Senior IT Audit Leader
Resume:
Ron Henley
ac2vf9@r.postjobfree.com:ac2vf9@r.postjobfree.com
https://www.linkedin.com/in/ron-henley
Senior IT Audit Leader
Business aligned IT professional with over 20 years of experience developing and implementing controls to achieve overall business goals. Effective IT leader with the ability to build alliances with organizational leaders. Expert in developing and implementing sustainable policies, processes and procedures to establish and maintain compliance. Solid technical experience with the ability to design practical recommendations and solutions for identified risks and exposures. Astute with IT frameworks based on:
Committee of Sponsoring Organization (COSO),
Control Objectives for Information and Related Technologies (COBIT),
International Standards Organization (ISO/IEC 27000), and
National Institute of Standards and Technology (NIST) Cybersecurity.
Strategic Planning & Leadership
Risk Assessment/Impact Analysis
Team Building/Motivation
Project Management
Regulatory Compliance
Effective Communications
Change Agent
IT Governance
Data Analytics
PROFESSIONAL EXPERIENCE
FORTUNE BRANDS HOME & SECURITY (Deerfield, IL) 1997 – 2017
Fortune Brands Home & Security (FBHS) is a $5 billion company that manufactures trusted brands like Master Lock Security Products, MasterBrand Cabinets, Moen Faucets, Sentry Safes and Therma-Tru Entry Door Systems.
Senior IT Director – Security, Compliance, Audit 2016 - 2017
Started in 1997 as a Senior IT Auditor with increasing responsibilities resulting in consistent promotions:
●IT Audit Director, 2006 – 2015
●Senior IT Audit Manager, 2003 – 2006
●IT Audit Manager, 2000 – 2003
●IT Audit Field Supervisor, 1998 – 2000
●Senior IT Auditor, 1997 - 1998
Responsibilities
Audit Leadership
Served as liaison to audit committee and IT leadership for controls assessment of all domestic and global IT operations. Responsible for providing formal quarterly reports summarizing status of IT risks and mitigation efforts.
Advised IT leadership on the design and operating effectiveness of implemented controls for addressing short and long term strategies.
Performed IT due diligence for new acquisitions and assisted with integration into existing control environment. As a result, all major acquisitions were SOX IT compliant during their first year of eligibility with no significant deficiencies.
Built collaborative relationships with IT leadership through effective communications and negotiating skills.
Sound hands-on technical background with the ability to identify, manage and ensure corporate-wide IT compliance with Sarbanes-Oxley (SOX), Third party Statement on Standards for Attestation Engagements 16 (SSAE16), Protection of Personal Identifiable Information (PII), Payment Card Industry Data Security Standards (PCI DSS) and FBHS internal IT policies.
Audit Lifecycle
Performed annual and quarterly IT risk assessments in order to develop and adjust the risk-based audit plan. Input included changes within the business, strategic projects, previous audit results, industry trends, emerging technologies and current implemented technology.
Managed the scoping, planning, execution and remediation processes for all IT and integrated audit projects. Where possible, incorporated the use of data analytics to improve the audit efficiency, accuracy and completeness of the audited population/data.
Managed IT projects’ compliance with approved project plans, implementation methodology and reporting requirements (budgetary, scope, time, resource and quality).
Formally documented and reported issues, risks and mitigation options in a timely manner.
Maintained system and application inventory, business processes and application workflows to help identify high risk areas as part of audit planning process.
Vendor Management
Ensured IT contracts with external vendors complied with internal policies and control requirements, abating company risks. Utilized external resources as needed for specialized skills not available in-house. Collaborated with external auditors when conducting in-depth compliance reviews.
Personnel Management
Managed IT audit professionals with skills development, risk-based audit guidance, performance management, career coaching and retention.
Assisted IT audit personnel on moderate to high complexity, high visibility projects and coach through constructive feedback.
Maintained personal certifications and development of new skills to stay current with audit and technology trends. Platinum Member of Institute of Internal Auditors (IIA) and Information Systems and Control Association (ISACA).
Audit Tools
Hands on experience in the use of audit and security tools: Splunk SEIM, Qualys vulnerability management, Nessus network vulnerability scanning, ACL and Tableau.
