, CA, 2004-05 international president of ISACA, was recently featured as a panelist in an Information Week webcast titled “The Road Ahead: Living With Sarbanes-Oxley...Forever.” The webcast is available for viewing until November 12, 2005 at https://www. cmpnetseminars.com/BTG/default. asp?K=3IK6A&Q=244. The panelists discussed how companies performed in year one of Sarbanes-Oxley, additional reporting requirements, techniques for improving compliance, how to justify budgets for ongoing compliance and looking to the future. RESEARCH SPOTLIGHT PROJECT IT GOVERNANCE DOMAINS PRACTICES AND COMPETENCIES In 2004, the IT Governance Institute® (ITGI), in conjunction with Lighthouse Global, surveyed 200 IT professionals from 14 countries in the Americas, Asia-Pacific and Europe. In-depth personal interviews were conducted for feedback on the five domains. These executive briefings are based on the results of this survey, along with additional research for the five areas of IT governance. Optimising Value Creation From IT Investments and Information Risks: Whose Business Are They? are currently available in the ISACA Bookstore. The remaining three books will be released in the second half of 2005. Once released, each book will be available as a free download (www. isaca.org) to members exclusively for a limited period. Then they will be made public through the ISACA and ITGI sites, and the ISACA Bookstore (www.isaca.org/bookstore). RESEARCH UPDATE INFORMATION RISKS: WHOSE BUSINESS ARE THEY? This volume focuses on information risk management, which is a key IT governance area and a top management concern, and examines: • Why information risk management is important • Potential risks • Information risk management best practices • Responsibility for the management of IT risks • A suggested action plan This publication is also available. GOVERNANCE OF OUTSOURCING This volume focuses on outsourcing IT activities, which has become common practice around the world as organizations strive for more effective and efficient IT services. The research examines the best practices for the governance of outsourcing, including: • Asset management • Contract management • Relationship management Page 5 • Service level agreements outsourcing level agreements and • Due diligence • Baselining and benchmarking • Governance processes • Governance organization • Scope reviews • Roles and responsibilities This book will be available in July 2005. MEASURING AND DEMONSTRATING VALUE OF IT THE This volume focuses on performance measurement issues, including: • Importance of governing performance management IT • Current IT performance management governance approaches • Best practices for IT performance management • IT governance roles, responsibilities and activities relating to IT performance management • Likely future trends • Generic steps This book will be available in August 2005. See News Update, page 6 News Update September 2005 News Update, continued from page 5 IT ALIGNMENT—IT COMMITTEES STRATEGY This volume focuses on ensuring IT alignment with business objectives and examines the effectiveness of an IT strategy committee or IT “council” in helping achieve IT alignment. It looks at the following questions: • What is the best role of an IT strategy committee? • Who is best to chair the committee? • Who should be the constituents? • To whom does the committee report? • What areas should it direct and monitor? Members are encouraged to act now to be among the first to post their résumés in the members-only résumé database, which is actively reviewed by employers each day. Members have the added advantage of being able to receive e-mail notification when new jobs are posted. The résumé posting and e-mail notification services are reserved for ISACA members only. For those seeking to hire, the ISACA Career Centre is the source for IT audit, control, security and assurance professionals. The Career Centre highlights the Certified Information Systems AuditorTM (CISA®) and Certified Information Security Manager® (CISM®) designations, providing a special opportunity for those interested in hiring CISA or CISM holders. Please visit www.isaca. org/careercentre to explore this exciting new offering. Page 6 INFORMATION SECURITY MANAGEMENT CONFERENCE 19-21 SEPTEMBER 2005 LAS VEGAS, NEVADA, USA This conference is designed for experienced information security managers and those who have information security management responsibilities. This event will feature a combination of high-level