Languages:
German (Full Professional) | English (Full Professional) | Dutch (Native or Bilingual)
Information
Keywords
IBM Resource Access Control FacilitySafety PrinciplesAuditingInternal ControlsDatabasesRisk AnalysisExternal AuditsPython (Programming Language)Role-Based Access ControlImport/Export LogisticsData AnalysisConsultingFinanceJob Control Language (JCL)Rexx (Programming Language)Information Technology Infrastructure Libraries (ITIL)Light-Emitting DiodeYAMLData/Record LoggingTso/ispfSplunkPayroll ManagementRisk Management+ 13 more keywords
Skills
Profile
From 1998 Until today I’m working with RACF as an RACF
Administrator and as an RACF Auditor. An interesting combination of
knowledge.
All this time I have worked with RACF Consul in several jobs as
administrator, analyzer auditor and advisor.
So I have my experience and skills in the two mentioned jobs.
As an RACF administrator
• Add users, groups, datasets and other RACF permissions.
• Secure the use of RACF.
As an RACF analyzer/advisor to the management
• RACF database
How is the RACF database implemented and confgured?
• Implementing RBAC roles
How are de RBAC application roles designed and implemented in
your company?
Is there separation of duties well implemented in a way that this don't
conficting a good confrmation of In Control Statement.
• Risk analyses
Analyze the outcome of external audits.
Analyze the outcome of internal audits.
How to manage these audit fndings related to receive an proper ‘In
Control Statement’ or ‘Third Party Declaration’.
As an RACF Auditor to control and advise the manager
• How are the roles designed in RACF?
• Witch Security guidelines are valid?
• Are there security breaches?
• Which First line of defense controls are implemented?
• Pre-audit the company on various subjects according to RACF.
What outcome you can expect when you are audited?
What kind of skills I have
• My 26 years working experience as a RACF Auditor using Z-Secure.
• Also my 26 years’ experience as a RACF Administrator.
• The relevant IBM-RACF courses.
• The relevant Consul-RACF courses.
• RACF-CARLA queries on the RACF database.
• Analyse if people do the right things with their RACF rights.
• My experience as an Lead Internal Audit specialist.
• Microsoft Word, Microsoft Excel to write and analyse.
• TSO/ISPF
• JCL
• USS
• Basic REXX to understand what’s happening.
• YAML
• SPLUNK to monitor security logging.
• Basic Python to understand what’s happening what programmers do.
• The ability to ask the Python Programmers to program what I want to see.
• The ability to work with other specialist.
• The ability to work in a team and also alone when it’s necessary.
• The ability to coach people.
Give back my knowledge for the future generation.
RACF-security can be managed in another way…an interesting
combination I would say. It’s really works if you do this properly.
Work Experience
Internal Control
Conducted internal controls on IT ITIL processes. External auditors
can use my conducted controls as a base.
Quality Control
Assessed TPM controls and judged outcomes of internal control
teams. No TPM/ICS deviations.
Consulting
Advised management in response to audit fndings to achieve
workable solutions with risk coverage. Approval of TPM/In Control
Statement.
Advice
Supervised external audits and discussed results with responsible
management. Delineation of findings led to less burden on operational teams.
Advice
Wrote programs for RACF and carried out checks. Improved risk
management through internal control measures.
Functional Management
Managed the RACF database in all kinds of areas as a RACFAdministrator. Ensured good security design with as few external
audit findings as possible.
Auditing RACF
Carried out all kinds of audits in the feld of use of RACF to
demonstrate a degree of risk control.
Good and reliable controls
served as the
Auditing
Conducted fraud investigations. No further explanation.
System Specialist RACF
Ministry of Finance
2005 - present
Served as Security Administrator.
System Specialist RACF (Auditor)
Ministry of Finance
2005 - present
Conducted security auditing and analysis.
FIB3 ofcial B/CICT
Ministry of Finance
2001 - 2004
Managed internal controls and provided security advice.
IC ofcial-B/CICT
Ministry of Finance
1998 - 2001
Handled internal controls.
Customs ofcer
Ministry of Finance
1995 - 1998
Conducted security checks and functionary duties.
Customs ofcer Import Export Verifcation
Ministry of Finance
1983 - 1990
Performed import and export verifcation checks.
Customs officer
Ministry of Finance
1981 - 1982
Conducted surveillance service checks.
Customs Ofcer Supervision
Ministry of Finance
1979 - 1981
Supervised customs ofcers and conducted checks.
Payroll administration
Continental
1978 - 1979
Project history
01/2005
-
Present
Systeemspecialist RACF (Auditor)
Ministerie van Financiën
Verantwoordelijk voor security auditing en analyse, met focus op RACF-systemen.
01/2005
-
Present
Systeemspecialist RACF (Administrator)
Ministerie van Financiën
Beheer en configuratie van RACF-systemen voor optimale beveiliging.
01/2001
-
12/2004
FIB3 functionaris B/CICT
Ministerie van Financiën
Interne controles en advisering op het gebied van IT.
01/1998
-
12/2001
IC functionaris-B/CICT
Ministerie van Financiën
Uitvoering van interne controles binnen de IT-afdeling.
01/1995
-
12/1998
Douane ambtenaar AO/IC/FIB-DOUANE Functionaris
Ministerie van Financiën
Controle en security taken binnen de douaneafdeling.
01/1983
-
12/1990
Douane ambtenaar Import-Exportverificatie (MBO)
Ministerie van Financiën
Controle van import- en exportdocumenten.
01/1981
-
12/1982
Douane ambtenaar Surveillancedienst
Ministerie van Financiën
Uitvoering van surveillancetaken voor de douane.
01/1979
-
12/1981
Douane-ambtenaar Toezicht
Ministerie van Financiën
Toezichthoudende taken binnen de douane.
01/1978
-
12/1979
Loonadministratie
Continental
Verantwoordelijk voor de administratie van lonen.
Local Availability
Open to travel worldwide
Ervaren Systeemspecialist en Security Auditor
Follow profile
You need our Enterprise membership to view this information.