- Helped clients assess and improve their cybersecurity and technology risk posture by developing and leading efforts to better prioritize the risks, threats, and outcomes that matter to most to their organizations.- Enhanced client cybersecurity risk management programs using the Factor Analysis of Information Risk (FAIR) methodology to quantify risk and deliver improved risk decision making. Assisted in building and running end-to-end cyber risk management programs inclusive of policy redesign, control framework alignment and rationalization, risk quantification, and risk assessment exercises.- Published ongoing thought leadership and facilitated webinars related to risk quantification and cyber risk assessment techniques to proactively share knowledge and develop leading practices in the cyber risk quantification community.

- Led teams of cybersecurity staff resources to execute several concurrent, multidisciplinary cybersecurity risk assessments using the NIST Cybersecurity Framework, CIS Critical Security Controls (CIS CSC), NIST 800-53, HIPAA Security Rule and other leading practice security frameworks.- Enhanced client cybersecurity risk management programs using the Factor Analysis of Information Risk (FAIR) methodology to quantify risk and deliver improved risk decision making. Assisted in building and running end-to-end cyber risk management programs inclusive of policy redesign, control framework alignment and rationalization, risk quantification, and risk assessment exercises.

- Led teams of cybersecurity staff resources to execute multidisciplinary cybersecurity risk assessments using the NIST Cybersecurity Framework, CIS Critical Security Controls (CIS CSC), NIST 800-53, and other leading practice security frameworks.- Led and executed several Healthcare industry cybersecurity risk assessments, focused on healthcare delivery organizations (HDOs) utilizing the HIPAA Security Rule.

- Led IT general controls (ITGCs) testing for Sarbanes-Oxley 404 compliance, overseeing teams of up to 4 individual staff resources.- Evaluated various client organizations using NIST Cybersecurity Framework and consolidated key risk findings across individual entities to provide targeted, business-focused remediation recommendations. Further executed NIST Cybersecurity Framework assessments for large Healthcare, Retail, Insurance, and Manufacturing clients to identify areas of potential improvement and provide management with an actionable roadmap to improvement.- Collaborated with clients in a variety of industries to perform vulnerability management audits using detailed scans of the client environments. Assisted clients in identifying critical vulnerabilities in their environments and providing immediate technical remediation recommendations, as well as long-term process improvements to reduce critical vulnerabilities in their environments.

- Led IT general controls (ITGCs) testing for Sarbanes-Oxley 404 compliance, overseeing teams of up to 4 individual staff resources.- Developed and led targeted cybersecurity controls assessments and audits for a variety of clients and industries, with focus on encryption, patch management, and vulnerability management.

- Conducted SOX and financial operational audits to assess risks related to facility financial close, inventory, purchasing, sales, safety, and security controls- Provided management with detailed analysis of control gaps related to financial audits and large IT project management reviews and collaborated to remediate findings- Developed risk and control matrices (RCMs) through analysis of existing management controls, and assessed inherent and residual risk to identify key controls for SOX testing- Administered Internal Audit SharePoint portal, including the SOX testing and RCM portalACHIEVEMENTS:- Led SOX testing for assigned financial and IT processes concurrently, ensuring completion of testing for over 100 unique key controls within deadlines for reporting to management and the Audit Committee- Identified change management and logical access control deficiencies and employed root cause analysis to collaborate with management and external auditors on developing comprehensive action plans for remediation- Developed payroll data analysis work program using various tools, including Excel and Python and executed testing of payroll and employee master data

SENIOR IT AUDITOR (March 2014 - May 2014)- Led risk-based planning, execution, and reporting of IT project implementation, security, and general controls audits, including testing of IT general controls for reliance by Ernst & Young (E&Y), Georgia-Pacific’s independent auditor- Facilitated integration and development of financial and IT audit resources to ensure effective and efficient company audit efforts and knowledge transfer- Conducted post-implementation reviews of application implementations ranging from $165K to $2M in spend, and communicated areas for improvement in project management, disaster recovery, and application security controls within the Georgia-Pacific IT environmentdeficiencies identified- Developed and implemented new audit methodology leveraging SharePoint and workflow capability for use by the Audit Services department and independent auditor, minimizing cost by leveraging existing functionalityINTEGRATED AUDITOR (October 2013 - March 2014)- Conducted IT general controls tests and financial statement controls tests for reliance by external auditor, including tests of change management, promote to production access, logical access, inventory controls, and fixed asset controls- Planned and executed audits of user access controls and database security using a risk-based, integrated approach- Administered multiple department SharePoint portals, including development and maintenance of workpaper management workflows and librariesIT AUDITOR (August 2012 - October 2013)- Conducted IT general controls tests for reliance by external auditor- Reviewed project management controls for implementations of large IT projects related to requirements, scope, data conversion and integrity, recovery planning, and user acceptance testing- Administered department SharePoint portal and improved internal processes by developing automated workflows

- Troubleshot problems with computer hardware and software- Ensured labs were staffed and that employee reports were handled- Maintained proper supply levels in staffed and unstaffed labs

- Assisted staff auditors with direct value and integrated controls audits- Completed information systems controls section of assigned site audit- Developed and migrated department to new SharePoint workspace

- Prepared quarterly financial statements for review- Reconciled items and accounts for SOX binders- Created a new and more useful fixed asset worksheet for corporate use- Analyzed and forecast company revenue streams