PROFESSIONAL SUMMARY

• A conscientious and solutions-focused Assurance, Compliance, and IT Risk Management Professional with 20 years of comprehensive auditing and compliance experience and proven expertise in capitalizing on opportunities to lessen liability and minimize risks associated with policies and implementations.
• Forward-thinking leader with the quantitative and qualitative aptitude to excel in a challenging role offering broad business knowledge including extensive experience with GAAP, GAAS, GAGAS, CRA, Sarbanes-Oxley, REIT, NCUA and other regulatory requirements.
• A catalyst for positive change with a proven ability to develop constructive relationships and teams with a broad and diverse group of cross-functional business partners, influence key internal/external stakeholders and establish a cooperative climate across multiple departments/divisions.
• Superior interpersonal, analytical, critical-thinking and problem-solving skills. Proficient in Spanish and French

WORK EXPERIENCE

Confidential

Manager - Business Process Reengineering Project BPR

• Analyzed business processes and documents through narratives and flowcharts documented all steps including key internal controls, assertions, posting logic, and systems and interfaces touched by the process, reports, and data produced.
• Interviewed SEC and SBA staff to determine current and optimal state of financial business processes partnered with SEC and SBA client leads to develop strategy and create implementation plan for optimal state.
• Created presentations, Internal Standards of Procedures ISOPs , Desktop Procedures, and other communications to increase staff buy-in and to assist in shifting the staff culture to new business processes.
• Document workflow and processes. Excellent communications with stakeholders oral and written , interpersonal, organizational and time management skills. Firm grasp of the Software development life cycle and EA concepts and functions. The development of business and/or functional software requirements.
• Evaluation of software to meet business needs.
• Experience with Relational database systems and tools such as SQL, and SQL query tool s such as Oracle SQL Plus.
• The ability to present and explain complex technical topics, problems, and alternative solutions to others.

Confidential

Responsibilities:

• Completed Control Inventory, June 2011.
• On-boarded eight resources for the Escrow work stream.
• Received rules from Compliance verified Compliance mapping to process steps, created Stakeholder matrix, and assigned rules to teams.
• Completed ID Key Controls and AORC, July 2011.
• On-boarded four additional resources for Escrow work stream.
• Assessed and classified key controls using risk criteria, newly developed scorecard, and SME input.
• Aligned key control ID and AORC assessment in order to accomplish a compressed time frame.
• Document workflow and processes. Excellent communications with stakeholders oral and written , interpersonal, organizational and time management skills. Firm grasp of the Software development life cycle and EA concepts and functions. The development of business and/or functional software requirements.
• Evaluation of software to meet business needs.
• Experience with Relational database systems and tools such as SQL, and SQL query tool s such as Oracle SQL Plus.
• The ability to present and explain complex technical topics, problems, and alternative solutions to others.
• Verified business processes and rule coverage during SME interviews.
• Consolidated Rules to Controls and Updated AORC, July 2011.
• Interviewed SME's, process owners, and control owners identified 298 controls in a one-to-one relationship between controls and assigned rules.
• Consolidated controls into a one-to-many relationship reduced control count from 304 to 31 including 14 key and 17 non-key maintained compliance with federal and medium/low ranked rules specific to states and agencies during testing for the August 8, 2011 cut off.
• Completed Maturity Assessment, July 2011.
• Assessed Key Controls within Non Default Escrow based on the Output including Design, Function, and Maturity Scores eight controls scored one and six controls scored three of the 14 Key Controls.
• Identified six gaps covering 16 rules and four key controls.
• Completed Testing by Targeted Deadline, August 2011.
• Accomplished data collection, assumption, test plan, and testing on a time-related Non Default Escrow.
• Resources Global - Metropolitan Washington Airport Authority MWAA January 2011 February 2011
• Provided assistance in determining the overall effectiveness of MWAA's management control over fixed assets and inventories in preparation for their convergence to a new enterprise resource planning system Oracle .
• CapTech Ventures Freddie Mac October 2009 February 2010
• Managed program activities related to the coordination, validation, and implementation of the FAS 140 accounting rules as mandated by regulatory compliance.
• Provided oversight and management of a 6.5M budget ensured variances driven by scope and complexity were managed within 10 .

Confidential

Responsibilities:

• Testing activities centered on corporate applications, ERPs PeopleSoft Hyperion Mainframe, Logging and Monitoring Tripwire , Information Security, and Job Schedulers Autosys .
• Evaluated corporate security standards ensured alignment to corporate information security policies.
• A fixed-fee vendor statement of work was negotiated and implemented in order to better manage and control SOX program costs as a result it allowed the organization to assume ownership of all SOX compliance activities in an effort to streamline testing procedures and operational execution
• Through strategic program enhancements, team realized a 78 reduction in SOX program costs

Confidential

Responsibilities:

• Suggested how to implement and leverage good practices across a domain and process framework presented activities in a manageable and logical structure with emphasis placed on more control optimized IT-enabled investments which ensured service delivery and provided a measure against which to judge difficulties.
• Defined management control objectives and associated responsibilities of business and IT process owners made a link to the business requirements.
• Oversaw IT Operations of the internal control testing program including annual coverage model, ERP system upgrades and/or conversions, management and board reporting, and issue tracking
• Reduced IT audit time by 1000 hours despite a reduction in staff for the largest banking client in 1st year in role of Project Manager.

Confidential

Responsibilities:

• Information Risk: Served as liaison for all auditable entities facilitated management responses to audit findings and assessed risk outlined in those audits. Focused on information security, disaster recovery, monitoring, business continuity, database security, user administration, and change control. Tested applications using Sarbanes-Oxley to ensure alignment with security of infrastructure.
• Loss Data: Collected, analyzed, and distributed Global Loss Reports on a quarterly basis ensured the process met requirements for Senior Management and Enterprise Risk Management ERM . Collated, analyzed, and communicated quarterly Global Loss reports which included Management, Regulatory, and KPI numbers.
• CoBIT: Gained experience in the understanding and application of Control Based IT Objectives CoBIT principles in preparation for company-wide CoBIT implementation. Used control objective assessments to assist IT in understanding the relationship between business risks, control needs, and technical issues.
• Control Risks: Designed and documented link between risk life cycle and loss by identifying and assessing how ERM implements policies and interacts with other areas of the company to streamline the risk effort and show value of risk strategies.
• Risk Office Audit Relationship: Championed the relationship between the IT Risk Office ITRO and the Audit Offices to define expectations and conditions of satisfaction through regular meetings and communication partnered with offices to determine best practices for information exchanges.
• Selected as The Best Small-Medium Sized Bank by Operational Risk Regulation Magazine, 2003 nomination based on strategies created and executed by bank's top risk management team in difficult market conditions.