Kay Lynn Parks
CISA, CRISC, PMP
SUBJECT MATTER EXPERIENCE
Organizational Change Management/ SAS 70/ SEA 16i/ SOX BPM IFRS/ Risk & Mitigation Strategies/ GAAP/ GLBA/ FFIEC/ Dodd-Frank ISF Standard of ISO 27002 PII/ PCI DSS/ HIPAA Comprehensive Capital Analysis and Review(CCAR)/ Cyber Security/ NASCO/ Business Continuity/ COSO/ COBIT/ Information Security Risk Assessment/ Oracle/ SAP Acquisition & Merger/ IPOs/ Problem Solving/ Continuous Audit/ Security Remediation/ Design ITIL / NIST 800/ MS Project/ OFAC/ Anti-Money Laundering/ FINRA/ FRB/ System Development Life Cycle/ Derivatives Trading/ Floor Life Cycle/ / FDA Clinical Controls / Approva IDEA/ Business Object/ Hyperion/ Waterfall / Rapid Application Development / Agile / SCRUM / Prototype / Object Oriented Development/ Primavera/ MS Project Server/ Earned Value Management
PROFESSIONAL PROFILE
Prior diversified corporate experience includes “Big Four” Advisory and Risk Management roles in leading Fortune 500 companies. Leveraging superior problem-solving skills, professionalism and adaptability, provide oversight of large acquisition initiatives and build empowered teams while delivering regulatory compliance and operational governance. A PMI professional with expertise resuscitating multi-million-dollar ERP projects and Project Management Office restructuring initiatives.
A risk and program management professional with a track record of successfully managing a $3.2 billion portfolio with Big-4 experience, I have a passion for complex and regulated industries. As a high-energy results-oriented leader that effectively motivates and directs multi-functional teams within heavily-matrixed organizations. Spearheaded a major pharmaceutical Project Management Excellence initiative that delivered key performance indicators: earned value, schedule performance index, cost performance index, and enterprise resource leveling.
ACHIEVEMENTS
Led the first IT Risk Assessment and developed an integrated annual audit plan in support of $9 billion revenue (NRG Energy).
•Assessed acquisition & merger initiatives and participated on NRG senior oversight board for: Reliant Utility ($3 billion revenue acquisition), GenConn (Joint Venture), and Sherbinol Wind Farm (Joint Venture).
•Directed evaluation of South Texas Nuclear Project SAP implementation (ASAP methodology) reporting to the Board of Directors. Redesigned the implementation program governance and assessed the ARIS and the Solution Manager strategy.
•Received Agere-Lucent Chairman’s Quality Award and Coach of the Year Award. Rescued failing initiative and developed the management recovery strategy for a critical Bell Labs implementation.
•Developed Infrastructure Health Roadmap and executed Remediation Infrastructure Plan, while avoiding a Material Weakness assessment.
•Restructured the InfoNXX Program Management Office attaining a CMMi Level 5 assessment.
•Redesigned a PMO supporting a KPMG 54 million dollar financial and operational client engagement; responsible for multiple project budgets, fieldwork, team coordination and resolution of client issues.
EXPERIENCE
INFORMATION RISK AND IT GOVERNANCE CONSULTANT (2010-2016)
•Internal Risk professional with strong skills in operational, security, audit, process audit, internal controls design, and regulatory compliance within the Financial, Pharmaceutical, Life Sciences, Wealth Management, Energy, and Medical Device industries.
MGN Logistics, Inc., Easton, PA
Jan 2015 – Present
Program Management Office and Internal Controls Engagement
Responsible for budget/operations management, business planning, corporate finance, financial reporting, acquisition/spin and information technology administration.
•Spearheaded Governance and Oversight initiative while ensuring regulatory compliance internal controls support a growth by acquisition strategy while delivering sustainability and scalability.
•Assessed and implemented for NASCO alignment control framework
•Refined the month- and quarter-end reporting process.
•Designed and implemented position descriptions, function role KPIs, and performance management annual assessment.
•Refined and documented process documentation template and implement throughout the functional areas.
•Implemented NIST 800 control framework within the global organization.
•Directed the Healthcare Benefits Package solution
Landesbank Baden-Württemberg, New York City Branch, NY
Mar 2014 – Dec 2014
Internal Controls / Security Remediation Expert
Risk and Information Security) International Bank and Financial Institution
•Implemented quantitative oversight within individual performance management annual process
•Conducted an Information Security Risk Assessment in support of their enterprise objectives for data protection, compliance and IT governance.
•Identified and integrated Infrastructure KPIs into the Performance Management Appraisal process in order to provide appropriate Goal / Accomplishments metrics.
•Assessed the current state of risk in the enterprise, as well provided guidance and recommendations for controls to reduce risk in the most cost effective manner possible.
•Developed a roadmap for improving controls by aligning it with the business risks and provide remediation recommendations (FINRA / ISO / NIST).
