• Proven audit professional who helps organizations translate their business goals to reality.
• 18 years of progressive audit experience culminating in Director of Internal Audit position.
• Successfully established and directed the Internal Audit Division of a state agency with six functional divisions and over $400M in budget appropriations.
• Represented state agencies in communications with federal, state, and contracted auditors, including managing information requests, conducting top-down analyses, and negotiating issues/ findings.
• Represented the Internal Audit Division in public meetings with the Board of Directors.
• Trusted and respected by clients and colleagues as a knowledgeable valued professional.
EZCORP May 2019 - Present
EZCorp is a US public company and a leading provider of pawn loans in the United States and Latin America. Stores in Canada specialize in offering consumers non-collateralized short-term loans. EZCorp is dedicated to satisfying the short-term cash needs of consumers who are both cash and credit constrained and providing an industry-leading and increasingly digital customer experience.
Compliance Senior Advisor
• Responsible for partnering with the Chief Information Office (CIO), Internal Audit, and business partners to implement a global compliance program (US, Canada, and LATAM) driving understanding of and adherence to policies, standards, and industry best practices including, but not limited to, NIST, Sarbanes-Oxley (SOX), PCI DSS, and HIPAA.
• Research and recommend solutions to fulfill regulatory compliance requirements in on-premise and cloud-based environments.
• Support control testing activities across multiple business units and locations aligned with EZCORP’s internal controls framework. Activities include evidence gathering, gap analysis, remediation/mitigation coordination and work paper documentation and submission.
• Provide subject matter expertise to drive remediation efforts, assist with developing management action plans to resolve noted gaps.
• Develop, update, and maintain compliance documentation covering all in scope systems and supporting technology.
• Provide consultation and advice to stakeholders on their SOX compliance requirements and deliverables and provide best practice insight.
• Contribute to new control design, risk assessments and control rationalization efforts for compliance and operational processes.
• Assist with board, executive and management-level reporting metrics, materials and dashboards.
CNSI March 2019 – May 2019
CNSI’s solutions and customizes IT products that drive real technological and business transformation for the federal and state IT markets in the health IT industry. Rated CMMI level 3, CNSI revolutionizes the way healthcare is managed, through technological innovations, including mobile applications (that provide easy access to health benefits), cloud-based systems (that provide for more efficient processing of medical claims), and cutting-edge technology (that can predict improper billing and waste, leading to better care, better health, and lower costs), and analysis and big data.
HIPAA Compliance Manager
• Primary point of contact with client(s) staff for the development, implementation, and maintenance of the policies and procedures of a covered entity as required throughout HIPAA and all applicable state and federal laws, rules, regulations, and guidelines.
• Ensure adherence to information security requirements.
• Assist with investigations, audits, and assessments of systems; analyze audit trails to detect systematic security violations.
• Coordinate, supervise, and validate security activities to ensure confidentiality, integrity, and availability of information systems.
• Manage and monitor system updates for in-scope security systems.
• Perform intrusion detection analysis.
• Ensure and report on all necessary network security updates, patches, antivirus applications, and preventive measures are in place.
• Report security events.
NTT Data October 2018 – March 2019
A compelling alternative to traditional IT services providers, NTT Data offers clients an advanced portfolio of application, business process, and infrastructure services. NTT Data partners with a range of businesses and government agencies to provide a flexible array of engagement options, including consulting, managed services, outsourcing, and the cloud. NTT Data leverages strong technical know-how, practical industry insights, and global reach, and it relentlessly drives improvement across systems and processes while increasing business flexibility.
Security Compliance Contractor
• Responsible for developing a formal framework for assessing and gathering documentation for security compliance.
• Led, reviewed, documented, and implemented security processes that adhere/ align to security policies, organizational regulations, contractual requirements, and best practices.
• Designed and performed periodic testing to ensure continued compliance.
• Performed gap analysis, prepared interim and final reports, and made recommendations for security compliance and remediation, including security definitions, testing, management of residual risk, compensating controls, and process/ policy enhancements.
