Information Security Officer
Resume:
PAUL SMITH
adls90@r.postjobfree.com
CPA, CFE, CISSP, CISA, CISM, CRISC, PMP, ITIL
Audit, Compliance, Risk Management & Information Security
Areas of specialties:
Internal & External Audits
Privacy
GDPR, CCPA
Risk Management
NIST, ISO, COBIT, PCI
Corrective Action Plans
Governance
Issue Management
Compliance, Legal, Regulatory
PROFESSIONAL EXPERIENCE
Governance Risk & Compliance (Contractor)
10/19 – Present
Responsible for providing management level consulting services to clientele. Services include engagements to assess internal controls and business process effectiveness and efficiency. Identify areas of needed improvement, recommend corrective action, and implement compliance solutions where necessary and appropriate.
Oversee and ensure effective internal controls and regulatory compliance across Publicis is being met following a risk-based approach in accordance with established company policies and procedures.
Interface with auditors and organizational stakeholders to facilitate audits and readiness reviews.
Support SSAE 18, PCI-DSS, ISO27001, HIPAA, and Privacy compliance.
Perform NIST-CSF risk assessments across multiple locations.
Mange third-party SOC audits as the key liaison for the organization, driving compliance throughout the year and managing the audit with the organization’s third-party auditor.
Ensure compliance issues are correctly identified, evaluated, investigated, and resolved.
Identify gaps and advise on mitigating controls to reduce risk.
Provide consultative services to business areas on the appropriate controls needed to ensure ongoing regulatory compliance.
Notable Clients
KPMG - responsible with assisting in the management of the firm's Federal IT Compliance Program, internal IT Policies, and standards, acting as an independent and objective person that assists in the end-to-end management of IT Compliance Gaps & POAMS. Helped to ensure that the firm is following the internal IT policies, control objectives, and IT Standards related to CMMC.
Gateway First Bank – performed information security risk and threat assessment.
USAA – developed methodology to audit large scale IT technology/software implementations.
Toyota Motor North America 03/17 – 10/19
Information Security Consultant (Contractor)
Worked closely with business and technology audit colleagues to ensure that key risks are identified and assessed in the program of audit coverage.
Coordinated annual SOX audit activities and work with IT and the business units to develop and document new preventative, detective and corrective controls for any identified issues or findings.
Led efforts to internally assess, evaluate and make recommendations to management regarding the adequacy of the security controls for information and technology systems.
Implemented the NIST Cybersecurity Framework across the North & South America Toyota affiliates.
Responsible for designing and facilitating response procedures and security controls to assure compliance with applicable regulatory and legal requirements as well as good business practices.
Implemented RSA Archer to support the overall GRC program.
Citi – Irving, Texas
Business Information Security Officer 09/15 – 02/17
Worked closely, collaboratively, and strategically with executive management and the audit committee to identify and prevent control breakdowns in higher risk areas that could damage the organization’s brand, business sustainability, or customer loyalty.
Facilitated the ongoing information security initiatives and improvements development, implementation, and maintenance of information security for mortgage and credit card businesses.
Provided governance and information security PCI oversight to Costco’s transition from American Express to Citi’s VISA card program.
Led and provided oversight direction to teams responsible for issue tracking and corrective action, change management, regulatory examinations, vendor and client management, policies and procedures records management and corporate compliance.
Provided oversight for the Global Consumer Group GRC program.
Developed and oversaw the implementation of periodic risk assessments of security policies/standards and computing assets to identify compliance process and technology vulnerabilities. Recommend the best methodology to mitigate identified vulnerabilities. Track timely closure of identified control gaps and risk mitigation plans and actively support action owners during issue remediation.
Responsible for aligning information security activities with business risk priorities through prioritization of security risk and mitigation activities.
Created, communicated, and implemented a risk-based process for vendor risk management, including the assessment and treatment of risks that may result from partners, consultants, or other service providers.
VRM Mortgage Services - Carrollton, Texas 07/12 – 09/15
Managing Director, Internal Audit & Risk
Recruited to establish new audit & risk functions. Responsible for the development and execution of a comprehensive and risk-based audit plan including assessing, reporting on, and making suggestions for improving the company’s key operational, finance and IT controls.
Major Contributions:
Created and managed Internal Audit department of seven people and established annual audit plan and staff development.
Responsible for overall development and execution of audit plans for the company, including financial, operational, IT, cybersecurity, GRC and fraud audit programs.
Implemented information security best practices and standards based on ISO/IEC 27000 & NIST 800-53.
Developed the company’s business continuity plan and implemented new incident alerting tool.
Implemented an enterprise risk management program and annual risk assessment process.
Coordinated Kaizen process improvement efforts resulting in the elimination of 10k person-hours of work.
Maintained HIPPA controls for government related contracts.
Raytheon - McKinney, Texas 12/08 – 01/12
Senior Principal Information, Governance & Risk Specialist
Provided internal audit and risk management services to help senior and operations management achieve the company's business control objectives. Directed the development and implementation of policy at both the organizational and business levels. Managed the documentation and testing of internal controls of the company to comply with the requirements of the Sarbanes Oxley Act. Determined gaps in the design and operating effectiveness of controls and identified opportunities for more efficient and effective controls.
Major Contributions:
Singularly responsible for the implementation of the quarterly self-assessment process and business controls environments at fifteen business locations (domestic & international).
Selected by executive leadership to chair the Internal Controls, Risk & Compliance Council, comprised of compliance managers from all major business units.
Led the innovation and continuous improvement of the internal control framework, including the integration of multiple compliance requirements.
Monitored internal and external compliance and regulatory resources to keep abreast of regulatory priorities, as well as laws, compliance or regulation changes.
Regularly interacted with senior management to convey findings identified through walkthroughs and testing, assessed the risk and impact of deficiencies, and made recommendations for remediation.
7-Eleven Corporation, Dallas, Texas 04/07 – 11/08
Sr. Audit Manager
Managed the execution of internal financial, operational, IT and compliance audits. Ensured that audit issues are well defined and root causes are identified.
Major Contributions:
Reduced SOX internal testing hours by 30% and external audit fees by 15%.
Created project assurance review methodology for major company initiatives which increased project success rates by 22%.
EDUCATION
BBA, Pace University, Lubin School of Business, New York, Major: Accounting, Minor: Finance
MBA, University of Dallas – Information Assurance (in progress)
CERTIFICATIONS/TRAINING
Certified Public Accountant (CPA)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
Certified Internal Controls Auditor (CICA)
Certified Fraud Examiner (CFE)
Certified in Risk and Information Systems Control (CRISC)
PMI Certified (PMP)
Agile/SAFe 5.0 training/ Scrum Fundamentals Certified
Six Sigma training (Business Process Improvement) – Green Belt
TeamMate Champion
RSA Archer GRC
SMU, School of Engineering and Applied Science, Computer Networking Technologies Program
SAP R/3 Audit and Security training & Accounting Systems Integration and Configuration (with SAP) FI/CO
COBIT Foundation Certification / ITIL Foundation Certification / PCI Compliance training
NIST 800-53, NIST CSF, ISO 27001, COBIT, PCI, HIPPA
InfraGard Member/FBI Citizens’ Academy graduate
ISACA Privacy Principles and Program Management Guide – Contributor/Expert Reviewer
Contact this candidate