Senior Compliance Analyst• CyberArk Password Vault Project (2014-2017) - Vault Administration (Setup, configuration, implementation, management tasks)Process documentation and Technical Support• Responsible for the continued development/enhancement and assurance of ITS Controls for ITS owned CIP requirements, requirement parts under CIP-005, CIP-007 and CIP-010 (version 5)o NERC Version 5 transition – (2015,2016)♣ GAP analysis V3 to v5 CIP Requirements♣ Security and Compliance Lead for multiple ITS Division owned requirements♣ Lead compliance oversight, development and documentation relating to the implementation of Tripwire Enterprise for CIP-010o Lead (Compliance Analyst) on audit support gathering, assessment, and organization approach for 2013,2016 CIP Audit o 2012- Lead CIP Compliance Auditor for internal self-certification for PJMo 2014, 2015 – Lead Security and Compliance Analyst for CIP self-certification and audit readiness reviewso Annual Password Change Project – Lead (2012,2013,2014, 2015,2016,2017)♣ Develop project schedule, identify technical subject matter experts of privileged accounts in scope of NERC CIP ♣ Coordinate, obtain, review, validate system support for approximately 20,000 accounts.♣ Maintain overall project and status reporting to management♣ Reduced execution time from 12 months to 5 months with the implementation of Enterprise Password Vault♣ Quality review of compliance of new assets on-boarding to the scope of NERC CIP.• Assurance all PJM cyber security and NERC CIP regulatory requirements were operational and effective prior to an asset being declared “CIP”• Documentation of exceptions were documented in accordance with PJM policy, and NERC CIP requirements ♣ Internal Investigations, , Self-Report Documentation, and Mitigation Plan development, Remediation follow-upo Continued Department Process enhancements (2013,2014,2015,2016)o Liaison to Internal Audit – various Audits (2012,2013,2014, 2015)

PHH Corporation - Senior IT Auditor - Dates Employed Apr 2009 – Nov 2011 Employment Duration2 yrs. 8 mos.All Areas of IT Audit Process (Audit Planning, Scope development, Control Identification and assessment, documentation of issues, draft reports, remediation validation) Leveraged CobiT/ITGC to develop and document IT Audit Plans as approved by the board.(examples not limited to Patch Management, Access Management, Database access monitoring, Application development – new code deployment, SDLC, Data Backup, Disaster Recovery, BCP)Peer Work paper review.Training of junior auditors, mentorship, support. Liaison to external auditors for SAS70/SSAE16 for interviews and document review.Led internal IT audit aspect of control verification, policy/process review and artifacts of compliance with controls for external auditor review for SAS70/SSAE16Liaison to internal SOX auditors and assisted internal testing of identified controls. Liaison to legal and external auditor for GLBA auditIT liaison to legal auditor for HIPPA compliance validation of work performed.IT Audit liaison to external vendor for PCI assessment.CoBIT, SOX, SAS 70/SSAE 16; GLBA, HIPAA, Limited PCI.

All Areas of IT Audit Process. Audit Planning, Scope development, Control Identification and assessment.Audit Execution, Documentation, Draft Reports, RemediationPeer Work paper review.CoBIT, SOX, MAR, ITGC, ITIL, COSOIn addition to Disaster Recovery and BCP exercises.Lead on Policy Holder Special Dividend Annual Procject

IT Audit Process. Control Identification and assessment.Audit Execution, Documentation, Remediation Testing. Internal, External Auditing, CoBIT, SOX, SAS-70.

Exelon/PECO – Information Technology Dates of Employed April 1995 – Nov 2004 Duration 9 yrs. 8 mos.OS, Novell, Windows AdministrationSharePoint AdministrationLotus Notes Administration IT Business AnalystChange ControlProblem Management