Texas Department of Information Resources August 2014 - September 2018
The Texas Department of Information Resources (DIR) provides technology leadership, solutions, and value to Texas state government, education, and local government entities to enable and facilitate the fulfillment of their core missions. DIR fosters and promotes technology leadership by providing quality service to the customers and encouraging strategic partnerships between the public and private sectors. DIR fosters and promotes technology solutions by ensuring that business needs drive technology solutions, and ensuring public trust by securing technology assets and maintaining privacy of sensitive data and information. DIR has budget appropriations of over $400M.
Director of Internal Audit/ Chief Audit Executive (CAE)
• Responsible for overseeing the Internal Audit Program reporting to executive leadership and the Board.
• Successfully led audit staff to form a cohesive, motivated and professional team.
• Performed highly responsible professional and executive work by supervising, planning and managing resources and activities, and ensuring compliance with professional standards and audit law.
• Interpreted state law, rules, regulations, policies and procedures, and contract requirements.
• Identified issues, weaknesses, and/or risks in organizational processes, and made recommendations to executive leadership to improve operations.
• Provided consultation and advice on mission-critical projects, including fraud prevention and detection, and the internal control structure.
• Performed annual risk assessments, and developed and oversaw annual audit plans.
• Provided leadership, direction, and professional development to the audit staff by mentoring, assisting in identifying development needs, and obtaining training tools and resources.
• Implemented an audit management system, an audit client survey system, and a staffing strategy for internal and contracted audit projects.
• Developed and implemented a Quality Assurance Improvement Program (QAIP), operational policies and procedures, performance measures, a risk assessment process, a governance model, an audit process, including a library of templates, a Team Site (SharePoint Site), a project management process, and an Internal Investigations Program.
• Built a relationship system with executive leadership, the Audit Subcommittee, and the Board.
• Provided direction, and professional development to staff by mentoring, assisting in identifying development needs, obtaining training tools and resources.
Texas Department Assistive and Rehabilitative Services February 2009 – July 2014
The Texas Department Assistive and Rehabilitative Services (DARS) worked with Texans with disabilities and children with developmental delays to improve the quality of their lives and to enable their full participation in society. DARS provided programs to help people with disabilities prepare for, find, and maintain employment, worked with deaf or hard-of-hearing people to eliminate societal and communication barriers, assisted blind or visually impaired individuals, provided early childhood intervention services to families with children ages three or younger with disabilities and developmental delays, and made disability determinations for citizens who apply for Social Security Disability Insurance and/or Supplemental Security Income. DARS had budget appropriations of over $630M.
• Managed and performed highly advanced program and IT audits, and consulting engagements of contracts, regulatory/ compliance, performance/ operations, financial/ accounting, IT/ security, and reliability of data assessments.
• Interpreted federal and state laws, rules, regulations, policies and procedures, contract requirements, and best practices frameworks.
• Developed risk assessments (annual and project-level)
• Developed the annual audit plan.
• Reviewed audit programs, reports, work papers, and managed the day to day audit process (planning, fieldwork, reporting, follow-up).
• Managed the projects (scope, budget, and timeline), and their resources requirements.
• Developed and reported on issues/ findings and negotiated recommendations for improvement with executive leadership.
• Conducted post-audit assessments and follows up to evaluate the timely implementation of recommendations and their effectiveness.
• Participated in governance boards, committees, and risk forums as a subject matter expert in governance, risk, and controls.
• Performed security assessments activities including evaluation of vendor controls and practices, process enhancements, on site assessments, reviewed security test reports, and analyzed and developed security requirements
• Provided direction, and professional development to staff by mentoring, assisting in identifying development needs, obtaining training tools and resources, and providing hands-on training.
