Manager Management
Resume:
BONITA S. PATILLO
Professional Objective
An experience leader and professional with over twenty years experience in Project Management, Risks Management and Information Technology.
Education
Old Dominion University - Norfolk, VA.
Bachelor of Science in Business Administration, Concentration: Management Information Systems
Currently in the Master Degree Program for Information Systems Management at Strayer University with 4.0 GPA
CISA, Computer Information Systems Auditor certified in 2019
AWS Professional Training in 2018
CRISC, Computer Risk Information Systems Controls certified in 2011
CIA, Certified Internal Auditor certified in 2002
Work Experience
Capital One – Mclean, Virginia 6/18 – 7/19
Title: Risk Manager
Manage Sarbanes-Oxley readiness and audits for Data Services, Investment Capital Markets and Financial Reporting systems with focus on assessing the readiness and operational effectiveness, risk mitigation, gap remediations for IT general computing controls and AWS cloud migrations.
Manage the Business Continuity assessments and work with senior leadership to ensure compliance and readiness for effective business operational continuation in the event of a disaster or make impact to the company.
Manage Payment Card Industry (PCI) compliance assurance readiness to ensure technology used for processing, storing and transmitting credit card information is maintained in a secure environment for division systems.
Manage the Risk and Control Self-Assessment (RCSA) process for the technology division to ensure that risks are identified and managed through a controlled mitigation plan based on priority to the company.
Freddie Mac – Mclean, Virginia 4/10 – 4/17
Title: Risk and Control Manager
Led the Corporate Diversity and Inclusion program for Enterprise Risk Management division. The Diversity and Inclusion plan and execution was rated highest in 2013 compared to all other division’s plan and process in the company. In 2014, the plan and execution were rated as exceed with third highest rating amongst twelve divisions.
Led an initiative to reduce Testing Services Screen Shot Evidence for Non-SOX related testing which resulted in an estimated savings of 2.3 million dollars a year. Partnered with Internal Audit, Internal Controls Organization and Delivery Services.
Led and managed the project plan for the operational risk analysis process. Performed operational risk scenarios across various divisions regarding key risks such as Information Security, Internal Fraud, External Fraud, Business Continuity, etc. Reported annual risk loss exposure during the operational risk capital allocation process.
Assessed external operational risk losses from IBM First monthly loss reporting and shared loss benchmark information with company risk stakeholders during the operational risk analysis process.
Led risk management for Delivery Services Information Technology area with specific focus on Multifamily, Testing Services, Application Factory, Finance, ICM and Data Services. Risks and controls support included partnering with IT stakeholders, business risk managers and business line managers to identify, reduce, transfer or accept risks and follow up on remediation activity.
Led a Greenbelt Project team regarding IT Requirements Traceability from functional requirements to SIT Testing. Recommendations were implemented by the Information Technology organization.
Partnered with Strategic Planning function to develop a black out period process for SOX and Non-SOX application and infrastructure changes for 2012-year end.
Managed the development of Testing Services Agile process flows and narratives for a risk assessment.
Developed quarterly metrics to assess incidents for Multifamily business line applications for risks and followed up with management regarding increases in high-risks and number of incidents.
Led and managed risk and controls training for over 300 Advantage Program employees. This included managing a team of SMEs in the development of training materials and planning training sessions.
Managed the Violation Exception Process team and developed metrics to track open, closed, and pending issues in violation of Information Technology standards and controls. Work with risk managers and controls owners such as CISO to ensure VEP requests were processed timely.
Fannie Mae – Reston, Virginia 5/06 – 11/09
SMConsulting, Linthicum, MD (Contractor for Fannie Mae) 3/06 – 5/06
Title: Senior Project Manager/Operational Risk Analyst III
Managed the SOX Testing team with up to 10 direct reports for testing Information Technology SOX restatement.
Managed the IT SOX/Restatement QA process with up to 5 direct reports.
Supported company-wide enterprise technology risks and controls initiatives and processes such as Monitoring, Incident, Problem, and Change Management for the Technology and Operations organizations. Tracked and reported the status of the Problem Management remediations to Technology and Operations VPs, Directors, Managers and Stakeholders for approximately 200 business applications and infrastructure systems.
Managed the SOX security risk assessment process for commercially off the shelf (COTS) Business and Infrastructure application software products evaluated prior deployment based on company standards, controls and best practices.
Provided risk feedback to stakeholders regarding enterprise governance standards and procedures such to Access Management, Change Management, Incident Management, Monitoring, Software Asset Management, etc.
Managed the implementation of the Cobit 4.1 risk and control framework for the Oracle, Sybase, Windows, AS400, IDMS, UNIX and Mainframe technology areas.
Managed the overall project timeline and deliverables for IT Audits regarding the Fannie Mae IT platform environments.
Deloitte - McLean, VA. 4/04 – 3/06 (International Company)
Title: Senior Consultant
Supported Sarbanes-Oxley (SOX) internal readiness and external reviews specific to controls reliance for various key business processes, operations and IT general computing controls. Industries reviewed included Telecommunications, Retail, Utility and Financial.
Managed and led a seven-member team of Deloitte and AOL staff to support AOL ITRM Risk Office and management’s assessment of IT systems, applications and processes for SOX.
Performed an assessment of the AOL UK IT controls for Change Management, Operations and Entity Wide.
Created a security risk assessment model for assessing IT risk based on the NIST methodology.
NEC America, Inc. - Herndon, VA. 6/00 - 4/04 (International Company)
Title: Senior Program Manager
Managed the AT&T program account which included multiple software and hardware development projects from user requirements phase to product maintenance phase with revenues approximately $400 million annually.
Lead contact to the AT&T management team for communicating and resolving product certification issues as well as ensuring that certification project deliverables were met on a timely basis.
Interfaced and provided oversight to the NEC Project Managers, Development Managers (NEC American and Japan) and Customer Support Manager to ensure deliverables were met timely and issues were quickly resolved.
Reviewed and enforced contract requirements for the AT&T account and coordinated ISO 9000 initiatives.
Honeywell - Morristown, NJ. 5/98 - 6/00 (International Company)
Title: Senior Information Systems Auditor
Led and managed full business function audits, which involved pre-planning the audit with the customer at various SBU locations and audit staff by defining project timeline, resources and project scope/deliverables.
Managed audit staff up to seven individuals per project as well as plan, define and monitor project budget and cost.
Ensured audit deliverables were completed on time and weekly status was reported to management timely.
Audited process and compliance controls for information systems applications, infrastructure, operations, financial and engineering functions and within aerospace, automotive, chemical and electronic business units.
Traveled 100% within the United States and led international assignments in Germany and Ireland.
Newport News Shipbuilding, Newport News, VA. (3/91 - 4/98)
Title: Senior Information Systems Auditor (7/96 - 4/98)
Audited information technology, operational and compliance areas within the organization.
Participated in a pre-audit security control review of a company-wide Windows migration during implementation phase.
Led information systems audits for newly implemented company IT solutions such as Windows migration and Year 2000.
Contact this candidate