SUMMARY:

• Seasoned professional with 20+ years significant regulatory risk and audit experience in the areas of Public/Internal Auditing, Fraud and Forensic Investigations, Governance Enterprise Risk Management, Anti - Bribery/Anti-Corruption (ABAC), Anti-Money Laundering (AML), 3rd Party Risk-Based Assessments, Regulatory and Sanctions Monitoring, SOX Auditing and Compliance, Business Continuity Planning (BCP), Information Security and Systems Auditing, Internal Controls Evaluation, Corporate Social Responsibility (CSR).

TECHNICAL SKILLS:

• COSO, SOX, SOC 1 & 2, SSAE18, COBIT, NIST, OCTAVE, OMB A-123, A-127 and A-130 Circulars, GAAP, FASAB, GAAS, FAM, FISCAM, FISMA, FedRAMP, DIACAP, FCPA, UKBA, OFAC, BSA, USA Patriot Act, Dodd-Frank Act, FINRA, NERC CPI, PCI/DSS, FFIEC, GDPR, HIPAA, HITRUST, OIG and PhRMA, OPDP, GBLA, FDCPA, FSMA, FSVP, UNCP, UNSDGs, ISO 26000, ISO 14001, ISO 31000, ISO 27001

PROFESSIONAL EXPERIENCE:

Confidential, Short Hills, NJ

Sr. Director

• Led the design and implementation of Compliance Solutions for S&P 100/500 customers in multiple areas of regulatory compliance (ABAC, AML, InfoSec, CSR, SOX, among others), across multiple industries (e.g. retail, oil & gas, transportation, distribution and logistics, pharma, financial institutions, technology, electronics, agriculture).
• Assisted customers as a Subject Matter Expert (SME) in the design, implementation and testing of ABAC controls and the development of due diligence screening programs and monitoring capabilities, implementing policies and procedures, systems, tools and controls needed to mitigate and remediate Third Party Due Diligence compliance related risks.
• Performed advanced Risk Assessments and Analytics to categorize risk across large volume of suppliers, customers and other types of third parties.
• Developed risk scoring models and customized risk assessment solutions utilizing criteria such as Beneficial Ownership, Regulatory Indexes (e.g. CPI, TRACE, BASEL), Financial, Operational, Environmental and Socio-Economic data and indicators, Standardized Industry Codes (SICs, UNSPSC), Tax Haven Jurisdictions, etc.
• Responsible for consulting, advisory and project implementations in the LATAM region.
• Developed and delivered specialized regulatory training for internal compliance practitioners, sales and operational teams.
• Thought Leadership: developed collateral on themes related to regulatory requirements for publication, white papers and blog articles on Politically Exposed Persons (PEPs), Governance Risk & Controls (GRCs), Spend Management and Analytics, Master Data Governance, Supplier Convergence Frameworks.
• Designed and delivered specialized product training for customers during implementation of compliance solutions.
• Developed a Cybersecurity and CSR frameworks to meet Information Security, Environmental, Human Rights, Occupational Health & Safety, Ethics and Sustainability industry standards, including suppliers’ self-assessed questionnaires (SAQs) and risk scoring methodologies to quantify risk and determine remediation/mitigation strategies.

Confidential, Richmond, VA

Anti-Corruption Global Manager

• Managed the design and implementation of a global compliance program to remediate anti-bribery and anti-corruption related risks.
• Managed and facilitated the work of a global team composed of internal and external stakeholders, including Legal, Compliance, Finance, Internal Audit, Outside Counsel and DOJ Monitor, to design and implement policies, standard operating procedures, processes and controls intended to mitigate operational high risks areas related to Third Parties Profiling and Due Diligence, Privacy and Confidentiality of Information, Joint Ventures, Charitable Contributions and Social Responsibility Programs, Facilitating Payments, Travel, Gifts and Hospitality, Compliance Sensitive Payments, Books and Records, among others.
• Designed Risk Control Matrices (RCMs) to assist Internal Audit in the implementation of Corruption-Compliance Audit Work Programs
• Conducted Risk Assessments and Due Diligence on Third Parties, Sales Agents and Joint Ventures to assess risk levels and determine provisions to be exercised to cover FCPA regulatory requirements.
• Led the development of IT systems solutions and processes to support the Compliance structure, such as Policy and Documentation Life Cycle Manager, Response to Allegations and Investigations and Third-Party Risk Assessment systems. Designed and implemented monitoring and screening systems to monitor compliance sensitive activities.
• Assisted on the design of training materials and delivered training to Treasury, Finance and Accounting, Audit divisions and internal users of compliance systems.

