Steven G.

Revesz
263 West Third Ave.
San Mateo, CA 94402
sr82ec10@westpost.net
________________________________________
SUMMARY
A results oriented executive with over 25 years of IT risk management, informati
on security, and outsourcing experience, as well as a proven track record leadin
g and delivering high impact initiatives to identify, remediate and manage busin
ess and technology risks. Experience includes leading and collaborating with sen
ior and middle management teams in large global companies to identify and addres
s security, regulatory, audit/compliance, and vendor management issues in a cost
-effective manner; managing the risks associated with mainframe and distributed
processing environments, business and information technology outsourcing, and co
ntract compliance and service level management; and working in off-shore operati
ons and vendors in Europe, Asia, and India.
PROFESSIONAL EXPERIENCE
Held key practice leadership and engagement management positions at Deloitte & T
ouche, and Arthur Andersen, assisting global clients in responding to security a
nd related information technology risks in an efficient and cost-effective manne
r. Managed and performed numerous comprehensive information security assessment
s, including pre-contract and post-contract reviews of off-shore outsourcing arr
angements, as well as assisted in the development and implementation of security
remediation programs.
Key information security engagements include:
* Developed and implemented comprehensive corporate-wide information security p
rogram, including information policy, standards, and procedures, data classifica
tion, platform specific technical requirement, security awareness materials, and
security monitoring
* Managed and performed security reviews to develop security policies and stand
ards for security administration, and access provisioning workflow, as well as t
o identify and address enterprise-wide security and platform specific security i
ssues, providing best practices for information security on UNIX, NT, RACF, Nove
ll, and firewalls
* Led over 70 individual internal audits as part of an outsourced internal audi
t arrangement for a major financial services client, including audits of informa
tion security processes, technical logical access controls, IT asset management,
vendor management, change control, protection of intellectual property, and oth
er security and compliance matters consistent with regulatory requirements, as w
ell as CobiT and ITIL frameworks
* Managed corporate-wide logical access control systems, including the z/OS mai
nframe, TANDEM systems, AS/400, and various other platforms, as well as applicat
ion specific security systems
* Managed risk assessments and managed security projects focused on network vul
nerability testing, formulation of security policies, standards and procedures,
and controls compliance testing for clients in the transportation, financial ser
vices, and utilities industries
* Managed pre-contract operational readiness/security reviews of India-based ou
tsource service providers for application development, maintenance and support,
participated in off-shore vendor selection to extend outsourcing arrangements to
new potential locations in Central Eastern Europe, and managed post-contract se
curity reviews of two service providers in India based on ISO 27001/27002 standa
rds
* Managed engagement to assess security, and strategic and tactical plans to ad
dress technical security and security administration processes associated with a
 complex multi-platform environment at a major Pacific Northwest retail client
* Oversaw completion of three SAS70 audits for data centers in the U.S., Japan,
and the U.K.
* Served as the technical consultant to assess transaction security, data prote
ction, and other security components for a Latin American country's social secur
ity administration agency
* Managed reviews of security administration, technical security, and applicati
on security for on-line transaction processing systems at a major financial inst
itution in Malaysia, as well as conducted technical training for the Federal Res
erve Bank of Malaysia personnel
* Oversaw international team performing comprehensive information security cons
ulting engagement for Fortune 50 multi-national located in Korea in order to dev
elop enterprise-wide security program, and correct technical security deficienci
es on multiple operating system platforms, as well as to mitigate security risks
associated with specific business application systems in order to protect infor
mation assets based on the assets sensitivity, and regulatory requirements
* Led project to re-engineer access permissions for major financial organizatio
n, resulting in the removal of thousands of unnecessary permissions, enhancing c
ompliance with PCI-DSS, simplifying access administration, and addressing known
audit issues and regulatory guidelines
* Managed and performed security assessments and developed detailed project pla
