Shannon Leblanc Email and Phone Number

Conduct or participate in internal audits of the bank's financial, operational, compliance, technology, and administrative systems. Prepare/review supporting work papers in accordance with the audit procedure and departmental standards.Identify potential vulnerabilities, risks, and weaknesses in IT systems by reviewing current procedures, systems, design, and implementation and creating an action plan to improve IT systems. Document and execute audit programs, including business process flows, control objectives, key controls, and test plans.Discuss apparent deficiencies found as a result of the audit conducted with the operating department in an effort to verify the information and obtain an explanation.Issue formal written audit reports, which include determining the risk level of issues identified, support for risk assigned, overall report conclusions, and recommendations to correct unsatisfactory conditions.Conduct exit meetings with operating management at the conclusion of each audit.Communicate findings and other audit activities directly to the Chief Internal Auditor and/or the Audit Committee of the Board.Conduct and report on special investigations (i.e., frauds, etc.).Communicate with management regarding findings and recommendations, suggested improvements in operations, and opportunities for cost reduction and earnings improvement.Reviews and analyzes the effectiveness of the audit program in the context of changes in the banking environment and initiates any applicable adjustments.

Interacts extensively with leadership and business owners across the enterprise and provides consultative support to Field Operations. • Lead and implement the required Information Security & Protection Action Plans in a timely manner.• Assists in managing the strategic planning process including key enterprise initiatives to develop a clear vision of the department’s objectives and to address all regulatory requirements related to privacy and security.• Assists in the development of the company privacy risk assessment strategy to review business processes and evaluate privacy controls necessary to protect sensitive information.• Develops strategic working relationships across all lines of business and project partners as necessary to identify, evaluate, and reduce privacy and security risks.• The development of long-term operational road maps, oversight of operational work efforts, creation of business cases for formal projects, and the creation, integration, and oversight of efficiency driven manual and automated workflow processes.• Responsibilities Lead and facilitate requirements gathering, planning, scheduling, execution, scope management, requirements management, risk management, and status reporting for assigned work efforts.• Facilitate decision making across stakeholders based on changes to requirements.• Effective identification and utilization of resources, networks, and dynamics through organizational awareness.• Understanding and integration of company/department goals into the strategy of assigned efforts. • Engage in person and virtually with key stakeholders across HCA to develop/execute work plans and schedules.• Actively manage accountability across stakeholders; facilitate regular follow-up to ensure all assigned tasks have been completed fully and within set timeframes.• Lead problem solving efforts and escalate unresolved issues with team leadership as needed.

• Lead and implement the required Information Security & Protection Action Plans in a timely manner. • Positively managed the implementation of Information Security Procedures, set by HIPAA and HITECH security standards, for 12+ hospitals, 8 Surgery Centers, and numerous ambulatory centers across 4 states.• Develop division relationships by attending and participating in Facility Security Committees, providing quality and timely communications with IT Directors, developing and documenting procedures, and completing projects on time.• Assist and educate division and facility personnel on the importance of Information Security, both in electric and physical. • Develop the division MEDITECH Appropriate Access Audit process.• Perform Facility Risk Management Assessments walk-throughs to assess the risks.• Assist in the communication, documentation and facility approval of Meaningful Use 14 attestation, Stage 1 Year 1 & 2• Prepare division and facilities for internal and external audits. • Lead for multiple Disaster Recovery Tests for the Division • Ensure awareness of account management responsibilities and appropriate access and other user access reviews occur in accordance with Company guidelines. • Support and coordinate Incident Response activities involving the facility or division.• Identify risks and track remediation by providing technical and administrative expertise, as well as partner with the technical support team to ensure that corporate-mandated service packs, patching, and hot fixes are applied to facility servers and workstations within the defined time periods. • Lead risk management processes and decision-making involving each facility by ensuring Facility Security Committees receives, documents, tracks, investigates, and acts on IS breaches and complaints. • Ensure implementation of specified Information Security architectures for enterprise vendors.

• Educated new facility employees on the Information Security regulations. • Helped develop and maintain the facility intranet website through FrontPage. • Assisted in Deployment of hardware as needed.• Project Management Lead in the integration/corporate testing of Kronos for clocking in/ clocking out on the desktop.• Troubleshoot miner MEDITECH issues.• Created/edited NPR reports within MEDITECH.• Educated new Directors on the various applications used. • Created/researched accounts as the Local Security Coordinator, provision access to various applications.• Educated new staff how to use eSAF• Assisted in the deployment of eSAF/provisioning within the Division.• Routinely worked in User Identity Portal

Systems Operator • Manage and maintain two web-based applications for multiple locations • Maintain client records and enter new users, extend logins, password support• Support internal and external users for the two web-based applications• Support basic hardware and software issues for internal users• Assemble new computers and assist with the network access• Help Desk calls and e-mails for users across the country • Schedule and maintain reporting system weekly and monthly • Train new users for the web-based applications thought various training avenues