DOUG SIMONTON

C: 918-***-**** ac6si3@r.postjobfree.com

SUMMARY

Doug is an experienced information technology professional with proven accomplishments in technology risk management. He possesses strong organizational, planning, financial, and people skills driven by intelligence, common sense, and a drive to meet corporate objectives. He is considered a trusted, creative, and independent influencer who is an effective collaborator with C-suite, customers, and technology/business teams capable of fostering empowering environments.

SKILLS

Information Security

Technology Risk Management

Business Continuity/Disaster Recovery

Vendor Management

IT Auditing

Project Management

Regulatory Oversight (PCI, SOX, HIPAA, OFAC, BSA, GLBA)

RSA Archer Strategist Governance/Risk/Compliance Expert

Risk Assessment/Risk Control Expert (COBIT, ISO, NIST, SOC, COSO, FFIEC)

CERTIFICATIONS

CISA (Certified Information Security Auditor)

CRISC (Certified in Risk & Information Systems Controls)

PMP (Project Management Professional)

CBCP (Certified Business Continuity Planner)

Certified RSA Archer Consultant

EXPERIENCE

06/2016 to 03/2018 Senior Manager, Risk Advisory

Deloitte UK London, UK

Led a team of 12 GRC professionals tasked to deliver high quality GRC and technology risk management solutions to numerous UK and EU clients. Specific duties/accomplishments included:

Securing over $15 million in new GRC contracts

Assisting several Fortune 500 banks to successfully close key regulatory exam findings tied to technology safety and soundness issues that allowed assessment ratings to be raised or restored to acceptable levels.

Delivering over 30 technology risk/GRC/RSA Archer projects (with budgets between $250k - $5.6 million) to successful conclusion, all on time and on budget

10/2015 to 05/2016 Senior RSA Archer Project Manager / IT GRC Consultant

St. Joseph Health System Anaheim, CA

Responsible for designing, evolving, and implementing an efficient IT control and risk management framework to support the technology necessary to maintain proper IT controls that met the health systems' regulatory requirements. The scope included:

Successfully installing RSA Archer IT risk solutions on time and on budget across the health system's 12 states and $70 billion operational footprint (37 installs in total)

Creating an improved technology monitoring framework to manage control frameworks tied to the system’s 1200+ vendors

05/2015 to 05/2016 eGRC Manager / RSA Archer Strategist

Target, Inc Minneapolis, MN

Responsible for consolidating and designing a centralized IT controls framework program impacting corporate operational centers that supported the 2nd largest retailer in the US. Highlights included:

Working with multiple business and technology cost centers to assess, drive, and clarify requirements for centralizing and reporting on core risk areas via design and deployment of RSA Archer solutions (examples: Policy Mgt, Asset Mgt, Risk Mgt, Incident Mgt, Auditing,Business Continuity, Vendor Mgt, and Enterprise Mgt)

Creating business and technology workflows to streamline and improve technical risk assessment processes

Being an acknowledged subject matter expert on all areas of IT governance, risk,and compliance able to design and implement workable RSA Archer solutions

Possessing applicable regulatory and information security knowledge able toassess impacts on Target's technology footprint

09/2013 to 04/2015 IT Governance, Risk, & Compliance Manager

Federal Home Loan Bank of Atlanta Atlanta, GA

Responsible for the implementation, maintenance, oversight, and ongoing improvement of FHLB Atlanta's IT GRC technology program to support a $26 billion financial institution. Accomplishments included:

Achieving a maximum “1” FHFA rating on IT's 2014 Safety and Soundness exam

Receiving an IT GRC “Recommended Program” industry award from the FHFA as an acknowledged leader in the technology risk management space

Participating as an industry thought leader to review and comment on pending updates to various technology standards (such as CoBIT, COSO, and FFIEC) and providing critical comment at the request of regulators on HIPPA, GLBA, and PCI DSS

03/2007 to 12/2012 VP/IT Governance, Risk, & Compliance Officer

Bank of Oklahoma Tulsa, OK

Responsible for managing compliance-driven projects and programs focusing on Information Technology that maintained the Bank's favorable performance ratings across multiple business channels. These elements include internal audit and regulatory examination support, risk assessment and gap remediation, IT and business partner support during examinations, compliance status and risk-oriented information presented to senior bank management, consultative pre-audit compliance and controls support withIT and business partners, technology risk M & A analysis, and impact analysis of currentand pending regulations (such as CFPB, Dodd-Frank, GLBA, BSA, Patriot Act, FDIC,SEC, etc). Highlights included:

Achieved “Satisfactory” or better ratings on over 370 audit engagements (as performed by the OCC, FDIC, Federal Reserve, SEC, Internal Audit) on Information Technology and Bank Operations

Developed and executed a corporate-wide Vendor Management Program used toidentify and monitor all of the bank's critical vendors; this led to over $10 million in support cost savings throughout the bank

Designed, tested, and implemented the RSA Archer enterprise risk management platform used to create a more actionable risk reporting and a more complete review of technology risks

Improved business continuity and disaster recovery management standards by establishing an integrated prioritization and recovery matrix more closely tied to the bank’s critical business functions and required recovery time frames. This was successfully used to minimize the impact of significant events such as Hurricane Ike (2008), the Oklahoma Blizzards (2009 - 2010), and the Moore, OK EF4 tornado (2010)

Spearheaded multiple community service and fundraising efforts that raised over $5 million for various local and national charities (i.e. United Way, Community Outreach, American Cancer Society, and the American Diabetes Foundation)

INDUSTRY EXPERIENCE

Banking/Financial Services Aerospace Media

Energy Retail

Telecommunications Health Care

EDUCATION

Bachelor of Science, Computer Science (1987)

Tulsa Junior College

Tulsa, OK

MISCELLANEOUS

Member, COBIT Oversight Board

OCC Financial Systems, Technology Risk Advisor

RSA Archer Beta Test Associate

Contact this candidate