• Thought leader on cloud strategy, directly advising CEO, CIO, and division leads.• Assess IT General Controls and SOC readiness (1&2)• Lead team to assist companies in preparation for their annual compliance reviews• Guide clients with their cloud strategy, including:o Create assessment criteria/strategy and a program based on risk and NIST 800—53o Generate a scoring template to evaluate risk per vendor, boosting efficiency and prioritizing turnaround time from days to hours.• Evaluate companies against frameworks and compliance including SOC and SOx,

• Directed the creation of overall cloud strategy and creation of cloud review team consisting of 5 departments, ensuring security, compliance and legal risks are reduced to an acceptable level• Advised in the decision making and deployment of over 350 applications to the cloud• Implemented and maintained security frameworks for existing and new Systems (NIST and ISO 27001)• Created and Implemented an IT risk management program including:• Collaboration with business & project teams to build security controls into functional specifications, addressing security considerations and delivered consistently before deadline• Monitoring and managing Information Security risks through Operational Risk Self-Assessments and including the Cloud/Vendor assessments and ongoing risk assessments.• Organized/Maintained IT Risk Register, centralizing and triaging all IT risks• Devised a Security Awareness program including: • Ongoing phishing campaigns• CBT, Live and Onboarding Training• Newsletters, electronic poster boards and screen savers• Responsible for the communication, education and implementation of 138 policies and standards and collaborated with 80 individuals to harmonize them.• Supervised day-to-day operations and implementation of 300+ applications into privileged management solution and 300+ applications into access governance solution.

IT Audit Manager 2005 – 2011• Acted as subject matter expert for information security for risk and control teams and served as change agent when the department switched from a functional based to a matrix-based structure.• Streamlined daily processes by managing all aspects of Operational & Information Technology Audits (including SOx/SOC), decreasing overlap of external audit testing & increasing reliance on Internal Audit test results• Managed IT Compliance reviews including SOx, SOC (SAS70) and PCI.

Delivered accurate IT Audits and SOX compliance oversight and created objectives and audit plan to evaluate compliance with SOX while suggesting “Best Practice” initiatives to make processes more seamless and efficient. Tested over 300 test cases and provided analysis to direct the client to make appropriate remediation in their environments. Completed audit plan for both 2004 and 2005 calendar years.Coordinated the management and delivery of IT and business process audits for all Configuration Management and Computer Operations and managed efforts with KPMG counterparts to present reports in a very comprehensive format for the client.Managed numerous departmental projects and provided monthly updates to the Board of Directors on overall project status. Created 15 websites for use of the Internal Audit Department using SharePoint.

Managed General Controls and Application Controls Reviews for NT, UNIX, Mainframe, Hyperion, Millennium and PeopleSoft, and executed audits of IT controls, systems conversion/development reviews, business process assessments, and Capital Appropriation reviews.Managed Security and IT controls analysis of systems from planning to post-implementation and assisted external auditors in year-end accounts receivable confirms, and system testing. Monitored IT projects such as a Mainframe and network move from LA to Chicago, PeopleSoft implementation, Highams factoring conversion, and IMAX implementation.Reviewed all audit reports and responses to ensure timeliness and the effectiveness of the corrective actions and performed vulnerability analysis to identify security vulnerabilities. Evaluated the division’s compliance with ISO and assisted with the creation of an extensive audit program for the evaluation. Completed reports to Executive Management.