Technology Risk Manager
Resume:
DOUG SIMONTON
C: 918-***-**** ********@*****.***
SUMMARY
Doug is an experienced information technology professional with proven accomplishments in technology risk management. He possesses strong organizational, planning, financial, and people skills driven by intelligence, common sense, and a drive to meet corporate objectives. He is considered a trusted, creative, and independent influencer who is an effective collaborator with C-suite, customers, and technology/business teams capable of fostering empowering environments.
SKILLS
Information Security
Technology Risk Management
Business Continuity/Disaster Recovery
Vendor Management
IT Auditing
Project Management
Regulatory Oversight (PCI, SOX, HIPAA, OFAC, BSA, GLBA)
RSA Archer Strategist Governance/Risk/Compliance Expert
Risk Assessment/Risk Control Expert (COBIT, ISO, NIST, SOC, COSO, FFIEC)
CERTIFICATIONS
CISA (Certified Information Security Auditor)
CRISC (Certified in Risk & Information Systems Controls)
PMP (Project Management Professional)
CBCP (Certified Business Continuity Planner)
Certified RSA Archer Consultant
EXPERIENCE
06/2016 to 03/2018 Senior Manager, Risk Advisory
Deloitte UK London, UK
Led a team of 12 GRC professionals tasked to deliver high quality GRC and technology risk management solutions to numerous UK and EU clients. Specific duties/accomplishments included:
Securing over $15 million in new GRC contracts
Assisting several Fortune 500 banks to successfully close key regulatory exam findings tied to technology safety and soundness issues that allowed assessment ratings to be raised or restored to acceptable levels.
Delivering over 30 technology risk/GRC/RSA Archer projects (with budgets between $250k - $5.6 million) to successful conclusion, all on time and on budget
10/2015 to 05/2016 Senior RSA Archer Project Manager / IT GRC Consultant
St. Joseph Health System Anaheim, CA
Responsible for designing, evolving, and implementing an efficient IT control and risk management framework to support the technology necessary to maintain proper IT controls that met the health systems' regulatory requirements. The scope included:
Successfully installing RSA Archer IT risk solutions on time and on budget across the health system's 12 states and $70 billion operational footprint (37 installs in total)
Creating an improved technology monitoring framework to manage control frameworks tied to the system’s 1200+ vendors
05/2015 to 05/2016 eGRC Manager / RSA Archer Strategist
Target, Inc Minneapolis, MN
Responsible for consolidating and designing a centralized IT controls framework program impacting corporate operational centers that supported the 2nd largest retailer in the US. Highlights included:
Working with multiple business and technology cost centers to assess, drive, and clarify requirements for centralizing and reporting on core risk areas via design and deployment of RSA Archer solutions (examples: Policy Mgt, Asset Mgt, Risk Mgt, Incident Mgt, Auditing,Business Continuity, Vendor Mgt, and Enterprise Mgt)
Creating business and technology workflows to streamline and improve technical risk assessment processes
Being an acknowledged subject matter expert on all areas of IT governance, risk,and compliance able to design and implement workable RSA Archer solutions
Possessing applicable regulatory and information security knowledge able toassess impacts on Target's technology footprint
09/2013 to 04/2015 IT Governance, Risk, & Compliance Manager
Federal Home Loan Bank of Atlanta Atlanta, GA
Responsible for the implementation, maintenance, oversight, and ongoing improvement of FHLB Atlanta's IT GRC technology program to support a $26 billion financial institution. Accomplishments included:
Achieving a maximum “1” FHFA rating on IT's 2014 Safety and Soundness exam
Receiving an IT GRC “Recommended Program” industry award from the FHFA as an acknowledged leader in the technology risk management space
Participating as an industry thought leader to review and comment on pending updates to various technology standards (such as CoBIT, COSO, and FFIEC) and providing critical comment at the request of regulators on HIPPA, GLBA, and PCI DSS
03/2007 to 12/2012 VP/IT Governance, Risk, & Compliance Officer
Bank of Oklahoma Tulsa, OK
Responsible for managing compliance-driven projects and programs focusing on Information Technology that maintained the Bank's favorable performance ratings across multiple business channels. These elements include internal audit and regulatory examination support, risk assessment and gap remediation, IT and business partner support during examinations, compliance status and risk-oriented information presented to senior bank management, consultative pre-audit compliance and controls support withIT and business partners, technology risk M & A analysis, and impact analysis of currentand pending regulations (such as CFPB, Dodd-Frank, GLBA, BSA, Patriot Act, FDIC,SEC, etc). Highlights included:
Achieved “Satisfactory” or better ratings on over 370 audit engagements (as performed by the OCC, FDIC, Federal Reserve, SEC, Internal Audit) on Information Technology and Bank Operations
Developed and executed a corporate-wide Vendor Management Program used toidentify and monitor all of the bank's critical vendors; this led to over $10 million in support cost savings throughout the bank
Designed, tested, and implemented the RSA Archer enterprise risk management platform used to create a more actionable risk reporting and a more complete review of technology risks
Improved business continuity and disaster recovery management standards by establishing an integrated prioritization and recovery matrix more closely tied to the bank’s critical business functions and required recovery time frames. This was successfully used to minimize the impact of significant events such as Hurricane Ike (2008), the Oklahoma Blizzards (2009 - 2010), and the Moore, OK EF4 tornado (2010)
Spearheaded multiple community service and fundraising efforts that raised over $5 million for various local and national charities (i.e. United Way, Community Outreach, American Cancer Society, and the American Diabetes Foundation)
INDUSTRY EXPERIENCE
Banking/Financial Services Aerospace Media
Energy Retail
Telecommunications Health Care
EDUCATION
Bachelor of Science, Computer Science (1987)
Tulsa Junior College
Tulsa, OK
MISCELLANEOUS
Member, COBIT Oversight Board
OCC Financial Systems, Technology Risk Advisor
RSA Archer Beta Test Associate
Contact this candidate