Proposed ISACA Board for 2012/2013

Transcription

1 Proposed ISACA Board for 2012/2013 Name Proposed Position Previous ISACA Position Company Executive Edwin Yau President Vice President Deloitte Michael Leung Immediate Past President President Coast Capital Savings Farzin Ismail Vice President Secretary Deloitte Chester Tai Treasurer Treasurer TBD Secretary Board Members Kevin Teo TBD Programs Director Ernst & Young Karen Kwok TBD Director at Large Telus Kin Kwan TBD Membership Coast Capital Savings Edward Pereira TBD Certification & Professional Relations Director Lululemon Athletica Inc. Imad Jebara TBD Marketing Director KPMG Gaith Sarhan TBD Academic Relations Director Deloitte Mahmood Rashid TBD Director at Large Telus Wyn Wang TBD Grant Thornton Rob Behrouzian TBD PHSA Elson Kung TBD HSBC Emily Chee TBD KPMG 1

2 Bio s of Proposed Board Members Edwin Yau, CA, CISA, CIA, PMP Edwin Yau is a Manager in our Enterprise Risk Services practice in Vancouver. He has over six years of experience at Deloitte providing risk advisory and assurance services to clients across a range of industries, including public sector, health care, financial services, telecommunications, and consumer business. His areas of focus include information systems audit, third-party reporting, internal audit, financial statement audit and business process consulting. During his career with Deloitte, Edwin has been seconded on a four month term to South Australia primarily serving public sector clients in the region. During the 2011/12 term, Edwin served on the ISACA Vancouver Chapter board as Vice President. In past years, he has also served on the Vancouver board in the roles of Treasurer and Secretary. Edwin is a Certified Information Systems Auditor (CISA) and has been a member of the ISACA Vancouver Chapter since Michael Leung, CRISC, CGEIT, CISM, CISA, CISSP-ISSMP Michael Leung is an information security risk, governance, and management professional with over 20 years of overall IT experience. He has a diverse background and experience in enterprise level information security, operational risk, enterprise architecture, IT services, systems development life cycle, e-commerce, core business systems, and traditional engineering discipline. Background and experience also include managing, developing and implementing information security programs and strategies; security threat and risk assessments, security assurance services, and security incident management. Michael currently leads the information security function at Coast Capital Savings, Canada s second largest credit union with total assets under administration of $13.5 billion, more than 475,000 members and 51 branches in the Metro Vancouver, Fraser Valley, and Vancouver Island regions of British Columbia. He has received industry certifications such as; CRISC, CGEIT, CISM, CISA, CISSP -ISSMP and actively participates in the local information security, IT governance and risk community. Michael has served on the ISACA Vancouver Chapter board for 6 years in various roles and completed the term as President. He is also a Governing Body Co-Chair for the inaugural Vancouver CISO Executive Summit, responsible for the strategic direction of this year s summit. Chester Tai Chester has been serving the ISACA Vancouver board as the treasurer since Chester obtained his undergraduate degree in accounting from the University of Ottawa in 2010 and passed the CISA exam in the same year. He is now working as a junior accountant focusing on accounting and internal process improvement. Though not currently working in the field of IT audit, Chester has strong interest in various IT areas such as network security, cloud computing, and ERP systems, and is aiming to pursue a career as a CISA in the near future. 2

3 Farzin Ismail, B.Com., CIA, CISA Profile Farzin Ismail leads Deloitte s Data Risk practice for Western Canada. She has over 13 years of experience in delivering business and information technology (IT) risk management services to large, global public companies in Canada and the US. The majority of her time has been spent on leading the design, implementation and review of risk and control frameworks of a number of large-scale business and IT transformation programs in complex, highgrowth companies. Her more recent focus has been in assisting organizations to improve the reliability and performance of their data through the development and implementation of data governance and stewardship programs. She has worked in various industries including public sector, technology, consumer business and financial services. Farzin holds a Bachelor of Commerce and is both a Certified Internal Auditor (CIA) and Certified Information Systems Auditor (CISA). Kevin Teo Profile A Senior Consultant in the Advisory Services practice of Ernst & Young LLP, Kevin is focused on providing professional services pertaining to baseline security testing and advisory, IT General Control and Application Control reviews for various SOX, financial audit and SAS70 (SSAE16) / S5970 (CSAE 3416) engagements. His representative engagement experience includes, but is not limited to data analytics through the use of ACL and SAS, e-voting system reviews, security restructuring and remediation and the auditing of SAP, Oracle, AS400, SQL Server, Windows, as well as RACF, ACF-2 and Top Secret Mainframes. Kevin brings a diverse array of IT auditing and consulting experience from his work in Chicago, New York and Vancouver and also has a year of academic teaching experience as the Accounting Information Systems teaching assistant at the University of Wisconsin-Madison, teaching subjects covering database design, process flow-charting, the systems development lifecycle, as well as IT General Controls. Prior to relocating to North America, Kevin was a competitive swimmer who represented his native country (Singapore) at various international events such as the Asian, ASEAN and Asia-Pacific games, winning medals at many of these events. In his spare-time, he still enjoys an invigorating game of water-polo in the summer and snowboarding in the winter. Kevin has also served two and a half years in the Singapore Army and was trained at the School of Infantry Specialists as a Combat Engineer. He has earned Formation Colors Awards for his service and commitment to his unit and country. Having served on the ISACA board as Programs Director for the past year, Kevin is excited to continue in his role in making insightful sessions available for chapter members as well as to help the chapter maintain compliance with National requirements. Karen Kwok, CISA, CRISC Karen is an Internal Auditor at TELUS Communications Inc. She has over 8 years of IT advisory and assurance experience performing IT audit, Internal Audit and Regulatory Compliance and Financial Operations Improvement. Her experience includes IT and business process and controls assessment, risk rationalization, information security assessments, project risk management and fraud investigations. She has a throughout knowledge of IT auditing principles and general IT controls and frameworks. Karen also has a strong understanding of ERP applications within the scopes of audit support, conversion review, and business process review. Karen was a member of the ISACA Board for the Vancouver Chapter in and

