Clifford B. Nelson C IA, C ISA, CR ISC
Houston, TX 77068
832-***-**** voice
acd95p@r.postjobfree.com
Current as of: Apr. 2014
Work Assero L LC April 2012 – Current
Expe rience Regulatory Risk & Compliance Professional
• System Architect/Development - Houston, TX
Provide thought leadership and architectural expertise to a cross-functional team charged with deploying
a host of customer-related applications and data as well as security and cyber-security to the cloud based
customer access.
• Shell Downstream Services – Houston, TX
Function as the Regulatory Compliance Lead for Houston downstream business. Provide regulatory
expertise in the areas of compliance covering internal Shell based control frameworks, cloud,
cybersecurity, SOX and US Export Compliance. Evaluate and assure import/export compliance of Gas, Oil,
and chemical products with numerous t ransport methods. (pipeline & t ruck) Document and evaluate
application, encryption, security, cyber-security, disaster recovery, and business critical processes to
document and submit periodic reporting both internally and externally. Develop and implement business
p rocess automations where possible and appropriate across US, Canada, and UK.
Adams Ha r r is April 2011 – October 2011
Project Professional
• Har ris County Toll Road Authority (HCTRA) – Houston, Texas
Provide r isk and compliance expertise to evaluate and document critical business application
requirements and evaluate against existing infrastructure and future growth expectations. Identify and
document gaps and prepare recommendations to address existing network obsolescence and deficiencies
combined with identification, cyber-security and recommendations for future infrastructure expansion
and upgrade in accordance with best practice business continuity, record classification and retention, and
d isaster recovery capabilities to meet and/or exceed business requirements.
G lobal I ndustries Jan 2011 – Feb 2011
Senior IT Auditor
Design and Implement continuous monitoring program for IT general controls based on a unified model
of COSO, COBIT, and ISO 27001/27002 frameworks. Evaluate and recommend tool selection as well as
assist IT project implementations for compliance with internal control frameworks, Disaster Recovery
and regular IT based audit activities.
Jefferson Wells 8/2010-1/2011
Senior Risk & Compliance Consultant
• NRG/RRI – Houston, Texas
IT Application and General Control testing and remediation recommendation in preparation
for external audit.
B roadsource Consulting 2008-2010
Senior Risk & Compliance Consultant
• .Net Web Developer
Houston, TX
Analyze, Re-Design, Develop and Deploy a web application for managing underwriting requests from
d isparate processors nationwide. Update security and functionality to handle multiple parallel requests
per loan as well as secure for public internet usage.
• Senior Risk & Compliance Consultant
Shell Trading – Houston, Texas
Provide information asset risk management and compliance expertise relating to oil and gas product
shipment, IT, general risk and control activities critical to annual compliance efforts. Interact with
business operations and management personnel to facilitate periodic compliance assurance reporting
activities including pipeline, ship, railway and t rucking deliveries
Serve as the North American project lead for implementation of an energy t rading risk based control and
compliance initiative based on the ISO 27001/27002 security and cyber-security frameworks. Liaise with
Shell Group information r isk management on overall design, implementation, t raining, and
documentation efforts aligned with the ISO implementation and related gas and chemical projects.
Facilitate and lead the identification of r isks associated with the power and liquids t rading applications
and design/implement control structures to mitigate the identified risk aligned with the ISO 27002
i mplementation.
Facilitate annual SOX related application control reviews and risk assessment reviews with Service
Delivery Managers (SDMs) both in the US & London to assure annual r isk mitigation activities are
performed based on oil and gas chemical imports and exports. Participate in cross-functional discussions
of r isk and control related activities and projects for US, Canada, and UK operations.
Cliff Nelson, I nc. 2008
Senior Independent Compliance Specialist
• Aegix Consulting – Houston Texas
Senior NERC Compliance Consultant – Director NERC Compliance Project Services
Design, Development, Project Management and Delivery of multiple NERC Reliability Standard (693) &
C ritical Infrastructure Protections (CIP) based compliance projects for multiple clients including gas
t urbine, hydroelectric, geothermal and wind based generation. These projects involved managing and
t raining multiple teams, developing and performing r isk based assessments (RBA) as well as designing
t he r isk based methodology specific to each client.
