John T.

Vanadia, MBA, CGEIT, CISM, CISA, CQA, CSP

_________________________________________________________________________
116 Nottingham Way, Jackson, NJ 08527-4378
Cell: (732) 539-9718 jvac2828@westpost.net
Senior IT Director / Manager
Senior Level IT Director/Manager with over 25 years of hands-on experience in bu
siness relationship management and culture change management. Proven ability to
devise and implement coherent IT strategies while improving control processes a
nd procedures within demanding environments throughout diverse industries. Area
s of expertise include Board Level Presentations, M&A Support and:
Security & Compliance SOX Controls & Compliance
Audit & Quality Assurance IT Score Cards & Governance
Business Continuity Planning Risk, Project, & Vendor Management
Cultural Change & Development Team Building, Mentoring, & Leadership
Partnered with HR, Legal, Finance, IT and LOB Management to mitigate risk, and i
dentify IT security and control requirements prompted by business directions, ne
w technologies, mergers and acquisitions, privacy, and laws and regulations. Pr
ovided security and controls direction, guidance, and assistance for systems and
infrastructure solutions in development and implementation projects, including
Intrusion Detection & Prevention Services, Identity Management, SAP-HR & SAP-Vir
sa's Governance, Risk, Compliance Suite.
_________________________________________________________________________
Awards and Professional Affiliations
Information Systems Audit & Control Association's (ISACA's) Distinguished Servic
e Award
* Awarded for work performed with Senators and Congressional Representatives in
drafting and enacting the US Computer Fraud & Abuse Act, and for assistance in d
eveloping the IS Audit Manager's Handbook.
Co-Chairman Emeritus, ISACA's International Government Relations Committee
President Emeritus, ISACA's New Jersey Chapter
_________________________________________________________________________
Education and Professional Certifications
* MBA in Management Information Systems, Iona Hagan Graduate School, New Rochell
e, N.Y.
* BBA in Accounting, Iona College, New Rochelle, N.Y. - Delta Mu Delta National
Honor Student
* Certified in the Governance of Enterprise Information Technology - CGEIT
* Certified Information Security Manager - CISM
* Certified Information Systems Auditor - CISA
* Certified Quality Analyst - CQA
* Certified Systems Professional - CSP
_________________________________________________________________________
Professional Experience and Significant Achievements
1998-2009 Information Security Officer / Global IT SOX Coordinator, Internationa
l Flavors & Fragrances
* Functioned as the Single Point of Contact for IT systems and infrastructure wi
th Internal & External Auditors on Interim, Annual, Intellectual Property, SOX a
nd other regulatory engagements.
John T. Vanadia Page 2
_________________________________________________________________________
* Promoted adherence to COBIT and other generally accepted IT security and contr
ol practices throughout the IT landscape.
* Managed the design and implementation of IFF's IT SOX Compliance Program and m
aintained an unprecedented level of zero SOX deficiencies as attested to by PwC
External Audit.
* Directed enterprise-wide activities for the identification, testing, maintenan
ce, compliance reporting and management assertion of IFF's security and general
IT controls.
* Developed and implemented IFF's IT Risk Management Template.
* Determined acceptable levels of IT risk as the basis of IFF's Global Security
Program.
* Identified appropriate security and controls to mitigate risks throughout the
IT landscape.
* Performed Enterprise-wide Risk Management, threat analysis, and vulnerability
assessment activities to ensure cost-effective IT systems and infrastructure con
trols and security; and, ensured annual endorsement by U.S. Customs for recurrin
g Customs - Trade Partners Against Terrorists (C-TPAT) designation to prevent im
port and export delays.
* Supported the acquisition of Bush Boake Allen (BBA), as an IT Lead Member of I
FF's M&A Team, resulting in the successful merger of BBA's IT systems and applic
ation processing into IFF's single instance SAP environment and technology infra
structure, and in turn, enabling a revenue growth from $1.4 to more than $2 bill
ion dollars.
* Mitigated IFF/BBA hardware and software security risk by implementing and main
taining a standardized access protection approach including network firewall pro
tection; intrusion detection sensors & snipers; 24/7 IDS and firewall monitoring