4 Kin Kwan, CISA, CISSP, GCIH, GPEN Kin has over 12 years of IT experience in various roles including Windows and Unix administration, Database administration and IT security and governance. He currently work as a Senior Technical Advisor, Information Security at Coast Capital Savings. Before joining Coast Capital Savings, he worked at ICBC leading the PCI compliance initiative and revamping their security policies and standards. Kin also held a position as the head of IT security and risk management for a private company located in Gastown and held systems administration and corporate security roles for a large online gambling company for several years. Throughout his IT career, Kin has obtained various vendor certifications: VMware (VCP), Sun Micro Systems (SCSA) and Microsoft (MCSE). Kin also has IT security certifications including CISSP, CISA, GCIH and GPEN and is currently working toward SABSA. He likes to keep up to date on the latest news and trends by attending security conferences such as Defcon in Las Vegas and West Coast Security Forum in Vancouver. Outside of work, Kin enjoys travelling, especially going on road trips with his family and friends. He also enjoys playing and watching hockey but spends most of his time with his two young sons and a very active golden retriever name 'Kowa'. Kin also volunteers at various local charity events such as Variety Club Charity for Kids. Edward Pereira, B.Com., CISA, CISM, CRISC Edward Pereira began his career after obtaining a Bachelor of Commerce at UBC in Finance and Transportation. Ed built on this initial educational cornerstone during a 10-year management career in the airline business by obtaining his CGA. A 3-year term as Divisional Controller of the Flight Operations division and responsible for managing $450 million, capped off his airline career. During this time, Ed recalls designing an industry-first application for examining air navigation invoices electronically, and was also fortunate to be part of the industry s largest back office systems transformation project where 300 unique systems were migrated concurrently. Ed then combined his interests in IT with his financial background and founded MeetUP.com, serving the meetings and conventions industry with one of the very first web-based hotel block management engines. This led to the sale of his company and a brief relocation to southern California to integrate the product within a suite of related tools for the meeting event planner. Upon his return to Canada, Ed worked for TAP Solutions as an IT strategy consultant with clients in both the private and public sector and obtained his PMP during this time. Eventually, Ed landed in the industry where yet another passion lay skiing! Ed was a founding member of Intrawest s Internal Audit where he obtained his CISA, and accrued significant SOX experience on three continents. Ed has since become the Director of IT Security & Audit with Intrawest establishing both the function, as well as other IT general controls. While obtaining his CISM, Ed also developed the PCI Compliance project for Intrawest, initiated an IT audit function, and ushered in a whole new set of IT security technology and process. Ed currently works for Lululemon Athletica. Outside of his work career, Ed s staying involved in one of his other lifelong passions by coaching both of his kids soccer teams. 4

