Carol Voss Email and Phone Number

* Program manager for key PCI-DSS remediation compliance activities to successfully achieve annual Report on Compliance (RoC) and Attestation of Compliance (AoC). Remediation focused on logging, network segmentation, firewall policies, and vulnerability management.* Program manager, content developer, global events & communications planner for Security and Privacy Training & Awareness programs. * Program manager and analyst for business processes, workflows and data analysis for MetricStream GRC platform modules: Internal Audit, Compliance, Third Party Management, and Policy and Documentation Management.

• Manager for team of six direct reports based in Seattle and Minsk, Belarus. • Responsible for Security metrics Tableau dashboard development, maintenance, automation and delivery using manual or API/backend data sources (e.g., data lakes, AWS Redshift, ServiceNow).• Managed team assignments using Jira for backlog grooming, work assignments and Kanban boards.• Partnered cross-functionally with other Security teams to establish metrics intake process.• Worked with Security Operations teams to gather metrics requirements and coordinate metrics reporting for monthly and quarterly business reviews (MBRs/QBRs).• Program managed security service metrics programs. Included cross-functional collaboration with Security Engineering and Operations teams to define data attributes and identify data sourcing from security tools (e.g., Qualys for network scans, FireEye anti-malware), validate data and make available for reporting.

• Program manager of IAM workstreams for mergers and acquisition (M&A) integrations, e.g., Orbitz, HomeAway. Cross-functional work HR, Engineering, Support and Infrastructure teams. Workstreams included: HR user account migrations to PeopleSoft and Workday Call center agent onboarding and offboarding  SailPoint IdentityIQ domain connectors and workflows MS Exchange email tenant and mailbox migration Active Directory sAMAccountName remediation Global service desk and account management team business integration• Partnered with Product Manager, Architects and IAM Director to create IAM product roadmap  Identified core foundation capabilities, future enhancements and new functionality Worked with product manager to develop IAM capability roadmaps and dependencies Developed IAM business and system requirements, led UATs• Program manager and IT analyst for multiple IAM workstreams on Active Directory hardening initiative to meet PCI compliance standards. Workstreams included: Deployment of 14 connectors between IdentityIQ and active directory domains Delivery of database replication and APIs with SailPoint IdentityIQ  IdentityIQ data and workflow validation for migration from HR PeopleSoft to Workday • Project manager for successful deployment of new IAM system, Sailpoint IdentityIQ. • Performed chief of staff functions for IAM Director including business case development, staffing plans, executive presentations and strategic planning. • User researcher for new ServiceNow catalog items for account provisioning of standard and privileged accounts.  Documented business requirements Created wireframes Documented interaction flows Designed and conducted usability studies Wrote and delivered end user training to global end user community• Wrote and delivered humorous presentation at Expedia Enterprise Risk & Security training event using pop culture metaphors to educate users about access controls, authentication and authorization.

• Provided business analysis, solution delivery support and project management support on cross-functional program initiative to replace existing contract management system (DealPoint) with ContractPro, a SaaS solution. • Supported work for multiple workstreams: (1) data migration/ETL of 300,000 legacy contract data records to new solution, (2) SaaS solution system configuration and vendor management(3) integration with internal Microsoft applications: RAMWeb, Code Center Premium (CCP), MyOrder procurement system, Procurement Data Source (PDS), Enterprise Data Feedstore, Technology Adoption Program (TAP) (4) new application development for Search and Reporting solutions(5) Process re-engineering support for new contract service desk • Performed analysis, wrote business requirements, and developed draft wireframes for system integrations, Search and Reporting solutions, and new contract service desk data entry screen.• Conducted analysis for data migration activities including data mapping, business requirements, and migration validation.• Development change request plan and documented project change requests.• Worked with vendor and multiple Microsoft teams to consolidated and maintain master schedule and project dependencies.• Participated in weekly vendor technical and configuration meetings.• Provided project management support for integration workstreams - conducted integration checkpoint meetings with development teams for status, schedule review and issue management/resolution.

