Browse profiles
Malt welcom

Welcome to Michael's freelance profile!

Malt gives you access to the best freelancers for your projects. Contact Michael to discuss your project or search for other freelancer profiles on Malt.

Michael Furlong

Senior Business Analyst

Works remotely from Barcelona

  • 41.400347
  • 2.159592
  • Rate On-demand
  • Experience 7+ years
Propose a project The project will begin once you accept Michael's quote.

This freelancer will be available again on 24.09.2023

Until 24.09.2023

Propose a project The project will begin once you accept Michael's quote.

Location and workplace preferences

Location
Barcelona, CT, Spain
Remote only
Primarily works remotely

Verifications

Freelancer code of conduct signed
Read the Malt code of conduct

Verified email

Languages

  • English

    Native or bilingual

  • Spanish

    Basic

  • French

    Basic

  • Irish

    Fluent

Categories

Skills (6)

Michael in a few words

As an accomplished professional, I endeavor to foster collaborative environments across domains that yield high-quality, on-time results. I’m a skilled listener and communicator, who enjoys mentoring, managing and developing teams. Also, I am adept at synthesizing business requirements and translating them into technical specifications, and comfortable presenting my findings and recommendations to clients, stakeholders, and senior leadership.

Being a hybrid information security and cybersecurity professional, I have over 20+ years’ experience across a variety of industries. I have extensive knowledge of global regulatory standards and compliance obligations including Sarbanes-Oxley (SOX), ISO 27001, GDPR, CCPA, PCI DSS, SOC 1 and 2 and Internal Controls over Financial Reporting (ICOFR). My primary practice areas are identity and access management, risk management, logging and monitoring, third party security management, application security, vulnerability management, data security, implementation of security requirements, design specifications and compliance controls, cloud security, internal and external audits, security issues related to software pilots, system upgrades and enhancements, and creation of process/procedure documentation.

Thank you.

Experience

European Commission

Public sector

Information Technology Business Analyst

Barcelona, CT, Spain

February 2022 - Today (1 year and 3 months)

I am an experienced professional offering my expertise to the European Commission in support of the creation of the new DSA (Digital Services Act) IT system.

Working as part of a team this includes the following:
• Project Management across different technologies and environments
• Provision of expert advice and assistance in relation to the IT systems and databases.
• Analysis of business and functional requirements of IT systems and databases under negotiation, including a review of usability of existing IT systems and building blocks. This includes the delivery of a written report on the basis of this analysis.
• Extensive consultation and testing of user requirements with all stakeholders. This includes organising dedicated remote workshops.
• Preparation of vision documents and communication materials, such as mock-ups of the IT systems and databases and other internal presentations.
• Estimation of costs, timescales and resource requirements for the successful development of the IT systems and databases. This includes the delivery of a written report of this estimation.
• Preparation of the necessary internal documents on IT Governance for the development of the IT systems and databases. This includes Project Initiation, Use Cases, Prototypes, Business Case, and Project Charter.
• Liaise with the policy team, as well as other relevant teams, and duly reflect their needs to ensure that the preparation of the information systems and databases reflects the needs of the new system.
• Preparation of a hand-over document for the purpose of the future development of the IT systems and databases.
Atlassian Confluence PM2 Atlassian JIRA Protoypes POC Project Management Consultancy

Accenture - ACCENTURE ORGANISATION

Social Networks

Senior Analyst - Information Security and Risk Management

San Francisco, CA, USA

February 2021 - December 2021 (10 months)

Client: Facebook (Meta)
Managed teams working on Risk Management & Compliance covering the following areas:
• Governance Risk and Compliance Management.
• Security Threat and Risk Assessment Management.
• Security Auditing & Compliance.
• IT Auditing & Compliance controls testing/standards - SSAE 18, SOC1/SOC2, ISO 27001, ISO 27018, ISO 27701, SOX ITGC, PCI & NIST.
• Security & Information Security assessments & System Review (ISMS).
• IT Service Management as per ITIL framework.
• SOC Operations
Risk management Compliance Google suite

Federal Home Loan Bank of San Francisco

Banking & Insurance

Senior Business Analyst - IT Security

San Francisco, CA, USA

April 2020 - December 2020 (8 months)

