Bruce Rein MBA, CISA Cell Phone (201) 819-1126

Fair Lawn, NJ 07410 Email: Brein@Optonline.net

SUMMARY
Seasoned audit professional with extensive experience conducting Health Care Auditing, Sarbanes-
Oxley compliance and control testing as well as mainframe security auditing. Adept at identifying
and testing key controls, creating flowcharts, documenting findings and Audit reporting.
Core competencies include:
• Internal Controls • Technology Integration • Change Management
• SOX Compliance • HIPAA Security • Security Systems Development

Hardware: IBM 3090/4381 under MVS/XA and VM operating systems, HP UNIX, Oracle,
Windows NT Server, Windows 2000 Server, IBM laptop computers under Windows 95, NT, XP.

Software: RACF, ACF2, Easytrieve, Audit Leverage, Audit Command Language (ACL), Business
Objects, COBOL, BASIC, FORTRAN, MS products (Excel, Access, PowerPoint Visio and Word),
PeopleSoft, Hyperion.

Healthfirst, LLC - Audit Manager Dec. 2007 – Nov. 2009

Audit Manager for a newly created three person audit function that was recently outsourced.
Performed Financial, Operational and Information Technology reviews based on an approved Audit
Committee five-year audit plan. Conducted reviews requiring in depth knowledge of HIPAA
standards, Federal Healthcare requirements for Medicare and New York State Supplemental Benefits
for Medicaid. Utilized Audit Leverage, an automated audit tool, for audit program warehousing,
planning, fieldwork, reporting and management follow-up. .

Consulting Positions - Protiviti, Jefferson Wells Intl, Control Solutions

SOX 404 Compliance and HIPAA Consultant June 2004 – July 2007
Conducted IT Risk Assessments. Managed projects for SEC clients working to achieve compliance with
Sarbanes-Oxley Section 404. Created IT Business Process Narratives, completed IT Control Matrices and
performed key control testing based on COSO and COBIT guidelines.

Act 1 Group for client PSE&G

Nov. 2003 - June 2004
Sr. IT Consultant – Sarbanes-Oxley
Responsible for conducting Sarbanes-Oxley testing for the System Controls Core team
at PSE&G. Identified and tested “key” controls from several key IT processes. Duties
included developing an audit approach for testing key application processes and
interfaces to the SAP enterprise reporting system; interviewing key personnel,
gathering system change data for audit examination, preparing Visio flowcharts and
system narratives required to document the Change Management process and related
controls. Prepared a Preliminary Findings report for discussions with IT management.

HIPAA
Computer Security Consultant
June 2002 - Nov. 2003
Conducted Security Awareness Training for medical providers and other practitioners
seeking compliance with federally mandated HIPAA regulations. Conducted Mainframe
Security audits for clients. Wrote IT Security Audit reports for clients.

The University of Medicine and Dentistry of NJ Nov. 1999 – June 2002

Computing and Network Security Manager
Presented results of System Penetration Test, conducted by CISCO representatives, to UMDNJ Division
management. Duties included representing the Information Technology (IT) group at security related
management meetings. Drafted Computer Security Policies using COBIT guidelines. Developed a strategic
plan for implementing a University wide security program, in compliance with HIPAA regulations. Monitored
the progress of the Health Insurance Portability and Accountability Act (HIPAA) security and privacy
regulations. Assisted in the development of a HIPAA website for UMDNJ.

Ernst & Young, LLP, NJ May 1998 – Sept, 1999

IT Audit Senior - Internal Audit Services

Performed a security audit of PeopleSoft 7.0. Conducted an Oracle database audit in an HP UNIX
environment. Utilized a SQL based software application, Business Objects, to develop audit reports for use
during regional business unit audits. Utilized Audit Command Language (ACL) to identify and report
duplicate payments made to vendors. Ensured laptop computer security was maintained. and standard
department application were created properly for new hires.

ADP, New Jersey Jan. 1995 – May 1998

Senior IS Auditor - Corporate Audit Department
Evaluated the General Computer Controls over the IBM mainframe computer environment (including CICS
and RACF). Coordinated the 3rd party KPMG review of payroll product, AutoPay.Audit Dept. representative
on the Year 2000 task force. Reviewed department consolidations prepared using the Hyperion application.
Used ACL software to perform automated tests of client data. Used Easytreive software to code and run
Accounts Receivable confirmations.

Witco Corporation Nov. 1989 – June 1994

IT Auditor- Audit Department
Designed and executed computer programs on the mainframe computer using the EASYTREIVE PLUS
programming language. Conducted data center audits and RACF Data Security reviews.
Assisted the financial staff with their Computer Assisted Audit Techniques (CAAT’s)

EAB, Long Island Nov. 1987 – Nov. 1989

EDP Audit Officer
Conducted and supervised technical audits of system areas including; CICS Services, IDMS Services, MVS
Technical Services and ACF2 Data Security. Conducted audits of Data Centers. Wrote audit reports utilizing
personal computer software.

Earlier Audit Work Experience:

Metropolitan Life Insurance Company, New York
Citibank, New York, NY
Standard Security Life Insurance Company, New York
Coopers and Lybrand, New York
Chemical Bank, New York .

Education: MBA in Operations Research, St. John's University, Queens, New York June, 1979.
BBA in Accounting and Computer Systems in Business, The Bernard M. Baruch College of the City
University of New York Jan., 1976
Professional Affiliations:
Member of the Information Systems Audit and Control Association – N J Chapter,
Member of the Institute of Internal Auditors,
Member of the Knights of Pythias,
Trustee and Treasurer for Fair Lawn Public Library