•Performed Information Security Risk Assessment
Johnson and Johnson Family
Feb 2013 - Feb 2104 (Three SOWs)
Program Management and regulatory compliance redesign control framework
•Redesigned a Pharmaceutical Consent Decree for a Fortune 100 Remediation FDA Governance framework (McNeal Pharmaceutical)
•Assessed and re-designed Infrastructure deliverables into funded initiatives.
•Re-designed and implemented a PMO solution for a Pharmaceutical business unit that was adopted at the enterprise level, Fortune 100 (Janssen Pharmaceutical).
•Assess design and effectiveness of the Consumer Group Program Management Office (Consumers Group, Canada)
TD Securities – Wealth Management, New York City, NY
Jun 2011 –Dec 2012
Information Security Risk Assessment
Responsible for ensuring technology controls are sufficiently protecting business risk, through the application of the TD Technology Risk & Control framework, and overseeing security standards, policies and procedures for a specific Line of Business (LOB) within the Wholesale Banking environment (TD Securities)
As a BTRM representing TD Securities New York, this vital position will be responsible for technology risk, ensuring asset inventories are managed, appropriate levels of technology controls are in place to protect against defined business risks, technology findings within internal audit programs are managed and security programs defined by the enterprise are represented appropriately within the LOB. The BTRM will liaise with line of business managers and executives within TDS New York, and third party service providers. Reporting to the Managing Director of the TD Securities Business Technology Risk Management team, within Technology Risk Management, Infrastructure, & Information Security for TDBG, the accountabilities of the role include but are not limited to the following:
•Protected the organization from business risks associated with technology, interfacing with business, and technology leaders.
•Provided leadership as the Information Security and technology risk representative for TDS New York, for all relative issues, events, and programs.
•Provided a point of coordination for all security related activities within the central technology risk management and information security team.
•Ensured escalation and notification for security and technology risk related issues.
•Participated in a “State of Health” program for the business, including reporting, planning and prioritization of key risks
•Participated as required in support of all strategic objectives established by the CIO and his team.
•Ensured business understand key security and IT Risk strategies, and how they affect TDS New York.
•Ensured full participation in Audit programs assisting business in identifying infrastructure / technology based controls.
•Provided Federal and Industry based regulations guidance as well as alignment to technology controls.
•Provided guidance and/or consulting service to technology / business partners on key technology initiatives and provide expertise in the areas of Computer Forensic Services, Incident Response Management, Vulnerability Management & Reporting and Managed Security Services.
•Provided assistance to the business to address technology based Audit findings and issues.
•Ensured technology governance methodologies are in place within the business to minimize overall security risks to the Bank.
•Participated in the development of system security awareness and communication training programs across the enterprise to ensure alignment with the overall Technology strategy and compliance to regulatory and/or established Bank system security standards.
•Ensured outsourcing partners adhere to TD Bank Group (TDBG) security policies and standards, by establishing oversight controls, and by ensuring risk has been mitigated to protect the Bank.
•Participated in the development of on-going Technology Risk reporting, monitoring key trends and/or breaches.
•Provided guidance on emerging technology advancements / trends, and regulations to support business needs and leverage a highly capable management team, actively developing and deploying talent across the business.
Daiichi Sankyo Inc., Parsippany, NJ
Jan 2011 – May 2011
Security Governance integrated into PMO
Risk and Governance with Program Management Office Oversight
•Assessed the control framework for an SAP blister pack manufacturing solution.
•Spearheaded the GRC redesign and integration, business continuity development, disaster recovery evaluation and development of the remediation strategy. Oversaw the entire remediation portfolio. (Daiichi Sankyo, Incorporated)
oPerformed Pre-implementation SAP Procure-to-Pay internal controls assessment.
oAssessed J-SOX and SAP Basis Security
oAssessed 21 CFR Part 11 design
oPerformed SSAE 16 and SSAE 16i assessments
oPerformed ISO 27002 Risk Assessment
oResigned and implemented Disaster Recovery / Business Continuity control framework
Vanguard Investments
Apr 2010 - Dec 2010
Security and Development Controls Assessment
Information Risk and Compliance
•Performed an internal audit department pre-Quality Assessment Review (QAR) for a Fortune 100 company (Vanguard Investments initial engagement). Produced Application and Infrastructure Health Road Map.
•Assessed trading floor internal controls design and execution (Vanguard Investments second engagement).
•Executed Information Securities Risk Assessment (ISO 27000.2 and NIST 800)
•Assessed, for a Fortune 100 Financial Securities, the application development (Agile and Waterfall) methodologies and developed a remediation strategy. The findings were compared to a Gartner Study that had been performed earlier. Assessment had all of Gartner's findings (Vanguard Investments, third engagement).
NRG Energy, Princeton, NJ
Jun 2007-Mar 2010
SEC Security Remediation Road Map / Global Program
Manager, Internal Audit, Information Technology (IT)
Directed IT Audit department and reported to Vice President of Internal Audit
Directed independent risk-based audits and consulting activities. Provided assurance and drive improvement in the effectiveness of business processes, internal controls, risk management and governance.