and detailed sessions to provide attendees with an opportunity to customize their conference learning experience to specific interests and professional needs. Those holding the CISM designation and those aspiring to become CISMs will find great value in this conference. Visit www.isaca.org/infosecurity for additional details. • Which techniques work, and which OTHER CONFERENCES do not work? This book will be available in the fourth quarter of 2005. ISACA’S CAREER CENTRE IS NOW ONLINE! The ISACA Career Centre is now available for enterprises seeking to hire and IT professionals searching for employment. The Career Centre is dedicated exclusively to information systems audit, control, security and assurance professionals, and it is free for job seekers. Job seekers can look for jobs online and specify criteria to limit each search. The search can be by geography, professional certification, experience level and a number of other factors. NETWORK SECURITY CONFERENCE COBIT® USER CONVENTION 19-21 SEPTEMBER 2005 1-2 DECEMBER 2005 LAS VEGAS, NEVADA, USA LOCATION TBD The Network Security Conference is designed to meet the education and training needs of the seasoned IS security professional as well as the newcomer. Topics will include physical security, web application security environments, application security, hacking concepts and tools, encryption concepts and techniques, intrusion detection and prevention systems, wireless network security, and database security. Additional information is available at www.isaca.org/nsc. This two-day event features case studies and facilitated discussion groups exclusively designed for users of CobiT®. Participants will learn how other organizations are successfully implementing and using CobiT. In addition, CobiT users can seek answers in a facilitated environment and share their solutions to common and unique implementation problems. Additional information can be found on the ISACA web site at www.isaca.org/ cobituserconvention. September 2005 CISA CONTINUES TO BE THE HIGHEST PAYING TECH CERTIFICATION, ACCORDING TO NEW FOOTE PARTNERS’ STUDY For the second time in a row, the Certified Information Systems Auditor (CISA) certification has been named the highest paying technical certification by a Foote Partners LLC study. Industry News certifications to watch over the next 12 months. COBIT FOUNDATION COURSE LAUNCHED The IT Governance Institute® (ITGI) and ISACA recently released the COBIT® Foundation Course, a selfpaced, electronic tutorial developed by ITpreneurs, a leading provider of training solutions in the area of IT management and control best The study, part of the Foote Partners’ practices, to help IT professionals “Hot Technical Skills & Certifications become skilled at using Control Pay Index” research series, examined Objectives for Information and the market values for more than related Technology (COBIT®) 170 skills; 48,000 IT professionals within their organizations. from 1,860 organizations in North America and Europe were surveyed The COBIT Foundation Course from January to April 2005. features case studies, real-world Overall pay for certified skills grew examples, an overview of COBIT’s 0.6 percent in the first three months control objectives, control practices, of 2005, according to the study. management guidelines and audit guidelines, and 40 sample questions “We projected this continued growth that help prepare users for the earlier this year due to COBIT Foundation exam. Additional several factors now in play,” said information is available at www. David Foote, the cofounder, president isaca.org/cobitcampus. and chief research officer of Foote Partners, a management consultancy and IT research firm. “Probably the A S I S I N T E R N A T I O N A L most obvious has been the economy D R A F T G U I D E L I N E S O N and the return of hiring and concerns WORKPLACE VIOLENCE PREVENTION AND about retention of talent.” RESPONSE A February 2005 study by the Foote As a member of the security Partners also named CISA the alliance, ISACA is being offered an highest paying tech certification. A opportunity to review and comment late 2004 study named CISA and on a draft guideline that has been the Certified Information Security released by the Commission on Manager (CISM) certification “hot” Guidelines of ASIS International. The Page 7 draft guideline, Workplace Violence Prevention and Response, outlines prevention strategies and procedures for detecting, investigating, managing and following up on