- Credentialed leader with proven IT audit, security, privacy, and risk analysis abilities. With a strong background in process improvement, technology implementation, governance, audit and regulatory compliance, I am able to provide creative and wholistic solutions to organizations facing the toughest of IT or business challenges. I have assisted organizations with 0- 30,000,000 budgets in their quests to rebuild, rebrand, and reenergize their security and risk programs. With a talent to structure projects and communicate, I am able to provide the information that all levels of an organization need to work collaboratively to solve their most complex problems.
- Recent achievements:
- Identification of clear-text password use within a web-based financial transaction system that was allowing exploit of the system.
- Identification of a vendor's non-compliance to contract terms resulting in 1.5 million dollar rebate to client
- 90-day project window to develop and implement policy, procedure and technical changes to achieve 100 compliance to security certification goal.
- Defend an organization against 5 concurrent Office of Civil Rights HIPAA audits.
Risk Manager Director of Risk Assurance
- Maintain healthcare client relationships, as well as certain Banking and Manufacturing clients.
- Evaluate and monitor quality of all work products delivered by the practice
- Manage healthcare practice professional staff, approve time and expense, perform annual reviews
- Responsible for the development, maintenance, and execution of the practice strategic plan.
- Perform HIPAA, HITECH, CMS, FFIEC Handbooks, ISO, NIST, NCUA, Texas H.B. 300, and HITRUST CSF based risk assessments and executive summary presentations. Develop and maintain the methodology used for all standards-based risk assessments
- Perform HITRUST readiness and certification assessments, including GRC integration into overall business processes
- Authored and implemented a physician practice risk analysis methodology and tool to fit the budget of the smaller practice
- Analyze servers, databases, applications, firewalls, routers, switches, architectural security diagrams, access controls, encryption methods, patch processes, virus/IDS/IPS, and other technical components to determine security risk posture
- Successful defense of regulator audits Office of Comptroller of the Currency, Office of Civil Rights
- Consulting services: staffing and segregation of duty, budget analysis, training, alignment of company and departmental strategic goals, security tool analysis and selection, disaster recovery testing and incident plan integration, risk management reporting, and policy/procedure
- HITRUST Cyber-threat intelligence group participant
- Software Development - Design and document technical requirements for a vendor management program. Perform user perspective testing.
- Software Development - Define technical and user requirements for audit performance software for large Fortune 500 banking client
- AVP, Vendor Security Control Governance and Risk Lead Analyst
- Progressive management roles responsible for risk assessment and reporting for 1000 vendor security assessments, and 7-10 staff auditors located internationally.
- Responsible for monthly management reporting of audit progress and risk
- Achieved notable success in coaching a LOB in ground-up building of their program, resulting in the LOB becoming 80-90 compliant in all of their management metrics within 6 months.
- Responsible for definition of the vendor audit methodology, agreed upon procedures, and quality control.
- Represented bank at BITS and participated on committees to define bank vendor audit programs.
- Defended vendor management audits for Office of Comptroller of the Currency OCC regulatory audits.
- Performed Graham-Leach-Bliley Act, FTC Red Flags, FFIEC Handbooks, HIPAA, Privacy Act of 1974, EU Data Protection Directive, Hong Kong data privacy principles, ITIL, COBIT, COSO -based vendor organizational risk assessments.
- Designed software for vendor risk profiling, audit management, risk reporting, mitigation planning, and executive-level reporting
- Project Manager, Oracle Applications Progressive roles that led to overall project manager responsible for management status reporting, contractor billing, and technical team management.
- Achieved reputation for 100 on-time, under budget, delivery success.
- Designed and implemented setups for assigned Oracle modules, in coordination with a large team of analysts. Defined and executed testing of set-ups, interfaces, data conversion, and implementation across modules. Responsible for Engineering, Bill of Matrial, General Ledger and Fixed Assets Modules.
- Developed and managed change management procedures for patches, upgrades, and code changes.
- Designed and modified business processes to coordinate with mainframe-to-Oracle implementation.
- Responsible for accounting staff training, new equipment specification, order, and implementation.
- Utilized Six Sigma concepts, and passed the Supply Chain APICS exam. Six Sigma concepts used to drive 100 error-free data conversion and business process delivery.
- Responsible for modification of Oracle SDLC methodology for project use.
- Business Re-engineering Analyst
- Prepared organization for conversion of legacy mainframe systems to Oracle Applications. Defined and documented business processes, prepared from-to maps, and defined project steps and milestones for conversion process. Defined requirements build vs. buy , interviewed, and selected application for implementation.
Data Conversion Analyst
Outlined data conversion rules for customer billing data to convert GTE customers to Alltel's Virtuoso II billing system.
- Progressive roles through various business process analysis and technology improvement projects airline, telecom, retail, container shipping, medical device, sports equipment and trading card industries . Performed EDI implementations and participated on the ANSI X.12 committee. Centralized a 5-state debt collection operation, including data conversion to centralized system, operational personnel job relocation planning, and labor union negotiation.
- Extensive use of E Y's Navigator System Series methodology, and contributed to new releases. Acted as methodology sales representative for southeast region. Participated on short term assignments in the methodology office to update various modules.