SUMMARY:

Global Information Technology and risk management executive with demonstrated experience in the identification, assessment, management and remediation of financial, operational, and information technology risks in the capital markets, pharmaceutical, medical diagnostics, wine & spirits, and transportation industries. Well versed in the security architecture around a wide variety of hardware, operating system, infrastructure, networking, ERP and software application platforms. Proven ability to develop, manage, and monitor complex programs with strong attention to detail, including coordination of deliverables, resources, milestones, and success metrics tied to business and project plans. Interpersonal communication skills coupled with the ability to work with all levels of the organization have been keys to success.

TECHNICAL SKILLS:

Regulators: FDA, FRA, SEC, The Federal Reserve, CFTC, NFA, Bank of England, FCA, FINRA

Standards & Laws: SSAE16, SOC, SOX 404, 21 CFR PART 11, PCI - DSS 3.2, HIPAA, GLBA, Dodd-Frank, FCPA, Safe Harbor, US-EU Data Protection Directive

Frameworks: COSO, COBIT5, NIST, PMBOK, ISO 27000x

Security: Application, System, Telecommunication, Network, Physical, 3rd party/vendor

Identity & Access: User provisioning, Role based access controls, Role design and security

Incident: Response & Management, SIEM reporting tools

Audit: Auto Audit, Paisley, TeamMate, RSA-Archer

Analytics: IDEA, ACL, QlikView

Platforms: Mainframe (VM, MVS), Midrange (AS/400), Client server (Vista, NT, W2K, UNIX)

Network: TCP/IP, VPN, L/WAN, Wi-Fi, firewalls, routers, IDS/IPS

OS: UNIX, Linux, NT, Solaris, Windows, iSeries, OS/400, DEC/VAX

ERP: BPCS, SAP, PeopleSoft, JD Edwards

Databases: Oracle, SQL, DB2, MS Access, Approach, DBASE IV

PROFESSIONAL EXPERIENCE:

IT Risk Management Consultant

Confidential

Responsibilities:

• Provided technology risk management services for various clients including AbbVie, Grainger, TCS Education Group, Clifton Larson Allen, Crowe Horwath, and Akorn Pharmaceuticals.
• Assessed PCI-DSS 3.2 readiness and developed a PCI compliance program at Akorn.
• Recommended a cloud based 3rd party solution that mitigated Akorn’s PCI compliance exposure.
• Reengineered disjointed sales order entry process to instantly capture $30M in credit card sales and increased productivity by reducing one headcount in A/R.
• Developed a risk assessment methodology for Akorn’s IT organization as requested by Internal Audit that included the following domains: Organizational Administration, Change Management, User Account Administration, Database/Server/Network Administration, Information Security, Help Desk, IT Operations, Physical & Environmental Controls, Business Continuity, Vendor Management etc.
• Evaluated the maturity of the IT Risk and Compliance function within AbbVie’s Regulatory Affairs, R&D Quality and Product Safety (RQS) IT organization.
• Identified and prioritized urgent opportunity areas based on potential impact and current effectiveness.
• Developed an updated IT Risk and Compliance strategy for RQS IT at AbbVie.
• Analyzed RQS IT processes across the entire organization at AbbVie and benchmarked them against best practices of the COBIT 5 framework.
• Recommended activities to further mature IT processes under the following domains: Evaluate, Direct and Monitor; Align, Plan and Organize; Build, Acquire and Implement; Deliver, Service and Support; Monitor, Evaluate and Assess.
• Performed a current state assessment of the DRP process at TCS Education group.
• Integrated acquisitions control environment into JBT’s internal control framework.