threats or violent incidents that occur in the workplace. The guideline covers the following topics: Workplace Violence—A Broad Concern for Employers; The Need for a Multidisciplinary Response; Preparedness and Prevention; Threat Response and Incident Management; Incorporating Domestic Violence Into Prevention Strategies; and The Role of Law Enforcement. Anyone wishing to view the draft guideline or to share it with his/her organization’s security or human resources management can go to www.asisonline.org/guidelines/ guidelines.htm to download a copy. Comments can be submitted using an online form available at www.asisonline.org/guidelines/ guidelinescomments.xml. As items of interest become available from the security alliance, ISACA will share them with members. September 2005 Securing and Auditing Active Directory COURSE DESCRIPTION from just one. You’ll learn how to use resource kit utilities, shareware SECURING AND AUDITING programs, as well as how to analyze results and identify risks. You’ll ACTIVE DIRECTORY - ASO402 master techniques for assessing Proven Strategies for Maximizing administrative authority in AD; identifying arcane risks associated the Results of Your Windows with the forest root domain; and Audits assessing forest,tree domain, organizational unit structure, and LOCATION group policy. October 11 to 13, 2005, New Horizons Computer Learning Center, Culver You will gain an understanding City, CA of how Active Directory relates to Windows Server security and how SEMINAR FOCUS AND FEATURES AD’s Group Policy technology In this three-day, hands-on seminar makes it possible to control Windows you will gain the skills you need Server security settings centrally. You to perform a detailed audit of a will learn how to determine whether Windows® 2000/2003 and Active crucial best practice techniques Directory network. You’ll be guided were followed in the design of your through each step of the review, organization’s forests and domains. from scope and planning through You’ll discover crucial features evidence extraction and analysis, to of Active Directory’s monitoring writing up your findings. You’ll learn capabilities that facilitate compliance how to collect as much information with Sarbanes-Oxley requirements. as possible from the network so you don’t have to rely on interview questions, and learn how to efficiently In this detailed seminar you determine which computers in the will discover how to tell if your administrators are really reviewing network should be reviewed. security logs as often as they say You will discover secrets for quickly they are and get pointers on detecting extracting the evidence you need lax account management. At the without wearing out your computer’s conclusion of the course you will print-screen button or monopolizing perform an audit of a network. your administrator’s time. You’ll determine which controls are PREREQUISITE important to review at each level, Securing and Auditing Windows starting with forests down through Server 2000 or Windows Server 2003 trees to domains, domain-controllers or equivalent knowledge. and finally member servers. You’ll cover time-saving tips, including which kinds of trust relationships LEARNING LEVEL are important to assess and which Advanced aren’t; which pieces of evidence BONUS you need to extract for each domain You will receive four evidence controller; and which you can extract checklists for each level of the Page 8 Windows environment detailing the reports, screen prints, and commands you must run. INSTRUCTOR PROFILE Randy Franklin Smith, president of Monterey Technology Group, is an internationally known speaker and writer on Windows, Active Directory and Internet Information Server security topics. Mr. Smith serves as contributing editor for Windows IT Pro and as technical editor for Security Administrator. The winner of the APEX Award of Excellence for his writing, his articles have also appeared in Information Security Magazine. He is the primary instructor and course developer for MIS Training Institute’s Windows platform security programs. Mr. Smith also performs security reviews for clients ranging from small, privately held firms, to Fortune 500 companies. In addition, he regularly trains internal audit staff and “Big 4” accounting firm consultants on how to audit Windows 2000 and Active Directory. He is a member of the ISSA, ISACA, Technology Association of Georgia, and Center for Internet Security, and was recently granted Microsoft MVP