; remote internet access protection via two-factor tokens, PC authentication, en
crypted transmissions, and application restrictions; secure internal wireless ne
tworks; secure network tunnels; web-site filtering; PC firewalls & data encrypti
on; antivirus & behavioral software protection; patch management; and resilient
infrastructure for failover.
* Ensured IFF/BBA data access protection by implementing and maintaining the "pr
inciple of Least Privilege"; monthly segregation of duties analysis and reportin
g; individual user-IDs & password authentication; application enforced password
parameters incorporating 90-day change intervals and failed logon lockout featur
es; emergency data access monitoring; application idle timeouts; ID management f
or provisioning and deprovisioning of services; digital certificates for select
systems; SAP access recertification; and SAP Compliance & Access tools.
* Mitigated IFF/BBA systems interruption risk by implementing and maintaining gu
arded facility entrances with surveillance cameras; card access systems; redunda
nt uninterrupted power supplies, redundant power grids, and backup generators; a
utomatic fire detection / suppression systems; data backup and off-site backup s
torage services; regularly tested disaster recovery plans with off-site recovery
capability in a hardened facility, incorporating network traffic switching capa
bility, and event scenario walkthroughs.
* Mitigated IFF/BBA systems performance risk by implementing and maintaining sys
tems tools to maximize automated and controlled transfer of data between systems
; reduce manual interference; and monitor & manage system capacity, network cong
estion, and spam filtering.
* Ensured ongoing IFF/BBA SOX, GLBA, EU Privacy Directive, HIPAA, FCPA, etc. reg
ulatory compliance via adherence to IT policies, standards, procedures, guidelin
es, and licensing agreements; as well as IFF's Code of Conduct and records reten
tion requirements.
* Mitigated risk associated with the loss of key IFF/BBA IT personnel by identif
ying, developing and recruiting highly skilled candidates for succession plannin
g; and, by ensuring periodic review of salary grades, levels, and compensation.
John T. Vanadia Page 3
_________________________________________________________________________
* Expanded IFF's Global Security Program with an SAP security design / implement
ation strategy that leveraged a best-practice development team infrastructure, i
ncluding business engineers, SAP security design specialists, and security admin
istrators to facilitate initial and ongoing design, and activation of SAP securi
ty profiles.
* Developed, published, and maintained corporate information security policies,
standards, procedures, and guidelines, including information and control classif
ication schemes to ensure compliance with enterprise-wide formula security requi
rements; and, incident response and reporting procedures to ensure SOX Complianc
e.
* Designed, developed, fully tested, and implemented IFF's first-ever Disaster R
ecovery Plan for global operations, including single instance SAP processing, wi
thin 18 months. The strategy was based on a best-practice, cost-effective, third
-party continuity services vendor solution. Alternate site recovery processing r
equirements were collected and validated, including configuration details for th
e hardware, software, network and supporting environment.
* Developed an RFP, incorporating the above requirements as the basis for the bi
d process. Conducted site visits at proposed recovery locations as part of the v
endor evaluation and Comdisco-Sungard selection process for an enterprise-wide s
olution. Created a permanent disaster recovery coordinator position for DR Plan
maintenance.
* Established vendor off-site storage requirements, and completed a process simi
lar to the above for the off-site storage services vendor evaluation and the sel
ection of Vital Records, Inc.
_________________________________________________________________________
Additional Experience
* Director, Information Risk Management / Senior Manager - The McGraw-Hill Compa
nies
* Managing Consultant, Quality Assurance & Control - Bank of America
* Senior Manager, Quality Assurance & Standards - Continental Insurance Company
* Worldwide IS Audit Manager - ITT World Headquarters
* Corporate IS Audit Manager - R. H. Macy & Company
* IS Audit Manager - Prudential Bache Securities
* Manager, Accounting & Human Resource Systems - GAF Corp.
* Lead Accountant - Ernst & Young
* Data Systems Technician - US Navy