Software and Hardware
SAP, Oracle, PeopleSoft, JD Edwards, Friedman Frontier, Unix, Linux, MicroSoft, AS/400 iSeries, VM and Networks.
Accomplishments
●Sarbanes Oxley (SOX) – Designed and implemented key enterprise IT controls matrix for SOX compliance addressing application access (including segregation of duties), security administration/provisioning, application and infrastructure change management, system implementation and data center operations. Also established testing protocol which included an assessment of the design and operating effectiveness of the key SOX controls.
●Segregation of Duties (SOD) - Envisioned, designed and implemented automated tools to replace manual segregation of duties testing to identify inappropriate and excessive access in ERP applications. SOD tools, on average, reduced 4 man weeks of manual testing per operating company to approximately 4 hours. Additional benefits included replacing random sampling with 100% testing of the population resulting in improved overall accuracy.
●Cyber Security – As a member of the Enterprise Cyber Security Steering Committee, developed audit programs to monitor compliance with project objectives to mitigate cyber threats to the enterprise. Audit program addressed training & awareness, security policies, network segmentation, and real-time monitoring of internal & external traffic.
●PCI and PII Assessment – Conducted initial assessments of operating companies’ compliance to PCI Data Security Standards (DSS) and used results as input into requirements for Cyber Security controls definition. Developed internal process for monitoring operating companies’ ongoing compliance to PCI and PII security standards.
●ERP Implementations – Monitored compliance to project timelines and budgets while ensuring proper controls were included during implementation for change management, data conversion, security provisioning and segregation of duties. Efforts have resulted in appropriate controls being designed into the standard operating procedures upfront. Projects include Oracle EBS, SAP ECC, PeopleSoft, JD Edwards and Friedman Frontier.
●Data Analytics – Created tools using Audit Command Language (ACL) and Microsoft Access to assist Financial Auditors with data analysis. Created a repeatable process for continuous fraud auditing of travel & expense reports using ACL.
SYSTEM SOFTWARE ASSOCIATES – Chicago, IL, 1992 - 1997
System Software Associates, Inc. (SSA) is a supplier of software for the AS/400 line of midrange computers. SSA's core product line is the Business Planning and Control System (BPCS), a group of integrated software products for the manufacturing, distribution, and financial operations industries.
Senior Systems Analyst – Corporate Finance & Corporate MIS
Responsibilities
●Liaison to executive staff for planning and implementing automation to address strategic IT and financial initiatives.
●Managed application enhancements and new program development for global BPCS financial applications.
●Provided end-user support for financial applications across all departments.
●Managed AS/400 configuration and security.
INTERNATIONAL BUSINESS MACHINES (IBM) - Toledo, OH 1988 – 1992
Major manufacturer and marketer of computer hardware, middleware, software, system hosting and consulting services.
Systems Engineer
Consultant to manufacturing companies for understanding long-term objectives, goals and strategies.
Designed, configured and supported technology based solutions to meet and sustain long-term customer growth requirements.
IT CONSULTANT - IL & MN 1987 - 1988
Clients included IBM in Rochester, MN - responsible for developing operating system code for the new AS/400. Pansophic Systems in Oak Brook, IL - conceived, designed and managed the development of an application that converted their main product, Pansophic Resource Management System - PRMS, into multiple languages multiplying sales opportunities exponentially.
Multiple Assignments
AS400 Security and configuration specialist.
Designed application solutions to meet client’s requirements while also achieving a high-level of client satisfaction with minimal level of disruption.
SONICRAFT INC., Chicago, IL 1985 – 1987
A software and hardware defense contractor for the Federal Government, Air Force
Software Engineer
Designed encryption strategy and coding software for Department of Defense F-16s’ secure communication transmissions from jets to the ground.
EDUCATION & CREDENTIALS
Master of Science, Communication Systems Strategy and Management
Northwestern University, Evanston, Illinois
Bachelor of Science, Computer Science
Northwestern University, Evanston, Illinois
Advanced Project Management Certification
University of Chicago, Chicago, Illinois
PROFESSIONAL CERTIFICATIONS
Certified IS Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Certified in ITIL Foundations (IT Service Management)
Contact this candidate