PROFESSIONAL SUMMARY:

• As a Governance, Risk, and Compliance professional, I have spent the last 18 years developing and monitoring cost effective, productive, safe work activities and processes that ensure compliance with business and regulatory requirements. I have worked as a Business Analyst, IT Auditor, and Compliance Specialist. I have led facilitated work sessions to design Business Processes and Responsibility Matrices; written Standards and Procedures, established Control Frameworks; implemented and enhanced Compliance Programs, performed Risk Assessments and Audits of internal IT general computing and security controls.
• My primary areas of focus have been Sarbanes Oxley Act (SOX), North American Electric Reliability Corporation / Critical Information Protection (NERC CIP), Federal Communication Commission (FCC), Federal Energy Regulation Commission (FERC), and alignment with Ethics and Compliance governance requirements.

TECHNICAL SKILLS:

Risk Management: Perform Risk Assessments as part of Enterprise Risk Management (ERM) and integrate into annual strategic and tactical planning

Compliance: Compliance Program Development, Compliance Assessments

Audit: Plan, Design, and Execute IT audits of business processes and systems

Working knowledge of: Microsoft Word, Microsoft Outlook, Excel, Power Point, Lean Six Sigma, Visio, REMEDY, Open Pages, RSAM, Risk Evaluation Tool (RET), Control Frameworks

PROFESSIONAL EXPERIENCE:

Compliance Specialist

Confidential, San Jose CA

Responsibilities:

• Migrate existing risk management data into a GRC tool. Tasks include:
• Identify users and establish access /permission roles in the Open Pages GRC tool
• Establish Control Names to describe the controls being loaded into the tool
• Load existing issues, remediation plans, and controls data into the tool using the FastMap feature and create / update records manually
• Coordinate migrations between users, stakeholders, and IT System Administrator
• Identify migration issues and recommend solutions for those issues

Compliance Specialist

Confidential, San Ramon, CA

Responsibilities:

• Assist Electric Operations organization in preparing for their 2015 North American Electric Reliability Corporation (NERC) operational audit. Tasks include:
• Prepare a pre - audit activity schedule
• Review business process documentation and evidence
• Provide feedback on potential documentation and process gaps
• Create an evidence matrix document and
• Prepare data packages for Subject matter experts based on the external auditor’s data requests
• Implement a records management program to close out an open corrective action required by the CPUC. That effort entailed:
• Review the records for accuracy and completeness
• Define the meta data requirements for indexing the records in the repository
• Coordinate RFP and scanning activities with the 3rd party vendor
• Validate quality, accuracy, and completeness of the files provided by the 3rd party
• Coordinate activities to load files to the repository
• Document the process for future records retention work efforts
• Support Services:
• Prepare tracking reports for open audit findings and external data requests
• Create job aids for updating and reviewing substation inspection activities

Principal Compliance Specialist

Confidential, San Francisco, CA

Responsibilities:

• Review internal organization policies and external regulatory requirements to identify needed processes, controls, and risk associated with non-compliance.
• Create / update IT Standards and work with other Lines of Business (LOBs) to ensure integration between IT and LOBs processes.
• Establish a governance review and approval process to ensure regulatory requirements, policies, standards, and procedures are reviewed for possible changes and impacts on a regular basis.
• Research and analyze control frameworks (UCF, NIST, ISO27000x, COSO / COBIT, NERC/CIP, CAG 20) to establish a comprehensive set of IT security controls.
• Integrate risk and compliance management with Enterprise Risk Management (ERM) strategic planning to support financial planning of IT projects and initiatives. This activity includes identifying operational objectives & risks, rating and prioritizing risks, identifying risk mitigation options, and monitoring risk mitigation activities.
• Conduct control rationalization activities designed to improve the cost effectiveness of SOX controls and testing. Automate manual controls, reclassify non-key controls, and strengthen entity level controls.
• Establish compliance programs for FERC, FCC, and NERC CIP regulatory requirements.
• Manage control deficiencies - perform root cause analysis, evaluate corrective action plans, and monitor remediation activities.
• Prepare and present compliance status reports to leadership.
• Coordinate audit activities for internal and external audits
• Represent IT at Compliance & Ethics meetings and activities

Lead IT Auditor

Confidential, San Francisco, CA

Responsibilities:

• Supervise 6 IT SOX Auditors who were assigned to test 600+ IT general computing controls / 35 applications and associated databases and operating systems.
• Perform Quality Assurance of testing documentation and evidence.
• Follow Up on control deficiencies for root cause analysis and corrective action plans.
• Facilitate System and Business Process Owner forums where regulatory, compliance, and audit items were discussed.
• Work with Internal Audit’s SOX Program Office to ensure IT roles and responsibilities were being performed in a timely and quality manner, including establishing the audit schedule and .obtaining leadership signoff.
• Manage the implementation of system components being added to the IT program.

IT Auditor, SOX Compliance

Confidential, San Francisco, CA

Responsibilities:

• Document process and train IT personnel on SOX program and self assessment process
• Write test plans for evaluating the effectiveness of Change Management, Continuity of Processing, System Development, and Security controls.
• Assess business process documentation to determine if controls are designed effectively and what operational procedures are in place.
• Gather and review evidence to determine if controls are operating effectively.
• Document test results using various audit tools.

Business Process Engineer

Confidential, San Francisco, CA

Responsibilities:

• Facilitate business process development sessions.
• Document current and future business process flows.
• Identify, document, and facilitate resolution to business process gaps.