Confidential, Chicago, IL

Director

Responsibilities:

• Developed, executed and continuously improved the integrated internal audit plan encompassing IT, operational, financial, SOX 404, and Dodd-Frank related internal control compliance activities.
• Created an enterprise process/activity/risk/control framework based on the 3 lines-of-defense model.
• Collaborated with Enterprise Risk Management to update the company Risk Register and then developed an updated audit universe and audit plan based on these risks.
• Defined risk categorization and risk ranking calculations for a consistent way of describing risk and mapped identified risks to established controls while highlighting control gaps.
• Ensured risk management policies were in line with CME policies and IT risk management activities aligned with the enterprise’s risk appetite.
• Educated the Audit Committee on Cyber Security risks and current state of CME’s preparedness.
• Provided oversight and direction to a culturally diverse staff of eight fulltime, seasonal contract, and offshore partners. Positioned colleagues for success in relationships with constituents.
• Collaborated with business partners including IT, information security, risk management and legal to ensure controls were designed in compliance with key federal regulatory requirements.
• Developed integration plans for acquisitions and integrated targets’ control environment into CME’s audit universe (post-merger).
• Established and tracked new KPI’s for the purpose of achieving Internal Audit goals and objectives and presented performance metrics to the Audit Committee.
• Monitored, executed, and refined the Internal Audit annual Quality Assurance Improvement Program.

Confidential, Kohler, WI

IT Risk Management Consultant

Responsibilities:

• Performed advisory and assurance services to address global SAP CRM implementation.
• Evaluated the CRM security architecture through SAP front and back end web user interface security.
• Advised on the development and in corporation of Identity and Access Management best practices into the global SAP CRM implementation.
• Evaluated the global segregation of duties (SOD) remediation initiative and ensured business role conflict resolution was addressed in the strategic plan objective.

Confidential, Norwalk, CT

Director IT

Responsibilities:

• Performed an enterprise wide top down risk assessment and developed the global IT Audit plan.
• Provided IT leadership in the governance of global service delivery management with internal and external service providers.
• Reviewed third-party IT service providers (IBM, Accenture, Infosys) for outsourced Service Desk and SAP Application Maintenance Support while recommending an appropriate mix of sourcing opportunities (outsourcing, off-shoring, in-house).
• Ensured KPI’s in vendor service level agreements were achieved through ongoing business process management across North America, Europe, Latin America, Asia, and Africa.
• Directed end-to-end reviews of core global business processes like OTC, PTP, and RTR.
• Reviewed lifecycle of global ERP implementation (requirements definition, design, testing, pre- and post-implementation reviews).
• Established and standardized internal audit tools and delivery frameworks.
• Collaborated effectively with regional IT and Finance leadership to ensure governance of transition management, knowledge transfer, and process re-engineering.
• Recommended solutions to improve operational efficiency in service delivery via root-cause analysis.

Confidential, Chicago, IL

Manager IT Audit & Compliance

Responsibilities:

• Created a new in-house IT Audit function .
• Reported to the Chief Audit Executive and directed audits and advisory projects that managed strategic risks, improved effective business processes, identified and communicated best practices, and fostered appropriate control levels for operational, financial and IT risks.
• Implemented SAP security best practices for segregation of duties and identity and access management via a GRC tool (VIRSA).
• Oversight of enterprise SDLC conversion to Agile.
• Leveraged corporate developed IT best practices (IT Security policies/procedures, SAP knowledge base) to recently acquired international affiliates ensuring smoother systems integration.
• Audited information assets flowing from upstream legacy, package, or custom development and interfaces to downstream analytical applications ensuring optimal transparency, quality, consistency and controlled redundancy across the enterprise.

Confidential, North Chicago, IL

Strategic Account Consultant

Responsibilities:

• Managed the solution delivery of technology solutions totaling $80 M for Global Pharmaceutical R&D and Pharmaceutical Manufacturing clients.
• Identified opportunities to leverage common shared Pharmaceutical Manufacturing, and Pharmaceutical R&D solutions for key Abbott enterprise business processes (LIMS, MES, Business Intelligence tools, Clinical Trial Supply Chain).
• Implemented a new budget update and planning process for sales forecasting which shortened the planning cycle by 15%.
• Responded to Request for Proposals, prepared Statements of Work, and coordinated Service Level Agreements between GTS and Pharmaceutical Manufacturing and Pharmaceutical R&D.
• Created and analyzed KPI dashboard reports for major solution delivery initiatives for management.
• Performed portfolio analysis of Pharmaceutical spending with GTS and recommended cost saving strategies to reduce spend by 10%.