status. REGISTRATION Go to www.isacala.org or email seminar@isacala.org. September 2005 Page 9 September 2005 Welcome New Los Angeles Members Page 10 Name Company Name Company Gary Dimesky Northrop Grumman Corporation Pem Dem Jann Segal Don Tran Greg Wilson Pem Dem JFS Consulting TranGEN Pamela Taylor Charles Matthews Robert Hubbard Doan Vinh Martin Resnick Manish Bhansali Rigo Bedoya Tammy Duong Deloitte & Touche, LLP Cybertrust Parsons Corporation BDO Seidman Norman’s Nursery, Inc. CSC Shyam Bhagat Karthikeyan Nagarajan Shirley Tcheng Patrick Baba Los Angeles County Auditor Controller Peter Kondis Mark Kawakami Fayneshia Nunn Daniel Bochner Erin Erin Cohen Meenakshi Renganathan Aditya Garg Eric Higgins Devon Arsenault Akash Tayal Eric Woltz Madras Chandrasekaran Michael Kim Steve Liu Rick Gehringer Jackie Cruz Paul De Guzman Mark Flannery Lawrence Gonzales Abby Huang Paul Lopez David Ringe Anurag Saxena Max Solonski Brandon Teel Deloitte & Touche, LLP Countrywide Financial PricewaterhouseCoopers, LLP Ernst & Young, LLP Mario Guerrero Cherilyn Mationg Calif. State Polytechnic University Pomona Marshall & Swift Deloitte & Touche, LLP Canaudit Inc. Charles Chu Dave Edwards Jung Son Nitin Agale Antoni Hadi Kevin Erlandson Protiviti Inc Deloitte & Touche, LLP Westwood College Ernst & Young, LLP Citizens Business Bank County of Los Angeles, Auditor-Controlle PricewaterhouseCoopers Protiviti Deloitte & Touche, LLP Exobase Corporation The Walt Disney Company City of Hope National Medical Center City of Hope National Medical Center City of Hope National Medical Center BDO Seidman, LLP Medtronic Minimed Chauncey Tse Patricia Cascione Conrad Smith Josie Beauchamp Xin Fan Joe Dunton Patrick Kang Dee Davidson Charles Lu Hyunji Kim Brian Newbegin Michael Lee Jang-Yu Wu Pioneer Strategic Business Services WellPoint Inc. City of Hope Kaiser Permanente University of Southern California GXP Biopharm The Macerich Company CFAS Northrop Grumman Welcome New Los Angeles Members September 2005 Page 11 Name Company Name Company Stephen Weltman Florian Gador Michele Burke Absolute Networks Anthony Ramirez Steven Busco Joseph Clark Ventura County - Resource Management Age American Honda Motor co., Inc. Metropolitan Transit Authority PricewaterhouseCoopers, LLP. Zenith Insurance Company Bruce Roton American Honda Finance Corp. RemedyIT Services Inc. Superior Industries International, Inc. The Walt Disney Company Ernst & Young PricewaterhouseCoopers, LLP Pelican Products Tetra Tech, Inc. Telelogic NA Inc. Washington Mutual Bank Homestead Studio Suites James Merideth Sangeeta Patel Ivan Ivanov Linda Carmody Bruce Roton Michiko Suzumoto Herbalife International of America Your knowledge is your power. IT Auditor Rosemead, CA Job Description While your day-to-day responsibility will be to ensure overall IT infrastructure viability, your continuing focus will be to assess business/management implications of control issues in relation to broader strategic concerns.This will entail auditing computer applications/operations, information security and continuity processes; performing fieldwork including risk assessment, program development testing and controls evaluations; writing summary reports and following through on evaluations. Drew Maness Tresno Santoso James Koh Steve Hochheiser Callistus Lucien John Carrillo Haidi Harieg LaTonya Meanus Hocine Souane Job Experience The qualified candidate will have a B.A. in IT or Business Administration; 3-6 years’ experience each in IT and internal auditing plus relevant in-depth knowledge; strong understanding of mainframe or multiplatform, networked computing environments; and proven project management and risk analysis/ evaluation skills. Requires approximately 30% domestic travel. CIA, CISA or CISSP certification preferred. To learn more about this opportunity and/or to apply, visit us at: www.edisonjobs.com Equal Opportunity Employer September 2005 Employment Opportunities Employment Ads ACS IT Auditor Long Beach, CA Job Description: • Under minimal supervision, evaluates complex information systems controls and environments, participate in system development/implementation projects and provide technical assistance to financial and external auditors. • Opportunity to work with HP Alpha mainframes, Stratus Continuum midrange, HP-UX, Windows Server 2003, Cisco PIX firewalls, Cisco routers, LANs, IDS, and a range of applications. • Responsible for performing General Computer Controls and application Reviews, under limited supervision. • Performing