5 Imad Jebara, CA, CPA (California), MBA, CISA, CRISC Imad is a Manager in KPMG s Risk and Compliance Advisory services practice in Vancouver. He has over ten years of experience, with over five year of public practice experience, including experience applying risk management frameworks and techniques; identifying and evaluating operational, financial and compliance risks and controls; documenting and analyzing business environments and processes; service organization audits (SAS 70, CICA s5970, SSAE 16, CSAE 3416 & ISAE 3402) and analyzing financial and operational information. He has served as the Marketing Director in the ISACA board for the fiscal year 2011/2012. He holds the following designations Chartered Accountant (CA) Masters of Business Administration with emphasis on Finance (MBA) Masters in Management Information Systems (MMIS) Bachelor of Arts in Accounting with a minor in Business Administration Institute of Management Accountants, Certified Financial Manager (CFM) and Certified Management Accountant (CMA) Certified Public Accountant (CPA) California Certified Information Systems Auditor (CISA) Certified in Risk and Information Systems Control (CRISC) Security + Professional Network+ Professional Gaith Sarhan, MPAcc Gaith is a Senior Consultant in the Enterprise Risk Services (ERS) group in the Vancouver office of Deloitte & Touche. He has two years experience in Information Technology Audit and Business Process Reviews. Gaith focuses on assisting clients with the preparation of third party assurance reports including CSAE 3416, and SOC1 related reports. His industry focus includes clients in IT outsourcing, core banking system providers, and financial services. He has had extensive experience in assessing and improving clients third party reports. Gaith will become a Certified Information System Auditor and a Chartered Accountant in September. Mahmood Rashid, CISA, CISSP, CRISC As per the communiqué from the ISACA Vancouver Chapter regarding the call for Volunteers for the Board 2012/2013 Term, I would like to continue serving on the board in my current position. I have been working at different capacities in the Information Technology field for over twenty years, of which as an IT Architect for the past five years. In addition to promoting accountably and transparency within the positions where I have worked, I have also been involved with volunteering with various charitable institutions since my teenage years and recently as the Secretary of a local Society over the past two years and as a Director of a local Charitable organization since April of I believe that my past experiences and passion to give back to the organizations I am a part of will enable me to serve the members of the local Chapter of ISACA in Vancouver. 5

6 New Proposed Board Members Wyn Wang CIA, CISA, CPA(NH) Manager Having been a CISA and member of ISACA since 2008, I would like to become a member of the chapter board to serve our local professionals and help future professionals by volunteering my time and experiences with peers from the industry. Wyn is a manager in the Specialist Advisory Services Group at Grant Thornton, whose main focus is on risks and controls. Wyn has eight years of professional service experience delivering Internal Audit, Compliance and Risk Management services for business processes as well as various aspects of information technology ( IT ). Her clients have ranged from smaller and mid-size organizations to large multi-national companies that operate in complex environments. Some of Wyn s projects include: Led and managed IT network security audit for a provincial crown corporation including planning, execution and reporting. Successfully ensured delivering of agreed upon results on time and on budget. IT risk assessment for a local transportation client assessing risks and controls associated with IT processes. IT process testing and documentation for a leading Canadian Payment Processing company as part of a Sarbanes Oxley and Statutory Audit engagement. This involved documenting and testing processes in place at locations throughout the US and Canada. Rob Behrouzian, B.Eng, CISM, CRISC, CISA, CIPP/IT Rob has been in the IT industry for more than 15 years and has worked in variety of IT roles such as assurance manager, audit manager, internal/external assurance/compliance practitioner, IT operation team lead, systems engineer, consultant, technical trainer, and unified messaging engineer. Highly experienced professional with knowledge in governance, risk and controls, Information technology controls, privacy controls, financial statement audits and regulatory compliance reviews in multiple industries. Acquired extensive experience in all phases of assurance and advisory engagements: risk assessments, scoping, planning, work programs, budgeting, managing teams, quality reviews, project management, training, mentoring staff, reporting and presentations of value added findings and recommendations to key stakeholders. Developed and consistently apply strong analytical and problem solving skills in offering customized solutions to client challenges. Rob is currently serving as the Treasurer and member of Board of Directors at CERA (Communities for Embracing Restorative Actions) Society. CERA's mission is to enhance the quality of justice in the communities through restorative measures that attempt to repair the harm caused by crime, resolve conflict, and restore balance in relationships. Restorative justice is a non-adversarial, non-retributive approach to justice that emphasizes healing in victims, meaningful accountability of offenders, and the involvement of citizens in creating healthier and safer communities. Having lived and worked in North America, and Asia, Rob brings a diverse international experience and perspective with him. Bachelor of Science, Computer Engineering CISM, Certified Information Systems Manager CISA, Certified Information Systems Auditor CRISC, Certified in Risk Information Systems Control CIPP/IT, Certified Information Privacy Professional 6

7 Elson Kung, CISA, PMP A senior manager, information risk, at HSBC, Elson Kung manages information risk on behalf of the business lines and support functions he serves. In the banking and IT industries for 15 years, his work has spanned sales and service, business analysis, project management, as well as risk and control. He has hands-on and leadership experience in Basel 2 data maintenance, operational risk self-assessment, SOX testing coordination, and information risk management. Elson is a CISA and Project Management Professional (PMP) and is ITIL Foundation-certified. Emily Chee, B.Com (Hons.) Emily Chee is a Consultant in KPMG s Risk Consulting, Advisory Services practice. Her experience includes: performing data analytics, identifying IT application controls, testing of general IT controls and application controls, assessing risk impact, delivering related documentation, and providing recommendations for improvement areas. Emily specializes in areas such as access administration, change management, project development, and computer operations. Having a background in accounting and management information systems, Emily has had the opportunity to work with various ERP systems (SAP, JD Edwards, Oracle, Hyperion, and PeopleSoft) and a variety of operating systems. She also has experience dealing with complex business and IT environments. Prior to joining KPMG in September 2010, Emily held junior positions in day-to-day business operations for the insurance, financial, retail, and distribution industries. 7