---Curriculum Vitae Follows---

John T. Vanadia, MBA, CGEIT, CISM, CISA, CQA, CSP

116 Nottingham Way Jackson, NJ 08527-4378
Cell: (732) 539-9718; jvac2828@westpost.net
Senior IT Management/Directorship/Team Building - Leadership/Consultant

Highly accomplished, articulate, and experienced IT Management Leader with a com

prehensive and strategic understanding of Business and IT issues, including IT a
nd Business Culture Change Management, and Line of Business Relationship Managem
ent. Proven ability to devise and implement coherent IT strategies while improv
ing control processes and procedures within demanding environments throughout di
verse industries.

IT Areas of Expertise

* Security & Compliance * Board Level Presentations

* M & A Support * SOX Assertion/Attestation
* Balanced Business Score Cards * Control Framework
* Audit & Quality Assurance * Cultural Change & Development
* Business Continuity/DR Plans * Governance & Risk Management
* Project/Vendor Management * Team Building/Mentoring/Leadership

Education and Professional Certifications

* MBA in Management Information Systems, Iona Hagan Graduate School, New Rochell
e, N.Y.
* BBA in Accounting, Iona College, New Rochelle, N.Y.
* Delta Mu Delta National Honor Student
* Certified in the Governance of Enterprise Info. Technology - CGEIT
* Certified Information Security Manager - CISM
* Certified Information Systems Auditor - CISA
* Certified Quality Analyst - CQA
* Certified Systems Professional - CSP

Awards and Professional Affiliations

* Information Systems Audit & Control Association's (ISACA's) Distinguished Serv

ice Award - Awarded for work performed with Senators and Congressional Represent
atives in drafting and enacting the US Computer Fraud & Abuse Act, and for assis
tance in developing the IS Audit Manager's Handbook.
* Co-Chairman Emeritus, ISACA's International Government Relations Committee
* President Emeritus, ISACA's New Jersey Chapter
* Executive Director, Jersey Shore Volleyball Club's Executive Board, Lakewood,
N.J.
* Founder, Monsignor Donovan's Boy's & Girl's High School Volleyball Program, To
ms River, N.J.
* Trustee Emeritus, St. Thomas Christian Academy's Board of Trustees, Brick, N.J
.

* President Emeritus, St. Thomas Christian Academy's Parent Teacher's Organizati

on, Brick N.J.
John T. Vanadia Curriculum Vitae Page 2

Professional Experience and Significant Achievements

International Flavors & Fragrances (1998-2009)

