DANIEL L. FRIEDMAN

+972 50 279-2013 dfriedman613@gmail.com T.Z. 337732515Derech HaAvot 2, T.D 454, Neve Daniel, D.N. North Judea, Gush Etzion, Israel, 9090900

IT Compliance, Security and Risk Results driven Cyber Consulting manager with over 20 years of experience in IT security, privacy, compliance and risk for the financial industry and Systems Administrator with extensive experience in midrange (UNIX) and mainframe (VM) systems. Outstanding manager assessing system availability, security, and data integrity to identify, manage, and reduce risks and ensure general compliance. Proven ability to adapt to changing roles and job requirements. I excel at assessing compliance with best practices, writing, evaluating, and testing of controls, reporting and follow-up stages for Sarbanes-Oxley Act (SOX) and SSAE16 audits.

PROFESSIONAL EXPERIENCE

Ernst & Young Nov 2014-PresentManager, Strategic Cyber Consulting, Advisory Services (Privacy and Risk Assessment):

Reviewed IT processes, procedures and configuration and provided guidance on ways to improve compliance and security while reducing, mitigating or eliminating risk.

Advised clients on regulations and best practice regarding handling private data through documentation of the dataflow of their private data lifecycle.

Performed and managed cyber program management program, providing clients with a mapping of the maturity level of their controls across 20 IT Security domains.

TraderTools Jun-Sep 2014IT Compliance and Security Advisor: Contract Position

Reviewed IT processes, procedures and configuration and provided guidance on ways to improve compliance and security and reduce, mitigate or eliminate risk.

Provided IT gap analysis indicating where security and compliance is inadequate. Performed general controls oversight to verify compliance with professional standards Provided risk evaluation and mitigation recommendations for new and existing compliance requirements.

Citi NA Israel Jan-May 2014Country Control Officer: Compliance Officer for banking and regulatory compliance. Contract Position

Reviewed and approved transactions and applications for compliance with Anti Money Laundering (AML) and Insider Trading regulations, involved with OFAC/SDN searches, Know Your Customer (KYC) UAT, compliance training and documentation.

Produced documentation for Bank Affiliate (Regulation W, Sections 23A / 23B) and mandatory absence policy and procedures.

Reviewed and approved beneficiary statements for compliance with banking regulations. Participated in User Acceptance Testing for new Know Your Customer standardized application and

EMEA Compliance Testing Sanctions Screening Review and other EMEA Compliance activities.

International Fund Services (A subsidiary of State Street Bank) 2008-2013Information Security Officer: Information Security professional with extensive knowledge of and exposure to the full range of compliance and audit issues.

Reviewed systems for adequate management controls, and compliance with standards and regulations. Prepared formal reports and recommended corrective action. Created remediation and mitigation plans for deficiencies found during audits. Served as liaison between IT department and internal and external auditors.

Ensured proper completion of audit remediation within established timeframes. Developed testing procedures and performed periodic reviews of Unix and Windows, Telecom, Database

Administration, Prod. Control and Dev. environments to ensure ongoing audit compliance. Planned and performed General Computer Control Reviews (Change Management, Logical Access,

Backup & Recovery) along with providing recommendations to improve and strengthen controls. Performed general controls oversight and review to verify compliance with professional standards. Researched, recommended and configured compliance products including AppClarity (for software

licensing) and Q1 Radar (a SIEM product).

DANIEL L. FRIEDMAN (page 2) +972 50 279-2013 dfriedman613@gmail.com

Merrill Lynch & Co. 1987-2008 Position: Systems & Application Operations Specialist / AVP, Technology Operations

IT Security (1999-2008): Key member of IT Security team, interfacing with auditors and maintaining a secure and compliant Unix environment.

Identified and assessed IT related risks throughout SDLC implementation of systems and upgrades including operating system, security and disaster recovery. Served as liaison between IT department and external auditors.

Primary contact for SOX and SAS70 audits, mitigating risks and identifying future exposures. Ensured audit tasks are completed accurately and within established timeframes. Performed general controls oversight and review to verify compliance with SOX provisions and

professional standards. Project Leader of 5 member internal security remediation team.

UNIX Systems Administrator (1993-2008): Primary contact for AIX systems installation and support Responsible for all aspects of support including design, planning, installation, security, maintenance, problem determination, performance analysis and documentation on over 125 production servers and numerous test and development machines. Installed and customized (both client and server portions) ADSM, NetView/6000, NetView/DM, Remedy and other software on AIX, Solaris and Linux machines.

Security focal point for all UNIX systems. Designed, installed and maintained the company’s first SP complexes for support of numerous highly

visible environments throughout the firm. Built and trained a team of professionals for continued support. Established segregated PE environment, creating a stable platform for production, QA and development.

VM Systems Programmer (1987-1995): Responsible for support and installation of VM systems.Performed CP, CMS and IOCP gens. Upgraded local modifications, created new modifications, applied PUT levels, and installed VM/XA and VM/ESA. Installed, upgraded and applied corrective service for numerous products including APL2, GDDM, PL/1, FORTRAN, SQL, PASF, PROFS and other vendor products including IBI, VM Systems Group, VM Software and SAS. Performance analysis and planning using XAMAP, VMMAP and SMART.

Introduced and deployed Enterprise wide backup and recovery product, both server and multiple client portions throughout Capital Markets.

Launched and supported global electronic mail system and provided training on its use.

E DUCATION & C REDENTIALS

M.S. Computer ScienceNew York University – Courant Institute of Mathematical Sciences

Professional Certifications Professional Affiliations CFE – Certified Fraud Examiner CISA – Certified Information Systems Auditor IBM RS/6000 and PSSP Certificate

Association of Certified Fraud Examiners (ACFE) Information Systems Audit and Control Association (ISACA) International Association of Privacy Professionals (IAPP)

PublicationsThe VM/ESA Systems Handbook edited by Gabriel Goldberg and Philip H. Smith III, 1993, McGraw-Hill Inc. Chapter 16 “Supporting Guest Operating Systems.” V/Update Newsletter, article on Live tracing in VM/ESA