ns for major U.K. based global financial services company to address technical s
ecurity, audit and compliance issues, as well as supported the client team as a
project advisor during execution of the remediation plans
* Oversaw information security and technical logical access controls testing fo
r SOX readiness and security assessments for several large California companies
* Co-developed a payment system risk management program manual and oversaw secu
rity reviews focusing on PIN security at third party processors on behalf of a m
ajor debit card organization
* Managed series of projects to assess and formulate recommendations to enhance
security and internal controls over business applications, platforms, and secur
ity management processes for third largest U.S. credit card issuer
* Developed and conducted numerous training sessions on security, audit, and co
ntrol topics at the Arthur Andersen training center in St. Charles, Illinois
Other information technology related engagements include:
* Led the Deloitte & Touche initiative for mainframe security, serving as the f
irm's subject matter expert on mainframe security and controls, and as the Quali
ty Risk Manager on engagements to provide oversight and direction in the deliver
y of security audit and control services to global clients
* Managed a project to assist a major consumer products company to assess servi
ce level performance and management, and outsource contract compliance by major
technology outsourcer to identify areas of non-compliance and opportunities to i
mprove the services provided
* Managed ITIL based assessment of major Pacific Northwest consumer products or
ganization
* Managed, develop and implement "home grown" automated tools to facilitate eff
ective and efficient logical access administration for userid and access provisi
oning
* Co-developed ITIL-base methodology to deliver high impact IT infrastructure a
ssessments and roadmaps got correction designed to optimize IT infrastructure m
anagement processes
* Managed a project to assist a major consumer products company to reconcile ou
tsourcer's invoices for CPU time against actual CPU time incurred to identify po
tential discrepancies and process improvements to reduce costs for production pr
ocessing
* Lead software license compliance reviews at major organizations to reconcile
entitled and deployed software products on behalf of the world's largest softwar
e company
* Developed projects to help clients focus on business process improvements thr
ough the use of automated tools, including BMC PATROL and CA-UNICENTER, to impro
ve and monitor availability and system performance

EMPLOYMENT HISTORY
Director, Deloitte & Touche LLP, San Francisco, CA
April 2003 - May 2010
Member of the Deloitte Security and Privacy Services, and Contract Risk and Comp
liance leadership teams focused on assisting clients in the cost-effective, effi
cient, and secure use of data and information technology, including managing the
risks associated with outsource service providers.
Senior Manager, Experio Solutions (Hitachi Consulting) Seattle, WA
July 2002 - Jan. 2003
Responsible for the development and marketing of engagements focused on informat
ion technology service level improvement as means to help clients achieve busine
ss process improvements and reduce operating costs.
Senior Manager, Arthur Andersen LLP, Seattle, WA
Nov. 1990 - July 2002
Member of the Technology Risk Consulting leadership team developing and managing
the delivery of information security, audit, and compliance focused on the desi
gn, development, assessment and implementation of cost-effective technical and p
rocedural solutions to manage information technology risks.
Assistant Vice-President, SeaFirst (Bank of America), Seattle, WA
Nov. 1983 - Nov. 1990
Responsible for developing the bank's information security program, including po
licy, standards, and procedures, as well as in managing a variety of user provis
ioning and logical access control systems
RECENT PUBLICATIONS AND PRESENTATIONS
Coauthored "Risk Intelligent Outsourcing and Off-shoring"
http://www.deloitte.com/dtt/cda/doc/content/us_risk_riskintelligent_Outsourcing0
21208.pdf
"Risk Intelligent Outsourcing and Off-shoring," North American CACS Conference,
May 2009
"Information Security vs. IT Security," North American CACS Conference, May 2009
"Outsourcing Risk and Impact on the Control Environment," National Retail Federa
tion Internal Audit Council Meeting, April 2009.
"Identifying and Managing Risk in Outsourcing/Off-shoring Arrangements," Instit
ute of Internal Auditors webinar, November 20, 2008
"Software Asset Management: A View From Two Perspectives from the Audit World,"
SoftSummit 2008, October 2008
"Privacy and Data Security in Local and International Outsourcing," Sourcing Int
erest Group, Sourcing Leadership Summit, September 25, 2008
EDUCATION, LANGUAGES AND OTHER CREDENTIALS
M.A., New York University (N.Y., N.Y.)
B.A., Miami University (Oxford, Ohio)
Certified Information Systems Security Professional (CISSP)
Speaking knowledge of Hungarian