Richard McCloskey

Current

• Information Technology Audit Manager at Wells Fargo Audit and Security
• Senior IT Audit Leader at Wells Fargo

Education

• Boise State University

Connections

38 connections

Industry

Computer & Network Security

Richard McCloskey’s Summary

I am a Certified Information System Security Professional (CISSP) experienced in security assessments, risk management, business continuity planning, security program and policy development, as well as IT control auditing.

Areas of Responsibility
Manager of the Network, Authentication, and Infrastructure team with in Technology Audit Group which is responsible for ensuring adequate coverage for technology enterprise-wide. Responsible for:

• Provide final approval on audit documentation, results, and IT risk reports presented to executive management.

• Develop and review corporate wide IT risk reporting to the Board of Directors Audit and Examination Committee.

• Conduct and report on business analysis and risk assessments of corporate lines of business.

• Working with Audit management to create and communicate the yearly audit cycle to IT partners

• Escalating significant risks and loss exposures to appropriate levels of management including the Chief Information Officers and Chief Auditor.

• Hiring, retention, training, and mentoring staff regarding required knowledge and skills in areas such as various technical areas, organizational skills, oral communications and writing.

• Subject matter expert for multiple technical areas covering Information Security, Risk Management, Business Continuity Planning, data encryption, operating systems, networking, applications, integration, and technical facilities.

EDUCATION and CERTIFICATIONS
• Bachelor of Business Administration - Computer Information Systems, Boise State University – 1998
• Certified Information Systems Auditor (CISA) – 2006
• EC-Council Certified Ethical Hacker (C|EH) - 2005
• Certified Information System Security Professional (CISSP) - 2004
• Cisco Certified Network Associate (CCNA) - Training Completed
• SANS Computer Forensics, Investigation, and Response - Training Completed
• Cryptology - Technician Technical, U.S. Navy Cryptologic Training Center - 1991

Richard McCloskey’s Specialties:

ISC2 Certified Information Systems Security Professional (CISSP)
ISACA Certified Information Systems Auditor (CISA)
EC-Council Certified Ethical Hacker (C|EH)

Richard McCloskey’s Experience

• Information Technology Audit Manager

  Wells Fargo Audit and Security

  (Public Company; WFC; Financial Services industry)

  September 2005 — Present (4 years 3 months)

  As a manager, using my knowledge and understanding of technology, operational, financial, and regulatory functions across multiple lines of business; I build partnerships to help influence risk management and corporate policy while keeping the goals of the corporation in mind. Through leading and participating in multiple committees I contribute to identifying and explaining key organizational risks and controls, and develop training to promote understanding for other auditors. In addition, I supervise audit leaders and their teams on a daily basis while leading multiple audit engagements which requires exhibiting appropriate judgment regarding issue notification to senior management and senior executives. Roles of my management position with Wells Fargo are:
  • Work with senior management to create and communicate the yearly audit plans to IT partners.
  • Develop and review reporting to the Board of Directors Audit and Examination Committee.
  • Conduct and report on business analyses and risk assessments of corporate lines of business.
  • Provide final approval on audit documentation, results, and reporting presented to management.
  • Escalating significant risks and loss exposures to appropriately.
  • Hiring, retention, training, and mentoring staff regarding required knowledge and skills.
  • Subject matter expert and investigations consultant for multiple technical areas.
  • Technology Audit Policy and Methodology Review
  • Skill and Training Review
  • Resource Planning

• Senior IT Audit Leader

  Wells Fargo

  (Public Company; WFC; Financial Services industry)

  2005 — Present (4 years )

  I lead the execution of large audits, in accordance with Wells Fargo Audit Services’ policy, Control Objectives for Information and related Technology (COBIT) Framework, and industry best practices. I develop and apply effective audit leadership skills regarding engagement notification, task assignment and monitoring, interim performance evaluation and team coaching, project pacing and control for complex projects. My primary responsibilities for my role in leading audits are:
  
  • Accurately assessing risk and controls for the target technology.
  • Developing effective test plans of technology.
  • Exhibiting appropriate judgment regarding issue notification.
  • Drafting findings and final audit reports.
  • Leading communication with clients.
  
  In addition I created and conduct audit testing that technically interrogates system controls and technical infrastructure. The use of Black Box, Grey Box, and White Box testing during the audit engagement exercises my core knowledge in operating systems, networks, or complex financial services application processing environments. Technical audit testing covers such areas as:
  
  • Reconnaissance, Foot printing, Scanning, and Hands on Vulnerability Assessment and/or Penetration
  • Cisco PIX Review (Rules and Configurations)
  • Application Security Assessments
  • OS Hardening Reviews
  • Java Code reviews