Information Security Officer / Global IT SOX Coordinator
* Promoted adherence to COBIT and generally accepted IT security and control pra
ctices throughout IT. Managed design and implementation of IFF's IT SOX Complia
nce Program and maintained an unprecedented level of zero SOX deficiencies as at
tested to by PwC External Audit. These activities were enterprise-wide and inclu
ded the identification, testing, maintenance, compliance reporting and managemen
t assertion of IFF's security and general IT controls. Functioned as the Single
Point of Contact for systems & infrastructure with Internal & External Auditors
on Interim, Annual, Intellectual Property, SOX & other regulatory engagements.
* Developed and implemented IFF's IT Risk Management Template. Determined accep
table levels of IT risk as the basis of IFF's Global Security Program. Identifi
ed appropriate security and controls to mitigate risks throughout the IT landsca
pe. Performed Enterprise-wide Risk Management, threat analysis, and vulnerabilit
y assessment activities to ensure cost-effective IT systems and infrastructure c
ontrols and security; and, ensured annual endorsement by U.S. Customs for recurr
ing Customs - Trade Partners Against Terrorists (C-TPAT) designation to prevent
import and export delays.
* Supported the acquisition of Bush Boake Allen (BBA), as an IT Lead Member of I
FF's M&A Team, resulting in the successful merger of BBA's IT systems and applic
ation processing into IFF's single instance SAP environment and technology infra
structure, and in turn, enabling a revenue growth from $1.4 to more than $2 bill
ion dollars.
* Mitigated IFF/BBA hardware and software security risk by implementing and main
taining a standardized access protection approach including network firewall pro
tection; intrusion detection sensors & snipers; 24/7 IDS and firewall monitoring
; remote internet access protection via two-factor tokens, PC authentication, en
crypted transmissions, and application restrictions; secure internal wireless ne
tworks; secure network tunnels; web-site filtering; PC firewalls & data encrypti
on; antivirus & behavioral software protection; patch management; and resilient
infrastructure for failover.
* Ensured IFF/BBA data access protection by implementing and maintaining the "pr
inciple of Least Privilege"; monthly segregation of duties analysis and reportin
g; individual user-IDs & password authentication; application enforced password
parameters incorporating 90-day change intervals and failed logon lockout featur
es; emergency data access monitoring; application idle timeouts; ID management f
or provisioning and deprovisioning of services; digital certificates for select
systems; SAP access recertification; and SAP Compliance & Access tools.
* Mitigated IFF/BBA systems interruption risk by implementing and maintaining gu
arded facility entrances with surveillance cameras; card access systems; redunda
nt uninterrupted power supplies, redundant power grids, and backup generators; a
utomatic fire detection / suppression systems; data backup and off-site backup s
torage services; regularly tested disaster recovery plans with off-site recovery
capability in a hardened facility, incorporating network traffic switching capa
bility, and event scenario walkthroughs.
* Mitigated IFF/BBA systems performance risk by implementing and maintaining sys
tems tools to maximize automated and controlled transfer of data between systems
; reduce manual interference; and monitor & manage system capacity, network cong
estion, and spam filtering.
* Ensured ongoing IFF/BBA SOX, GLBA, EU Privacy Directive, HIPAA, FCPA, etc. reg
ulatory compliance via adherence to IT policies, standards, procedures, guidelin
es, and licensing agreements; as well as IFF's Code of Conduct and records reten
tion requirements.
John T. Vanadia Curriculum Vitae Page 3
* Mitigated risk associated with the loss of key IFF/BBA IT personnel by identif
ying, developing and recruiting highly skilled candidates for succession plannin
g; and, by ensuring periodic review of salary grades, levels, and compensation.
* Expanded IFF's Global Security Program with an SAP security design / implement
ation strategy that leveraged a best-practice development team infrastructure, i
ncluding business engineers, SAP security design specialists, and security admin
istrators to facilitate initial and ongoing design, and activation of SAP securi
ty profiles.
* Partnered with HR, Legal, Finance, IT and LOB Management to mitigate risk, and
identify IT security and control requirements prompted by business directions,
new technologies, mergers and acquisitions, privacy, and laws and regulations. P
rovided security and controls direction, guidance, and assistance for systems an
d infrastructure solutions in development and implementation projects, includin
g Intrusion Detection/Prevention Services, Identity Management, SAP-HR, and SAP-
Virsa's Governance, Risk, and Compliance Suite.
* Developed, published, and maintained corporate information security policies,
standards, procedures, and guidelines, including information and control classif
ication schemes to ensure compliance with enterprise-wide formula security requi
rements; and, incident response and reporting procedures to ensure SOX Complianc
e.
* Designed, developed, fully tested, and implemented IFF's first-ever Disaster R
ecovery Plan for global operations, including single instance SAP processing, wi
thin 18 months. The strategy was based on a best-practice, cost-effective, third
-party continuity services vendor solution. Alternate site recovery processing r
equirements were collected and validated, including configuration details for th
e hardware, software, network and supporting environment.
* Developed an RFP, incorporating the above requirements as the basis for the bi
d process. Conducted site visits at proposed recovery locations as part of the v
endor evaluation and Comdisco-Sungard selection process for an enterprise-wide s
olution. Created a permanent disaster recovery coordinator position for DR Plan
maintenance.
* Established vendor off-site storage requirements, and completed a process simi
lar to the above for the off-site storage services vendor evaluation and the sel
ection of Vital Records, Inc.
The McGraw-Hill Companies (1994-1998)
Director, Information Risk Mgmt.-1997; Senior Manager-1994
* Established the Corporate Information Risk Management Department for a leading
$3 billion global information services provider, with over 110 business units t
hroughout the financial services, educational/professional publishing, construct
ion information, and media industries.
* Improved the quality of this function, comprised of Business Systems Developme
nt/Re-Engineering, Information Security, and Business Continuity, through contin
ued recognition as a value-added contributor and internal delivery partner in fa
cilitating business goals, and in identifying and implementing system solutions
that satisfied business, technical, and resource requirements.
* Appointed as a Charter Member of the Year 2000 Project Management Office, with
shared responsibility for Y2K Readiness throughout all business segments, inclu
ding financial services.
* Negotiated the Information Security related aspects of the global voice and da
ta network communications outsourcing contract with AT&T, including the electron
ic information product delivery network.
* Launched a company-wide Information Risk Management Security Awareness Program
.
* Improved Business Continuity and Disaster Recovery status through live simulat
ions and post-mortems.