Sarbanes-Oxley section 404 IT Controls reviews, documentation, etc • Ad hoc audits, testing, documentation, etc. Audit assignments and monitor controls to ensure that all controls are maintained, that the operations are functioning efficiently, and that the various systems/areas are operating according with corporate policies, procedures and standards. Experience: • Two to five years of experience as an IT Auditor working with a public accounting firm or Fortune 500 Corporation. • Bachelors Degree in Accounting/ Information Systems/Computer Science. • CISA/CISSP desirable. • The ability to work at a detailed technical level in order to access compliance with policies, procedures, standards and guidelines. • Must have excellent interpersonal and communication skills. • Full Benefits package. Salary Range: $60-70K Contact Name: http://acsg.recruitmax. com/candidate/JobOpps.cfm?szTempla te=3&szOrderID=37011&szCandidateI D=0&szSearchWords= Contact Email: mark.dunning@acsinc.com =========================== AVERY DENNISON Internal Audit - IT Auditor Pasadena, CA and Cleveland, OH Job Description: • Execute IT audit work plan as developed by others • Assess risk and develop audit programs • Identify and communicate (written and verbally) audit findings • Document audit work performed with clear and concise work papers • Identify improvements to audit processes Experience: • Bachelors Degree required • 2-3 years relevant business experience • Working knowledge of GAAP, IT controls concepts and some of: NT, Novell, AS/400, RS/6000 PeopleSoft, Mfg. Pro. • Understanding of operational audit objectives and methods, system/ Page 12 process documentation techniques, manufacturing concepts, and data retrieval techniques • Good team work skills, high level of motivation, and good communications skills Contact: Please apply via our website: averydennison.com and select career opportunities. =========================== CHINATRUST BANK Senior Internal Auditor Torrance, CA Job Description: • Conduct the day to day supervision of one or more audit projects • Update and understand the Bank’s internal control system, operations and applicable audit procedures by reviewing policies and procedures, internal audit manuals, background information files and other reference materials. • Ensure that the bank and its departments are in compliance with bank policies, procedures and regulatory requirements. • Maintain a client relationship with all operational areas of the Bank. Experience: • Five to eight years of bank internal auditing, public accounting or bank regulatory experience; CISA certification is a plus. • M us t have s trong analytical and problem solving skills and be knowledgeable of banking regulations, products, operations, information & technology and internal control concepts. • Basic knowledge of AS/400, September 2005 Employment Opportunities Windows NT, Novell Netware4.X/5X is a plus. • Must possess excellent verbal written communication and interpersonal skills, and have the ability to interface with all levels of management, external auditors and bank regulators. Contact: All highly motivated and interested professionals in the Los Angeles and South Bay areas, please send your resume via email or fax. We offer competitive compensation packages & benefits. Please forward your resume in confidence or apply via our web site at www.chinatrustusa.com, and click on ‘Career Opportunities.’ We are an Affirmative Action Employer MFDV. Contact Email: lienlenh@chinatrustusa. com Contact Fax: 310-791-2850 =========================== EDISON INTERNATIONAL IT Auditor Rosemead, CA While your day-to-day responsibility will be to ensure overall IT infrastructure viability, your continuing focus will be to assess business/management implications of control issues in relation to broader strategic concerns. This will entail auditing computer applications/ operations, information security and continuity processes; performing fieldwork including risk assessment, program development testing and controls evaluations; writing summary reports and following through on evaluations. The qualified candidate will have a B.A. in IT or Business Administration; 3-6 years’ experience each in IT and internal auditing plus relevant in-depth knowledge; strong understanding of mainframe or multiplatform, networked computing environments; and proven project management and risk analysis evaluation skills. Requires approximately 30% domestic travel. CIA, CISA or CISSP certification