• Responsible for executing the foundational risk and compliance program elements that underpinned GECC Treasury Governance, Risk and Compliance (GRC). • Led a team responsible for IT risk management, controls assurance, regulatory programs, audit support and the GRC data repository.• Actively built capacity model within team to execute annual Sarbanes-Oxley, Bank Certification, GECC IT Risk Assessment, and fulfillment of corporate / regulatory information requests.• Responsible for strategic planning, project management, budgeting, staffing, and operational support.• Drove maturity of IT risk management program across all IT domains by building both qualitative and quantitative program elements that improved risk articulation and management visibility.• Partnered with clients, internal systems resources, and external service providers to develop well-integrated risk/compliance solutions.• Partnered with key stakeholders in operational risk, data privacy, records and information management, and software governance to appropriately embed governance requirements into respective IT processes.• Built and maintained Treasury GRC data repository which served as the definitive source for IT risk register, controls inventory, controls assurance planning, policy gaps, governance analytics, and compliance reporting.• Built and executed IT controls assurance framework aligned to GECC policy, Treasury operational risk reduction objectives and regulatory expectations.• Defined and owned the internal and external audit engagement model with strong emphasis on transparency, key technical resource identification and designed for auditability principles.

Responsible for the identification of new and emerging risks across Treasury IT, achieved through the following:• Conducting risk interviews with senior IT leaders• Analyzing trends in incidents/problems• Managing the annual GECC IT Application Risk Assessment• Providing risk consultation services within Treasury IT• Serving as the regulatory and risk assessment reviewer in the SDLC processResponsible for determining the residual risk of identified risks, achieved by the following:• Setting direction and providing oversight for the Control Quality Management program, which coordinates all Treasury IT controls testing for regulation (Sox, Bank) and GE policies/standards• Forming an overall rating of the effectiveness of Treasury IT’s control environment by incorporating testing results from the Control Quality Management program• Developing and maintaining Treasury IT’s internal Risk Register• Recalculating residual risk after risk treatments plans have been completedLead risk treatment efforts for identified risks by performing the following:• Driving ownership of risks• Providing guidance on available risk treatment options • Timely review of risk treatment progressCreated the Treasury IT Risk Framework, which establishes the scope, rhythm and desired outcomes of the IT Risk function based on industry standard and peer programs within GE Capital. The Risk Framework also defines the Treasury IT risk rating methodology which is applied to all identified risks.Articulated Treasury’s IT Risk profile by conducting quarterly risk report outs to the Treasury CIO and provided updates within Treasury IT via All Hands meetings and individual IT teams presentations. Promoted the Risk Program by presenting to non-IT Treasury functions and to other GE businesses.Led Treasury IT’s software governance initiatives including the migrating of all Treasury locations into the GECC software governance solution and leading software audit remediation efforts.

o Led all compliance related activities to ensure the software supported by team is compliant with internal GE Policy as well as applicable external regulations, including testing compliance with all applicable controls.o Analyzed GE Policy and external regulations to develop and implement Standard Operating Procedures (SOPs) for use by team. Maintained a Forward Schedule of Changes to ensure all necessary operational activities are completed in a timely manner.o Led Software Asset Management project, including creating project charter, facilitating a lean workout, gathering requirements and creating a project plan to be in compliance with the IT Risk Project Management Methodology.o Served as communications lead for team, including presenting project status and other updates to stakeholders and the controllership community. Created and published a quarterly newsletter of the team's accomplishments and upcoming projects for distribution to the controllership community. Created and maintained communities, connect sites and workflows to engage stakeholders and end users.o Served as training lead for the team, including creating end user training materials and providing live training sessions to GE businesses. Trained team members on team procedures, communication styles and creating effective presentations.o Led UAT phases of key projects, including test case creation, solicitation of testers, communications and sign-off meetings. o Responsible for ensuring all controls and policies implemented through the software owned by the team are relevant, accurate, complete and aligned with control and policy owner expectations.o Served as first point of contact for stakeholders, end users and new projects. Analyzed inquiries, facilitated discussions to understand business needs and initiated projects when necessary to support GE businesses.

o Performed an audit of a Human Resources outsourcing system implementation, specifically focused on auditing the full lifecycle of data migration activities and project management activities.o Developed and conducted IT General Controls training for 300+ employees in the Information Technology department.o Conducted enterprise process mapping sessions for high-risk areas of the company. The process maps captured the detailed steps of a process, highlighted risk inherent in the process and identified both automated and manual controls within the process. o Performed data analytics with ACL for special investigations, IT general controls and regulatory audits. Analyzed, summarized and reported results to senior level management.o Analyzed Information Security policies and standards for completeness and provided input to enhance policies and standards.o Performed access control and program change control audits for several financially significant applications within the company.o Planned audits using a risk-based approach to define the scope and objective of each audit. o Assisted in development of audit programs, including the full development of the annual Data Safeguards Rule regulatory assessment.o Reviewed and provided first-level approval for work done by peers.o Created final audit reports including writing issues and developing audit ratings.o Led and conducted audit opening and closing meetings, including presenting issues and recommendations to clients.o Worked with clients to develop meaningful action plans for audit issues.

o Primarily audited SAP for the company’s largest and most important IT project, Program Everest. o Served as the primary SAP Auditor for Program Change Control, System Testing, Training and Interfaces. o Developed training for SAP system testing and defect management.o Performed Sarbanes-Oxley audits for corporate general ledger software and the global instance of SAP. o Traveled to European locations during Everest deployments to audit the project’s status and provide a risk assessment to the key business stakeholders. o Audited the following SAP modules: Order to Cash, Procure to Pay, Supply Chain Execution and Financial Activities. o Developed and standardized internal SAP audit programs for all future phases of Program Everest. o Collected and created key project metrics for Program Everest. Presented Audit issues and key metrics during Program Everest status meetings to the project team. o Interfaced with the company’s external auditors to keep them abreast of the current issues identified within Program Everest.

o Hired as Quality Assurance Engineer and then promoted to Program Change Control Project Manager. o Worked on Release Management, Software Configuration Management and Change Management. o Performed source code migration for local and remote teams into test and production environments. o Maintained, simplified and implemented software configuration management policies, procedures and standards. o Worked as an Administrator and support point of contact for all software configuration management tools. o Maintained version control of all source code and documentation. o Ensured that all change control systems were compliant with IT internal controls to support SOX compliance. o Member of the Harvest configuration management tool user group and the Life Cycle Management user group. o Researched and selected a tool to assist in implementing a global change control solution to standardize across the company. o Created custom software development lifecycles to meet the individual demands of development teams. o Trained development teams on how to use software configuration management tools properly. o Worked with the IT Strategy department to develop all new global quality processes. o Assisted in the design and development of a global process to have all work reviewed, estimated and approved by the business units and IT development teams prior to the work being performed.

o Took the lead role in transitioning the development team from Endevor to ChangeMan configuration management software. o The conversion to ChangeMan included writing documentation on the new standards and procedures. o Created detailed designs and construction test plans, then conducted design meetings before writing the software. o Analyzed, designed, developed and tested software for billing applications. o Extensive software testing including setting up test environments and individual test cases. o Continued participation once the software passed from development to system level test to Quality Assurance.