J. DAVID VINCENT

*** ********** *****, *****, ***** 76054 M: 817-***-**** ad3u48@r.postjobfree.com

Page 1 of 3

SUMMARY

David is a GRC professional with over 25 years of experience with Big-Four audit and Global Consulting firms leading hundreds of IT/Cybersecurity control assessment & remediation projects, control framework implementation projects, data privacy projects, and over 100 full-lifecycle GRC system implementation projects for standards and regulations such as – ICFR, SOX, FINRA, SOC 1 & 2, GDPR, HIPAA, ISO 27000 series, NIST 800-53, NIST CSF, COBIT, COSO, ITIL, etc. Relevant GRC technology solutions included Enterprise Risk Management, Operational Risk Management, Data Privacy Management, Policy & Compliance Management, Identify & Access Management, Vulnerability & Threat Management, Policy- Based Access Control, and Audit Management solutions. He has helped numerous organizations save an average of 30% in their annual IT/Cybersecurity audit, risk, and compliance programs operating cost.

EDUCATION

Liberty University (2018) – Master of Science in Cybersecurity (GPA 4.0).

Liberty University (2010) – Master of Science in Accounting (GPA 3.6).

Louisiana State University (1997) – Bachelor of Science in Information System & Decision Science with a concentration in Internal Audit (GPA 3.0).

U. S. Navy: 1990 - 18-month Advanced Electronics & Mainframe System School (NEC-1129). CERTIFICATIONS

Certified Agile Scrum Master

Certified Master Project Manager

Certified Governance Risk & Compliance

Professional

Certified Data Privacy Solution Engineer

Certified in Risk and Information Systems

Controls

Certified MetricStream GRC Application

Certified in Organizational Change

Management Professional

Certified Data Science Professional

Certified Spark Analytics Professional

Certified IBM Cloud Professional

PwC Certified Digital Transformation

Professional

WORK EXPERIENCE:

GRC Defender: Oct 2019 to Present

Role: Managing Director – GRC Practice

Key Accomplishments:

o Led the requirements gathering, design, configuration, testing, and roll-out of various GRC technology solutions to include Enterprise Risk Management, Operational Risk Management, Policy & Compliance Management, Investment & Wealth Management, GDPR, and Identify & Access Management solutions.

o Led the design and implementation of numerous IT control frameworks, continuous control monitoring, automation of control assessments, and a common control framework based on ISO, NIST, COBIT, COSO, etc., for regulatory requirements such as ICFR, PCAOB, GDPR, SOX, HIPAA, FISMA, etc., in North America, Europe, and Asia. o Led the delivery of numerous IT/cybersecurity control assessment and remediation services in support ICFR, SOX, SOC 1 & 2, GDPR, and Cyber audits in North America, Europe, and Asia. o Led the quarterly IT control assessment and remediation efforts for the on-prem and cloud environment.

o Led the full-lifecycle implementation of IT/Cybersecurity solution for Compliance, Risk, Vulnerability, Policy, & Access Management.

J. DAVID VINCENT

336 Charleston Place, Hurst, Texas 76054 M: 817-***-**** ad3u48@r.postjobfree.com Page 2 of 3

o Temporarily filled Project Management, IT Audit, IT Risk, and Cybersecurity roles for many organizations.

PricewaterhouseCoopers (PwC): January 2018 to October 2019 Role: Managing Director - North America GRC Practice Leader Key Accomplishments:

o Member of the four-person National GRC practice leadership team within the Digital Strategy & Transformation Advisory Services practice and one of two National Cybersecurity GRC practice leads.

o Managed new business development, hiring, training, sales, delivery, etc., for a practice of 75+ GRC professionals in North America.

o Led the delivery of numerous GRC Digital Strategy & Transformation, Assessment, Remediation, and Technology Solution Implementations to help organizations improve their capabilities to proactively identify and resolve risks, threats, and vulnerabilities and safeguard their systems and data while maintaining compliance with relevant standards and regulations in a cost- effective manner.

o Led the requirements gathering, design, configuration, testing, and roll-out of various GRC technology solutions to include Enterprise Risk Management, IT/Cybersecurity Risk Management, and Policy & Compliance Management solutions.

o Transformed organization’s Security, Risk, & Compliance capabilities by replacing manual or ineffective processes with automation and analytics to enable improved operating effectiveness and lower Audit, Risk & Compliance.

