Bruce Witherspoon

Sandy Springs, GA adzvld@r.postjobfree.com 214-***-****

Operational Risk Manager

Related Knowledge/Experience Areas

Issue Management Credible Challenge • Risk Assessments (RCSA)

Framework Development (Increase in Maturity) • Risk Reporting

Process Improvement • Risk Based Program Development

KRI/KPI Development • COSO Framework Knowledge

SOX Knowledge • Internal Control Frameworks

eGRC platform implementation • Compliance

Internal Audit • Issue Aggregation

Education: MBA – Penn State, BS in ME – Union College

A Risk Management and GRC leader with specific experience developing and enhancing Enterprise and Operational Risk Management Frameworks, while working across the Enterprise to update policies, standards, and procedures; helping to enhance risk identification and assessment processes across an Enterprise by providing thought leadership, oversight, and coordination with other risk management activities across a company; supporting interactions with Internal Audit and Regulatory agencies; analyzing information to proactively identify risks, trends, and process improvements; supporting reporting on risk topics to management, while staying current on the changing regulatory environment and understanding the impacts; assisting and driving project and program delivery, including project and process management, reporting; drafting and reviewing materials for senior management and performance of other governance activities; participating in risk and other management forums.

selected notable achievements

2LOD Issue Management Program Development – Facilitated development of 2LOD Issue Management Standard, Effective Challenge Governance Model for management identified, Internal Audit and Regular identified issues.

AXIS Capital ERM/GRC Team Leadership – Facilitated the ERM/GRC Team that developed the Enterprise wide ERM/GRC strategy, further implemented the GRC capability across the organization, and increased GRC maturity level.

ORM Framework – Supported the redevelopment of the ORM Framework, RCSA Methodology, ORM/ERM Policies, and Requirements. Led the development of USAA General Counsel’s/Chief Legal Office Operational Risk Management (ORM) program and facilitated the performance of RCSA’s throughout the department.

Compliance Program Development - Developed a Compliance and Security program for Driversselect from initiation to implementation. Developed the methodology, policy, training, and audited the dealerships. Became the Legal & Regulatory subject matter expert on compliance items related to Car Dealerships.

IT Audit Function Development - Expanded Owens Corning’s IT Audit program within Corporate Audit. Spent three years as a IT Auditor/Senior/Lead Auditor, planning and managing audit engagements for audits of IT systems, systems under development, security (RACF), and contingency planning.

GRC Tool Implementation - Led the implementation of the BWISE GRC Tool for General Counsel/Chief Legal Office as part of the overall implementation at USAA. Facilitated the effort for AXIS Capital to implement a new GRC platform.

Bruce Witherspoon Page 2

Professional Career History

Freddie Mac – Operational Risk Manager 07/2020 – 06/2022

As part of the Second Line of Defense (2LOD), provided guidance to the 1LOD and ensured consistent implementation of the Enterprise Risk Framework and associated methodologies, standards, and procedures:

Provided subject matter expertise and credible challenge as part of 2LOD Methodologies Team.

Influenced and provided input on ERM framework, and risk program development for Enterprise.

Supported the closure of a significant MRA from the FHFA and Internal Audit findings related to ERM.

Supported the development of an Issue Management 2LOD Governance program across the Enterprise.

Facilitated the publication of an updated Issue Management standard.

Facilitated Enterprise Level program to identify Issue Aggregation opportunities.

Assisted in the development of consistent risk reporting across the Enterprise.

Supported the reporting and monitoring of metrics (KRI).

Supported training and education regarding the Enterprise Risk Framework.

Facilitated development of the ERM Operational Risk Profile, Divisional RCSA and reporting processes.

Independent Contractor/Consulting Business Development 11/2019 – 07/2020

Risk Management Independent Consulting and Contractor business development in Enterprise/Operational Risk Management, RCSA facilitation, ORM project management and GRC framework implementation.

AXIS Capital - GRC Manager/Enterprise Risk Specialist 08/2016 – 10/2019

Provided thought leadership in the design, implementation, and management of highly complex and/or strategic initiatives/projects that reshaped Enterprise Risk Management and GRC processes.

Developed and facilitated the ERM/GRC team that was responsible for risk and control review projects, implementation of change management tools including eGRC platforms, and establishing standardized work procedures across the Enterprise and GRC/ERM.

Helped improve the SOX certification process performed within GRC platform.

Insight Global – GRC/Risk Management Contractor @ AXIS Capital 04/2016 – 07/2016

Evaluated the Risk and Control Universe and made updates to Risk and Control descriptions.

Worked closely with ERM and ORM Leaders to define, implement and deploy the ORM Framework within the GRC platform.

Business Consulting (Startup) 07/2015 – 04/2016

Developed a Risk and Expense Management Small Business Consulting Business Model including a Risk and Expense Reduction Management consulting manual, detailed plans, consulting programs and performed marketing for consulting engagements.

USAA – BA - 1LOD & 2LOD Risk Management Responsibilities 09/2012 – 07/2015

Developed new and updated processes to mature the ERM and ORM Frameworks for the Enterprise, then led the implementation of the frameworks in the GC/CLO department, to include AML/Compliance, and supported the implementation of the GRC Platform (BWISE):

Supported the development and implementation of associated methodologies, standards, and processes for the Enterprise level ERM Framework.

Managed the development, implementation, and monitoring of a risk-based program for the CLO to identify, assess, and mitigate operational risk.

Supported the development of reporting for Risk Committees.

Influenced and provided input on policy, framework, and program development for the Enterprise.

Supported the development of the Enterprise RCSA process and facilitated workshops for the CLO.

Facilitated the identification of risk and controls for new/updated processes for USAA’s two banks.

Facilitated the identification of emerging risks and the mitigation of management identified issues.

Performed all staff training related to Control Testing (Operating Effectiveness/Design).

Supported the development, reporting and monitoring of metrics (KRI).

Other Significant Experience Prior To 2012

Project & IT Management, SAP Consulting, IT Audit, Finance, Compliance, Business Development, Manufacturing (manufacturing engineer/supervisor)

Contact this candidate