Provide consultation and provide services companies with project based needs related to: Information & Security Risk assessments, Incident Management, Security Framework Gap Assessment, Regulatory Compliance guidance ( CFPB, OCC Consent Order/ Mandates), and Audit Readiness ( PCI/ SOC2/ ISO27001, etc.) Support GRC technology tool development, enablement, and management.
Recent Client Projects
SOC2/ Privacy Audit Readiness Project for Digital Marketing Company
PCI/ SOC2/ HIPAA/ GRC Tool Implementation and Enablement for Fortune 500 Payment Technology Company
Risk Compliance Self Assessment (RCSA) Workshop Facilitation and Control Assessment for Fortune 50 Lending Institution

Price Waterhouse Coopers ( PWC) exclusive client. Provide thought leadership and assistance to PWC clients performing departmental or Enterprise Transformation Initiatives. Review and assist with regulatory related implementations ( Consent Order or Non) to ensure sound business operations and provide for a robust operational risk landscape. Some core activities include: RCSA, Product Development, Policy Development & Creation, Process Improvement, Agile Projects, Audit, and Technology Enablement.

Cross- functional collaboration with internal teams to deliver comprehensive risk based service engagements. Create strategic and engaging content for product and training delivery. Advise clients on GRC strategies and best practices to align to business goals Enable clients to meet requirements related to Enterprise Risk Management, Cybersecurity Risk, and Third- Party Risk Management. Advise customers on business use cases for information security frameworks such as NIST 800-53, PCI, SOC2, ISO 27001/2, SOX, FedRamp and more.

Design and develop compliance based needs assessment tools to manage enterprise and compliance related employee training. Partner with cross-functional teams in subject matter expert (SME) role to define business process management impacts, process control gaps, risk mitigation, and risk exposure. Provide coaching and development of regulatory risk officers, business officers, and compliance officers. Manage change management process and risk based consent order issues and remediation. Oversee domestic and international business partner engagement. Create policy content and procedures. Maintain and control system user access. Train and develop business partners in conducting training needs analysis.
Implemented proprietary needs analysis tool to track completion of risk based compliance/assessment training for Enterprise/ Compliance Division.
Managed two successful deployment of technology tool (1.0 and 2.0) with enhancements; improved reporting and tracking capabilities.

Contract to Perm role for Wells Fargo.

Managed 5 subordinates. Prepared and drafted annual audit plans, approved audit scopes and staffed engagements. Consulted business on issues and remediations. Identified findings and issued audit reports/recommendations. Drafted board level reporting documentation communicating results to senior leadership.
Played key role in working on baseline control inventory and risk taxonomies in preparation for IPO launch. Facilitated employee training and development to promote awareness for impending regulatory requirements. Created risk and audit universe.
Saved company $30,000 in potential fines by uncovering inefficient processes in potential violation of UDAAP laws and communicating resolution to bring into compliance.

Designed and developed modules for governance risk and compliance tool (GRC), performing two separate integrations and deployments tool.
Took on project to standardize audit workpapers and checklists, which included staff training and development in their use.

Conducted Service Organization Controls (SOC) 1 and 2 review for third party IT vendors, with accountability for deliverables as 1 of 5 project team members. Defined analysis objectives, collected data from internal and external sources, and evaluated/analyzed data to provide objective information on cyber risks for IT and business management. Assessed risk within subject specialty area to evaluate design and effectiveness of security controls.
Project managed and coordinated execution of deliverables for development of IT GRC platform ARCHER module. Coordinated software design teams, developers, and IT risk managers to drive out module development. Assessed ITGC controls, applications, operating systems, and databases supporting IT infrastructure.

Optimized non-profit marketing plan effectiveness of nonprofits and small businesses through technical writing and development of unique presentation materials.

Conducted risk controls self-assessment (RCSA) for business units supporng merchant payment services, with strong emphasis on EMV integraon and PCI compliance. Addional Experience