Steve Parr
Toronto
Summary
Results-driven IT technology, cybersecurity, compliance and audit professional with over 20 years of experience enhancing enterprise security, managing risk, and performing audits for Global 500 companies. Certified in CISSP, CCSP, CISA, CRISC, with expertise in NIST and COBIT. Proven track record of improving risk profiles and delivering actionable solutions.
Overview
25
25
years of professional experience
1
1
Certification
Work History
IT Security and Technology Audit & Compliance Consultant
SparrSecure Solutions Inc
07.2014 - Current
- Performing Information Security Risk Assessments on new projects and releases for applications, api’s and infrastructure and cloud including compliance requirements.
- Provide the required support to management on matters related to information security.
- Providing IT Technology & cybersecurity audit services
Senior IT Infrastructure & Cybersecurity Audit Manager
OLG | Ontario Lottery Gaming Corporation
Toronto, Ontario
03.2022 - 07.2024
- Contributed to the annual audit plan, planned audit engagements and developed audit programs. Executing audits and ensuring test results were adequately documented. Providing direction for auditors. Assessment of control risks.
- Gained a comprehensive understanding of business, application, and infrastructure processes by reviewing interviews, architecture documents, and past audit and regulatory findings, enabling the selection of relevant areas and controls for testing.
- Utilized COBIT, NIST and CIS Frameworks.
- Ensured audit conclusions and recommendations were properly supported with appropriate documented audit evidence.
- Prepared and discussed audit findings with client management; identified significant issues in a business context, working with audit clients to identify and recommend feasible solutions.
- Ensured audit reports were clear, concise and supported by the audit work completed.
- Audits performed: Infrastructure and Cyber Security internal OLG as well as for 3rd Party Service providers such as Casinos. Led mandatory lottery and gaming audits to attest compliance for the two primary regulators ILC and AGCO.
- Identified key risk exposures which led to important improvements in OLG’s risk profile in the following areas: Disaster Recovery, backups, Highly Privileged access , IAM, Security Event monitoring, Servers, workstations and mobiles, Encryption, Privacy, Network segregation, Hardening, Patching, Data Governance and 3rd Party management Cyber controls, API’s, Penetration Testing, Change Management, SDLC, CI/CD pipelines – Azure Dev Ops, IT Policies and standards, Password Policies.
- Examples of Platforms audited, Windows, Aix and Linux Servers, A.D., Open VMS system, MS-SQL, Sybase, Oracle, Cisco switches and Firewalls, Q-Radar, Rapid 7, Nessus-Tenable, Azure Cloud Access reviews, Azure Dev Ops, Saas and SOC 11 assessments.
- Consistently evaluated evidence submitted by auditees for audit issue closures, advising IT and Security teams on meeting deadlines by conducting early evidence reviews and recommending adjustments as needed to ensure timely resolution.
- Led advisory support for IT projects by assessing enterprise controls selected by OLG IT and IT Security, aligning AGCO regulatory self-attestations with COBIT and internal IT Security controls with NIST, delivering targeted enhancements to strengthen the non-audit Compliance department’s internal testing for regulatory requirements while establishing consensus on IT Security’s control framework.
Senior IT Auditor
Stars Group Technologies (Flutter Entertainment)
Richmond Hill, Ontario
04.2020 - 03.2022
- Managed domestic/international internal and external audits and compliance activities including SOX, and ARJEL.
- Performed Cybersecurity audits of Vulnerability Management, Patching, Pen Testing and hardening, A.V. Identity and Access Management, SDLC and CI/CD pipelines and Cybersecurity standards and policies resulting in key changes to improve Flutter’s risk profile.
- Thru interviews, architecture documents obtained, and previous audit and regulatory issues gained adequate understanding of the business, applications and infrastructure processes to select pertinent areas and controls for testing.
- Utilized COBIT, NIST and CIS Frameworks.
- Ensured audit conclusions and recommendations were properly supported with appropriate documented evidence.
- Regularly reviewed and assessed evidence submitted for audit issue closures.
- Directed audit advisory efforts for IT projects, including the review and approval of key standards such as the Database Standard, Security Vulnerability Management Framework, Antivirus Policy, Access Management Guidelines, and SDLC-related standards.
Senior IT Security Advisor
Aviva Canada
Markham, Ontario
05.2019 - 11.2019
- Performing Information Security Risk Assessments on new projects and releases for applications, api’s and infrastructure changes.
