SUMMARY

• Self - motivated information security, technology risk and IT Audit leader with strong background designing, executing and overseeing risk assessments and IT internal audits of enterprise application security, general controls, cloud security, cybersecurity, information security, governance, risk and compliance programs.
• Understands the strategic cybersecurity landscape and speaks about information security at the executive and Board level in the language of business impact.
• More than 20 years of technical and management experience in healthcare, internal audit, technical operations, telecommunications, higher education and food service.
• Effective coach, consultant, negotiator, relationship manager and mentor.
• Experienced with frameworks, industry standards and regulatory requirements for information security, risk management, internal audit and controls, including SOX, HIPAA, NIST, COSO, COBIT, PCI, FISMA, FFIEC, GLBA, GDPR, etc.
• Experienced with data analysis tools and techniques for improved critical thinking and decision making. Enthusiastic cloud/cybersecurity evangelist and Board of Directors member.

TECHNICAL SKILLS

• Audit & Security Tools: TeamMate, ACL Analytics and Analytics Exchange; Paisley AutoAudit; Protiviti SarbOx Portal; HIPAA One and various proprietary and open - source security auditing, pen testing and vulnerability assessment tools.
• Software: MS Office, Access, Project, SharePoint and Visio; MS SQL; Oracle; Lotus Notes; Open/Libre Office.
• Technologies: Infrastructure engineering; disaster recovery; clustering; virtualization; storage; networking; scripting.
• Hardware: Servers, desktops, storage, wired and wireless network infrastructure devices and security appliances.
• Operating Systems: Linux and Windows-based server, desktop, and smartphone operating systems.

PROFESSIONAL EXPERIENCE

Confidential, Charlotte, NC

IT Audit Senior Manager

Responsibilities:

• Provide work paper review, feedback, coaching, direct supervision and leadership to IT Audit staff. Maintain professionalism, leadership and expertise in required job skills and knowledge.
• Work with clients to provide high quality internal IT audit, information security, risk management and compliance services. Provide oversight, support and direction for the IT Audit resources at multiple client-based locations. Identify business development initiatives with existing and potential clients, including implementing/executing internal audits, IT projects and business risk consulting solutions.
• Partner with leadership to grow the firm’s competitive advantage, reputation and presence in the healthcare industry.

Confidential, Charlotte, NC

Senior Information Systems Auditor

Responsibilities:

• Mentor peers and assist in the training, coaching and guidance of internal audit staff. Perform IT audit and security risk assessments and consultations throughout the organization. Plan, design and lead risk-based assurance audits of internal controls and processes for information technology, regulatory compliance and cloud/cyber/information security.
• Recognized for establishing trust and credibility with management; member of IT Cloud Steering Committee;
• Authored technology risk white papers, audit newsletter columns, and industry article on auditing virtual healthcare;
• Improved technical auditing and security testing programs to meet evolving cybersecurity vulnerabilities and threats;
• Developed custom, focused IT audit and risk advisory programs for cloud computing, big data implementations, patch management effectiveness and the evaluated security of database, web and virtualized computing environments.
• Provided technical oversight and system design consultation for internal audit and compliance department tech projects;
• Co-developed a data analytics-driven continuous auditing/monitoring program for access security/identity management.

Confidential, Wichita, KS

IT Project Manager

Responsibilities:

• Demonstrated PM success for managing deliverables on time and in budget in dynamic and challenging environment;
• Effectively communicated technical and business requirements for different audiences;
• Obtained CISA designation and additional PMI-based project management training;
• Developed key vendor business relationships and obtained added value by significantly lowering annual costs;
• Recognized as a champion of process improvement, project management and strong information security controls.

Confidential, Cincinnati, OH

Senior Audit Manager

Responsibilities:

• SOX audit and remediation activities resulted in compliance attestation by external auditor for two years;
• Acquired key enterprise risk assessment, audit project scoping, and SOX-relevant process prioritization experience;
• Gained experience mapping internal controls to COBIT control objectives and COSO risk management framework;
• Improved internal controls critical analysis skills using best practices, audit standards, and capability maturity models;
• Further developed inter-personal communications, negotiation, presentation and managerial courage skills.

Confidential, Cincinnati, OH

IT Infrastructure Manager

Responsibilities:

• Technical liaison for internal audit and post-audit remediation activities; Enterprise server engineering and solutions design; IT operations capital and expense budgets; Business continuity and data recovery planning and testing; Supervision and mentoring of management interns, system technicians, and data center operations personnel.
• Project technical lead on several successful multi-team IT infrastructure, application and development projects;
• Contributed to special project team for server performance metrics which improved IT governance objectives;
• Completed Six Sigma Yellow Belt, project management, and various management and technical training courses;
• Promoted to Senior Audit Manager.

Confidential, Cincinnati, OH

Data Center Systems Technician

Responsibilities:

• Learned IT audit engagement technical support skills;
• Provided enterprise infrastructure technical support on multiple OS platforms and technologies;
• Promoted to IT Infrastructure Manager.
• Member, law school technology committee;
• Provided specialized technical support to law library and law school faculty and staff;
• Demonstrated customer service and interpersonal communication skills;
• Won second of two NKU student web design contests (while attending law school).