Sign in

Security Executive

Dallas, TX
February 27, 2020

Contact this candidate


Scott M. Kerr

**** **** ***. #*** · Dallas, TX **204 · 512-***-**** ·


Tulane University Law School, New Orleans, Louisiana

Juris Doctor (May 2008)

Sports Law Certificate, Concentration in Real Estate

Activities: President & Magister, Phi Delta Phi International Legal Honors Fraternity – Spellman Chapter; Vice President of Communications & Technology, Sports Law Society; Student Representative, Deans Advisory Committee; Editor, Sports Lawyers Journal; Completed 9 Hours of MBA Coursework at St. Thomas University (Miami, FL) in Summer 2006

Humboldt University Law School, Berlin, Germany

Certificate of Advanced Study in Mediation, Arbitration and Dispute Resolution (August 2007)

The University of Texas, Austin, Texas

Bachelor of Business Administration, Management Information Systems (May 2002)

Activities: Chairperson, Student Government Legislative Relations Agency Background Research Committee; Longhorn Football Staff Writer, Cactus Yearbook; Lab Proctor, Dell Network Lab; Alpha Tau Omega Fraternity

Certifications Obtained During Career: CFE, ISO/IEC 27001:2013 Certified Lead Implementer, CISA, HITRUST-CCSFP, PCI-QSA


S3 Security, Plano, Texas

Senior Security Assessor, Compliance Security Services (3/2019-present)

Led numerous PCI DSS assessments as a Qualified Security Assessor (QSA)

Performed HIPAA compliance gap assessment

Conducted quarterly remediation validations for PCI, HITRUST, TQS#5 (NIST SP 800-53), and HIPAA assessments

Assessed cybersecurity controls and developed remediation plans

Authored various audit reports presented to executive management

Performed TQS#5 (NIST SP 800-53) cybersecurity audits for American Automobile Association (AAA) and Canadian Automobile Association (CAA) affiliates

Weaver LLP & K5 Services, Houston, Texas / Remote

Independent IT Risk Consultant, IT Advisory Services (8/2018-2/2019)

Led SOX 404 testing procedures on behalf of internal audit and management

Completed Agreed Upon Procedures (AUP) engagement for a software development firm

Developed and executed IT audit procedures for clients in the energy and high tech sectors

Presented IT audit findings and reports to executive management

Assessed overall effectiveness of the IT support function at a college university and developed recommendations to improve processes

BDO LLP, Houston, Texas

IT Manager, Risk Advisory Services (11/2017-7/2018)

Developed and executed IT audit procedures for clients in the energy and high tech sectors

Authored and presented IT audit findings and reports to external client executive management

Conducted ISO 27001 Cybersecurity readiness assessment for high tech consultancy

Performed SOX 404 assessment testing procedures on behalf of internal audit and management

Assessed change management procedures surrounding implementation of a new ERP system

ABM Inc., Houston, Texas / Remote

IT Audit Manager, Internal Audit & SOX (06/2014-10/2017)

Developed and executed annual IT audit plan to determine and report on internal controls and compliance with policies, procedures and regulations

Authored and presented IT audit reports to senior executive management

Performed annual IT risk assessments as special projects for IT Services so that the results could be leveraged to measure and respond to risk

Recruited, hired, developed, and managed staff, senior associates, and contract resources assisting on projects and assessments

Led and regularly reported on the annual IT Sarbanes-Oxley (SOX) testing efforts including: ITGC testing, program development, application control and production report testing

Developed detailed test procedures and testing templates for numerous new IT policy audits that included: Network Security, Security Log Monitoring, Password, Data Sensitivity, External IT Services and Privileged and Service Accounts

Identified and led execution of special projects related to privacy and information security

Assisted IT Management in the development of remediation plans to address IT audit findings

Solutionary – A NTT Group Security Company, Remote

Senior Security Consultant, Security Consulting Services (07/2013-06/2014)

Conducted HITRUST CSF assessment and HIPAA readiness assessment within Healthcare service line

Obtained Certifications as a PCI-Qualified Security Assessor, HITRUST-CCSFP, and ISO/IEC 27001:2013 Certified Lead Implementer

Lead PCI-DSS Assessments for global service and content providers

Served as onsite CISO/Security Engineer for Texas state government department

Assisted in the management of Consultants and Jr. Consultants

PricewaterhouseCoopers, Austin, Texas

Senior Associate, Risk Assurance (04/2011-07/2013)

Completed security and controls review for technology and enterprise applications including SAP.