- Perform security assessments of Third-Party suppliers.
- Privileged Access Management reviews.
- Management of the Web Penetration Testing program including management of the contracted 3rd party pen testers.
- Promote awareness of Aviva’s Information Security standards and policies.
- Rotated in for CAB membership duties to represent IT Security.
- Ensure adequate and timely resolutions of audit/review issues. Assist with solutioning when required.
- Provide the required support to management on matters related to information security.
IT Infrastructure & Cybersecurity Audit Manager
Scotiabank
Toronto, Ontario
09.2015 - 05.2019
- Planned audit engagements, executing test steps, and documenting test results.
- Exercised sound professional judgement in the assessment of risks and to conclude whether risks are appropriately managed through the existence of effective controls.
- Ensured there was an adequate understanding of the business, application or infrastructure processes being audited.
- Followed the Audit Standard Guidelines of the Bank and operations audit methodologies and utilized frameworks including COBIT and NIST.
- Ensured audit conclusions and recommendations were properly supported with appropriate documented audit evidence.
- Prepared and discussed audit findings with client management; identified significant issues in a business context, working with audit clients to identify and recommend feasible solutions.
- Ensured Audit reports were clear, concise and supported by the audit work completed.
- Examples of Audits performed: Backup and Recovery, Disaster Recovery, ITGC, Cybersecurity, Privileged Access, Servers, Workstations & mobiles, Interac Security, SOX ITGC, Incident Management.
- Identified key risks which led to important improvements in the Bank's IT risk profile in the following areas: International & Canadian Banking Disaster Recovery, Cybersecurity, Vulnerability Management, Hardening, Patching and Penetration testing, Security Event Monitoring, Highly Privileged Access, Active Directory.
- Examples of platforms audited: Windows, Aix and Linux Servers, AS400, MS-SQL, Oracle and Sybase, QRadar and Tripwire IP360.
- Regularly reviewed and assessed evidence submitted by auditees for audit issue closures.
- Collaborated on a bank-wide initiative to consolidate SOX controls from five distinct business units, previously designed and tested independently by four non-audit teams, unifying the most effective controls into a standardized framework adopted bank-wide and audited by the Audit team.
Senior IT Technical Specialist
Scotiabank
Toronto, Ontario
07.2007 - 09.2015
- IIS Web Server and SQL Server DBA and ETL Support for internally developed applications across environments in PROD, Testing and Dev environments.
- Programming report module for Bank Capital Management using SQL Stored procedures for tacking and forecasting application.
- Troubleshooting performance issues affecting, Server, Web or database settings. Successfully implemented indexing solutions to dramatically increase report query speeds.
- Application support for the following 3 software solutions utilized in Finance: INEA (application utilized by the Bank for quarterly reporting), Bancware and SmartStream (accounts payable system). Responsible for day-to-day availability, performance as well as upgrades, testing, patching and vendor management. Level 3 Technical Support of cross - Canadian Bank branch application.
- Implemented and supported Disaster Recovery technology such as DoubleTake including database replication and failing over entire application ecosystems for annual disaster recovery testing to meet regulatory requirements.
Senior IT Infrastructure & Application Analyst
DBRS
Toronto, Ontario
07.2006 - 07.2007
- Administration of MS SQL and Oracle databases, Citrix, and Windows, Linux and Exchange Servers.
- Administration of Active Directory and Access Management.
- Application Support and maintenance of Account Payables/Receivables system Infor-SunSystem.
- Implemented and supported ERP system running on Linux Red Hat Enterprise and Oracle 10g utilizing JBoss engine.
Senior IT Infrastructure Analyst
Torstar (Metroland)
Mississauga, Ontario
09.2004 - 07.2006
- Install, configure and maintain all Citrix servers on Windows Server platform including hardware/OS implementation and support and utilizing Citrix Metaframe XP FR3 to support a 32 Citrix server farm to facilitate over 80 remote sites connecting to the primary Corporate ERP applications PBS and Inca.
- Citrix printing support for HP/Lexmark/Xerox. Developed preferred driver lists and alternative mappings.
- Responsible for the security patch process with testing and implementation phases.
- Ensured backups of Citrix datastores and ongoing readiness for restoring systems from image backups.
- 2nd and 3rd level support for Citrix end users.