Texas Commission on Environmental Quality February 2007 – January 2009
The Texas Commission on Environmental Quality (TCEQ) is the environmental agency for the state, has approximately 2,800 employees, is located centrally in Austin, and has16 regional offices around Texas. TCEQ protects Texas by reducing and preventing pollution. It strives to protect the state's public health and natural resources consistent with sustainable economic development. The goal is clean air, clean water, and the safe management of waste. TCEQ has budget appropriations of over $373M.
IT Senior Auditor
• Developed and implemented a risk-based IT audit strategy for the Internal Audit Division.
• Conducted 3rd party reviews of contractors’ processes, service level agreements, deliverables, and performance.
• Evaluated the design, implementation, and operating effectiveness of IRT/ security controls (e.g. access, general, application, network, OS, database, physical, environmental, logical, change management, patch management, data management, incident management and reporting, etc.)
• Assessed the adequacy of backup and restore provisions, the agency's disaster recovery plan, and agency business continuity plans to ensure the agency's ability to continue essential business operations during the period of an IT disruption.
• Evaluated the processes to store, retrieve, transport, and dispose of confidential information.
• Communicated and tracked remediation plans to vendors and IT staff, and recommended mitigating and/or compensating controls.
• Reviewed and prepared audit programs, reports, work papers, and executed the audit process (planning, fieldwork, reporting, follow-up).
• Developed IT/ security risk assessments, and IT audit risk assessments.
• Reviewed IT management policies and practices for IT resource investment, use, allocation, procurement/ purchasing and contracting, and IT risk management.
• Coached and mentored IT audit staff.
Texas Health and Human Services Commission June 2006 – January 2007
Texas Department of Aging and Disability Services February 2001 – May 2006
Bachelor of Science in Business Administration Major: Accounting
University of Puerto Rico – Mayaguez Campus
Certified Internal Auditor (CIA), November 2005
Certified Information Systems Auditor (CISA), August 2007
Certified in Risk and Information Systems Control (CRISC), December 2010
Texas Governor’s Center for Management Development – Senior Management Program
• Reported 35 recommendation based on the review conducted of print mail process using ITIL standards with focus on service level management, financial management (accounting, reconciliations, chargeback, utilization, invoicing, and billing), contract management and compliance. The process improvement resulted in substantial savings on a contract value of 17 million.
• Assessed the design and operating effectiveness of agency governance processes, including IT governance alignment with strategic goals and objectives.
• Evaluated the maturity of the agency’s Ethics Program using the CMMI maturity model as a baseline. The review consisted of a study of ethics policies, procedures, standards, culture, consistency, training and awareness, structure, accountability, and integration resulting in identification of 6 major gaps.
• Evaluated and improved the effectiveness of IT, security, cybersecurity, risk management, control, governance, and maturity.
• Developed control objectives with external auditors for SOC, and PCI compliance, testing, and reporting.
• Improved the operational controls over the accuracy, completeness, and timeliness of vendor self-reported sales reports and fees paid.
• Improved the data analysis/ testing, contract management and oversight functions, and the reliability of the IT contract-related data. A total of cost savings of $274.7 million and over $2 billion in customer purchases.
• Enhanced the enterprise contract management, monitoring and oversight, contract compliance, inspection/ approval/ acceptance of product/ service deliverables, accuracy of invoices, and authorization of payments for a data center contract with total expenses of $216.9 million in consolidation efforts. Reported 12 recommendations to improve the efficiency and effectiveness of business processes and reduce risk.
• Improved the adequacy of 25 controls over the collection, calculation, review, and data accuracy and reporting of key performance measures, including IT performance measures.
• Improved operations, increased production, augmented resources (staff and budget), and timely delivery by almost 50% along with significant improvement in quality and report accuracy.
• To mitigate data anomalies with data entries on the source systems, established and enforced controls like drop downs, forced validations etc. where possible and necessary.
• Led a cross-functional project team and collaborated with business partners to determine and translate business requirements into technology solutions. The team included audit directors, IT analysts, business analysts, contract managers, attorneys, subject matter experts, and a purchaser. Led a team and performed user acceptance testing for software implementation.