Managed and conducted interviews with legal counsel for a Data Protection ISO 27001 Compliance Controls Readiness Assessment engagement in New Jersey

Acted as interim director of internal audit on a direct assistance engagement for a large public discount retailer in Texas, leading a nationwide inventory of stores across the U.S.

Gave status updates on a weekly basis to senior level management while serving as the lead senior on a SOX 404 assurance engagement for Fortune 500 computer manufacturer

Reviewed IT General Controls, Application Controls, Interface Controls, and tested Key Reports in support of SOX 404 assurance engagements for energy, technology, healthcare, and financial service companies based in Texas

Performed SSAE 16 (SOC-1) Attest Procedures at an Austin-based financial services client

State of Texas - Office of the Attorney General, Austin, Texas

Internal Auditor IV, Internal Audit Division (11/2009-04/2011)

Assisted on special investigations utilizing legal, IT, and fraud expertise

Prepared audit reports presented to senior executive management

Analyzed existing business processes and developed recommendations to improve those processes and mitigate risks within complex legal, regulatory, and IT frameworks

Documented audit and consulting engagements within TeamMate EWP, a computer-based internal audit workpaper management and audit documentation system

Lestelle & Lestelle, New Orleans, Louisiana

Summer Law Clerk, Insurance, Admiralty & Maritime, Personal Injury (05/2007-07/2007)

Drafted, reviewed and electronically filed pleadings with the U.S. 5th Circuit Court of Appeals and Louisiana Supreme Court

Performed complex legal research on state and federal case law and rules for firm attorneys

Contacted and communicated on a regular basis with clients involved in state and federal lawsuits related to unpaid and disputed Hurricane Katrina insurance claims

Devised new automated electronic process to track, maintain, and better manage client contracts, records and case status for a large alliance of law firms filing claims on behalf of Hurricane Katrina victims

Ernst & Young L.L.P., Dallas, Texas

Senior Associate, Technology & Security Risk Services (07/2003- 07/2005)

Performed controls testing and special projects for Baylor Health Care System, Texas Health Resources, University of Arkansas for Medical Sciences, ConocoPhillips, Southwest Airlines, and the Williams Companies

Promoted from staff- to senior- associate level in just over 12 months; awarded 34% compensation increase for performance year 2004

Completed security and controls review for technology and enterprise applications including SAP, Unix, Windows, NT, mainframe, AS400, PeopleSoft, J.D. Edwards, Oracle Financial databases

Conducted SAS 70 as lead senior on an engagement in Amsterdam, Netherlands

Selected to interview and host campus recruits from Texas A&M and UT-Austin

Performed IT general and application controls security reviews in support of financial audits throughout Texas, Arkansas, Oklahoma, Colorado, California and North Carolina

Served as key staff on a financial audit at a complex oil and gas client for the duration of busy season, learning the steps and procedures involved in an external financial statement audit

Accenture, Dallas, Texas

Analyst, Cross Operations Systems (12/2002- 07/2003)

Served as functional systems analyst and designated subject matter expert for Accenture worldwide internal finance and reporting cross operations systems team

Notified Accenture C.E.O., C.F.O., and other international Accenture partnership executives when bi-weekly finance, human resources, and sales data was up-to date and had been properly upload from a legacy mainframe system to a SQL Server back-end database

Developed a documented quality assurance review process for finance, sales, and human resources reporting that received an exemplary annual performance rating from project management team

Citigroup, Irving, Texas

Risk Management Database Administrator/Audit Team Lead, CitiFinancial (Citiflex Temp) Mortgage (04/2002 - 11/2002)

Designed and implemented an electronic audit system that improved efficiency and accuracy of a staff of more than 20 temporary employees, which led to two promotions within five months and a total compensation increase of 50%

Co-authored letter presented by special projects vice president to legal counsel detailing discovery of mortgage loan undercharges after developing new audit system for daily simple interest loans

Intern, The Associates (acquired by Citigroup) (05/2000 - 07/2000)

Selected to present research findings on the impact of new technologies on the financial services industry to Associates CEO, Keith Hughes

KPMG Consulting, Austin & Dallas, Texas and Mexico City, Mexico

Intern, Public Services, Austin, Texas (09/2001 - 11/2001)

Performed Quality Assurance testing, assisted in client presentations, and documented the functional and technical design requirements for the e-government web portal,

Intern, Communications & Content, Dallas, Texas and Mexico City, Mexico (06/2001 - 08/2001)

Reviewed client service contracts, financial reporting procedures and conducted on-site interviews with partners and legal counsel in Mexico City, and presented findings based on review to US partners

Contact this candidate