preferred. To learn more about this opportunity and/or to apply, visit us at: www.edisonjobs.com =========================== EDISON INTERNATIONAL Senior IT Auditor (JP20013) Rosemead, CA Job Description: • Conduct or lead audits and special project s o f c o m p a n y c o m p u t e r applications, information security, computer operations, or business recovery processes. • Perform all phases of an audit engagement including risk assessment, program development, testwork and controls evaluation, report writing, and follow-up. • Assess business and management implications of IT control issues and place observations in proper perspective. • When leading a team, responsible for reviewing and editing work papers, synthesizing the audit team’s work, and interfacing with audit department and business unit management. Experience: • BA/BS in Information Technology, Business Administration, or related field Page 13 with relevant experience. • 3 - 6 years of experience in IT and 3-6 years of experience in internal auditing. • May require up to 30% domestic travel. • Comprehensive understanding of internal controls, information technology, information security, and auditing. • Demonstrated ability to communicate with various levels of management both orally and in writing. Strong project management and leadership skills. Ability to evaluate business and technical risks, analyze business operations, and present recommendations that are practical and relevant. Demonstrated ability to effectively resolve issues. • Sound understanding of controls in mainframe and multi-platform, networked computing environments. • Experience auditing UNIX, NT, Oracle, IBM mainframe OS, ERP systems, or wireless technology is a plus. Experience using audit software tools and performing retrievals is also a plus. • Certifications: CIA, CISA, CISSP, etc., a plus. Contact: If you are interested in this position, please submit your resume in confidence by visiting www.edisonjobs. com. Position reference number JP20013: Rosemead, CA (IT Auditor) Edison International is an Equal Opportunity Employer =========================== FREMONT INVESTMENT AND LOAN September 2005 Employment Opportunities Senior IT Auditor Brea, CA Description: • Plan and perform complex IT audits. Assist in IT testing during integrated audits. • Consult with system implementation project teams to provide guidance on internal controls. • Assist in performing company-wide and process specific risk assessments. Experience: • Bachelor Degree in Accounting, MIS or Computer Science • Minimum of 3 year IT audit experience • CISA, CIA, CPA preferred • Big 4 experience preferred Salary Range: Extremely competitive with exceptional benefits, matching 401K, ESOP program. Contact Name: Pete Mitchell at pmitchell@fmtinv.com =========================== J2 GLOBAL COMMUNICATIONS IT Audit Consultant Hollywood, CA Job Description: • Solid understanding of CobiT and its relation to the COSO risk framework. • Conduct interviews, build narratives, update control matrices and test plans. • Conduct testing, identify deficiencies and suggest remediation. • Update all control files and manage the IT audit files as released to auditor. Page 14 • OS: Windows Active Directory. position performing or assisting with audit assignments. Experience: • 2 to 5 years experience in enterprise level IT security and/or audit. • CISA or CISM desired. • Understanding of financial accounting software applications process flow. • eCommerce and web based application servers experience a plus. • Unix, Windows, Active Directory, and Citrix Server. • Deputy Auditor II is a semi-senior level position performing audit assignments & evaluate findings. Application Deadline: August 31st, 2005 4 yr degree in accounting or business administration & Salary Range: Contract Rates Competitive Contact: Scott Gregor, Human Resources or Anthony Ghosn, VP Internal Controls scott.gregor@j2global.com Contact Phone: 323 860 9273 Contact Fax: 323 843 9745 =========================== M E T R O P O L I T A N WA T E R DISTRICT OF SOUTHERN CALIFORNIA Deputy Auditor I – II Downtown Los Angeles, CA Job Description: • Seeking to fill two (2) Deputy Auditor positions in the Audit Department. • Job offer may be made at Deputy Auditor I or Depudy Auditor II depending on the qualifications. • Deputy Auditor I is an asst-level Experience: • Minimum Requirements for the Deputy Auditor I include: 4 yr degree in accounting or business administration & 1 yr professional audit experience • Minimum Requirements for the Deputy Auditor II include: 2 yr professional audit experience including supervision of audit assignments. Salary Range: Deputy Auditor I, $3,300 - $4,349 per month Deputy Auditor II, $3,791 - $4,987 Application Deadline: September 7, 2005 Contact: For more details and an application, visit our website at www.mwdh2o.com and refer to job code 5066 BS (Deputy Auditor I – II) or call 1-800540-6311. ====================== PRICEWATERHOUSECOOPERS Manager – Security Controls Practice SAP – NY City; Oracle – Los Angeles Description: • Join our Security Controls September 2005 Employment Opportunities practice, which is part of the Global Risk Management Solutions (GRMS) group. • Business Process and Controls / Security Reviews of SAP or Oracle. • Lead controls and/or Security Reviews in SAP or Oracle Experience: • 5-7 Years professional service / consulting experience, including working knowledge of functional business processes and resources; participation complete SAP or Oracle controls/reviews implementation; deep knowledge of controls. • Proven track record in revenue generating functions or $500k + (presentations, proposals, add on business and/or business development). • Experience directing, supervising, and reviewing work of others is required. • Plus to have Big 4 experience, and/or Security Concepts of SAP or Oracle (Authorization, Authentication, Access Controls). • Minimum of 4-year degree required - prefer MIS or MIS/Accounting Contact: Kelly Cochran at Kelly. cochran@us.pwc.com ====================== PRICEWATERHOUSECOOPERS Sr. Associate – Threat & Vulnerability Management • Participate in penetration testing, system security assessments, incident response and forensic analysis, privacy policy development, training and awareness program development, security strategy development, and IT security and privacy risk assessments. • Support internal audit and external financial audit projects involving focused security and controls reviews of information systems. • The position carries a wide range of responsibilities in performing IT audits, with emphasis on assessing business/technology risks and controls and providing practical, value-added recommendations. Qualifications: Qualifications: • BA/BS degree required with an emphasis in MIS/CS. CISA/CISSP a plus. • A BS degree in Business, Computer Science, Information Systems, or a related field. • Mainframe, Unix, Windows NT/2000, Netware, firewalls, Cisco routers, intrusion detection • Experience in identifying and linking business risks to the relevant IT audit procedures. • Experience in security policy development and risk assessments a plus • Strong oral and written communication skills • Ability to travel at least 50% or greater Contact: Please submit resumes to our website at: http://search.pwcglobal.com/extweb/ jobsrch.nsf/search?openform&languag e=eng~country=us~interest= =========================== SONY Senior IT Auditor Culver City, California Job Description: • Develop work plans and lead core security projects California. • Minimum three years of IT audit experience, with CISA, CISSP or other related certifications San Francisco, San Jose, Los Angeles Job Description: Page 15 • Sony Corporate of America seeks a Senior IT Auditor primarily for our entertainment operations in Culver City, • Experience with IT general controls, system development and integrated audits. • Experience in performing network, web, Windows, Novell, UNIX, or database audits. Contact: Go to IT_ AUDITJOBS@SONYUSA.COM . PLEASE REFER TO ITSA2914 IN YOUR SUBJECT LINE. NO AGENCY REFERRALS. Contact Fax: (310) 244-1919. ===========================T ECHNICAL CONNECTIONS SOX Auditors Los Angeles, CA Job Description: • Looking for SOX auditors with an IT applications background. Auditors September 2005 Employment Opportunities V will be responsible for walking through, ALACON, INC. “We Practice Quality” looking at the design effectiveness and controls and then will make recommendations for key controls. • These are contract positions, and may be open-ended. Experience: • Must have been through multiple SOX Application Audits. • Finance or Banking experience is highly desirable. • SOX Auditors must have IT/ Applications background. Page 16 The job market is now very active. As new opportunities arise, are you prepared to take advantage? Call us now so that we know what you are looking for, and we can alert you when “your” position is available. Outstanding career moves and outstanding