Responsible for Business Requirements, Requirements Traceability and UAT Planning in T-Mobile Enterprise Program Office (EPO)• Sr. BSA on multiple projects within T-Mobile Frontline (Customer & Self-Service) portfolio. • Partnered with business stakeholders to develop initial business concepts for seed funding.• Collaborated with 20+ cross-functional stakeholders to successfully baseline business requirements document.• Partnered with project and product managers to determine scope and approach for accessory web sales project.• Participated in high level solution design reviews.• Developed UAT test case inventory based on business requirements document.• Trained on Blueprint, Enterprise Requirements Tool (ERT).

• Successfully program managed cross-functional, global implementation of new PC backup solution from planning through post-deployment. • Concurrently implemented an SDLC and project management infrastructure during project. • Performed multiple roles: project manager, business analyst, test manager, and tester.• Handled impact assessments, risk & issue management, resourcing, schedule management, testing and deployment planning & execution• Impacted teams included: Network Services, Network Operating Center (NOC), Technology Engineering, Global Service Desk, Desk Side Support, Field Services Support, and Corporate Technology System Operations.• Developed and delivered strategic planning and leadership development sessions to senior director and directs• Project manager and analyst for selection of IT service management RFP selection; represented requirements and interests of End User Services organization during solution selection process.

Consultant at Expedia (Mar - Dec 2010)• Project manager and analyst of cross-functional planning team for Enterprise Identity & Access Management solution.• Developed project charter, coordinated RFP, conducted solution management activities with Gartner and in-house SMEs, facilitated requirements sessions, developed requirements documentation, created executive presentations for VP and CISO project review sessions.• Project manager/analyst in Access Management Team (AMT)• AMT project manager for global call center restructuring initiative; identified AMT requirements and performed issue management for expansion and decommissioning of global call centers.• Partnered with manager to develop and implement departmental strategy and processes. Included new staffing model, re-engineering of ITSM workflow management and queue re-structuring, roadmap development, and streamlining of application & call center onboarding.

• Facilitated cross-functional Finance business process sessions; flowcharted and documented capital request process, A/R and A/P processes, approval authorization policy and corporate travel policy.• Developed and delivered performance measurement and key performance indicator (KPI) management training.• Collaborated with President and senior leadership team to facilitate and develop company’s five-year strategic plan and roadmap using balanced scorecard methodology.• Assisted CEO in planning and facilitating executive retreats for strategic planning, prioritization, and road mapping.• Worked with business units to validate and document “AS IS” IT environment including current processes, systems and interfaces; identified key pain points and areas for future improvements.

Consultant - Parker Staffing Services, Inc.Strategic Planning, Executive Retreat Facilitation, Objective Setting & Performance Measurement Training & Delivery, IT Business & System Analysis, Cross-Functional Business Process Improvement, and Executive Presentation Development

• Managed team responsible for IT GCC SOX compliance and auditing activities for IT Customer Care, Billing and Network Delivery (CBN) Department of 100+ applications and 500+ people. • Program manager and liaison between IT teams and internal and external auditors.• Managed IT access management reviews, data requests, quarterly assertions and issue and remediation activities.• Performed control rationalization, control mapping and narrative updates.• Coached project managers on SOX controls and performed compliance audits.• Managed roll-ups of PMO testing status, plans, schedule, and issues for executive reporting and presentations.• Successfully passed SOX external audit for compliance with SDLC controls.

• Established work-intake process and facilitated director level cross-functional assessments to determine IT impacts, costs, delivery timeframes, capacity/resource constraints, risks and dependencies.• Supported management of Billing & Mediation portfolio (~$260M) and Customer Service portfolio (~$97M) with budgeting and prioritization sessions.• Developed business requirements and managed UAT for cross-functional program to launch 3G wireless network.• Business analyst on CRM solution selection team; gathered requirements, managed vendor communications and demos, and participated on vendor site visits in England; supervised testers to develop end-to-end integration test conditions for Siebel CRM releases.