Sarah Ackerman Email and Phone Number

Focused on achieving information security strategic priorities and building enterprise capabilities. Lead enterprise-wide transformations to improve the agility, efficiency, and effectiveness of end-to-end processes, developing risk-based approaches that result in increased value and cost/effort avoidance for the business.Responsible for global information security functional areas including: policy & standards; appropriate viable governance;business intelligence;third party risk management;application security;acquisitions and divestitures;global employee security awareness; corporate information security training program;IT continuity;controls & assurance program.

Directed multi-million-dollar practice of IT/Security, Accounting/Finance, and Governance/Risk/Compliance professionals in Cincinnati office. Responsible for the overall engagement quality of all services provided to clients in Cincinnati and Dayton OH and Frankfort, Lexington, and Louisville KY. Oversaw progress and completion of projects and acted as advisor to executive management at organizations across region ranging from companies with $50M revenue to Fortune 500. Proven track record of success in identifying system control weaknesses, protecting information assets, and leading clients to successful organizational changes through subject matter expertise, risk mitigation, and business enablement.Recognized as a subject matter expert; frequent presenter on various IT, security, and risk-related topics to local chapters of ISSA, (ISC)2, ISACA, IIA, Infragard, NK Chamber of Commerce, and the Tri-State League as well as statewide events. Presented webinars to provide education and awareness on IT/security topics including the NIST CSF; IT Risk Assessment; Third Party Risk Management; IT Security Frameworks; SOC for Cybersecurity; GDPR and Privacy Shield; Assessing Security of Web/Mobile Apps.Nominated as one of the “40 Under 40”, which recognizes Greater Cincinnati’s leaders professionally and within the community.

As a CISSP and CISA, Sarah applied a disciplined approach to managing projects in accordance with industry best practices, with an in-depth knowledge of a variety of frameworks, regulations, and standards. Provided technical expertise balanced with risk-based methodologies, Sarah worked to align business goals of clients with their technical strategic initiatives. Led IT/Security business development activity for Cincinnati and Columbus offices.

Built up the IT/Security service line to become a significant part of overall revenue, adding new and enhancing existing services as well as the development and implementation of risk-based methodologies. Successfully served in a variety of roles providing information security, risk management, IT audit, and other IT/security and risk/compliance services for a wide range of clients within an extensive selection of industries.

Performed control design analysis, including assessing processes, procedures, and policies, as well as testing operating effectiveness of key IT controls over systems with an emphasis on risk.Analyzed system processes to determine control structure, related deficiencies, and recommendations for remediation. Presented findings to executive management.Participated in annual risk assessment and identification of audit universe and audit plan, including IT, operations, and legal.Designed and implemented documentation standards and best practices for use by IT audit team.

Reviewed, documented, and evaluated IT/Security risk and controls in a wide range of environments. Communicated issues and corresponding risks to senior and executive IT/business management.Supervised and trained team of staff members, including Consultants and Senior Consultants, in executing work plans, ensuring timely completion of assigned project phases.Administered billing activities for all active clients, including time/expense tracking and invoice preparation and delivery.Honored with the Protiviti iAchieve award, which recognizes employees who exemplify core values and key behaviors; nominated for Adaptability and Effective Communication.