John T. Vanadia Curriculum Vitae Page 4

* Developed and implemented a Balanced Business Score Card, as a member of the C

orporate Management Team, incorporating metrics and measurements derived from Be
st Practices.
* Identified Mentor and Business Advisor roles/responsibilities as critical succ
ess factors in Diversity Mgmt.
* Established and updated various Corporate Information Systems Policies and rel
ated compliance criteria as a pro-active member of the Application Coalition Tas
k Force.
* Performed fraud investigations with General Counsel that were settled financia
lly on The Company's behalf.
Bank of America (1993-1994)
Managing Consultant - Quality Assurance & Control
* Managed the Institutional Trust and Securities Custody System's Quality Assura
nce and Control functions for a major bank. Developed and implemented quality i
nitiatives which improved teamwork, increased ROI, facilitated attainment of mer
ger-related business goals and established the functions as true business partne
rs.
* Directed efforts to identify and resolve key issues for a major banking data c
enter migration effort, including hardware, applications software, communication
s and personnel resources.
Continental Insurance Company (1987-1993)
Senior Manager - Quality Assurance & Standards
* Developed and implemented home-grown, fully customized, structured project lif
e cycle methodology for a major insurance company, incorporating CASE tools/tech
niques resulting in 30% productivity improvement. The life cycle emphasized con
trols, critical success factors, defect elimination, re-work avoidance, function
point estimating, project management and supported transition to an I-CASE/IE M
ethodology.
* Completed a hypermedia edition of this methodology and implemented a full-func
tion, template-driven repository for phase deliverables, including sample work p
roducts and tutorials.
* Developed a comprehensive quality assurance charter for process control and ma
nagement, containing detailed procedures surrounding quality reviews, walkthroug
hs, and inspections. This charter governed centralized and distributed QA funct
ions, and included a quality strategy/policy as the basis for the Systems Divisi
on mission statement. Implemented a systems quality improvement program based o
n the Quality Assurance Institute Model, including root cause and gap analyses,
Total Quality Management principles, Malcolm Baldrige Award criteria, the establ
ishment of a quality council, and the identification of internal delivery partne
rs.
* Developed and implemented a complete standards methodology based on Deming's c
ontinuous improvement principles for reduced variability, replicating project pr
oductivity/quality.
* Developed and implemented comprehensive standards and guidelines for distribut
ed processing in a multi-tiered, client/server environment. This included chara
cter and GUI-based user-friendly screen design standards, rapid prototyping, emb
edded user assistance, and extended help, accompanied by a reusable code methodo
logy and 200 "live" examples.
* Developed a three-tiered testing methodology, and established a software relea
se quality index, resulting in a 99.4% annual quality level for the independent
testing unit.
* Developed a weighted, attribute-driven application quality index to manage qua
lity improvement based on independently administered customer surveys.
* Functioned as an INROADS Business Advisor and Professional Mentor to fast-trac
k Management Trainees from Cornell University.

