SUMMARY
Experienced and pro-active senior leader in data management strategy, audit, compliance, and IT operations for multinational corporations, leading cross-functional teams across numerous countries in the management of a wide range of organizational processes to manage enterprise risks and compliance. These include enterprise data management, regulatory reporting, IT security, offshoring, audit outcome analytics, strategic risk remediation, and establishing or improving systems and processes to handle fast-changing compliance, privacy, and operational requirements. Bilingual in Spanish, CISA-certified, and fully comfortable with finance and regulatory frameworks including SOX, GxP, ABAC, FCPA, PhRMA principles, EFPIA, and GDPR.
PROFESSIONAL EXPERIENCE
REGENERON, Tarrytown, NY 2018 - Present
Director, IT Audit Operations
Hired for a newly created position to build and lead the first-ever self-audit model for the IT division reporting directly to the Executive Director of IT Planning and Compliance; and later to its Chief Information Security Officer (CISO);
Implemented never-before-existing self-audit planning strategies, testing, and tracking tools to strengthen a weak IT control environment while reducing the high volume of unsatisfactory audit findings and audit-related overhead;
Developed the first-ever audit library that collects and links findings from all previous audits to showcase a broader enterprise risk view as well as important governance gaps;
Cemented a risk transparency mindset by training stakeholders to understand the merits of an audit ‘gold standard’ -- attain minimal audit findings while considering all interdependencies in a rapidly growing environment;
Managed team of audit coordinators for audit preparation, planning, and execution;
Managed third-party vendor audits to oversee software licensing compliance and reduce licensing fees;
Consistently monitored, identified, and escalated issues, risk, and roadblocks that could impact application systems, infrastructure, information security, data privacy/GDPR, and pharma regulatory compliance; and
Managed all audit remediation plans to completion with 90-60-30 day reviews that had never existed before.
PFIZER, INC., New York, NY 2005 – 2017
Director, Global Payments Data Analytics and Reporting (2014-2017)
Spearheaded the business process and technology implementation of Pfizer’s first ever centralized global physician and health care organization (HCO) payment data reporting system for 32 European (EU) markets and Canada;
Quickly strengthened collaboration efforts with over 150+ EU/CA market colleagues who had never worked in the data analytics and reporting space by leading hands-on training with tangible analytics. Stakeholders consisted of executive and managerial colleagues from legal, compliance, finance, commercial, marketing, medical, regulatory, research & development (R&D), and IT;
Hired, trained, and developed a data-driven and high-performance team of 25 direct reports located across multiple EU nations responsible for synchronizing disparate data sources from over 65+ data sources into mandatory regulatory reports;
Consistently delivered development opportunities for my direct reports such as attending industry conferences, contractor supervision assignments, and other special projects;
Reduced the volume of data processing by approximately 20%, remained 35% under budget, and reported on time by continually leveraging historical data reviews;
Created and monitored robust data validation/quality control reviews to ensure data accuracy before regulatory reviews;
Built offshore ‘center of excellence’ data stewardship team in China for continued cost savings and workload balance;
Served as internal ‘go-to’ person and advocate for global payment data analytics approach across the company;
Received an overall good internal audit rating in initial two years of existence due to building solid and consistent controls;
Data privacy subject matter expert including GDPR compliance, privacy notices, policies, cross-border data transfers; and
Facile with regulatory requirements including European Federation of Pharmaceutical Industries and Associations (EFPIA), Sunshine Act, anti-bribery/anti-corruption (ABAC) reviews, Foreign Corrupt Practices Act (FCPA), False Claims Act, AMA guidelines, PhRMA code, SOX, SSAE 16, COSO, COBIT, ITIL, ITSM, General Data Protection Regulation (GDPR), Office of Inspector General (OIG) guidelines, and Corporate Integrity Agreements (CIA).
Global Senior Healthcare Compliance (HCC) & Information Technology (IT) Auditor (2005 – 2014)
Led complex HCC & IT audits, compliance and risk assessment reviews across 40 markets/6 continents while interacting with all levels of management to help them with governance, tracking remediation actions and benefits realization, and sustainability reviews;
Reviewed and reported on the business process and IT applications supporting interactions with: doctors/healthcare organizations/patient advocacy groups, finance (SOX), commercial, marketing – including digital multi-channel, distributor agreements, sample management, speaker programs, medical educational grants, fair market value (FMV) reviews, medical affairs, R&D, clinical research organizations (CRO), onshore and offshore vendor management, human resource functions, FCPA, and data center infrastructure reviews;
Traveled to build and train an offshore audit team in India to execute medium-to-low risk IT audits for cost savings;
Facilitated and presented enterprise risk management (ERM) assessment and metrics to finance, medical, IT, legal, R&D, and compliance leads to create the annual audit review plan and help drive additional global risk controls; and
Designed and executed training modules, audit boot camps, remediation training, and risk management coaching for internal stakeholders and on-shore/off-shore vendors.
METLIFE, New York, NY 2000 – 2005
Travelers Infrastructure Integration Team Lead (2005)
Team Lead for providing key input to develop additional risk assessments in the areas of: Health Insurance Portability and Accountability Act (HIPAA), physical security, SOX, data protection, and other infrastructure security controls with various departments such as legal, audit, IT risk management to reduce and mitigate potential risks associated with utilizing Travelers’ offshore facility to ensure seamless and compliant infrastructure integration.
Application Assessment Manager (2003 – 2005)
Managed, conducted, and reported to executive management across audit, legal, and IT risk management technical evaluations to determine the Reliability, Availability, Scalability and Performance (RASP) for business-critical web-based applications.
Enterprise Architecture Systems Analysis Lead (2000 – 2003)
Team Lead for website security and entitlement access management tools such as SiteMinder and WebSphere while managing several consulting teams.
Institutional IT Project Management Office (PMO) Lead (2000)
Led the establishment of the first IT PMO for the institutional products division to support the delivery of priority projects.
ADDITIONAL EXPERIENCE
ERNST & YOUNG, LLP, Santa Ana, CA
Y2K Consultant
SUNGARD RECOVERY SERVICES, INC., Santa Ana, CA
Regional Sales/Database Administrator - Western Regional Sales
EDUCATION AND CERTIFICATIONS
Bachelor of Science (B.S.), Public Relations, University of Florida
Software: Microsoft Office, TeamMate, Ariba, SAP, Concur, StarCite, DecisionPoint, Oracle iPro, and Tableau
CISA: Certified Information Systems Auditor, June 2005
Foreign Language: Fluent in Spanish
Travel: Extremely comfortable working and collaborating with multiple countries/cultures (40+ countries across 6 continents) to transform or protect the business. Willing and able to travel internationally for extended periods of time.