Paula Moore Email & Phone Number

San Francisco Bay Area

San Francisco Bay Area

• Manages IT Audit Team to plan IT audit engagements, including preparing risk analysis, determining audit scope, developing audit procedures and preparing budget and staffing plan.
• Communicate to management audit findings and recommendations for improvement.
• Provide oral and written presentations to management; discuss control issues, business impact and recommended solutions.
• Ensures that the reporting to LS&Co. Audit Committee of the Board of Directors is effectively prepared including analysis of actual performance against plan. Provide quarterly updates of risk assessment and audit plans.
• Ensure audit work is planned, executed, and communicated in an effective manner.
• Manages IT audit teams to effectively: - Support annual SOX testing program, - Support PCI testing program, and - Support the Company’s external auditors (PwC) annual audit testing.

San Francisco Bay Area

San Francisco Bay Area

• Plan IT audit engagements, including preparing risk analysis, determining audit scope, developing audit procedures and preparing budget and staffing plan.
• Execute audit testing plan, leveraging audit best practices and tools (e.g. data analysis tools).
• Communicate audit findings and recommendations for improvement:
• Provide oral and written presentations to audit management team, discuss control issues, business impact and recommended solutions, including audit reports.
• Support annual SOX testing program.
• Support PCI testing program.

San Francisco Bay Area

Tested and perfomed quality reviews of IT General Computer Controls, IT Application Controls, IT Dependent Manual Controls and Entity Level Controls for Sarbanes-Oxley for a global, San Francisco-based client.

San Francisco

• Achieved PCI (Payment Card Industry) certification and pioneered inaugural US-based PCI project.
• Supervised global PCI RFP and directed global internal and external resources to expand PCI scope from one to 29 global entities, and achieved completion of gap assessments, remediation, testing and certification.
• Recognized as a leader among companies of the same size and stature for the achievement of PCI compliance certification in 28 countries/entities in 2011 (Europe, Asia Pacific, North and South America).
• Developed standards, guidelines and tools for retail stores to ensure people, practices and technologies are compliant at start-up and maintained through regular monitoring and testing.
• Led the development and implementation of PCI-compliant contract language for over 1,000+ franchisees globally.
• Established and led cross-organizational (IT, Retail, Finance, Security, Legal, Audit and Risk, Corporate Communications) Global PCI Council which positioned the PCI program at the Executive and Senior leadership level.

San Francisco

• Established and led the company's first global IT SOX compliance program office reducing cost of compliance in year two and three by 50%.
• Led IT resources in the establishment of initial baseline of IT General Controls, risk matrices and documentation of processes.
• Achieved reduction in IT control deficiencies year over year through the establishment of IT control champions, accountability through defined objectives, and implementation of on-going risk assessments, testing and.
• Increased control maturity for change management from a Level 2 to Level 4 (COBIT) by establishing new preventative and detective controls, re-training of resources and the implementation of standards based tools.
• Collaborated on the implementation of GRC tools to support segregation of duties across SAP and legacy applications.
• Improved efficiency and decreased work effort by 30% for compliance testing and remediation through focused and on-going training and development of internal IT resources involved in a compliance role.

San Francisco

• Created and implemented global information security standards, policies, and procedures and led the annual review, revision and approval of the global information security policy.
• Implemented and managed the data classification process for business and IT systems and projects.
• Developed and conducted information security requirements and review process for externally hosted systems and led the development of information security language for external business partner contracts.
• Developed and implemented information security/security awareness tool and training for internal staff.
• Led the IT investigation team (Security Incident Response Team) for security incidents and prepared reports on internal investigations.