Spearheaded PMI’s project management principles delivering best-in-class performance indicates throughout the enterprise. Delivered the following initiatives:
•Established an IT Internal Audit team and developed departmental procedures in accordance with Internal Audit Standards
•Directed Operational audits
•Assessed IT general controls, security, program change management, system development life cycle, network operations, cyber security, disaster recovery, and business continuity, etc.
•Presented executive summaries to the Audit Committee and the Board of Directors.
•Drove improvement in processes and controls through risk-based audits
•Implemented change management processes and refined testing discipline.
•Provided technical consultation to IT staff: SCRUM/AGILE and Waterfall
•Performed consulting and other assignments as designated by senior leadership, such as governance and tone at the top.
•Directed the South Texas Project (Nuclear) SAP pre-implementation audit assessment, Infrastructure, Finance, and Operations.
•Directed the Reliant SAP CRM and PCI audits.
KPMG LLP, Allentown, PA
Jul 2005-Feb 2007
Information Risk Management, Advisory (Subject matter expert: Security, SAP, Pharmaceutical/Life Sciences, and Program Management)
SAP/Oracle/JDE/PeopleSoft internal controls trainer and Project Management/Technology subject matter expert. Directed external and internal Sarbanes Oxley Financial and JSOX IT audits, IFRS assurance, IT general control reviews, SAS 70 examinations, business systems restructuring and SAP system-based application control reviews.
Industries: Pharmaceutical, Life Sciences, Healthcare, Medical Devices, Energy, and Banking / Financial
Included Compliance and Advisory program development, internal control evaluation, report development, audit report development and presentation.
•Directed Infrastructure remediation initiative that delivered leading practice control framework.
•Introduced PMI’s project management methodology and infused project management principles into the audit process. Improved client communication and audit engagement efficiency. Improved financial management results.
•Assessed SAP / Hyperion reports and governance platform.
•Directed SAP SOX ITGCs attestations.
•Performed SFAS No. 86 Software Capitalization Review.
•Audited IAS 38 Intangible Assets evaluation.
•Audited SAP implementation for SOP 98-1 compliance.
InfoNXX, Bethlehem, PA
Dec 2003-Dec 2004
(One-year Advisory contract while incumbent was on active duty in Afghanistan, National Guard).
Director, Program Management Office / Financial Assurance
The main focus was to develop the internal controls framework with the supporting processes in order to position the company for their IPO strategic vision.
•Directed portfolio of complex projects and worked with functional managers to ensure requirements were achieved.
•Refined client integration internal controls financial reporting procedure in preparation of IPO.
•Implemented PMI methodology globally: functional procedures and templates, business feasibility study guidelines, and cost/benefit analysis procedures, etc.
•Achieved Capability Maturity Model (CMMi) Level 5 accreditation
Agree Systems/Lucent Technologies/AT&T, NJ, PA
Jan 1991-Sept 2003 (started as a contractor; transitioned to FTE after six months)
Fraud Investigation / Compliance Manager / Integration Manager, MIS Dept.
Managed the design, development and implementation of programs, methods and systems to improve and facilitate operational, administration and manufacturing strategies to achieve corporate objectives.
•Led the ERP replacement proposal and implemented SAP FI (Financials and SAP RM Materials Management)
•Negotiated and gained consensus to implement a standard integrated planning methodology, resulting in a manufacturing cycle-time reduction of over 65%. Deliveries improved and revenues increased from $3 billion in 3 years to $8 billion in 5 years. Received Vice-President Circle Award.
•Designed internal control financial reporting framework in support of Lucent Technologies and Agere System IPOs.
•Directed the relocation of a $190 million manufacturing program to the Far East. Instituted a change management program dramatically improving contractual position with a major customer leading to a 25% increase in revenue. Received Chairman’s Quality Award.
•Introduced resource leveling, improving resource output by 33% within the first three months.
•Led project team that analyzed financial data and market potential for major acquisitions (audit member). Led the development of technology integration plans and results criteria.
•Evaluated quality controls, GMP, for an Oracle ERP
•Led project team that set up equipment and infrastructure for proto-type plant (Mexico).
•Designed and implemented the Corporate Security Policy and led fraud investigations.
EDUCATION & CERTIFICATIONS
•Information Systems, BS, Muhlenberg College, Allentown, PA (GPA 3.689)
•Project Management Masters, Stevens Institute of Technologies, Hoboken, NJ (GPA 4.0)
•Project Management Professional (PMP No. 107298) PMI
•Certified Information Systems Auditor (CISA No 305745), ISACA
•Certified in Risk and Information Systems Control (CRISC) Number: 1106269
•Certified Internal Auditor (CIA) In Process (Part 1 of 4 parts has been completed)
•CISSP trained
•Certified Fraud Examiner trained
•InfraGard Cyber Security member (InfraGard is a partnership between the FBI and the private sector.)