Confidential, Alexandria, VA

Manager

• US Department of Treasury - Financial Reports Division - Internal Controls review: Preparation of the Financial Statements of the US Government. Led the review and evaluation of the internal controls over financial reporting related to the preparation of the Financial Reports of the United States Government for the Financial Reports Division (FRD).
• US Marine Corps - Audit of Statement of Budgetary Resources. Member of the senior management leadership in the audit. Managed a team of fifteen IT auditors to conduct general and application controls testing of federal applications and systems platforms. Planned the IT audit program following FISCAM guidance and other federal laws and regulations criteria, such as NIST and DOD 8500s.
• US Department of Labor - Employment & Training Administration (ETA) - Technical Internal Controls Assistance to the State Human Resources of the Occupational Development Council of Puerto Rico. As the engagement senior manager, led a team to review cash reconciliation and expenditures reporting, disbursement/payment procedures, traced excess cash on hand and interest earned; reviewed method of calculation of program income and cash forecasting; analyzed internal controls for funding and payment processes, developed cash management policies and procedures and documented risk analysis and activities workflows. Identified scenarios and categories of expenditures. Developed a new accrual reporting system, reviewed cost allocation procedures, developed a cost model and cost sharing tools for local offices. Evaluated main Accounting Information System’s control design and operational effectiveness.
• US Department of Justice - Asset Forfeiture and Money Laundering Section. Conducted a comprehensive and independent financial and forensic accounting review of the financial records and multiple bank accounts of the suspect. Determined suspect’s Net Worth and Cash Flow and mapped supporting documentation to each financial transaction .
• World Bank - Sierra Leone Extractive Industries Transparency Initiative (SLEITI). Developed initial planning schedules and tools to conduct a reconciliation of payments/revenue transactions between government agencies of the government of Sierra Leone and several mining companies conducting business with government. Managed and performed testing of FCPA and AML controls to determine compliance with international and government laws and regulations. Identified initial potential risks and control design issues related to recording of financial transactions.
• United Nations - Audit of the Division for Human Resources (DHR) at UNFPA. As the engagement’s daily manager, led the review of the Human Resources branches of the UNFPA’s and the audit of its payroll processes.
• US Department of Treasury - Debt Management Services - A-123 review. Managed a team of financial and IT auditors to perform an A-123 internal controls review. Planned, scoped, documented, and tested key financial and information systems controls over major business processes (collections, disbursements, reconciliations and reporting) and financial applications.
• United States Marine Corps - Financial Improvement Program. As the Information Technology team lead, performed agreed upon procedures and integrated testing to validate the General and Application controls of the Marine Corps financial systems. Analyzed the Defense Information Systems Agency (DISA) GCC controls
• US Health and Human Services - Center for the Medicare Services. Managed a special task team to review project documentation to support the quality control check of financial and IT internal controls compliance testing.
• US Department of the Interior - Office of Historical Trust Accounting. Member of a special task team to review project documentation to support the quality control check of historical accounting by Confidential & Young LLP of IIM accounts for four plaintiffs and their predecessors related to a litigation case.
• US Department of Treasury - Debt Management Services - Process review and cost-capturing model. As a Financial Analyst, performed a comprehensive process/efficiency review of all processes and procedures involved in the Debt Collection program managed by Debt Management Services (DMS).

Confidential, Washington, DC

Senior Risk Compliance Manager

• Coordinated and monitored the rollout of the SOX 404 Info Tech control design, operational effectiveness, and remediation program for the Capital Markets, Mortgage Portfolio and Treasury divisions supporting fixed assets and derivatives financial instruments.
• Coordinated and integrated testing activities and review/quality assurance processes with external and internal auditors, external government regulators, business owners, and SOX team leads.
• Performed Quality Control of testing execution applying GAAP, AICPA, PCAOB, IIA, and ISACA auditing standards.
• Interfaced with stakeholders and provided technical expertise in IT control and risk management practices in support of IT control regulation and infrastructure strategic direction. Created and presented reports (metrics, heat-maps, resource, schedules, workload, Gantt, etc.) to all levels of management.
• Analyzed complex operational performance and IT control problems and worked with management to identify strategies for improving performance. Participated in Business and IT remediation and deficiency management processes to help the re-design of controls and the mitigation of high-risk residual areas.