Senior Business Analyst for Information Technology Risk & Compliance on the following projects:
• IAM Upgrade & Enhancement - Sailpoint IIQ 8.1 upgrade, entitlement description management enhancement & expansion of systems covered.
•Exception Management Enhancement - ServiceNow upgrade (Orlando) along with two phases around approval workflow, SLAs, states and improved form information.
•Vendor Risk Management - CyberGRX rollout and integration.
•UAT Testing, Documentation & Training on these projects using Agile, Stories & Tickets via ServiceNow.
ServiceNow Sailpoint CyberGRX Risk management Compliance

Autodesk - Autodesk

Tech

Senior Security Analyst

San Francisco, CA, USA

June 2019 - April 2020 (10 months)

As part of the Security Assurance team, worked on support of PCI DSS, SOC2, ISO/IEC 27001, SOX and AWS compliance.
• Collaborating with various internal and external teams using ServiceNow, SharePoint, Jira and Confluence (Atlassian wiki) as repositories for documentation, evidence, testing and tracking.
• Engaging with external auditors i.e. KPMG and EY along with internal audit on various efforts.
ServiceNow Atlassian Confluence Atlassian JIRA PCI DSS Microsoft Sharepoint

Allianz - Groupe Allianz

Banking & Insurance

Senior GRC consultant – IT Security

Petaluma, CA, USA

January 2016 - October 2018 (2 years and 9 months)

• Governance Risk Compliance consultant working on new security system installations at a global financial services company serving 85 million customers worldwide.
• Running FSA/ICOFR certifications, application risk assessments and acceptances preparation to audit, CyberArk and Tripwire systems, using ServiceNow and Sharepoint along with creating/updating jobaid, runbook, narrative, process flow and overview documentation.
• Preparing, presenting and dealing with internal and external audit requests while using SharePoint as a repository.
• Training personnel from AGCS and IBM on running FSA/ICOFR certifications, CyberArk and Tripwire systems.
• Drafting security governance documents for new system implementation.
• Reviewing and cleaning up privileged access security requests for Access Oversight.
GRC ServiceNow Microsoft Sharepoint CyberArk Tripwire

Bank of America Merrill Lynch

Banking & Insurance

Information Security Analyst - Global Information Security

Dublin, Ireland

September 2008 - December 2014 (6 years and 3 months)

• Information security and risk management across multiple enterprise-wide systems at a 30B+ global financial/securities institution. Ensured compliance with global financial regulations to meet or exceed the audit requirements of global financial and securities regulatory agencies (e.g., the Federal Reserve, the SEC, and the ECB etc.) Evaluated reporting included, but not limited to: Sarbanes Oxley (SOX), UCAL (critical applications), failed logons, daily leavers, non-actioned leavers, application-specific compliance, asset services, open network drives, email (analysis of keywords, attachments and embedded content), enVision.

• Project management for all new application integrations into the Central Security Database. Approximately 60 projects (applications)/quarter, responsible for installation/integration of new applications into the Central Security Database, including final assurance that integrated applications were compliant with global financial regulations. For each project, managed a team of 15-20 comprised of application owners, business owners, developers, support teams, vendor teams, transmission support teams, access provisioning teams, architecture support teams.
Project Management IT Security

Merrill Lynch

Banking & Insurance

Security and Risk Analyst - Global Information Security & Privacy

Dublin, Ireland

November 2004 - September 2008 (3 years and 10 months)

• Global Information Security and Risk Management across multiple enterprise-wide systems at a 20B+ global financial/ securities institution. Ensured compliance with global financial regulations to meet or exceed the audit requirements of global financial and securities regulatory agencies (e.g., the Federal Reserve, the SEC, and the ECB etc.) Evaluated reporting included, but not limited to: access levels/separation of duties, failed logons, daily leavers, non-actioned leavers, application-specific compliance, asset services, open network drives, and email monitoring (analysis of keywords, attachments and embedded content).

• Teamed with information security systems architects and developers to design, develop, implement and maintain Merrill Lynch’s System Entitlement Reporting Application (SERA) – a global, company-wide access review system.
Risk Management IT Security