Sicuro Advisors LLC: June 2016 to December 2018

Role: Managing Director - GRC Practice

Key Accomplishments:

o Led the planning and delivery of numerous IT GRC Strategy & Transformation, Assessment, Remediation, and Technology Solution Implementation Services to help organizations improve their capability to proactively identify and resolve risks and vulnerabilities and safeguard their systems and data while maintaining compliance with relevant standards and regulations in a cost- effective manner.

o Led the requirements gathering, design, configuration, testing, and roll-out of various GRC technology solutions to include Enterprise Risk Management, Policy & Compliance Management, and Identify & Access Management solutions.

o Led numerous ERP security & control assessment & remediation services for SAP, Oracle, PeopleSoft, and JD Edwards.

IBM: September 2008 to June 2016

Role: Executive - Governance, Risk, & Compliance: January 2015 to June 2016. Role: Associate Partner - North America GRC Center of Excellence. Leader: September 2008 to January 2015.

Key Accomplishments:

o Led the hiring, training, and managing of all GRC professionals in North America. o Led the sales and delivery of over 100 GRC strategy & transformation, assessment, remediation, and technology solution implementations to help organizations improve their capability to proactively identify and resolve risks and vulnerabilities and safeguard their systems and data while maintaining compliance with relevant standards and regulations in a cost-effective manner. o Led the requirements gathering, design, configuration, testing, and roll-out of various GRC technology solutions to include Enterprise Risk Management, Operational Risk Management, Policy & Compliance Management, Identify & Access Management, and Audit Management. o Led numerous SAP ERP security and control design and implementation projects to help organizations achieve and maintain their audit readiness. J. DAVID VINCENT

336 Charleston Place, Hurst, Texas 76054 M: 817-***-**** ad3u48@r.postjobfree.com Page 3 of 3

Sicuro Advisors LLC: September 2005 – September 2008 Role: Managing Director - GRC Practice.

Key Accomplishments:

o Led the planning and delivery of numerous IT GRC strategy & transformation, assessment, remediation, and technology solution implementation services. o Led to the planning and implementation of continuous control monitoring, common control frameworks and automated control assessments based on the customer’s relevant leading practice standards and regulations (e.g., HIPAA, SOX, ISO, NIST, COSO, COBIT, etc.). o Led the requirements gathering, design, configuration, testing, and roll-out of various GRC technology solutions to include Enterprise Risk Management, Policy & Compliance Management, and Identify & Access Management solutions.

Grant Thornton LLP: March 2005 – September 2005

Role: Director - Technology Risk Management Practice Key Accomplishments:

o Led the planning and delivery of IT assessment & remediation services to design and implement mainframes, applications, networks, operating systems, and databases on-premises and in the cloud.

o Led the development and delivery of the following training: ERP Assessment & Remediation, Business System Controls, Risk & Compliance Management, Building Effective Policies, and Managing Security Risks, Threats, & Vulnerabilities. o Led numerous IT Audits in support of the annual Financial Statement and Sarbanes-Oxley compliance audits.

KPMG LLP: December 1998 – March 2005

Role: Senior Manager - Information Risk Management Practice: June 2001 – March 2005. Role: Manager – Information Risk Management Practice: Dec 1998 – June 2001. Key Accomplishments:

o Led the requirements gathering, design, configuration, testing, and roll-out of various GRC technology solutions to include Enterprise Risk Management, Operational Risk Management, Policy

& Compliance Management, Identify & Access Management, and Audit Management solutions. o Led the delivery of numerous IT assessment & remediation services involving mainframes, applications, networks, databases, data centers, etc., for numerous organizations. o Led numerous IT Audits of ERP Security & Controls for SAP, Oracle, PeopleSoft, and JD Edwards. o As the North America Project Risk Management Champion, supported the development of KPMG's global Project Risk Management methodologies and tools and delivered the relevant training to all North America Information Risk Management professionals.

Arthur Andersen LLP: December 1997 – December 1998 Role: Senior Consultant - Technology Risk Management practice delivering IT Audit & Advisory Services for networks, operating systems, applications, databases, data centers, etc.

Louisiana State University: August 1994 – December 1997 Role: Network Technical Service, Security, and Support for the LSU campus while completing my degree.

U.S. Navy (Active Duty): May 1989 - May 1993

Role: Mainframe System Technician (NEC 1129) onboard the USS Lake Champlain CG-57. Served during operations Desert Shield and Desert Storm during the Persian Guld War.

Contact this candidate