Confidential, Richmond, VA

Senior Auditor

• Conducted detailed IT auditing reviews of information system processes and controls for Publicly Traded Organizations. Supported financial statement integrated audits. Provided assurance on electronic evidence produced by client computer systems.
• Performed IT and SOX 404 Advisory Services, ERP Integrity and SAS 70 IT design and operation effectiveness testing and reviews
• Performed IT General Controls (ITGC) and Application Controls reviews including Physical and Environmental controls, System Development and Change Management, Operating and Platform System controls. Tested Business Continuity and Disaster Recovery Plans to assess recovery point objective (RPO) and recovery time objective (RTO) to determine disaster tolerance thresholds as determined by clients.
• Provided advisory services in ITGC and Application remediation for control deficiencies and risk mitigation for clients in North and South America.

Confidential, Rockville, MD

Senior Consultant

• Sarbanes Oxley compliance and remediation project for the Investment & Capital Markets group applications. Restatement/Close Process Improvements Project for 2003 and 2004.
• Performed security, operations, and data integrity management gap analysis and reviews of current processes to follow organizational procedures and guidelines to reach SOX compliance.
• Mapped control and objectives and key goal indicators (applying COBIT and ISO standards) with artifacts and deliverables. Produced deliverables, wrote final report, and made recommendations for Business Continuity Planning (BCP), including Business Impact Analysis (BIA) and Disaster Recovery Planning and contingency strategies.
• Tested Change Management Process controls related to Software Development Life Cycle (SDLC) changes during design, implementation, testing and deploying.
• Acted as liaison between application owners and business units for the design of compensating controls during remediation process and led a group of temporary consultants to produce audit documents for PricewaterhouseCoopers.
• Drove the development of overall software quality assurance strategy and approach by establishing and enhancing quality standards, documentation processes, and checkpoints at defined gateways. Recognized and resolved process conflicts and escalated key issues.

Confidential, Tysons Corner, VA

Internal Controls Consultant

• Performed, planned, designed and conducted a risk assessment for the Office of the Comptroller of Smithsonian Institution. Planned research methodology and questionnaire design to interview different levels of management.
• Conducted walkthroughs to document information related to standard operating procedures for Accounts Payable, Financial Reporting, Payroll, Policies and Procedures business processes.
• Analyzed operational processes and evaluate policies and procedures in practice, developed new metrics for productivity and performance measurements, best business practices, internal controls, and allocation of expenses and cost-related activities through PeopleSoft financial system.
• Conducted audit, forensic and asset management analysis for the Office of Contracting of Smithsonian Institution. Researched, identified and tracked IT assets for capitalization and depreciation purposes. Tested physical and environmental security controls, network and application access. Evaluated management internal control procedures for procurement and inventory of IT assets.
• Conducted internal audit and quality assurance for the Office of Information Technology, Software and Development Division of the DHS to determine physical inventory quantities and goods in transit. Reported findings regarding all components of the inventory process and property management value chain custody and analyzed output to established safety-stock inventory accuracy, service level, and cycle counting.
• Conducted risk assessment to assess management’s philosophy and operating style, risk assessment, control activities (such as corporate spending credit-card transactions), and management monitoring.

Confidential, Alexandria, VA

Manager

• Responsible for daily operations of international payment services, and cash flow positions in Latin America. Developed tactical and long-term planning for the department. Identified and defined mission and vision statement for sub-unit.
• Participated actively in strategic planning for product development, analyzing cost-volume-profit-relationships, cash budgeting, contribution margin and traceable costs for Latin American market segments.
• Designed payment infrastructure and performed electronic transactions using Automated Clearing House (ACH) system, facilitated inbound and outbound domestic and international wire transfers (SWIFT, domestic and international investigations, setup wire templates, and research for credits, debits and bank fees).
• Rolled out FCPA, Anti-Money Laundering Act and Bank Secrecy Act initiatives in compliance with laws and regulations. Implemented OFAC related controls. Reviewed CTRs and SARs.
• Coordinated billing, collections and cash in-flow time management. Established credit risk ratio parameters and receivable balances, debt-aging schedule, and estimated bad debts by days past due for recovery of uncollectible accounts.