Designing and implementing Internal Compliance Programs (ICP), Evaluating Critical and Cyber Assets,
Interfacing with client management, regional and governmental agencies, designing and implementing
m itigation plans, design and negotiate sanction and fine reduction and mitigation plans. Design and
perform t raining programs for NERC clients to increase awareness of compliance programs and reporting
requirements.
Si rius Solutions 2005 – 2008
Senior IT Compliance/Internal Audit Consultant
• Shell Trading – 6/2006-12/2007
Design, Develop, Implement and Pilot a prototype SharePoint (WSSv3.0 & MOSS 2007) web-portal based
application utilizing automated workflow and the Windows Workflow Foundation (WWF) to automate and
enable user self-service of critical end user computing (EUC) applications (spreadsheets) including the
i nventory of EUCs, r isk based assessment, change control, approval collection and control structures.
Review and re-design the Shell Trading End User Computing Policy to encompass a risk-based approach
to evaluate EUC applications (End user spreadsheets, databases, queries, etc.) critical to Shell Trading
operations expanding the scope of the policy to the global business including EUCs critical to all levels of
t he value chain as well as financial reporting (SOX). Design Develop and Implement required Segregation
of Duties (SOD) matrix and automated system to report exceptions for multiple t rading systems.
Review and perform testing for change control and security for North American Trading operations. Re-
design, operate and maintain the control structure for the periodic assessment of critical end-user
applications including the security and change management of these applications. Perform end-user
t raining on the control register as well as embed the controls into line operations.
• Lyondell Chemical Company – SOX PIT 2005 / SOX 2006
Review and perform SOX related Point in Time testing for Q4 2005 as well as 2006 SOX round 1 control
testing for locations in Houston, Maryland, and Brazil. Interface with process owners and management to
i dentify complimentary and mitigating controls as well as discuss deficiency analysis and overall testing
strategy and impact in preparation for annual SOX 404 assertion.
• Sirius Online Survey – Automated Reporting
Design, test, and implement Microsoft SQL Server reporting services and reports to support an online
survey application for Corporate Culture, Tone at the Top, SOX 404, SOX 302 assessments as well as
customized client surveys including periodic update and reminder automated reports to numerous
external clients.
• BJ Services – Houston, TX – IT General Control Team Lead
Evaluate client frameworks and develop and execute test plans including remediation and remediation
testing specific to hazardous and chemical materials. Interface with process owners and management to
i dentify complimentary and mitigating controls as well as discuss deficiency analysis and overall testing
strategy and impact in preparation for annual SOX 404 assertion. Interface with both internal and
external audit teams as well as staff development and deployment in the execution of designed testing
p lans as well as go forward control design and implementation strategies to align with best practices and
COSO/COBIT models.
H i reSynergy – Houston, TX 2004 –2005
Internal Audit/Sarbanes-Oxley IT Consultant
• Transocean – Houston TX
Design, test, remediate and document semi-automated and automated systems and operational controls
for corporate and global field locations hazardous material deliveries in compliance with 404 reporting.
Perform r isk assessment and business continuity evaluation and consultation advisory services. Assist in
t he development, loading and deployment of MS Access database use in chemical reporting. Distribute
and evaluate control self assessment (CSA). Interview t rucking and t ransport personnel and document
h igh-level business processes to design, test and document workflows and control points for individual
applications and interfaces with financial and procurement systems. Perform pre-implementation audit of
f inancial systems prior in preparation for deployment in accordance with COSO and COBIT guidelines.
D ynegy – Houston, TX 1997 – 2004
Senior Analyst/Project Manager Midstream M &A
E nterprise Reporting, Data Warehousing, Document Management
Sarbanes-Oxley Compliance (SOX) & IT Risk Assessment & Mitigation
Evaluation, analysis, quality assurance, security, internal control, compliance and implementation of
hardware and software to provide and maintain business continuity as Dynegy expanded midstream
operations by acquiring multiple pipelines and gathering systems of oil and gas based pipelines. Minimize
r isk exposure of unified data warehouse/reporting environment using customized interfaces to Crystal
E nterprise, Crystal Reports, and Crystal Analysis Professional; Team selection and project management;
budget forecasting and staffing; Software selection and maintenance; Acting as liaison between chemical
business operations, users and IT.
• Sarbanes-Oxley (SOX) P rocess Design 04/2004 – 09/2004
Design, document and implement processes and controls to remain in strict compliance with current SOX
legislation requirements including process design and documentation, change control, approval, SOD and
exception process management for IT systems regarding energy liquids t rading, division order, and
settlement.
