La Mesa, CA 91942
SENIOR SECURITY COMPLIANCE ANALYST
Process & Improvement Improved enterprise access management risk proficiencies for all Intuit
applications and infrastructure by contributing to the implementation and
Risk Mitigation integration of scalable identity and access management solution. Received
the Legal, Compliance, and Policy Innovation Award for my contributions.
Root Cause Analysis
Certified Information Systems Auditor offering 6 years of governance,
Regulatory Compliance risk management, and compliance proficiency and more than16 years of
operations management experience.
Audits Consistently reduced time and resources necessary for reviews and
testing controls, ensuring SOX system compliance for ERP and HR systems.
Analytics & Reporting
Reduced company licensing costs and completion time for annual job
CISA Certification roles and responsibilities reviews by developing methodology and removing
unnecessary user access.
Senior Security & Compliance Analyst 2009–2011
Promoted to maintain secure organization through strategic alignment, structured governance, process operation, and
reporting. Contributed risk and compliance support by providing risk identification, process development,
assessment, and regulatory compliance monitoring to protect business infrastructure and operations.
Effectively contributed to streamlining global retail processes and financial controls for Oracle access
governance and compliance, resulting in single company global platform, integrations of 5 additional entities, 45
new Oracle responsibilities, and recognition with the Spotlight Award.
Improved enterprise access management risk proficiencies for Intuit applications and infrastructure by
contributing to the implementation and integration of scalable identity and access management solutions resulting
in the Legal, Compliance and Policy Innovation Award.
Enabled Oracle EBS compliance and decision support for long term planning and to support business goals.
Productively integrated newly scoped SOX and SSAE 16 systems into SailPoint Identity IQ (SIIQ).
Supported integration of new payroll, e-store master catalog, Oracle billing and revenue management (BRM),
and product information management (PIM).
Managed and maintained SOX compliance and access controls with Oracle during company outsourcing
activities, offshore efforts, and centralization of financial transactions.
Reduced Oracle system access management effort level 15% by developing a new Oracle role engineering
process, leveraging GRC functionality, and supporting the SIIQ integration.
Supported enterprise-wide reduction of risks through the application of industry best practices, standards, and
framework that enabled decisions related to IT strategy, enterprise architecture, and technology investments.
Identified, prioritized, and eradicated vulnerabilities in computer systems and networks.
Reduced EAM time, efforts, and compliance by providing access guidance to developer of new business-
critical Oracle BRM, PIM, and order management systems, resulting in successful go-live launch.
“Duane is a passionate worker who takes on challenges with enthusiasm and tireless effort. While at Intuit, Duane
oversaw execution of SOX controls for systems with the most stringent set of compliance requirements.”
- L. Grigsby, Business Analyst, Intuit
Page 2 of 2
Senior Applications Access Analyst / Senior Applications Controls Analyst 2007–2009
Contributed to risk assessments, security analysis, and compliance efforts. Identified compensating controls used to
mitigate business risk. Provided compliance and technical recommendations. Performed threat analysis and then
developed and maintained policies, controls, and standards.
Supported business unit and functional groups with identity and access management efforts by providing
direction and use of the EAM toolset.
Decreased time and resources required for performing reviews and achieved SOX system compliance for
ERP, HR, and order feeder systems.
Enabled executive decision support through governance, measurements, and risk-based reporting.
Improved segregation of duties reporting accuracy and eliminated more than 250 approvals per month tied to
SoD rules violations by identifying and correcting false positive output generated by LogicalApps.
Applications Access Analyst / SOX Consultant 2004–2007
Managed SOX compliance for user access of in-scope Intuit business systems. Effectively collaborated with business
process owners and engineers to provide user access change recommendations that met business needs and ensured
Reduced audit fees 15% by designing and implementing accurate Oracle review process so that outside auditors
could rely on output to fulfill needs.
Decreased Oracle inquiry-only license user costs 10% by migrating users to Business Objects and other
Analyzed, tested, and reported changes to initial baseline resulting in documented processes.
IT Consultant 1999–2004
DL Green Consulting
Supported diverse small businesses with information technology and automation solutions that increased efficiencies,
productivity, and profitability. Consulted with business owners regarding technology proficiencies.
Designed and implemented software applications, networks, and systems, resulting in increased productivity.
Created customized databases and integrated systems to support business needs.
Customer Service Manager / Personal Banker 1998–2002
Bank of America
Ensured business operations were effective so that problems could be anticipated and averted. Directed banking
center operations and staff.
Minimized losses by controlling expenses, maintaining audit conditions, and maximizing sales, resulting in
operational efficiencies and improved customer service.
Managed regulatory compliance requirements, supervised adherence to policies, and protected bank assets
and information resulting in continued business.
Improved productivity and efficiencies through design and implementation of system that enabled effective job
assignment, reporting relationships, delegation of authority, and scheduling.
Additional operations manager and branch management experience at Bank of America available upon request.
EDUCATION & CERTIFICATIONS
Bachelor of Arts, Economics / Political Science, San Diego State University
Certified Information Systems Auditor (CISA)
ISO/IEC 27002 Information Security Foundation Certificate