John T. Vanadia Curriculum Vitae Page 5

* Leveraged and promoted the use of accomplished students as alternative employm
ent resources from remote college facilities, such as Drexel and Rochester (RIT)
for computer programming engagements.
ITT World Headquarters (1984-1987)
Worldwide IS Audit Manager
* Provided worldwide functional direction to 75 IS Auditors employed by highly d
iversified Fortune 20 conglomerate, whose businesses include telecommunications,
insurance, financial services, hotel management and varied industrial technolog
y. Developed/implemented a methodology which improved this function's cost-effec
tiveness, while ensuring coverage at over 300 data centers at a combined budget
exceeding $775 million.
* Performed quality assurance reviews including risk assessment, scope analysis,
performance measurement, software utilization, staffing and effectiveness. Hel
d semiannual conferences, provided extensive education, and conducted technical
seminars based on results.
* Reviewed and approved worldwide wire transfer and data collection applications
as a prerequisite for system implementation, ranging from requests for recurrin
g bank wire transfers, such as commitment fees, interest payments, and service c
harges to special projects such as EFT corporate trade payment applications.
R. H. Macy & Company (1983-1984)
Corporate IS Audit Manager
* Managed IS audit activities for major retail organization, presenting results
to divisional Chairmen and Presidents on control related issues surrounding deve
lopment for centralized credit management, accounts receivable/payable, human re
sources, general ledger, and fixed asset applications.
* Prompted installation/implementation of Pansophic's Library Control System and
CA Sentinel at corporate data center; precipitated establishment of quality ass
urance and data security functions.
Prudential Bache Securities (1982-1984)
IS Audit Manager
* Managed completion of company-wide data processing transaction flow analysis p
roject for major investment company, undertaken at the request of parent company
and Touche Ross as external audit company. This project required major resourc
e commitment in meeting year-end deadlines. Successful completion included suff
icient time for compliance and substantive testing via Culprit as a prerequisite
for auditor's opinion on the newly acquired company's operations and annual fin
ancial statements.
GAF Corporation (1979-1982)
Manager, Human Resources & Accounting Systems
* Managed systems development for diversified chemical, building and consumer pr
oducts company including centralized human resources, general ledger, accounts r
eceivable/payable, inventory and freight systems.
* Actuated and orchestrated first formal backup agreement for a major chemical a
nd building materials company resulting in a signed contract with Sungard and a
complete disaster/recovery plan. This need was identified based on self-designe
d and self-administered questionnaires prompted by the Foreign Corrupt Practices
Act.
Continental Insurance Company (1977-1979)
Systems & Programmer Analyst
* Leveraged proficiency in COBOL, Fortran, and Basic programming languages to de
velop and maintain claims, reinsurance, and related accounting systems.
* Leveraged proficiency in TAL and RPG I, II, & III programming languages to dev
elop and maintain front-end edit systems.

John T. Vanadia Curriculum Vitae Page 6

Ernst and Young (1969-1977)
I/O Supervisor and Lead Accountant
* Led numerous audit engagements while employed as an accountant.
* Functioned as a shift supervisor in I/O Control while employed as a pre-profes
sional accountant.
* Participated in numerous audit engagements while employed as a summer and mid-
year Intern.
US Navy (1971-1974)
Data Systems Technician
* Completed US Navy military service as a Vietnam Era Veteran, causing an unplan
ned interruption in above employment with E&Y.
* Leveraged training in Advanced Computer Electronics, Systems Programming, and
Machine Language for the installation, maintenance, and repair of computer and p
eripheral equipment used in managing the U.S. Pacific Submarine Fleet.
Employment History Snapshot
1998-2009 International Flavors & Fragrances Information Security Officer / Glob
al IT SOX Coordinator
1994-1998 The McGraw-Hill Companies Director-Info. Risk Mgmt.-1997; Senior Mana
ger-1994
1993-1994 Bank of America Managing Consultant - Quality Assurance and Control
1987-1993 Continental Insurance Company Senior Manager - Quality Assurance & St
andards
1984-1987 ITT World Headquarters Worldwide IS Audit Manager
1983-1984 R. H. Macy & Company Corporate IS Audit Manager
1982-1983 Prudential Bache Securities IS Audit Manager
1979-1982 GAF Corporation Manager - Human Resources & Accounting Systems
1977-1979 Continental Insurance Company Systems & Programmer Analyst
1969-1977 Ernst and Young I/O Supervisor and Lead Accountant
1971-1974 United States Navy Data Systems Technician - Operations & Repair