SUMMARY:

• Value - driven compliance and governance professional with 20+ years of success across several industries throughout corporate compliance, ethics, and GRC. Consulting experience leading teams focused on aligning compliance and risk with business and technology goals.
• Experienced with client management, blended onshore/offshore teams, with depth in both legal requirements and technology enablement.
• Focus on business outcomes has led to significant successes in compliance, audit/assessment, operations and technology roles.
• Rare combination of strategic thinking with hands-on problem solving and implementation experience including:
• Performed risk assessments and develop mitigation plans in a variety of industries.
• Led comprehensive GRC program assessments and developed Internal Audit risk assessment processes.
• Developed processes and procedures for client internal investigations and provided investigation services at an outsourced provider
• Developed de novo vendor management program including vendor intake, risk analysis, due diligence, contract management, and offboarding.
• Provided assurance by completing audits in governance, export control, privacy, bribery & corruption, third party risk, change management, IT controls, vendor and project management.
• Developed policies and procedures (including primary authorship for more than 20 Fortune 500 Codes of Ethics/Conduct) for compliance functions. Supported implementation for both management and users through and technology.
• Successfully managed complex projects with teams as large as 25 staff members/contractors, monitoring budget, schedule and staff to deliver effective solutions, often with blended onshore/offshore/remote teams. Provided stakeholder and project risk management to ensure project success.
• Acted as primary liaison between government regulators and client firms undergoing assessments/audits. Tracked regulatory requirements, communicated multilaterally with stakeholders, presented findings to both client executives and senior government officials.
• Developed detailed GDPR strategy project plan for multinational bank in London, as well as developing and executing project plan for combined GDPR/CCPA enterprise privacy framework for Confidential 100 law firm.

LEGAL, RISK, AND TECHNICAL SKILLS:

Technical Risk Management: COSO/COSO-ERM, CoBiT 5, ISO 31000/37001/2000 0-2 , Basel II/III, NIST Cybersecurity Framework, MARS-E, IRS Pub. 1075, Social Security Data Exchange

PROFESSIONAL EXPERIENCE:

Confidential

Director, Corporate Compliance, Risk, and Governance

Responsibilities:

• Built a complete vendor management program, including risk analysis, due diligence, technology implementation, contract management, and offboarding using ServiceNow.
• Privacy Program analysis and developed program to instantiate the dictates of CCPA and GDPR (among others) across the enterprise
• Initiated records management program, decreasing risk in the form of non-compliant legal records
• Code of Ethics and Compliance and all related policies
• Implemented a firm-wide program for Ethics and Compliance, developing bespoke material for all levels of employees, from Partners to Interns.

Confidential

Principal Consultant

Responsibilities:

• GRC strategy, policy and technology assessments
• Risk assessments using a variety of frameworks including COBIT 5, COSO, and OCEG GRC Capability Model
• Authoring of codes, standards, policies, procedures and strategies in support of several compliance frameworks (USFSGs, Sarbanes-Oxley, ISO: 31000/37001/27001/27002 , NIST:, MARS-E)
• Thought leadership through blog posts, white papers, and product development
• Sales support and field enablement

Confidential

Managing Consultant

Responsibilities:

• Code of Ethics and policies development and authoring
• Course development (Three published courses: Business Ethics, Advanced Business Ethics, Privacy)
• Risk assessments
• Comprehensive program development including internal investigations,, and policies
• Developing and executing statistically sound surveys, focus groups, and executive interviews

Confidential

Director, Compliance and Governance Consulting

Responsibilities:

• Comprehensive Compliance and Ethics Program Assessments (Medline, Engility (L-3), Altria, McKesson)
• Risk Assessments (Medline, Diageo)
• Policy and Code of Ethics Authoring/Rewriting (Westinghouse, ADT, Engility, Baker Hughes, Symantec)
• Assessments and Curriculum Planning (Cardinal Health, Meggitt, Pentair, WD)
• Policy and Code of Ethics Benchmarking (Stryker, Westinghouse, Anadarko, Esterline)
• D Confidential gathering and analysis including developing statistically sound surveys, focus groups, and senior executive interviews (Engility, Medline, Altria)
• Internal Investigations, Communications and, Technology Evaluation and Implementation

Confidential

Managing Consultant

Responsibilities:

• Compliance Risk Analysis, Code of Ethics, Learning Analysis and Roadmap.
• Primary project manager for comprehensive compliance assessment. Included executive interviews, focus groups, and surveys.
• Report delivered to Board of Directors.
• Product management and business development for GRC platform and client relationship management. Was hired by client when Magister closed business.
• Several projects for consumer mortgage bank including Basel III regulatory impact assessment, operational risk and governance analyses.

Confidential

Manager, Growth and Strategy Practice

Responsibilities:

• Reporting to President and CFO, built business strategy capability for business unit with $30B in originations.

Vice President, IT Risk and Compliance

Confidential

Responsibilities:

• Reporting to SVP of Research, Planning, and Architecture, created and led technology research and strategy group to align enterprise architecture and emerging technologies with business objectives and strategies.
• Established risk analysis architecture for enterprise applications and chaired Enterprise Technology Risk Committee.
• Researched, developed, and sold projects internally including Consumer Smart Card, Enterprise Linux, Web Services and Service Oriented Architectures.
• Established enterprise risk governance through CoBiT framework.