- Close co-operation with Development teams to ensure new versions of applications were properly tested and compatible with Citrix.
- Active Directory Administration. User management and replicating user changes across domain controllers to resolve issues.
- System monitoring for alert thresholds.
IT Infrastructure & Security Manager
Aecon Group Inc.
Toronto, Ontario
01.2000 - 09.2004
- Responsible for all network operations including Windows PDC’s, BDC’s WINS, DNS, DHCP, and TCP/IP. Responsible for Cisco router configurations for site connections to Head Office utilizing ISDN and T1 leased lines. Purchased, implemented and managed all networking equipment utilizing 3 Com, Dell, Cisco and Foundry switches and Cisco routers. Procured and managed the Telco’s for the required WAN leased lines. Registered and managed all DNS requirements.
- Worked with data cabling firms to assist with installation of cross connected cabling and patch panels when required.
- Managed and administered the NG Checkpoint Firewalls ensuring any rule changes followed best practises.
- Implemented and supported the Norton Anti-Virus for Exchange and Norton Corporate Edition for all servers and workstations. All updates to virus definitions were centrally managed and monitored for compliance.
- Implementation and support of the NG Checkpoint VPN software solution for remote access.
- Implemented and managed the Message Labs email filtering solution for corporate email systems.
- Logical Access and Highly Privileged account management.
- Server updates and security patching.
- Responsible for proactive monitoring of all firewalls, server and backup software logs for security violations, errors and failures.
- Managed the ethical penetration testing and web application testing process.
- Managed all Server hardware and OS purchases, installations and maintenance utilizing Dell Poweredge and IBM Servers.
- Responsible for the security and environmental integrity of the server room.
- Implemented and managed all backup and recovery technology for the organizations backup and recovery requirements including offsite storage. Utilized DLT’s, 8mm Sony, and a Dell Tape Library as well as Veritas Backup Exec backup software Metaframe.
- Responsible for All Citrix Server 1.8 and XP implementations and administration. Provided 2nd level Citrix end user support when required. All remote users connected via Citrix Servers thru the various WAN connected sites throughout Ontario to facilitate access to all applications at Head Office including ERP, project management, email and file server access.
- Implementation and support of all enterprise applications which were running on the Microsoft SQL Server platform. This included FOS the corporate ERP system and the Payroll system.
- Implemented and supported Exchange Mail Servers at various corporate locations which supported all employee’s mailboxes. Also implemented and supported Blackberry Server and provided 2nd level RIM user support.
Education
Bachelor of Arts -
University of Toronto
MicroComputer Programming - undefined
George Brown College
Certification
- Certified Information Systems Security Professional (CISSP), ISC², Active
- Certified Cloud Security Professional (CCSP), ISC², Active
- Certified Information Systems Auditor (CISA), ISACA, Active
- Certified in Risk and Information Systems Control (CRISC), ISACA, Active
- Certified in the Governance of Enterprise IT (CGEIT), ISACA, Active
- AWS Certified Cloud Practitioner, Amazon Web Services, Active
- Linux+, CompTIA, Active
- Microsoft Azure Fundamentals, Microsoft, Active
- Microsoft Certified Database Administrator (MCDBA), Microsoft, Active
- Microsoft Certified Systems Engineer (MCSE), Microsoft, Expired
Timeline
Senior IT Infrastructure & Cybersecurity Audit Manager
OLG | Ontario Lottery Gaming Corporation
03.2022 - 07.2024
Senior IT Auditor
Stars Group Technologies (Flutter Entertainment)
04.2020 - 03.2022
Senior IT Security Advisor
Aviva Canada
05.2019 - 11.2019
IT Infrastructure & Cybersecurity Audit Manager
Scotiabank
09.2015 - 05.2019
IT Security and Technology Audit & Compliance Consultant
SparrSecure Solutions Inc
07.2014 - Current
Senior IT Technical Specialist
Scotiabank
07.2007 - 09.2015
Senior IT Infrastructure & Application Analyst
DBRS
07.2006 - 07.2007
Senior IT Infrastructure Analyst
Torstar (Metroland)
09.2004 - 07.2006
IT Infrastructure & Security Manager
Aecon Group Inc.
01.2000 - 09.2004
MicroComputer Programming - undefined
George Brown College
Bachelor of Arts -
University of Toronto