• Plant Allocation Automation and Delive ry using Documentum
Analysis/design/customization/implementation of Documentum document management software package
a long with custom coding via the supplied API to interface with production plant accounting systems
p roviding an automated report archiving and delivery model for all externally delivered required
reporting. The primary goal of this project is to standardize and automate both the generation and
delivery of chemicals contractually required for all parties and to provide a solid audit trail in compliance
w ith legislation.
• D MS Data Warehouse
Analysis/design/implementation of multidimensional data models, conformance with data warehousing
best practices, and ETL processes to expand the existing DMS Data Mart architecture to include all
aspects of the liquids delivery value chain. This includes gas gathering and refining, liquids trading,
t ransportation, plant maintenance systems, and geographic information systems (GIS). Creation and
i mplementation of custom Crystal Reports and workflow interfaces tied to the Crystal Enterprise
a rchitecture for enterprise reporting.
• D MS Data Ma r t
Evaluation/selection/implementation of software and hardware requirements creating a foundation
a rchitecture for a unified database. This included analysis of existing data structures, conversion of
existing reporting environment to Crystal Reports utilizing the Crystal Enterprise delivery framework,
Evaluation of Extraction/Transform/Load tools (ETL), creation and testing of unified multidimensional
data models in conformance with data warehousing best practices, design and implementation of ETL
p rocesses.
• D MS Web Reporting
Evaluation/selection/implementation of software and hardware to create a web based reporting
environment using Crystal Reports, providing scheduled, parameterized demand, and ad-hoc custom
i nterface reporting to local and remote internal users as well as external users.
• Unified Contract Management
Evaluation/selection/implementation of software and hardware to combine information from disparate
contract management, gas plant accounting, commercial contract, and land management systems into a
single, web delivered management application. This included design of business rules, user t raining
p rogram, and documentation.
• Land and Right of Way
A nalysis/design/development/implementation of a client/server application to integrate information from
d isparate database systems acquired into the Dynegy back-office systems to monitor and maintain
contractual obligations and chemical/hazardous material obligations
Education University of Houston – Downtown 2004
BBA - Computer Science/ Finance GPA 3.5
North Texas State University – Denton, TX 1990
Jazz Performance/Biology GPA 3.0
Licenses & C IA Certified In ternal Auditor (www.theiia.org) 2005
Certs C ISA Certified Information Systems Auditor (www.isaca.org) 2005
C R ISC Certified in Risk and Information Systems Control (www.isaca.org) 2011
Real Estate Broker – Texas Broker # 0443722
Software SharePoint WSS v3.0 & MOSS 2007, 2010
Expe rience Microsoft Visual Studio 2005 & 2008 VB, C#, Web Developer
Rapid Risk Based Assessment and Methodology
.Net Framework 1.1, 2.0, 3.0, 3.5, 4.0
ASP.Net 2.0, 3.0, 3.5
Windows Workflow Foundation (WWF)
Oracle – PL SQL
C rystal Reports 8.5, 9, 10, 11
C rystal Enterprise Report Application Server
Documentum Administration
C rystal Reports Advanced
Computing ACL (Audit Command Lanugage)
Skills Computer assisted audit technique (CAAT) software application
Proficiency in the use of Windows 8, 7.x, NT, 2000 workstation
and server platforms (2003 to 2010).
Proficiency in the use of ASP, aspx and SharePoint WSS, MOSS 2007, 2010 portal technologies as well as
module and web part development and design using Windows Workflow Foundation (WWF),
Silverlight, Communication foundation.
Experience w ith Oracle and SQL Server, Access, MySQL RDBMS systems and
SQL Server OLAP, SSIS technologies.
Experience with various modeling and testing tools used in creating
Web based and client-server architectures, including .NET 1.1, 2.0, 3.0, 3.5, VB, C#, ASP, Java, JSP, J2EE, VB
Script, JavaScript, CSP, and PHP
Experience ETL data warehousing and modeling tools, including
Microsoft DTS/SSIS, SQL Server Reporting Services (SSRS), Informatica, and Pervasive Business & Data
I ntegrator.
Member Information Systems Audit and Control Association (ISACA)
International /Houston Chapters
I nstitute of I n te rnal Auditors ( I IA)
International /Houston Chapters
Project Management Institute (PMI)
International / Houston Chapters
Professional Risk Managers In ternational Association (PRMIA)