Continued…

Sheri Bertrand

Valley View, TX 940-***-**** ad22yi@r.postjobfree.com linkedin.com/in/sheri-bertrand Senior IT Compliance and Security Manager

Sarbanes-Oxley IT Controls Independent Internal Audits Business Continuity & Crisis Management Solutions-focused IT security and compliance strategist with comprehensive experience in information security oversight, risk management, and security control validations within advanced digital environments. A solutions-focused executive with a strong background in designing, deploying, and monitoring advanced enterprise IT compliance programs to protect information assets and avoid reputational risks to the organization. Proven skills in evaluating current and future threat landscape, implementing robust countermeasures, and providing a realistic overview of threats to strengthen the security posture of corporations. Proficient in implementing insight-based reporting framework to increase the effectiveness of security and compliance initiatives.

Adept at building external networks with industry peers and ecosystem partners while remaining up to date with emerging trends and major security risks. Recognized for utilizing best architecture practices to incrementally modernize organization IT infrastructures and deliver flexible and cost-effective solutions to boost reliability. Engaging presenter and communicator, able to collaborate with key stakeholders on large-scale security projects. Proficient in development and continuous evaluation of short- and long-term strategic goals and success measures aligned with corporate mission. Agile and proactive change agent excels at targeting new areas of improvement and initiating positive change to propel forward-moving efforts across multiple initiatives concurrently.

Core Competencies

• Cyber Risk Management

• Controls Review & Improvement

• Data Centre Operations

• Regulatory & IT Compliance

• Technology Infrastructure Design

• Team Training & Development

• Project/Program Leadership

• Data Analysis & Reporting

• IT Control Development

Professional Experience

2022 to Present • Yesway Inc. • Fort Worth, TX

IT Compliance and Security Lead

Develop and maintain IT compliance structure from scratch to meet PCI DSS standards. Ensure seamless execution of external audits by leading the audit process, identifying requirements, communicating deliverables, collecting data, tracking progress, and delivering accurate reports. Introduce IT SOPs to comply with IT controls framework and SDLC guidelines. Deliver timely responses to IT-related audits and privacy-related inspections, including PCI, PII, and Financial SOX. Manage extensive database of regulatory documentation, including compliance related to PCI. Scrutinize network security changes to support corporate change management.

• Received positive feedback and was recognized by executive leadership for managing seamless execution of external audits and mitigating evolving regulatory risks.

• Ensured SLA compliance with internal security and compliance requirements by nurturing productive relationships with and audit services of external service providers (SAAS and cloud).

• Led global information technology compliance program in information security (PCI, SOX, and PII) by working with multidisciplinary teams, including operations, legal, finance, and human resources. 2016 to 2022 • Family Leave

IT Compliance

& Security

Audit

Leadership

Control

Framework

Development

Enterprise Risk

Management

Sheri Bertrand 2 P a g e

2012 to 2016 • CoreLogic Inc. • Westlake, Texas

Corporate Compliance Consultant

Planned and established IT compliance department by leading 12 individuals and overseeing all areas of internal and external audits. Advised corporate business partners, leaders, and security departments to implement impactful controls, mitigate risk, incorporate regulatory changes, and provide compliance assurance. Analyzed emerging risks, assessed remediation plans, and implemented corrective action plans to mitigate risks. Performed assessments to evaluate unified control matrix, prioritization, and non-compliance risks.

• Led the company through challenging legal situations with the Consumer Financial Protection Bureau (CFPB) with accusations of misleading consumers by overseeing responses and safeguarding crucial equipment.

• Reviewed design and test operating effectiveness of key controls to recommend enhancement opportunities in line with best practices and applicable frameworks, including NIST 800-53, COSO, ISO, ITIL, FISMA, COBIT, SANS, and NIST.

• Delivered comprehensive guidance to compliance specialists, internal personnel, and external audit firms on complex issues related to documentation support of laws, regulations, and advanced technical assistance. 2007 to 2011 • Lockheed Martin Corporation • Bethesda, MD IT Auditor Senior Staff

Evaluated risks and conducted audits, including network perimeter, financial data warehouse, and entity-level controls audits. Maintained documentation of key control weaknesses in Sarbanes Oxley financial reviews (SOX) and compliance testing. Identified obsolete process controls and implemented corporate policy statements to highlight industry best practices.

• Planned and organized audit status meetings to communicate findings, issues, and new areas for improvement to client management, internal executive leadership, and corporate internal audit leadership.

• Improved the reputation of the company and built world-class compliance infrastructure by delivering leadership to direct reports on managing external audits and improving enterprise risk management procedures.

• Analyzed new developments in federal, state, and international regulations to assess implications on information systems, platforms, operating processes, practices, and procedures. 2001 to 2007 • Lockheed Martin Corporation • Dallas, Texas Systems Engineer Senior Staff

Provided hands-on leadership to technical team members at Center for Medicare and Medicaid Services (HHS/CMS) Regional Offices as well as Systems Engineer Senior Staff for 9 regional offices. Ensured engagement with federal tasks leads to manage problems, corrective action plans, investigations, and compliance initiatives. Oversaw supervising servers, desktops, and emergency outages, technical planning, system integration, verification, validation of cost and risks, and system analysis support.

• Introduced leading-edge technological ideas and supported final product development to meet strict budget requirements. Education

Master of Science in Information Engineering and Management - Southern Methodist University Bachelor of Business Administration in Management - American Intercontinental University Associate of Business Administration - American Intercontinental University Certifications

ISACA CRISC ISACA CISM LM21 Green Belt- Six Sigma Lean Methodology ITIL Foundation Security+ MCP#3177596 MCSA MCSE CNA 5.1 Auditor Management/Guidance

Process Analysis & Redesign

Compliance Testing Oversight

Contact this candidate