John Vosper

Experience

• 

  Virginia Commonwealth University

  May 2008 - Jun 2010

  Network Administrator

  Responsible for integrity, availability, and confidentiality of forty mission critical, university servers.Configured and monitored IDS/IPS software; SPLUNK, Hobbit, and LogWatch.Implemented Disaster Recovery Plan and backup solution on NAS array using tape backup and database backup utilities.Maintained Active Directory domain and server of 3000 users; successfully migrated ADS server from Windows Server 2003 to 2008.Configured and maintained eight Oracle 10g/11g instances with Business Intelligence Tools and web services; managed 500 users, schemas, roles.Created detailed technical documentation for all tasks, installations, configurations, and upgrades. Show less

• 

  Auditor of Public Accounts

  Jun 2010 - Jan 2012

  Information Security Auditor Specalist

  Performed 2000+ hours of information security, financial statement and performance auditing between 12 state agencies and institutions.Designed audit programs to evaluate the effectiveness and compliance of state information system security programs, policies, and procedures.Completed, on average, 30 hours under audit budget; maintained work load by auditing up to six agencies simultaneously.Knowledgeable in Web App Penetration Testing methodology of Reconnaissance, Mapping, Server/Client-side Discovery, & Exploitation.Experience using vulnerability scanning tools such as Nipper One, Nessus, Nikto, Wikto, Paros, Grendel-Scan, Retna, and IBM AppScan.Developed system security audit tools that include penetration tests, export scripts, and monitoring solutions.Utilized penetration testing tools such as WebScarab, WebInspect, Burp Suite, w3af, BeEF, and MonkeyFist. Show less

• 

  Dept. of Virginia Alcoholic Beverage Control Board

  Jan 2012 - Apr 2015

  Senior IT Auditor

  Performed risk based operational and compliance audits on: Oracle Clustered Environment, Centralized Authentication/HR/Financial Systems, Inventory Management System, Business Objects Enterprise, System and Logical Access, SEC501 compliance, COBIT 5 compliance, Physical Security, Case/Tax Management Systems.Maintained effective communication between divisions, executive management, VITA, and Northrop Grumman.Created Audit Command Language processes to evaluate large quantities of information pulled from databases.Acted as the IT Security liaison between the Auditor of Public Accounts and the Alcohol Beverage Control Board.Promoted collaborative relationships between IT services and division clients aimed at adding organizational value through strategic planning.Developed a risk based annual and 3 year IT audit plan in accordance with SEC502 audit standard and submitted quarterly audit issue updates to VITA and DOA. Show less

• 

  Virginia Department of Social Services

  Apr 2015 - now

  Expert in security standard requirement assessment, adherence, implementation, and external/internal audit defense for:IRS Publication 1075CMS MARS-E 2.0FBI CJIS 5.4SSA Electronic Information Exchange Security RequirementsFederal Information Security Management Act (FISMA)COV Information Security and Risk Management StandardNIST Publication 800-53Dominantly develops communication with Agency executive management, team staff, and operational personnel to increase value of information security posture.Develops and annually updates, risk based, 3-year IT Security Audit Plan in accordance with VITA IT Audit Standard Requirements, SEC 502.Completes IT Security Audit for all sensitive systems, every 3 years, in accordance with generally accepted government auditing standards GAGAS Yellow Book (Generally Accepted Government Auditing Standards) or the international standards for the professional practice of internal auditing IIA Red Book (Institute of Internal Auditors’ Standards).Maintains record of all completed audit conducted by or on behalf of the Agency, including the official audit report, all findings, and concurrence disposition.Documents findings of the audit and formally presents the Final Report to executive management.Submits quarterly corrective action plan updates for outstanding audit issues within 30 days of issuing a final audit report or quarter end.Develops unique audit programs and testing strategies to complete IT Audit Plan.Promotes a collaborative relationship with audited aimed at adding organizational value and excellence in state government.Ensures that risk assessments are updated annually to ensure any changes in risk to the environment are correctly identified.Monitors new releases of information security standards to ensure Information Security Program Manual is updated with the current information security requirements.Adheres to ISACA CISA cert reporting standard requirement of 120 CPEs over a 3yr period. Show less

  • IT Audit Manager

    Sept 2018 - now

  • IT Audit Manager, Senior

    Apr 2015 - Sept 2018
• 

  Dept. Virginia Alcoholic Beverage Control

  Jan 2017 - Sept 2018

  IT Audit Manager