EDUCATION:
M.Sc, Computer Information Systems/Accounting
B.Sc., Economics

CERTIFICATIONS:
CISA - Certified Information Systems Auditor
CISM - Certified Information Security Manager
CGEIT - Certified in the Governance of Enterprise IT
PMI-RMP - PMI Risk Management Professional
PCI- Internal Security Assessor

EXPERIENCE:

Confidential, 2011 to Present
IS Security and Compliance Manager

• Establish and maintain Security and Compliance Program
• Serve as expert advisor to senior management in the development, implementation, and maintenance of information security infrastructure
• Identify key security program elements and determine which departments or offices must be involved in building a comprehensive information security program
• Provide guidance and advocacy regarding prioritization of infrastructure investments that impact security
• Lead the Privacy, Assurance and Systems Security Work Group, with responsibilities including:
• Developing, publishing, and maintaining comprehensive company-wide information privacy and security strategy, plans, policy, procedures, and guidelines
• Acting as the primary control point during significant information security incidents
• Advising Senior Management and Board of Directors (Audit Committee) on risk issues related to information security and making recommendations in support of the company\'s wider risk management programs
• Manage the development, implementation, and maintenance of information security policy, standards, and guidelines
• Work with Internal Audit to ensure departments consider information security risks in both ongoing and planned operations
• Monitor information security trends internal and external to the company and keep senior management informed about information security-related issues and activities affecting the organization
• Understand potential threats, vulnerabilities, and control techniques, and communicate this information to departmental system administrators
• Assist business units as necessary to investigate security breaches and pursue associated disciplinary and legal matters
• Maintain relationships with local, state, and federal law enforcement and other related government and private regulatory agencies
• Oversee company's compliance-related initiatives, including PCI and SOX

Confidential, 2010 - 2011
Privacy and Security Officer (Tennessee Title XIX Program)

• Acted as the single point of contact for all audit activities on the account, including HP Internal or External Audits, Maturity Assessment Program Reviews, Client audits (Internal, External, Regulatory Audits, Certifications, account-focused SAS70)
• Established and maintained a Risk Register to identify, monitor and communicate inherent, emerging and realized risk
• Worked with the Account Delivery team and GIS capability teams to ensure security requirements are understood and continue to be met through effective operations. Ensured technology and data resources within the scope of the Agreement are secure
• Acted as the Focal Point for Security and Compliance Communications within the Account Team and between the account team and the various GIS teams
• Worked closely with clients'senior Security and Compliance leadership and was HP's focal point for IT security or compliance matters that affected the clients
• Drove IT Governance activities including development and reporting on security metrics and Change Control activities

Confidential, 2008 - 2010
IS Audit Supervisor

• Led/Managed the execution of specific audit assignments; including the review and reporting process
• Supervised and reviewed the work of staff and/or consultants assigned to various projects
• Reviewed and evaluated security and controls within automated and manual application systems
• Conducted tests of general and specific controls to ensure the effective application of control techniques
• Performed control analysis and evaluation, documenting existing processes and systems through use of flowcharting and business narrative techniques
• Participated in new systems development and new technology implementation projects, with a focus on ensuring that appropriate controls are developed and implemented
• Developed and executed audit plans for SOX and non-SOX IT audits
• Performed Audits related to data privacy (HIPAA, PHI etc)
• Prepared Enterprise-wide risk assessment for use in the formulation of audit plan
• Identified and implemented Computer Assisted Audit Techniques (CAAT) to enhance audit efficiency and effectiveness
• Served on the IT Security Governance Committee

Confidential, 2005 - 2008
Senior Information Systems Auditor

• Oversaw the execution of projects assigned within the time budgets assigned and explained overruns when necessary
• Ensured the adequacy and appropriateness of work paper content, including the gathering of electronic documentation as needed
• Assisted with the preparation of departmental budget and quarterly revisions to the budget (including T & E)
• Supervised and reviewed the work of staff and/or consultants assigned to projects
• Reviewed and evaluated security and controls within automated and manual application systems
• Conducted tests of general and specific controls to ensure the effective application of control techniques
• Performed control analysis and evaluation, documenting existing processes and systems through use of flowcharting and business narrative techniques
• Participated in new systems development and new technology implementation projects, with a focus on ensuring that appropriate controls are developed and implemented
• Served on the Enterprise Security Governance board
• Developed and executed audit plans for SOX and non-SOX IT audits
• Prepared Enterprise-wide risk assessment for use in the formulation of audit plans
• Identified and implemented Computer Assisted Audit Techniques (CAAT) to enhance audit efficiency and effectiveness
• Participated on the IT Governance Committee to advise on IT project and medium to long-term plans
• Reviewed and suggested improvements to IT metrics, inlcuding security metrics.

Confidential, 2002 - 2005
Process Consultant: (Business Process Reengineering - System Implementations)

• Oversaw the execution of projects assigned within the time budgets assigned and explained overruns when necessary
• Developed Project Management Plans, including risk management plans, resource and costs estimates
• Mapped, Reviewed, and analyzed Processes to identify opportunities for technology automation
• Identified and described key organizational requirements met by applications
• Provided written deliverables of final requirements
• Created acceptance test plan documents
• Prepared overview of issues and suggested actions (Cases for Action) for presentation to cabinet
• Prepared and implemented process and procedure changes to address audit findings (reportable conditions)

Confidential, 1998 - 2002
Business Systems Analyst (Corporate Investment Banking Group)

• Worked with business groups on defining business and system requirements
• Drafted detailed business requirement and business solutions documents
• Conducted applications testing and training
• Participated in business analysis and project management meetings in support of development efforts within settlement Services
• Analyzed current processes and made recommendations for operational and system improvements
• Participated in architecture efforts and systems design
• Performed support functions for project management initiatives within the Corporate Investment Banking Division
• Performed Control Self-Assessment for functional area operations
• Drafted and participated in Business Contingency planning and documentation
• Supervised up to 10 employees in a fast-paced work environment
• Reviewed transactions to ensure compliance with established standards
• Participated on various Project teams and committees

OTHER EXPERIENCES:

Confidential, Nashville, TN 2002 - 2006
Adjunct Faculty (Management Information Systems)

• Directed aspects of the scheduling and curriculum development of groups of returning (professional-adult) students
• Coordinated assessment, registration, and testing activities for students in assigned classes.
• Tools: Microsoft Offices Suite, Visible Analyst, SPSS, Rational Rose, Web cast

Additional years of experience in Hospitality supply chain management and Retail Banking systems analysis, design and implementation

AFFILIATIONS:

ISACA, Project Management Institute, American Society for Quality, AIPP, HIMSS
Member PCI-DSS Council - Risk Management Special Interest Group - Responsible for publishing Guidelines for Risk Assessment.

PUBLICATIONS:
Expert Reviewer - ISACA/Deloitte - Security, Audit and Controls of SAP R/3 3rd Edition (August 2009)
Expert Reviewer - ISACA/Deloitte - Security, Audit and Controls of Oracle Database 3rd Edition (December 2009)
Expert Reviewer - ISACA/Deloitte - Security, Audit and Controls of Oracle E-Busienss Suite 3rd Edition (July 2010)

SKILLS:
CMMI, ISO 27000, COBIT, Lean Six Sigma, ITIL V3, FISMA, NIST, SOX, PCI, CERT RMM