candidates don’t usually just appear out of the blue. They are a result of effort and careful screening and matching. In addition to his 13 years of recruiting experience, Sandy Geffner was an IS Audit director and manager for eight years and a Big 4 consultant prior to that. He has passed the CISA and CPA exams. If you are looking for an opportunity that’s right for you, or a person who’s right for your opening, let him put his 20+ years of experience to work on your behalf. • This is not for general controls PARTIAL LIST OF JOB POSTINGS auditors. • They want someone who has done • Senior IT Audit Manager - Entertainment Company. Diverse environment. Experienced management skills. Strong IT/Business/Risk understanding. Combo of Big4/Private exp. Need excellent communication skills. • Senior / Staff IT Auditor - Full range of IT Audits (applications, general controls, systems development, technical, audit software). Oracle, UNIX +. Strong communications skills. Big 4 exp +. Travel to 20%, including International. Salary to $60s - $80s DOE. Salary Range: 90/hour + • IT Audit Senior / Manager – Entertainment Company. Wide range of IS audits. SDLC, Applications, General Controls. Solid IT Audit exp. Client Server, AS400, Mainframe. Limited Travel. Salary $60s to $100s DOE. Contact: • IT Audit Senior Manager / Seniors – Big 4. Diversified skillsets needed. Good interpersonal/communications skills necessary. Salary $70s - $100s. • IT Audit Manager – Billion Dollar Company. Oversee staff and cosource / contract personnel. Perform applications reviews, general controls, some technical, Sarbanes, etc. Domestic / International travel to 25 or 30%. Self starter with management experience. Salary $100s. • Call for additional oportunities. • IT Audit openings in Northern California, Pacific Northwest and Texas - call for details. SOX audits multiple times, and who can do both pre- and post-implementation application audits. Application Deadline: ASAP Jennifer Carlson Phone: 310.479.8830 x. 212 Fax: 310.445.8726 jcarlson@tci-la.com Sandy Geffner Phone: (626) 296-2751 Fax: (626) 296-2760 Email: sandy@valacon.com Valacon, Inc., P.O. Box 6136, Altadena, CA 91003-6136 www.valacon.com Information Systems Audit and Control Association Los Angeles Chapter PO Box 712726 Los Angeles, CA 90071 www.isacala.org ISACA LOS ANGELES CHAPTER BOARD OF DIRECTORS Thomas Phelps IV, CISA PricewaterhouseCoopers coo@isacala.org (626) 590-9995 Debbie Lew, CISA Spring Conference Chair Director Ernst & Young LLP conference@isacala.org (818)703-4728 Larry Hanson CPA, CISA, CIA Past-President - Director & Chief Technology Officer Southern California Edison cto@isacala.org (626) 302-9956 David Lowe CISA, CISSP Seminars Chair - Director Sony Pictures Entertainment seminars@isacala.org (310) 665-6630 Greg Ash, CISA CISA Review Course Chair - Director Southern California Edison cisa@isacala.org (626) 302-9959 Edson Gin CISA, CFE, SSCP Co-Webmaster ChairDirector City National Bank webmaster@isacala.org ASSOCIATE DIRECTORS & VOLUNTEERS Roger Lux Employment Chair Farmers Insurance employment@isacala.org Constance Slack Membership Committee Ingram Micro membership@isacala.org Chauncey Tse Co-Webmaster WellPoint webmaster@isacala.org John Barger Newsletter Editor Countrywide news@isacala.org Luke Kwo Seminar Chair Don Kuo Newsletter Layout Editor Cal Poly Pomona news@isacala.org Sandy Geffner Registrations Chair Associate Director Valacon, Inc. sandy@valacon.com (626) 296-2751 Frank Ness, CISA Spring Conference and Marketing - Associate Director Honda North America marketing@isacala.org (310) 781-4673 Mark Stanley, CISA Membership Chair - Associate Michelle Quan, CPA Director Audit Chair Toyota Financial Services PricewaterhouseCoopers membership@isacala.org audit@isacala.org (310) 468-8587 Stephen Shar Jane Hu Academic Relations Chair Marketing Committee Chair KPMG LLP PricewaterhouseCoopers academicrelations@isacala. org marketing@isacala.org
Similar documents
2004 K. Wesley Snipes Award - ISACA – Los Angeles Chapter
International President; ISACA and IT Governance Institute; Gerald Conroy, Partner, PricewaterhouseCoopers; Howard “Bud” Friedman, Founder and Past International President (1973-1974); Debbie Lew, ...
More informationISACALA ISACA .org - ISACA – Los Angeles Chapter
launch an attack. The most common type of attack that will allow an attacker to execute arbitrary commands on the target web server is a buffer overflow. A buffer overflow is a detailed attack, but g...
More information